Hacker News new | past | comments | ask | show | jobs | submit login

I'll admit as a web dev I sometimes take some of the "omg JavaScript" a little personally. Some of the usual pile on articles (granted their complaints aren't technically 'wrong') sometimes imply the browser is a bad place for a lot of things that are happening there privacy wise and etc.

I always wonder ... "Uh, do you want platform specific desktop apps? You're not much better protected there man... and app availability becomes limited / a pain."




There's no fundamental technical reason why apps can't run as their own users (like apache and postgres have done for 20 years) and and use something like oauth to control sharing data with other apps. Just laziness.


The Android security model. Running nvim and getting a prompt "Do you want NeoVim to access your home?".

The UNIX-y solution to this is to ban proprietary apps and run only vetted free software, interoperate with protocols, not implementations.


I'm kinda lost on the comparison between postgres and... web applications?


He's comparing postgres to normal desktop application.


Well the zoom vulnerability from last year was a failure to consider full consequences of javascript.

They thought binding a web server to localhost and having a browser make requests to it was OK. They did not consider that literally any other web page can make the same requests.


The answer is simple, just have server-side logic only! /s




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: