I don't disagree with your overall point but in the world of high-end watches Rolex watches _are_ mass produced and leverage economies of scale. I think the latest estimates are around 800,000 watches produced per year by Rolex.
That configuration will not be the default. You might just as productively argue that the best way to defeat fingerprinting would be to default to Gopher.
Can a user meaningfully determine the correct answer to that question?
The experience is “I clicked no and nothing worked” vs “I clicked yes and the site worked”.
I get that you don’t like it, but the reality is that the web is a platform that includes JS as a core technology. The reason for limiting java and activex was because they had catastrophically terrible security properties more or less by design.
Even flash had problems, but was sensible enough to correct many deficiencies and defer to the browser for interaction with anything outside of its view. Which is why you weren't asked about running flash on every website you went to. JS and the various web/html/dom APIs all have much much stricter constraints than anything flash had - they are designed to be safe in spite of all content being untrusted.
More over dialogs like that are largely recognized among browser developers as being a form of blame shifting - a regular user has no reasonable way to determine whether or not saying “yes” is safe. The purpose of asking them, is so that if something does go wrong you can say “they shouldn’t have clicked yes”.
Just as long as we're all clear that this is not a real debate, and a serious programming language connected to the DOM is not going anywhere; you are stuck with that design.
To be more exact, what you want is not a slow password hashing algorithm. What you want is an algorithm that is as efficient for the defender as it is for the attacker. The key is that you do not want an attacker to be able to abuse custom hardware or distributed compute in order to gain an efficiency advantage.
What incentives would a someone have to invest a considerable amount of time in releasing and maintaining an open source project if they can't even use that to promote themselves?
Maybe they have a genuine interest in the problem they're addressing, and in solving it. I work on some open source projects that gain little attention from others but have great utility to me, personally.
It's a nice sentiment but that's how you end up with abandoned, low quality projects that no one uses. Or even worse - abandoned, low quality projects that half the Internet relies on.
> It's a nice sentiment but that's how you end up with abandoned, low quality projects that no one uses.
How is it a bad thing that a piece of software that no one uses is abandoned by its developers? Or should i put it like this: how is it bad that no one uses a piece of software that has been abandoned by its developers? Whichever way you prefer to put it.
> Or even worse - abandoned, low quality projects that half the Internet relies on.
It's not my responsibility to make sure that my software is used for things that it is useful for. In fact, I typically use a license where I deny responsibility for fitness for a particular purpose, like MIT or GPL, exactly because it isn't and shouldn't be my problem.
I think this should be accounted for when deciding whether to use open source software in your project. Of course, with Javascript projects I often end up looking at shitty dependencies because some popular library depends on some slightly less popular library which depends on a brain fart someone put on github 10 years ago and never touched since despite stale, open issues. This is a problem with the community's attitude towards dependencies, not with what software I make available for others to use.
Besides, a low quality project that half of the internet relies on doesn't really need any additional promotion or advertisement, does it?
You can be perfectly competitive without playing arena or buying packs. I haven't paid a cent for the past 2 years and can play all the competitive decks I want in every meta. Blizzard has been very good with bumping up the rewards you get from playing normally.
I stopped playing 2 years ago so that's likely it, for the first 2 years of hearthstone from closed beta to when I stopped the rewards were lacking. When I had time to play a lot in early student years, I could play some expansions without paying a thing but getting busier in later student years I fell behind too quickly.
