>> Note that, suddenly, Web Crypto is starting to look damn good
OK so we can also boot Linux in a browser, if you stick with it apparently you can do just about anything in JavaScript if you're willing to spend the CPU cycles to do it.
Why? ChromeBook as an example, why move everything into the browser so that the OS is minimized or even removed, you're still going to face the same software problems.
He addresses that. The browser has a different security model than the OS.
The OS's model is based off of the user being the unit of security. If a user runs a piece of software, that software can interact with all files owned by the user. It can make web requests to anything.
The browser's model has the unit as the webpage, not the user. Each webpage is sandboxed from others. If one webpage is malicious, in theory it cannot modify users files or even other webpages.
The difference in model makes a malicious webpage significantly less scary than a malicious program.
Your example, of running your whole OS in the browser, is unrealistic; in reality you'll be running each piece of the OS in a different isolated tab.
This model can work since the web was built for each site to be independent and self-contained... We've already gone too far down the rabbit-hole of native programs being extremely powerful to easily fix that.
The OS might not be lost though. You can run scary software in a VM. You can run each program in a separate chroot. Perhaps soon you could just spin up an lxc (with docker perhaps) for each different program you want to run. These methods of running software all basically transform the OS into using the browser's model.
It's also worth mentioning that the browser model has inherent security flaws for as long as it persists the executable on external servers; you have to find a trusted channel to access the data everytime whereas the program only has to be verified once after downloading.
OK so we can also boot Linux in a browser, if you stick with it apparently you can do just about anything in JavaScript if you're willing to spend the CPU cycles to do it.
Why? ChromeBook as an example, why move everything into the browser so that the OS is minimized or even removed, you're still going to face the same software problems.