But they can be extremely dangerous. Port scans of the internal network, keystroke logging, local filesystem access if you allow for social engineering. (I have built desktop applications in Javascript)
But we're still at the point where writers figure "what is the point of distributing malware which only lives in the browser if you can distribute malware which lives in the OS?"
propriatory code is inherently less secure than open source, if only because you can (could) get away with insecure code
Perhaps that should be "...if only because you can (do) get away with insecure code"
While open source may not prevent someone from releasing poor code it does bring it to light in a more efficient manner. Naughty things go on behind closed doors. When there is no place to hide one tends to demonstrate a little more responsibility. So it is with code.
I HATE that the word democracy has become distasteful to Americans (of all people) and to the rest of the free world as well. We have got to do something about that - it is unacceptable. What would our ancestors think of this generation?
Then they'll just throw them in the garbage out of disdain. They especially like to mock our French speaking citizens. Very interesting people, their friendship is genuine but comes with a little attitude. Maybe that's where we learned it from...
Of course the wealthy just go to the Mayo Clinic in America and pay for services they would otherwise be put on a waiting list for. While the current system meets the majority of the public's needs, depending what you need and when, waiting lists can be much too long.
Cuba is interesting in that there has in recent years been a flourish of activity to expand and involve the role of the academic community in developing practical solutions which are applicable for lesser economies. This includes, but is not limited to, health care. Agriculture is another. For this reason Cuban scientists are coming to be in high demand all over the world.
Now, as to how well and how evenly the Cuban government implements these ideas there may be less than perfect performance as well as some considerable debate, much of it slanted according to the debater's current state of emotions regarding the players involved.
I've always suspected the Novell deal was about freeing Microsoft to sue other Linux vendors. Namely, by ensuring Novell is muzzled from using its own patents Microsoft can go after the rest of the FOSS ecosystem. Readers will recall that part of the reason Novell promised it was "safe" to use Mono was that they had enough patents of their own to prevent Microsoft from starting a patent war. Now that both companies are on the same team Mono use cannot be protected on other flavours of Linux.
What I learned from "The Great Global Warming Swindle":
Global warming is NOT man made. There were at least two climatologists interviewed and several more retired people who used to work with scientists, who made that abundantly clear.
Global warming is entirely helpful and only makes people more prosperous. In no way is global warming undesirable. In fact it is sadly unfortunate man is incapable of inducing global warming since it is so beneficial. Repeated images of people at the beach made me feel good about the possibility of global warming.
Industrialists have done nothing but advance the cause of the African people. They keep trying to give people who have no money free generators but environmental jihadists directly intervene with machine guns and oppress the very people the industrialists have been trying so hard to help.
You may even have heard shadowy reports of industrialists underpaying the local Africans while extracting the riches to other continents. Those are, apparently, a hoax which was created by the environmentalists. And all those incidents where corporations use lax environmental laws in third world nations to profit at the expense of the local peoples' health - the documented increases in birth defects, lung problems and cancer - all could have been avoided if the environazis would just stop sneaking to the village wells at night with arsenic in order to frame big business. Similarly with the whole slavery thing - it was a hoax created by the environmentalists. Big business did not actually round Africans up like animals and sell them to make money. Those were environmentalists. This can be proven by the fact slavery is a hateful thing. Environmentalists are hateful. Businessmen are pure of heart and have never done anything unholy.
It is now my mission to stop keeping an eye on people in power. This movie has assured me they have earned a free pass.
...which sometimes makes it dangerous for our citizens to be in some places which don't particularly hate us. "What a surprise - EVERYONE we capture is Canadian."
The DoD, while unbelievably negligent on research, may not necessarily have been under the assumption that Canada itself was trying to spy on them.
I've said it before, I'll say it again: we went through the same thing with Windows 95+ and Outlook.
Masses: "Ooooo look at the shiny features!" tiny voice in the distance: "But it's a security nightmare!" Masses (louder): "Ooooo look at the shiny features!"
I don't think any of these technologies are inherently any worse than any other method, but the problem is that they don't understand the technologies well enough, and aren't testing for vulnerabilities.
Unfortunately They are only part of the problem. It is currently impossible to secure Javascript for reasons that exist well beyond the individual web site.
