[GTALUG] security threats of Open Source
o1bigtenor
o1bigtenor at gmail.com
Thu Jan 23 18:29:53 EST 2020
On Thu, Jan 23, 2020 at 3:37 PM D. Hugh Redelmeier via talk
<talk at gtalug.org> wrote:
>
> | From: o1bigtenor via talk <talk at gtalug.org>
>
> | In this vein - - - - a contact who in computer terms calls himself a dinosaur
> | refuses to allow javascript on his computers doing all his browsing on text
> | based browsers. In his opinion javascript is a serious accident already in free
> | fall. What you're sharing only emphasizes that. Maybe its time to join his
> | anti Javascript position?
>
Thank you for your response!!
> The issues are a little more intricate.
They usually are - - - grin.
>
> Note npm is a repo (mostly?) for JavaScript to run under node.hs.
> node.js is a server-side thing. It runs JavaScript on the server. Not in
> the client (browser).
>
> JavaScript itself isn't terrible.
>
> What is unfortunate, I think, is the unfettered creativity JavaScript
> in the browser allows web designers. They misuse it, just like they
> did Adobe Flash previously. To some extent this is caused by the good
> sides of JavaScript: how easy it is to learn, how easy it is to wip up
> complexity, how easy it is for the page creator to take control of the
> browser experience.
>From what little I know what I"m thinking is that the browser user needs
to have some tools to control what the browser does - - - - that seems
to be unobtanium at this point.
>
> What I was talking about was how easy it is to inject malicious code into
> the ecosystem. That isn't actually the fault of the language. (It is
> imaginable that one could design a language that prevented some abuse.)
>
> In fact, the language+browser have been designed to limit the damage
> that could be inflicted on the client side. The npn problem is mostly
> server-side, I think (I'm not sure).
>
> Making something easier (cheaper, faster, more understandable, ...)
> allows it to be used more, often to excess. Unexpected side effects
> can ensue.
>
> - increasing efficiency of cars makes driving cheaper so people
> drive more and end up using more total energy (gasoline).
Our obsession with individual transportation has become a major cost
factor in one's personal economy.
>
> - computers became a lot cheaper. So a lot more money is spent on
> computers.
>
> - programming has become easier. So a lot more pointless programs have
> been created.
>
> - when I worked on optimizing compilers, I thought that I was trying
> to make existing programs run faster. Then it struck me that it
> allowed programmers to write programs in a simpler and clearer way
> and have the compiler eliminate the performance cost.
Interesting.
>
> Here's a random example of npm use:
>
> <https://www.electronjs.org/>
> ---
Thanks for the sharing!
I'm wondering if there even is a way of reining in the wild possibilities in
javascript in a browser. If there is it would be quite nice if this
would happen
quite soon. I'm finding that the web has become quite a frustrating and a very
very far from useful place to look for things.
Regards
More information about the talk
mailing list