[peburrows]

That's not true. Sure, many languages require you to drop down to a lower-level API to create a vanilla TCP connection, but if the language you're using doesn't provide a way to open a TCP socket and do the TLS negotiation dance, then you've probably chosen the wrong language.

[mort96]

The language is entirely uninteresting; what's interesting is what the runtime allows you to do. Browsers purposefully don't allow you to create raw TCP connections, yet JavaScript can in many other contexts (e.g node.js) create raw sockets perfectly fine.

[kuschku]

> Browsers purposefully don't allow you to create raw TCP connections

Which is ridiculous, as it literally brings zero advantage to restrict that.

[lorenzhs]

Well I think it's a good idea to prevent web pages from just opening up a socket to some server, speaking whatever protocol they like. It could be easily abused to spam, etc.

There is, however, https://www.w3.org/TR/tcp-udp-sockets/ - see section 10 for an example.

[kuschku]

Considering the move proposed in this thread to move even SMTP to HTTP, how would preventing connecting to SMTP prevent spam when one can still POST to SMTP-over-HTTP?

[paulddraper]

"We need to restrict this to prevent abuse."

-- time passes --

"We need to change everything in order to accomplish a task under these restrictons."

[sneak]

Then all billion of us on the web have "chose[n] the wrong language".

[regularfry]

This is painfully accurate.

[nilved]

Indeed, it's quite unfortunate