The great hazard of client side scripting support (Javascript, Flash, Java, et. al.) is that a breach of the sandbox in one domain can potentially hazard your interactions in other domains. So even if your site is 100% secured Javascript ensures your users can still be at risk. The only solution right now is for 100% of websites to be 100% invulnerable. Is that likely?
Personally I use Firefox with NoScript but while there may be instances where I can be reasonably sure a site I am visiting is not going to intentionally compromise me, there is no way to know that any site is 100% XSS proof. I know full well that every time I enable a site to use Javascript or Flash I increase my risk.
Make no mistake, there is a point at which things boil down to features vs. security. We all have a different threshold at which we are comfortable with the compromise.
We need to get our heads out of the sand and find something to reach for or learn to accept not being important in the world.
Not important? I would mention from a foreigner's perspective we believe you will likely remain the cornerstone of the free world for quite some time. It is for that reason we are concerned about a number of your present actions and attitudes.
Executing 3rd party code by default is insecure?
on
Web 2.0 Under Siege
·
· Score: 1
Fortunately the web development community has learned so much from the ongoing ramifications of Microsoft's "features first, security later" approach in the 90's that we would never recreate such a mess. Oh wait - automatic, default execution of third party code on the client browser, INSIDE THE FIREWALL? What could possibly go wrong with that?
The arguments today also mirror what went on with Windows and Outlook in the 90's. A few wild haired prophets screaming doom and gloom but 99.9% of the IT community was/is hypnotized by the glamour of "features, features, features" and security is relegated to patching. Like building a submarine out of swiss cheese. You'll spend the rest of your life patching but if everyone does it, it's normal. A few weirdos will look up and say "why don't we just start with a less porous base material?" but they will be shouted down by the masses.
Javascript, Flash and Applets are insecure by concept. Oh, pardon me, sandboxes will take care of everything? Append an image to the DOM from your server. If that "image" is actually a program which reads the query string you can pass it any information you want. Sandbox jumped. Not a bug, a feature.
It's not enough to patch websites. It only takes one popular compromised site to infect thousands or even millions of users. Do I trust every site on the internet to be 100% invulnerable 24/7? Not really. Not even the sites I work on.
Most BANKS and financial services require Javascript to log in. Nice to know such critical web services are designed by people who "care about customer security." (cough, cough)
NoScript seems to be a reasonable compromise. No browser I'm aware of takes this approach by default.
Or how about growing miscanthus (and/or switchgrass) for ethanol instead of corn? Much better energy return, much kinder to the soil, much cheaper to farm.
...as grampa used to say. (sorry I couldn't afford the final 'e' in the title)
Specifically we would like to remind our American friends that you do not have a monopoly on stupidity. We are fully capable of, and frequently practise, making stupid decisions on our own.
In fact we'd like to hold a formal stupidy competition to prove that we're not just some trivial pissant to the north you can view with contempt. OK, we may not quite be able to match the whole "two terms for President G.W. Einstein" thing. Actually, that one's pretty much off the charts. Seriously, you've got to stop scheduling your elections to occur immediately after happy hour. The fact is we're all waiting for Ashton Kutcher to run out and tell the planet we been punk'd. Yes, that's it isn't it? Oh you kidders!
Novell is just trying to set another trap for their new friend Mr. Ballmer to gain legitimate intellectual property grievances against open source. Mono's C# implementation came with an air of legitimacy which they immediately overstepped by including Windows.Forms, ADO.NET, etc. They know full well developers will wind up using mono to build code which is vulnerable to submarine patents and this is just another step to facilitate that process.
Before the Microsoft deal Novell promised to use its own IP to protect against Microsoft's threats. Out came the wallet. This deal has put some wind back in Redmond's sails.
...from the likes of Red Hat (small cap) to IBM (major cap)
But at least now they have Novell in their pocket and that is no small coup. Face it, the public side was that this deal was about protecting Novell. It wasn't. It was about protecting Microsoft.
So to Novell, thank you for taking a brief interest in open source and then stabbing it in the back. But be warned that when you sleep with a disease infested crack whore you're going to contract something yourself. You idiots.
> I think that your criticism about the "touchiness" of Americans is true of all people and cultures.
What?!?
How can you even _insinuate_ that about our non-American people/cultures? I find it highly insulting. To even THINK that we are touchy about criticism is such typical American bull****.
