[kwlug-disc] DuckDuckGo.com -- an alternate search engine

unsolicited unsolicited at swiz.ca
Tue Jul 27 19:27:40 EDT 2010 

Ralph Janke wrote, On 07/27/2010 6:58 PM:
> On 07/27/2010 05:04 PM, Andrew Kohlsmith (mailing lists account) wrote:
>> On Tuesday, July 27, 2010 04:51:32 pm Ralph Janke wrote:
>>   
>>> Well.. Javascript is exactly not a black box. You can read all the
>>> Javascript that is loaded. Furthermore, Javascript was designed from the
>>> beginning to sandbox your browser (in clear distinction to ActiveX) from
>>> the rest of the computer.
>>>      
>> Time and time again we are seeing that even with the protections in 
>> place,
>> JavaScript ends up doing more harm than good. Many of the problems would
>> simple not exist if JavaScript were not there.
>>
>> This is not to say that JS is bad, but that even "designed from the 
>> beginning
>> to sandbox your browser" can be very difficult to achieve.
>>    
> 
> Well, many things would not happen if you don't network your computer. 
> Maybe
> you should reconsider having a computer that is connected to the world :D

Just another example of Khalid's point.

Networking in and of itself should not be bad.

How it has been done, in practice, however, opens one up to 'bad 
things' that shouldn't reasonably be there in the first place. As a 
result, additional protections get put in place - be it to turn off 
javascript, or to put in place martian blocks.

It is logistically unreasonable for everyone, of every knowledge 
level, to know or vet that your stuff is ok, and this other guy's is 
not. Users are left with the practical reality of painting everything 
with the same brush, and just turning javascript off. (Or taking 
various other measures, such as various blocks, e.g. ads.)

NoScript, at least, provides a selective, and temporary, mechanism to 
let (some) javascript in. And even doing so will lead to 'nefarious' 
unnecessary consumption of unwanted bandwidth, if you don't remember 
to revoke those temporary permissions. (Which makes NoScript, 
unfortunately, an incompletely satisfying sole approach.)

To say, in this day and age "Well, just don't use it, then." is fatuous.

More information about the kwlug-disc mailing list