Right - massive usability suffering. I don’t want VS Code or SQL Server Management Studio to constantly ask my permission to do stuff; I want it to just work.
-
-
Replying to @AdamRackis @BrendanEich and
It's possible to imagine a way to do this with signing and Web Packaging, but most users and developers don't need this most of the time.
1 reply 0 retweets 1 like -
Replying to @slightlylate @BrendanEich and
Not sure I follow. Most users and developers don't need...this level of access? Absolutely - why, imo, installed apps will never go away, just become less popular (especially on desktop)
1 reply 0 retweets 0 likes -
Replying to @AdamRackis @BrendanEich and
Most apps, most of the time, can work without exotic, non-origin-model-breaking capabilities. If decision load is low enough, runtime permission grants work well. Sticky issue is how to prove that high-trust apps have earned that trust.
1 reply 0 retweets 0 likes -
Replying to @slightlylate @AdamRackis and
Stuff like vscode can be given everything (heck, can run as admin, launch processes, read fs anyway)
1 reply 0 retweets 0 likes -
Replying to @vivainio @slightlylate and
E.g. prevent install from browser, require dl and click through install
1 reply 0 retweets 0 likes -
Replying to @vivainio @AdamRackis and
Of course "stuff like VS Code can be given everything". The ecosystem-defining question is "who gives them everything, and why?"
1 reply 0 retweets 0 likes -
Replying to @slightlylate @vivainio and
I’d assume the user, because we just assume that the app is trustworthy, and will need far-reaching access.
1 reply 0 retweets 0 likes -
Replying to @AdamRackis @vivainio and
Is your assertion that users make informed, reasonable decisions about software security? http://i0.kym-cdn.com/photos/images/newsfeed/000/430/877/271.gif …
1 reply 0 retweets 0 likes -
Replying to @slightlylate @AdamRackis and
The reason the web is as secure as it has been is because we are paranoid. The arguments browser vendors engage in are defined by *how* paranoid we are. No "developer code can do whatevs" browser has ever survived contact with the enemy.
2 replies 0 retweets 1 like
The defining question of a web platform engineer: "is clicking on a link a safe and reasonable thing to do?" If the answer is "yes" in the face of your feature, it'll be fine. If not, you're in ActiveX territory and the ecosystem risks can hardly be overstated.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.