[Gllug] Javascript

JLMS jjllmmss at googlemail.com
Tue Apr 5 22:58:57 UTC 2011

On 4 April 2011 00:15, Nix <nix at esperi.org.uk> wrote:
> On 3 Apr 2011, John Edwards spake thusly:
>> On Sat, Apr 02, 2011 at 08:04:24PM +0100, Christopher Hunter wrote:
>>> On Sat, 2011-04-02 at 16:08 +0100, John Edwards wrote:
>>>>> What is your objection to Javascript?
>>>> Execution of untrusted foreign code on your computer, often from
>>>> third party sites you don't even know you are accessing.
>>> There's huge amounts of code that running in your machine that you have
>>> no sight of
>> On Debian?
> Sure. In your NIC, your CPU microcode, your disks... everywhere. I wish
> it was all open, but unfortunately right now virtually everything you do
> depends on closed code :( thanks to ACPI and SMIs, at any time your
> system might be executing closed code without warning.
>> I do have to use the Sun Java VM for an IPMI tool that is rather picky
>> about JREs. But that is my choice and very different from trusting
>> code from every web site in the world.
> Well, you're really trusting your browser JavaScript VM not to have
> holes in it. (ha ha ha hahahaaa)
> (The fact remains that the only exploit I have ever heard of that
> requires JavaScript is XSS, and that is easily avoided by doing
> security-important stuff like banking in a separate browser. These days,
> the Web is largely unusable without JS: I gave up trying to turn it off
> many years ago.)

Your apostate!

Don't you see the whole net collapsing under the weight of badly or
maliciously written JavaScript?

You hath sinned.... Repent!
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list