On Fri, June 12, 2015 2:56 pm, Always Learning wrote:> > On Sat, 2015-06-13 at 10:55 -0600, jd1008 wrote: > >> The most offensive problems of using browsers is that >> they do not tell you nor ask your permission when javascripts >> spy on your entire storage contents. >> I had asked a java developer at Sun Microsystems about >> what Sun means when it says that Java runs in a sandbox? >> Just what is the sandbox? >> I also asked if browsers that execute javascripts are retricted >> to this notion of a sandbox that does not leak out into >> the rest of the system. >> >> He said the "sandbox" is the entire storage on your computer. >> >> Enough said. > > It is my understanding that Java and Javascript are different; that Java > is dangerous whilst Javascript is (hopefully) harmless. >Not necessarily. Both of them are an execution of somebody's else code on your computer. One (java) may be considered running with [much] more sophisticated interpreter. Another (javascript) by its nature has to be less sophisticated code, running with different interpreters written independently by each browser vendor (even though they all are javascript interpreters, the differ grossly). But the bottom line is the same: in both cases you are executing somebody's else code on your computer. Valeri> > -- > Regards, > > Paul. > England, EU. England's place is in the European Union. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On 6/12/2015 1:03 PM, Valeri Galtsev wrote:> But the bottom line is the same: in both cases you are executing > somebody's else code on your computer.your computer is *ALWAYS* executing someone elses code, unless you wrote every line of code in it, including the BIOS and the firmware of all the attached devices. -- john r pierce, recycling bits in santa cruz
On Fri, June 12, 2015 3:20 pm, John R Pierce wrote:> On 6/12/2015 1:03 PM, Valeri Galtsev wrote: >> But the bottom line is the same: in both cases you are executing >> somebody's else code on your computer. > > > your computer is *ALWAYS* executing someone elses code, unless you wrote > every line of code in it, including the BIOS and the firmware of all the > attached devices. >Indeed. What was never mentioned in this thread is a chain of trust. The level of trust to what you get from your system vendor, software vendors (be they open source or proprietary) may be quite different from the level of trust to what you get when clicking on some web link inside some search page, or on some website (even if you visit the website often). So, it is all about whom and what do you trust, and to what level can you afford to trust, and whether you are able to track the software code to the code origin. This all was what I implied when I said that short phrase which may look ridiculously if taken literally - exactly as you pointed out -, but may make sense if you take into account the chains of trust involved. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++