[anfedorov]

Why is it an obviously bad idea? In light of the work on NaCL, is there still no way you can imagine it could ever work?

[pjc50]

What does NaCL have to do with this, it's a cryptography library?

The issue is that 99.99% of USB devices aren't designed with the possibility of hostile payloads coming from the host, so the security rests entirely on the webusb permission dialog. Which should be presented as "grant this website administrative access to your computer" but isn't.

[rrix2]

> What does NaCL have to do with this, it's a cryptography library?

The other NaCl https://developer.chrome.com/native-client

[anfedorov]

Could the browser create a tight whitelist of payloads that are definitely not hostile, then expand it slowly to add functionality?

[myWindoonn]

Native Client had layered sandboxes and was still exploited. I suspect that sandboxing, in general, is not right; we must find safety and correctness by construction, not by ad-hoc rules or policy or permissions.

[baybal2]

This is a million dollar question, but it was answered long time ago: there is no substitute for a programmer who knows what he is doing.

This is something most companies can't do. Small co., can pull it out that for some times, but as companies grow, the temptation to "simply make money" overwhelms even most principled person.

[cwyers]

The problem is that even when a programmer knows what they're doing, it does not then follow that I want them doing it.

[digi_owl]

"We were so preoccupied with whether we could, that we didn't stop to question if we should"?