On Tue, Jul 27, 2010 at 9:15 PM, Ralph Janke <span dir="ltr"><<a href="mailto:txwikinger@ubuntu.com">txwikinger@ubuntu.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On July 27, 2010 07:27:40 pm unsolicited wrote:<br>
><br>
> Networking in and of itself should not be bad.<br>
><br>
</div>> ...<br>
<div class="im">><br>
> NoScript, at least, provides a selective, and temporary, mechanism to<br>
> let (some) javascript in. And even doing so will lead to 'nefarious'<br>
> unnecessary consumption of unwanted bandwidth, if you don't remember<br>
> to revoke those temporary permissions. (Which makes NoScript,<br>
> unfortunately, an incompletely satisfying sole approach.)<br>
><br>
> To say, in this day and age "Well, just don't use it, then." is fatuous.<br>
><br>
<br>
</div>Well, it still does not explain why networking is ok, but Javascript is not.<br>
Javascript is not the only security issue exposed in networking.<br>
<br>
Hence: Javascript in and of itself should not be bad! :) <br></blockquote></div><br>What matters is not the abstract theoretical stuff, but what is actually<br>out there in the field. How a certain technology is used, not what it was<br>
designed to do, nor what it could have been.<br><br>Networking itself is a good thing. Does that mean I open all ports and run<br>everything without passwords? Remember that the internet was like that<br>in the early research days. Using uucp and then rsh to remotely execute <br>
commands from one university machine to another university machine.<br><br>Usenet was also useful for all sorts of things from news to sharing programs.<br><br>Then the world changed. There was the Morris Worm. Then came spam.<br>
Then viruses and worms.<br><br>That is reality ...<br><br>Javascript is just a language. AJAX is one use of that language, generally<br>useful, e.g. Gmail.<br><br>But how it is used by sites out there varies from annoying to obnoxious to <br>
dangerous.<br><br>The only practical defense is to use an extension like NoScript, and whitelist<br>on a domain by domain basis. If there is something better, I have not seen it.<br>-- <br>Khalid M. Baheyeldin<br><a href="http://2bits.com">2bits.com</a>, Inc.<br>
<a href="http://2bits.com">http://2bits.com</a><br>Drupal optimization, development, customization and consulting.<br>Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra<br>Simplicity is the ultimate sophistication. -- Leonardo da Vinci<br>