To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.publishOpen lugnet.publish in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Publishing / 3778
3777  |  3779
Subject: 
Re: Unviewable page, useless warning (Was: UCS TIE Crawler)
Newsgroups: 
lugnet.publish
Date: 
Tue, 17 Sep 2002 19:25:26 GMT
Viewed: 
1850 times
  
Bill,

It's clear that you've made up your mind, as have I.  Ok, no biggie, but I
can see that our debate is starting to go in circles now.

I'm not turning on javascript for the simple reason that I don't need it --
the vast majority of the sites I visit work just fine without it.  You can
be cynical about this and tow the "everyone else is doing it so why
shouldn't you" line if you want, but since I really hate reinstalling
windows I'm going to do what I can to keep my machine safe and sound.

In lugnet.publish, William R. Ward writes:
(1) Javascript becomes less of a security/stability risk, and
It hasn't been a risk for a long time.  Some early browsers had
Javascript security risks, but they were fixed years ago.  It's
nothing like the ActiveX risks in MSIE - but luckily few sites use
ActiveX, so that's safe to turn off (if you must use IE).

Wrong, javascript *IS* still a risk.  9 out of the last 10 MSIE security
advisories involved shutting down active scripting, not just activex
controls.  There have been similar holes reported in Opera's scripting
engine recently, too.  That tells me that there's still a significant
security risk in using javascript, especially in IE.  And I am not going to
blindly accept that since mozilla is the holy grail of open source then it
must be immune.

(2) ECMA officially becomes an integral part of the HTML standard, and
The HTML standard is whatever Microsoft says it is, at this point.  IE
has such a total domination of the market that any browser that
doesn't support what IE supports is doomed.

Wrong again.  HTML is defined by the W3C, of which MS is, admittedly, a
hostile member.  But if what you say is true, then the majority of websites
won't render in any non-MS browser, and we see that this is not the case.

No, it turns out that most websites mostly or completely conform to the HTML
standard as set by the W3C, with a minimum of extra cruft.

(3) Microsoft and Mozilla and whoever else can agree on a common DOM, and
They're close enough for most Javascript to run on both.

Partially true.  The key word there is "most".  The mozilla developers are
working like mad to make their DOM look more like MS's.  I withdraw the point.

(4) annoying advertising stops being 99.99% of the Javascript out there,
I'd rather have sites I visit work than avoid the ads, personally, so
I just ignore them.  But there are ad-killer programs you can run to
block the ads.

Ick.  2 responses here:

1.  Most sites I visit work with javascript turned off.  The ones that
really really require it get put in my trusted sites if and only if I really
really need it.  There are eleven entries in my trusted sites list, and one
of them represents my home LAN.  Conclusion:  it must not be a really really
big deal.

2.  So I should install yet another piece of software just to kill the ads,
when I can kill them just as easily by hitting a checkbox in the control
panel.  I don't really see why I should, when the ad killer biz is a
constant arms race with the ad developers trying to out-do the ad killers,
and vice-versa.  Both sides constantly updating their arsenels with
mostly-tested code.  It represents an increasingly complex system that I
have no desire to maintain.

Ick.  Just turn the scripting off.

It is perhaps unfortunate that around the release of Netscape 4 my favorite
browser became IE.  I've tried going back to mozilla, but recent experiences
with it tell me that it's still unstable, and now with new improved dog
ugly.  IE renders stock HTML cleaner and has a much nicer GUI than mozilla
right now, so I'm sticking with IE.  IE has problems with javascript but I
turn that off anyway, so no big deal there.

There, I've said my piece, I'm getting off the soap box now...

Cheers,
- jsproat



Message is in Reply To:
  Re: Unviewable page, useless warning (Was: UCS TIE Crawler)
 
(...) It hasn't been a risk for a long time. Some early browsers had Javascript security risks, but they were fixed years ago. It's nothing like the ActiveX risks in MSIE - but luckily few sites use ActiveX, so that's safe to turn off (if you must (...) (22 years ago, 17-Sep-02, to lugnet.publish)

5 Messages in This Thread:


Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR