"That's a really cool security aware script language you've got there! So.. um.. how can I extend it to call third party libraries?"
Perhaps the idea that "the computer" is one single entity with a shared security domain and view of hardware is the flaw. Why can my web browser read my tax documents unless I go through a bunch of rather absurd efforts to prevent something so simple?
Because you want to be able do report your taxes documents to the tax office? It's one of those things that sound so simple on paper, but every time someone does that trivial thing and not make documents available to the web browser, usability suffers.
The real answer why the browser can read certain files is much more complex, your web browser is not a singular entity anymore. And the network and protcol speaking parts of it can't access your documents, according to the principle of least authority.
It's far from perfect and gets hacked every time, but do take the time to read how that's done. The hacks are just as complex as the web browser itself. The practical problem with the browser is the enormous complexity of functions, everything from OpenGL to databases to p2p and usb, that keeps growing boundlessly.
Right.. which is why "home PC" is one of the largest attack surfaces we have. The fact that tax authorities expect you to brave the gap is only one of the problems with this configuration.
The web browser _purports_ to be that entity. The list of CVEs shows that it isn't. If I install a "web browser" I'm installing "a binary program that can access anything it wants at any time it wants."
"Do take the time to read" is an absurdly condescending thing to say while simultaneously moving the goalposts of the argument.
Perhaps the idea that "the computer" is one single entity with a shared security domain and view of hardware is the flaw. Why can my web browser read my tax documents unless I go through a bunch of rather absurd efforts to prevent something so simple?