On 17 Sep 2012, at 2:33 PM, Florian Bösch <[email protected]> wrote: > Security is a pretty serious concern if you're distributing apps without any > oversight to billions of users automatically upon a single link click.
You are conflating web apps (trusted, installed) with web pages (single link click). > No TCP. > Wrong, see websockets which upgrade to plain old TCP after the handshake. No, WebSockets are not "plain old TCP". > > No UDP. > Coming with WebRTC in the form of unreliable data channels. WebRTC is above UDP. It's not UDP. WebRTC is a massive conglomeration of protocols and codecs and opinions. > No POSIX. > Why would you need cross-OS posix standards and operating system shells when > you already have a browser which abstracts cross-OS APIs in its own fashion? How do you fsync in a browser? > Tim Berners-Lee raised this point first awhile back on Public Web Apps: > http://lists.w3.org/Archives/Public/public-webapps/2012JanMar/0464.html > I believe his point was subtly different. He was arguing for vendors to come > up with ways to solve the usecases he mentioned, not arguing to just blast > the OS at the JS developer and let the ensuing security armageddon sort > itself out. No, not at all. Nowhere did he ask for browser vendors "to solve the use cases he mentioned".
