[geeks] Writing software [was Re: Can't decide on an OS]

Phil Stracchino phils at caerllewys.net
Tue Oct 1 18:13:57 CDT 2013 

On 10/01/13 02:57, Mouse wrote:
>> The reliance on client-side code (Javascript) is annoying, but this
>> is just the next iteration of NeWS with worse controls and better
>> market acceptance.
> 
> "Just" that?!  That's quite enough to be problematic.  I don't quite
> understand how people can think "here, execute this code some random
> server you don't know from Adam just handed you" can _not_ be a
> security issue.

I am TOTALLY behind this.  And the problem is so pervasive that browser
developers are removing the ability to turn Javascript execution off,
because so much breaks if Javascript is disabled.

Personally, I would not mind _as much_ having everything be dependent
upon Javascript, if all Javascript sent to me was labelled with its site
of origin and cryptographically signed, and I had a way to choose which
sites' Javascript I was willing to run.  But no!  I can't do that.
Short of using an add-on like NoScript (which I *do*), I have absolutely
no control over what Javascript from what source gets executed when I
load a web page.  I can't even tell, even *WITH* NoScript, which scripts
are *supposed* to be part of the page and which have been injected by
some script kiddy who hacked the site or hijacked a script inclusion
from a third-party site, and even if there is no malware, I have no way
of knowing how much of that Javascript is third, fourth, seventh and
nineteenth parties harvesting every last dreg of information they can
scrape or infer about what I'm doing, in order to sell the information
to the sixth, ninth, fifteenth and twenty-third parties who will
leverage it to try to sell me crap I don't want.  Unless I first
download the entire source code of the page and read it.  And some of
the content may be hidden from me even then because it's demand-loaded
or pushed.

It is *INSANE* to even *try* to pretend that this is not a *MASSIVE*
security/privacy problem.


-- 
  Phil Stracchino
  Babylon Communications
  phils at caerllewys.net
  phil at co.ordinate.org
  Landline: 603.293.8485

More information about the geeks mailing list