[GTALUG] security threats of Open Source

Don Tai dontai.canada at gmail.com
Thu Jan 23 19:00:24 EST 2020 

I regularly browse with javascript turned off. I use NoScript. While it is
a hassle, I whitelist trusted sites, but refuse script from 3d party sites.
There is a bit of setup to do to whitelist sites. Scripts have long been
abused. Browsing without js restores a bit of honesty in web pages, as a
lot of the razzle dazzle crap code is not executed. I seek information more
than eye candy. Cross-site scripting risk is near eliminated, making web
browsing safer. You can also see which sites have added a whole lot of crap
onto their script code and which 3d party sites they employ. This will
colour your selection of credible web sites.

As well I intermix browsers as well as use Tor.

I encourage you to try it. Tilt the advantage to the user with the NoScript
plugin.

On Thu, 23 Jan 2020 at 18:30, o1bigtenor via talk <talk at gtalug.org> wrote:

> On Thu, Jan 23, 2020 at 3:37 PM D. Hugh Redelmeier via talk
> <talk at gtalug.org> wrote:
> >
> > | From: o1bigtenor via talk <talk at gtalug.org>
> >
> > | In this vein - - - - a contact who in computer terms calls himself a
> dinosaur
> > | refuses to allow javascript on his computers doing all his browsing on
> text
> > | based browsers. In his opinion javascript is a serious accident
> already in free
> > | fall. What you're sharing only emphasizes that. Maybe its time to join
> his
> > | anti Javascript position?
> >
>
> Thank you for your response!!
>
> > The issues are a little more intricate.
>
> They usually are - - - grin.
> >
> > Note npm is a repo (mostly?) for JavaScript to run under node.hs.
> > node.js is a server-side thing.  It runs JavaScript on the server.  Not
> in
> > the client (browser).
> >
> > JavaScript itself isn't terrible.
> >
> > What is unfortunate, I think, is the unfettered creativity JavaScript
> > in the browser allows web designers.  They misuse it, just like they
> > did Adobe Flash previously.  To some extent this is caused by the good
> > sides of JavaScript: how easy it is to learn, how easy it is to wip up
> > complexity, how easy it is for the page creator to take control of the
> > browser experience.
>
> From what little I know what I"m thinking is that the browser user needs
> to have some tools to control what the browser does - - - - that seems
> to be unobtanium at this point.
> >
> > What I was talking about was how easy it is to inject malicious code into
> > the ecosystem.  That isn't actually the fault of the language.  (It is
> > imaginable that one could design a language that prevented some abuse.)
> >
> > In fact, the language+browser have been designed to limit the damage
> > that could be inflicted on the client side.  The npn problem is mostly
> > server-side, I think (I'm not sure).
> >
> > Making something easier (cheaper, faster, more understandable, ...)
> > allows it to be used more, often to excess.  Unexpected side effects
> > can ensue.
> >
> > - increasing efficiency of cars makes driving cheaper so people
> >   drive more and end up using more total energy (gasoline).
>
> Our obsession with individual transportation has become a major cost
> factor in one's personal economy.
> >
> > - computers became a lot cheaper.  So a lot more money is spent on
> >   computers.
> >
> > - programming has become easier.  So a lot more pointless programs have
> >   been created.
> >
> > - when I worked on optimizing compilers, I thought that I was trying
> >   to make existing programs run faster.  Then it struck me that it
> >   allowed programmers to write programs in a simpler and clearer way
> >   and have the compiler eliminate the performance cost.
>
> Interesting.
> >
> > Here's a random example of npm use:
> >
> > <https://www.electronjs.org/>
> > ---
> Thanks for the sharing!
>
> I'm wondering if there even is a way of reining in the wild possibilities
> in
> javascript in a browser. If there is it would be quite nice if this
> would happen
> quite soon. I'm finding that the web has become quite a frustrating and a
> very
> very far from useful place to look for things.
>
> Regards
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20200123/d05f6eba/attachment.html>

More information about the talk mailing list