Interesting that we Canadians still think _Americans_ are arrogant when we ourselves are starting to brag so much recently. Seriously, how does it make us look to anyone else? What kind of people are they supposed to think we are?
Just because I'm proud to live up here doesn't mean the folks to the south have _everything_ wrong.
> We have much friendlier people
Bullshit. I've had perfect strangers come up and chat with me in the States and perfect strangers cuss at me in Canada. There are friendly people and jerks in any country.
> better scenery
Colorado, Alaska, Arizona, Hawaii, etc. - very, very beautiful.
Slashdot Mirror
Perhaps that should be "...if only because you can (do) get away with insecure code"
While open source may not prevent someone from releasing poor code it does bring it to light in a more efficient manner. Naughty things go on behind closed doors. When there is no place to hide one tends to demonstrate a little more responsibility. So it is with code.
I HATE that the word democracy has become distasteful to Americans (of all people) and to the rest of the free world as well. We have got to do something about that - it is unacceptable. What would our ancestors think of this generation?
Canadian piracy in perspective:
Two drunks in a canoe with a pet whisky jack perched on one shoulder, mooning the beach. I think we've proven that we deserve to be taken seriously.
Then they'll just throw them in the garbage out of disdain. They especially like to mock our French speaking citizens. Very interesting people, their friendship is genuine but comes with a little attitude. Maybe that's where we learned it from...
...as an example of a functional symbiosis of public and private health care. But the taxes!
Of course the wealthy just go to the Mayo Clinic in America and pay for services they would otherwise be put on a waiting list for. While the current system meets the majority of the public's needs, depending what you need and when, waiting lists can be much too long.
Cuba is interesting in that there has in recent years been a flourish of activity to expand and involve the role of the academic community in developing practical solutions which are applicable for lesser economies. This includes, but is not limited to, health care. Agriculture is another. For this reason Cuban scientists are coming to be in high demand all over the world.
Now, as to how well and how evenly the Cuban government implements these ideas there may be less than perfect performance as well as some considerable debate, much of it slanted according to the debater's current state of emotions regarding the players involved.
Somebody should tell Mike Rowe
I've always suspected the Novell deal was about freeing Microsoft to sue other Linux vendors. Namely, by ensuring Novell is muzzled from using its own patents Microsoft can go after the rest of the FOSS ecosystem. Readers will recall that part of the reason Novell promised it was "safe" to use Mono was that they had enough patents of their own to prevent Microsoft from starting a patent war. Now that both companies are on the same team Mono use cannot be protected on other flavours of Linux.
What I learned from "The Great Global Warming Swindle":
It is now my mission to stop keeping an eye on people in power. This movie has assured me they have earned a free pass.
...which sometimes makes it dangerous for our citizens to be in some places which don't particularly hate us. "What a surprise - EVERYONE we capture is Canadian."
The DoD, while unbelievably negligent on research, may not necessarily have been under the assumption that Canada itself was trying to spy on them.
I've said it before, I'll say it again: we went through the same thing with Windows 95+ and Outlook.
Masses: "Ooooo look at the shiny features!"
tiny voice in the distance: "But it's a security nightmare!"
Masses (louder): "Ooooo look at the shiny features!"
Unfortunately They are only part of the problem. It is currently impossible to secure Javascript for reasons that exist well beyond the individual web site.
The great hazard of client side scripting support (Javascript, Flash, Java, et. al.) is that a breach of the sandbox in one domain can potentially hazard your interactions in other domains. So even if your site is 100% secured Javascript ensures your users can still be at risk. The only solution right now is for 100% of websites to be 100% invulnerable. Is that likely?
Personally I use Firefox with NoScript but while there may be instances where I can be reasonably sure a site I am visiting is not going to intentionally compromise me, there is no way to know that any site is 100% XSS proof. I know full well that every time I enable a site to use Javascript or Flash I increase my risk.
Make no mistake, there is a point at which things boil down to features vs. security. We all have a different threshold at which we are comfortable with the compromise.
Not important? I would mention from a foreigner's perspective we believe you will likely remain the cornerstone of the free world for quite some time. It is for that reason we are concerned about a number of your present actions and attitudes.
