[Gllug] Javascript
Nix
nix at esperi.org.uk
Sun Apr 3 23:15:10 UTC 2011
On 3 Apr 2011, John Edwards spake thusly:
> On Sat, Apr 02, 2011 at 08:04:24PM +0100, Christopher Hunter wrote:
>> On Sat, 2011-04-02 at 16:08 +0100, John Edwards wrote:
>>
>>>> What is your objection to Javascript?
>>>
>>> Execution of untrusted foreign code on your computer, often from
>>> third party sites you don't even know you are accessing.
>>
>> There's huge amounts of code that running in your machine that you have
>> no sight of
>
> On Debian?
Sure. In your NIC, your CPU microcode, your disks... everywhere. I wish
it was all open, but unfortunately right now virtually everything you do
depends on closed code :( thanks to ACPI and SMIs, at any time your
system might be executing closed code without warning.
> I do have to use the Sun Java VM for an IPMI tool that is rather picky
> about JREs. But that is my choice and very different from trusting
> code from every web site in the world.
Well, you're really trusting your browser JavaScript VM not to have
holes in it. (ha ha ha hahahaaa)
(The fact remains that the only exploit I have ever heard of that
requires JavaScript is XSS, and that is easily avoided by doing
security-important stuff like banking in a separate browser. These days,
the Web is largely unusable without JS: I gave up trying to turn it off
many years ago.)
--
NULL && (void)
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list