[Gllug] Javascript
JLMS
jjllmmss at googlemail.com
Tue Apr 5 22:58:57 UTC 2011
On 4 April 2011 00:15, Nix <nix at esperi.org.uk> wrote:
> On 3 Apr 2011, John Edwards spake thusly:
>
>> On Sat, Apr 02, 2011 at 08:04:24PM +0100, Christopher Hunter wrote:
>>> On Sat, 2011-04-02 at 16:08 +0100, John Edwards wrote:
>>>
>>>>> What is your objection to Javascript?
>>>>
>>>> Execution of untrusted foreign code on your computer, often from
>>>> third party sites you don't even know you are accessing.
>>>
>>> There's huge amounts of code that running in your machine that you have
>>> no sight of
>>
>> On Debian?
>
> Sure. In your NIC, your CPU microcode, your disks... everywhere. I wish
> it was all open, but unfortunately right now virtually everything you do
> depends on closed code :( thanks to ACPI and SMIs, at any time your
> system might be executing closed code without warning.
>
>> I do have to use the Sun Java VM for an IPMI tool that is rather picky
>> about JREs. But that is my choice and very different from trusting
>> code from every web site in the world.
>
> Well, you're really trusting your browser JavaScript VM not to have
> holes in it. (ha ha ha hahahaaa)
>
> (The fact remains that the only exploit I have ever heard of that
> requires JavaScript is XSS, and that is easily avoided by doing
> security-important stuff like banking in a separate browser. These days,
> the Web is largely unusable without JS: I gave up trying to turn it off
> many years ago.)
Your apostate!
Don't you see the whole net collapsing under the weight of badly or
maliciously written JavaScript?
You hath sinned.... Repent!
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list