Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I can't figure why would a browser double as a PDF reader, for instance, when a native app is invariably faster, more feature-rich, more customisable and more secure.

A native app is less secure. They're all written in memory-unsafe languages, are not guaranteed to be up-to-date, and do not run sandboxed. Integrating a JS PDF viewer into the browser hurts performance, but it's more convenient (no separate app to open, can start reading before it finishes downloading), and much less likely to be a security risk.



>> A native app is less secure. They're all written in memory-unsafe languages, are not guaranteed to be up-to-date, and do not run sandboxed.

So how can we even trust the browser if native apps are always less secure according to you?

The exploit ran despite the sandbox if I understood it right.


I don't understand the reasoning here at all. Are you arguing that because sandboxes sometimes have holes in them that they aren't worthwhile?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: