Author Topic: Richard "GNU" Stallman on the JavaScript-code trap....  (Read 1471 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32770
  • malware fighter
Richard "GNU" Stallman on the JavaScript-code trap....
« on: March 25, 2009, 10:23:56 PM »
Hi malware fighters,

What do you think of the subject, treated here: http://www.gnu.org/philosophy/javascript-trap.html

In the beginning JavaScript was considered an minor extension of HTML, now it plays a major role inside various code that runs inside a browser, but part of that code is Free Open Source and other part is Propriety Script, so JavaScript that is Closed Software. Because of the One Source Rule. Now Stallman wants the browser to show us what kind of JavaScript it is that is running there (for instance in a particular application), so the user can discriminate between the good, the bad and the ugly.
It is a complicated question. For incompatibility reasons he has a proper argument, and in the ideal situation where the code was to be set free for the browser user, the data still would not be, well that is understandable. Do not forget the origin is computed from the document.

And as far as the origin of the code goes, has that stopped anyone reversing code in the past?

And what in the case where this code is being created "on the fly" dynamically generated and not by any open source code. Can the user control the propriety application, according to what NoScript does on code, he or she can, (well if advanced enough to know it will run in the desired way!)

But the main question for the NoScript- community would be: "Is there any security risk if the user wants to replace the one code with the other". Or couldn't that be done? Anyway the user could discriminate between the good (open source), the evil (propriety) and the ugly (malicious, bad, and spaghetti code), furthermore there are users that take a strict or a more lenient view to what to use,

What is your point of view here?

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!