ECMAScript ("Javascript") Version 4 - Official Overview

Walter Dnes waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org
Tue Oct 23 23:30:03 UTC 2007 

On Mon, Oct 22, 2007 at 04:04:52PM -0400, Scott Elcomb wrote
> 
> An official overview[1] of "Javascript 2.0" was released today.  It
> will likely be some months (at least) for this version of the language
> to show up in web browsers, but it might be a good idea to get
> on-board early.
> 
> http://www.ecmascript.org/es4/spec/overview.pdf

  I went and read the document...
<RANT>
  These guys have obviously never heard of text files.  They insist on
PDF.  Not only that, they put in *HUGE* margins on all sides, and then
scrunch all the text in.  The net result is that the document is
unreadable on my 24" 1920x1200 LCD monitor.  I had to convert it to text
and read that.
</RANT>

  Javascript has a checkered history.  It started life as "Livescript",
but was renamed to "Javascript" in a marketing move that was intended to
piggyback on the early popularity of Java.  Please go easy on people who
confuse the two.  The confusion was a deliberate, cynical, marketing
strategy.

  Java started off as a full-blown programming language, development
platform, and kitchen sink.  It was complex, hard to use, and powerful.
Because of the power, Java comes with a built-in sandbox as a security
measure.

  Livescript (later to become Javascript) started off as a quick and
dirty scripting language.  Due to greater ease-of-use, it quickly
replaced Java in webpages.  Because the original Livescript had so
little power, the authors decided that a sandbox was unnecessary.
However, Javascript has gained a lot of features and power since the
days of Livescript, and power.  This has turned it into a security
headache.

  I'm sure that programmers for the Russian Mafia are rubbing their
hands in glee as they go through the list of features proposed for the
new version.  If you think drive-by-downloads are bad now, you ain't
seen nothing yet.


  I will not stick my head in the sand and assume that linux is immune.
What I worry about are the multi-platform scripting languages like
Javascript and Schlockwave-Trash with its "Actionscript", as Adobe calls
it.  At least with Java, I have the option of not building it.  Saving
3/4 of a gig of disk space is an added bonus.  However, Javascript will
be built in to all webbrowsers.  The Noscript and Flashblock extensions
for Firefox are going to be more necessary than ever.  And before anyone
gets up on the soapbox about not going to porn or warez or other evil
websites, please read the article...
http://security.itworld.com/4337/071022hack247/pfindex.html

-- 
Walter Dnes <waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org> In linux /sbin/init is Job #1
Q. Mr. Ghandi, what do you think of Microsoft security?
A. I think it would be a good idea.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list