Fortunately the web development community has learned so much from the ongoing ramifications of Microsoft's "features first, security later" approach in the 90's that we would never recreate such a mess. Oh wait - automatic, default execution of third party code on the client browser, INSIDE THE FIREWALL? What could possibly go wrong with that?
The arguments today also mirror what went on with Windows and Outlook in the 90's. A few wild haired prophets screaming doom and gloom but 99.9% of the IT community was/is hypnotized by the glamour of "features, features, features" and security is relegated to patching. Like building a submarine out of swiss cheese. You'll spend the rest of your life patching but if everyone does it, it's normal. A few weirdos will look up and say "why don't we just start with a less porous base material?" but they will be shouted down by the masses.
Javascript, Flash and Applets are insecure by concept. Oh, pardon me, sandboxes will take care of everything? Append an image to the DOM from your server. If that "image" is actually a program which reads the query string you can pass it any information you want. Sandbox jumped. Not a bug, a feature.
It's not enough to patch websites. It only takes one popular compromised site to infect thousands or even millions of users. Do I trust every site on the internet to be 100% invulnerable 24/7? Not really. Not even the sites I work on.
Most BANKS and financial services require Javascript to log in. Nice to know such critical web services are designed by people who "care about customer security." (cough, cough)
NoScript seems to be a reasonable compromise. No browser I'm aware of takes this approach by default.
Or how about growing miscanthus (and/or switchgrass) for ethanol instead of corn? Much better energy return, much kinder to the soil, much cheaper to farm.
...as grampa used to say. (sorry I couldn't afford the final 'e' in the title)
Specifically we would like to remind our American friends that you do not have a monopoly on stupidity. We are fully capable of, and frequently practise, making stupid decisions on our own.
In fact we'd like to hold a formal stupidy competition to prove that we're not just some trivial pissant to the north you can view with contempt. OK, we may not quite be able to match the whole "two terms for President G.W. Einstein" thing. Actually, that one's pretty much off the charts. Seriously, you've got to stop scheduling your elections to occur immediately after happy hour. The fact is we're all waiting for Ashton Kutcher to run out and tell the planet we been punk'd. Yes, that's it isn't it? Oh you kidders!
(sigh) Once again we come in second...
Novell is just trying to set another trap for their new friend Mr. Ballmer to gain legitimate intellectual property grievances against open source. Mono's C# implementation came with an air of legitimacy which they immediately overstepped by including Windows.Forms, ADO.NET, etc. They know full well developers will wind up using mono to build code which is vulnerable to submarine patents and this is just another step to facilitate that process.
Before the Microsoft deal Novell promised to use its own IP to protect against Microsoft's threats. Out came the wallet. This deal has put some wind back in Redmond's sails.
But at least now they have Novell in their pocket and that is no small coup. Face it, the public side was that this deal was about protecting Novell. It wasn't. It was about protecting Microsoft.
So to Novell, thank you for taking a brief interest in open source and then stabbing it in the back. But be warned that when you sleep with a disease infested crack whore you're going to contract something yourself. You idiots.
> I think that your criticism about the "touchiness" of Americans is true of all people and cultures.
What?!?
How can you even _insinuate_ that about our non-American people/cultures? I find it highly insulting. To even THINK that we are touchy about criticism is such typical American bull****.
(...you insensitive clod!)
Interesting that we Canadians still think _Americans_ are arrogant when we ourselves are starting to brag so much recently. Seriously, how does it make us look to anyone else? What kind of people are they supposed to think we are?
You don't understand - we've got this surplus of cash sitting around which we're not allowed to spend on education or universal health care.
> I'm sure the irony, and indeed the stupidity of this move is totally lost on you.
Yes. Yes it is.
Except that the price might be a tad higher to purchase the nation with the world's highest per capita GDP.
> It was meant to be a joke... I have no idea how this got to be "informative"
Ah, joke's on me then. That is pretty funny about the moderation.
Just because I'm proud to live up here doesn't mean the folks to the south have _everything_ wrong.
> We have much friendlier people
Bullshit. I've had perfect strangers come up and chat with me in the States and perfect strangers cuss at me in Canada. There are friendly people and jerks in any country.
> better scenery
Colorado, Alaska, Arizona, Hawaii, etc. - very, very beautiful.
> and fewer hurricanes
Why would we rub that in someone's face?