Comment by asveikau
6 years ago
It's funny to see attitudes change so dramatically is all I mean.
I think you may be blind to the harshest criticisms, though. It was a common view that the web was built for static content (or server-side dynamic content) and code execution by the client is mostly a nuisance at best. And there is some validity to that. When JS was developed, roughly contemporaneous with worse ideas like java applets and ActiveX on the web, it was thought by proponents that untrusted code execution is OK to good. 20 years later, it was still assumed that if JS is sandboxed, memory safe, has a different page table from the rest of user mode, untrusted code execution is safe. Then spectre and meltdown happened.
Yeah there's some hindsight there... but are you saying that views have gone full circle? Where are these attitudes changing? JS has historically been sandboxed better than Java Applets and ActiveX, which is one reason why it's popular now.
Nope, not saying they went full circle, just that they went from one extreme (client side code bad) to another (client side code as inevitable fact of life and why question that?).
And tangentially, I was pointing out more recently that the grumpy position from older times actually would have prevented some real world problems. (Spectre and meltdown go from being local privilege escalation bugs to "holy shit you can own my machine if I visit a web page")