[GTALUG] security threats of Open Source

o1bigtenor o1bigtenor at gmail.com
Thu Jan 23 18:29:53 EST 2020 

On Thu, Jan 23, 2020 at 3:37 PM D. Hugh Redelmeier via talk
<talk at gtalug.org> wrote:
>
> | From: o1bigtenor via talk <talk at gtalug.org>
>
> | In this vein - - - - a contact who in computer terms calls himself a dinosaur
> | refuses to allow javascript on his computers doing all his browsing on text
> | based browsers. In his opinion javascript is a serious accident already in free
> | fall. What you're sharing only emphasizes that. Maybe its time to join his
> | anti Javascript position?
>

Thank you for your response!!

> The issues are a little more intricate.

They usually are - - - grin.
>
> Note npm is a repo (mostly?) for JavaScript to run under node.hs.
> node.js is a server-side thing.  It runs JavaScript on the server.  Not in
> the client (browser).
>
> JavaScript itself isn't terrible.
>
> What is unfortunate, I think, is the unfettered creativity JavaScript
> in the browser allows web designers.  They misuse it, just like they
> did Adobe Flash previously.  To some extent this is caused by the good
> sides of JavaScript: how easy it is to learn, how easy it is to wip up
> complexity, how easy it is for the page creator to take control of the
> browser experience.

>From what little I know what I"m thinking is that the browser user needs
to have some tools to control what the browser does - - - - that seems
to be unobtanium at this point.
>
> What I was talking about was how easy it is to inject malicious code into
> the ecosystem.  That isn't actually the fault of the language.  (It is
> imaginable that one could design a language that prevented some abuse.)
>
> In fact, the language+browser have been designed to limit the damage
> that could be inflicted on the client side.  The npn problem is mostly
> server-side, I think (I'm not sure).
>
> Making something easier (cheaper, faster, more understandable, ...)
> allows it to be used more, often to excess.  Unexpected side effects
> can ensue.
>
> - increasing efficiency of cars makes driving cheaper so people
>   drive more and end up using more total energy (gasoline).

Our obsession with individual transportation has become a major cost
factor in one's personal economy.
>
> - computers became a lot cheaper.  So a lot more money is spent on
>   computers.
>
> - programming has become easier.  So a lot more pointless programs have
>   been created.
>
> - when I worked on optimizing compilers, I thought that I was trying
>   to make existing programs run faster.  Then it struck me that it
>   allowed programmers to write programs in a simpler and clearer way
>   and have the compiler eliminate the performance cost.

Interesting.
>
> Here's a random example of npm use:
>
> <https://www.electronjs.org/>
> ---
Thanks for the sharing!

I'm wondering if there even is a way of reining in the wild possibilities in
javascript in a browser. If there is it would be quite nice if this
would happen
quite soon. I'm finding that the web has become quite a frustrating and a very
very far from useful place to look for things.

Regards

More information about the talk mailing list