Hacker News new | past | comments | ask | show | jobs | submit login

> why were Coinbase employees allowed to use any browser with javascript enabled

I don't know, maybe because they need to get work done...? Even traditional banks allow JS.




I've worked at a large traditional bank (market cap and enterprise value are both around 100b), they also allowed firefox as well as js, at least for developers (I don't know what it looked like for non developers).


Of course, there generally are legal processes to leverage if money is stolen from a bank. The cryptosphere isn't as forgiving.


Google and Stackoverflow work just fine without javascript enabled. Trustworthy sites can be whitelisted if absolutely necessary.


It's this sort of attitude that makes sysadmins so incredibly popular among the masses.

Hint: if your environment feels like a concentration camp, users will find ways to work outside of it most of the time - which will be even more disastrous.


That's a fair point when literally hundreds of millions of dollars aren't on the line. It's not hard to properly secure your system from all manner of internet threats. There's no excuse for crypto exchanges not to implement such measures.


If hundreds of millions of dollars are one JS exploit away, the defense model is flawed. That sort of movement should require approvals from multiple people and even dedicated terminals that are not used for everyday browsing.

Security is a tradeoff; nuking browsers for everyone is just a bad tradeoff in 2019.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: