[e12e]

> Something is very wrong with how web developers think about threat models

Yes.

We have pretty much the same problem with the web, as we had with macro-viruses an office suites -- because we're solving the same problems in the same way, without learning from past mistakes. It might actually be worse, because if you tell people you don't run macros in untrusted office documents, most people will applaud you for being wise -- while if you say you use noscript people will dismiss you as a paranoid Luddite.

Runable code created by random people, from random sources, in one address space with access to all your user data -- what could go wrong?

[coldtea]

>It might actually be worse, because if you tell people you don't run macros in untrusted office documents, most people will applaud you for being wise -- while if you say you use noscript people will dismiss you as a paranoid Luddite.

Maybe because macros are a BS add-on functionality that does nothing for 99.9% of Office users, whereas JS is a key component of the modern, dynamic, web.

>Runable code created by random people, from random sources, in one address space with access to all your user data -- what could go wrong?

Yeah, it's not like we have a security model for JS, sandboxed environments, and even each tab running as a separate process.

[teacup50]

> Yeah, it's not like we have a security model for JS, sandboxed environments, and even each tab running as a separate process.

Sandboxed environments containing user data that web developers voluntarily compromise by then inserting 3rd-party controlled code.

[e12e]

Precisely. I'm glad my comment didn't pass over everyone's head.

A little disappointed that it's teacup50 that pours cold water on coldtea, and not the other way around. If only I had a biscuit-themed nick, to go with this little sub-thread.