I'm sort of surprised that the developer tools have only recently become an attack vector (via social engineering). I'm not sure what can even really be done about it without seriously inconveniencing developers. Maybe making them disabled by default with an extra option to enable them would be enough to deter all but the most gullible of users?
Why not a separate package altogether? That way the Chrome team can focus on Chrome, and the Developer Tools team can focus on producing a high-quality website debugger.
Because the "hackability" of the web is important. The ability to view source, play in the console, modify the dom, etc is amazing. Locking it down or providing a larger barrier to entry (eg, download this extra thing) provides dubious benefit and hides what makes the web great.
I speak from someone who teaches ruby and javascript. Javascript is in every browser and the console is a wonderful place to start. When I teach ruby (on Mac's) I have to start with, "well ok, now download xcode". It's really easy for someone to give up before getting everything working.
You can download the command line tools package from apple instead to get the compiler which is only a couple hundred megs instead of the 5 gig bloat that is xcode. Definitely saves a lot of hassle.
So downloading a 100KB extension for a browser which you use for downloading stuff all the time is a "huge barrier"? Wow, talk about a 1st world problem.
And "when I teach ruby", "well ok, now download xcode"... ok, Xcode is a 2.5GB download, but it is a one click download and install via App Store. And really? Xcode for Ruby? Are you really doing that?
Xcode is necessary because Apple distributes an operating system without a C compiler, and standard Ruby development requires a C compiler. Why Apple distributes an incomplete operating system by default, and why they distribute their development environment as one monolithic chunk as opposed to a set of packages, is anyone's guess.
Windows is also an incomplete operating system as sold, as are those Linux distros. For a long time Windows was outright defective because there was no compiler available without paying hundreds of additional dollars to Microsoft, but they do have a free toolchain now.
OS X is an Open Brand UNIX 03 Registered Product since Leopard and given this it can be considered "complete." It isn't shipped with a compiler but your can install the cmdline tools (without all the XCode bundle) typing:
Mac OS X comes with Ruby already installed, and afaik you don't need a C compiler to learn standard ruby, you'd only need it for certain gems (which want to build native extensions).
OS X comes with an obsolete version of Ruby which almost nobody uses.
The latest version of OS X comes with Ruby 2.0, which is hardly obsolete, and that or Ruby 1.8.7 (from earlier OS X) is totally fine for learning to use Ruby, which is how this thread started.
Claiming you need to start to learn by installing xCode or the tools is false - there is lots more to ruby than installing rvm, rails and sql gems etc. Beginners could go a long way without requiring non-native gems, and by the time they get to that stage, installing Ruby 2.0 should be a breeze, whatever route you choose.
Probably over 95% of mac users would never use the compiler, so I see why they left it out. Installing it is really very easy anyway, command line or with xcode.
When you're teaching someone a subject that they expect to be challenging and aren't forced to learn, any extra barrier can dissuade them entirely. Think of the learning process like the conversion funnel for a web site.
I write JavaScript all day and the first step is to download XCode. I don't know if this is his reason, but installing XCode is the best way to get all the developer tools installed (clang, for example).
If scammers can get people to open the developer console and paste code, they can get them to install the "developer tools extension" and then open the console and paste code. Add all the warnings you want, the scammer will say "see what facebook doesn't want you to see!!!".
This has been called the "dancing monkeys problem". People can really be manipulated into doing anything in order to see the dancing monkeys (even if they couldn't be convinced to do those things for constructive purposes).
IMHO you just can't save people from themselves, might as well stop trying and making my life harder.
I heard it as "dancing bunnies". I think more people will go for dancing bunnies, than pigs or monkeys -- bunnies are cuter! I wonder if scammers do A/B testing...
We can put bareers here forever that will deter more and more developers and curious yet-to-be hackers from playing with the web, while scammers will just use simple social tricks to make gullible people jump through any obstacle we put.
Here, to be honest, I vote for natural selection. Fight the scammers, and let the gullible be scammed until the society develops an immune response. It happens all the times, and I think that at least a part of the solution for Internet scam is to accelerate immune response development as much as possible.
