The polyfill.js is a popular open source library to support older browsers. 100K+ sites embed it using the cdn.polyfill.io domain. Notable users are JSTOR, Intuit and World Economic Forum. However, in February this year, a Chinese company bought the domain and the Github account. Since then, this domain was caught injecting malware on mobile devices via any site that embeds cdn.polyfill.io. Any complaints were quickly removed (archive here) from the Github repository.
What I said, literally.
Which can be done with something embeddable, and not by breaking a hypertext system.
If those people don’t consider mine, then I don’t consider theirs. If I must consider theirs, they must consider mine.
That says nothing. It’s a market\evolution argument. Something changes tomorrow and that will be the result of evolution. Somebody uses a different system and that’s it for them.
And today’s web browsers are as open as Microsoft’s OOXML. De facto proprietary.
For Flash? Are you sure? I don’t remember such.
Nothing was. Doesn’t tell us anything.
Yes, but applet’s problems in that wouldn’t spread to the HTML page embedding it. Unlike now.
I’ve already said how it’s similar to OOXML. Only MS documented their proprietary at the moment standard of their proprietary program and made it open, while Chromium is itself open, but somehow that doesn’t make things better.
That’s similar to the Apple walled garden arguments. It’s valuable in areas other than security because of separating power between some browser developer and some plugin’s developer. And fighting monoculture is also good for security.
Also people still use plugins, still separately updated, which still get compromised.
Also plugins can be properly sandboxed.
Sorry, I still do feel that burden of proof. Because for a static site like in 2002 I’d just export a page from OpenOffice and edit some links, and then upload it.