Non-technical users do not use sudo, but they do use a web browser. Do you think Facebook add this JavaScript console warning for no reason at all?
.d8888b. 888 888
d88P Y88b 888 888
Y88b. 888 888 This is a browser feature intended for
"Y888b. 888888 .d88b. 88888b. 888 developers. If someone told you to copy-paste
"Y88b. 888 d88""88b 888 "88b 888 something here to enable a Facebook feature
"888 888 888 888 888 888 Y8P or "hack" someone's account, it is a
Y88b d88P Y88b. Y88..88P 888 d88P scam and will give them access to your
"Y8888P" "Y888 "Y88P" 88888P" 888 Facebook account.
888
888
888
I think this is unnecessary, especially in the land of FLOSS licensed software where the developer disclaims any and all warranties.
Developers should focus on usability, and not on idiot-proofing software.
There is no way to guard against users installing malware themselves. No matter what kind of safeguards and check summing and signing you use for your application once a program has full access to a machine it can do anything, including bypass your safeties.
You can't fight user stupidity. In doing so developers do a disservice to their regular users. (The way Chorme prevents this issue is exactly an example of this because the app is no longer portable) No matter what kind of padding you add, stupid users will still manage to hurt themselves in the most unexpected and unimaginable ways.
I really despise this trend stared in the US and the rest of the western world where idiots sue companies for the effects of their own idiocy and this results in all kinds of redundant warnings on products that just serve to guard the manufacturer from stupid lawsuits.
We should not strive so much to go against natural selection. Darwin awards exist for a reason.
Firefox actually has additional protection against such attacks. Minor annoyance for developers (who may not even hit it if they use the console regularly), but helps mitigate such attacks quite a bit.
> Non-technical users do not use sudo, but they do use a web browser.
Your casual casting of a swath of the population as "non-technical" notwithstanding, the point is still sound: why do you think that it's worth gutting this feature as a safeguard against someone being fooled into navigating to "about:config" but not worth removing sudo for the same reason?
If someone can be persuaded to abuse "about:config", why not sudo?
90% of web users are on Windows, where there is no sudo. Malicious add-ons make money by injecting ads, overriding default search engine settings, capturing login credentials or even local files, or installing zombie spam relays. sudo is unnecessary for these attacks. How does one make money with sudo?
And as for locking down sudo, OS X is now "rootless" (System Integrity Protection) by default, preventing even sudo access from modifying some system settings.
> 90% of web users are on Windows, where there is no sudo.
This argument is becoming increasingly specious.
Firefox is the default browser on Ubuntu, where there is sudo. So do you acknowledge that it is consistent to keep this preference in at least the linux version of FF?
Oh you're right! We need EME'd web assembly so Facebook can hide everything behind a proprietary binary blob. THEN the user will really be free from themselves and their own stupidity. \s