And THIS kind of BS is EXACTLY why I have NoScript ON by default, EVERYWHERE
-
eBay has no plans to fix “severe” bug that allows malware distribution [Updated]
![eBay has no plans to fix “severe” bug that allows malware distribution [Updated]](https://cdn.arstechnica.net/wp-content/uploads/2016/02/ebay-poc-exploit-640x215.png)
Clever "JSF**K" technique allows hackers to bypass eBay block of JavaScript.
Seriously. FUCK JavaScript.
We need a better way to make pages interactive. That pile of diseased horseshit and the half-assed implementations of it everywhere, are a major security vulnerability for anyone allowing it to run. I would rather encounter a basically broken internet, everywhere, and selectively allow parts to run that I trust, until the end of time, than enable this shit to run by default.
-
Seriously. FUCK JavaScript.
We need a better way to make pages interactive. That pile of diseased horseshit and the half-assed implementations of it everywhere, are a major security vulnerability for anyone allowing it to run.
I guarantee, no matter what language may replace JavaScript, there'll still be countless half-assed implementations and copious amounts of security holes.Security is expensive, but few are willing to pay.
-
I don't care. Bottom line, that shit STAYS disabled until/if it is secure by default. Of all of the web-enabled languages out there, JavaScript is the most problematic and cancerous. It was never intended to do what it is now being used to do, and it shows.
-
I do love how people are always so willing to blame the tool, not the idiots who misuse them. Guess it's an easy target.
-
Apparently eBay is run by incompetent morons.
Instead of blocking
<script>, they've blocked alphanumeric characters inside<script>.So you can run any script you want as long as it doesn't contain any alphanumeric characters.
-
blame the tool
I always blame my tool too. It wasn't me ... I swear ... my tool made me do it!
-
...not sure I want to hear about your weird sexual fetishes.
-
NO!
Seriously! This shit needs to stop. Quit defending the tool as innocent!Guns are designed SPECIFICALLY with one purpose: to launch a projectile at high velocity in order to kill. They CAN be used for other purposes, such as target shooting, but their intended purpose is TO KILL.
JavaScript is a TOOL that was specifically designed to make webpages interactive. Fine. That's all well and good, and when it first launched, it was used for harmless affects such as mouse-overs, scrolling marquees, and other harmless crap. Annoying, but harmless.
Fast forward to now, and AJAX, Node, React, and all of the other stuff out there now, and what the tool is being USED FOR, is just insane. It is no more sane to be using JavaScript to run an entire application and to give it access to the things it has access to, than it is sane to be using a gun as a backscratcher.
The tool, JavaScript, by definition, SHOULD NOT be able to do things it is now being allowed and trusted to do. It wasn't designed for it, and it shows. The security is ALWAYS after-the-fact and is ALWAYS playing catchup. It is a non-sustainable business and technology model.
-
-
Only if you mean this Tool:
https://en.wikipedia.org/wiki/Tool_(band)
-
Serious ... why stop at blaming JavaScript? It's the fault of the Web! Security is an after though on most major web and networking protocols and they are all abused in ways never imagined by their creators. Let's burn TCP/IP! It's a bad tool!
-
It was never intended to do what it is now being used to do, and it shows.
Citation needed.
Also, you're railing against AJAX? I think there's another tool among us...
-
-
Guns are designed SPECIFICALLY with one purpose: to launch a projectile at high velocity in order to kill. They CAN be used for other purposes, such as target shooting, but their intended purpose is TO KILL.
Some guns are designed to kill; others are not. For instance:
Clearly guns, and clearly designed to fire foam pellets at maybe 10ft/s. Not exactly a lethal weapon, is it?JavaScript is a TOOL that was specifically designed to make webpages interactive. Fine. That's all well and good, and when it first launched, it was used for harmless affects such as mouse-overs, scrolling marquees, and other harmless crap. Annoying, but harmless.
And the creators of what would become JavaScript intended for it to be used server-side too, all the way back in 1995.
[Citation] (no idea why it's on Oracle's servers)Fast forward to now, and AJAX, Node, React, and all of the other stuff out there now, and what the tool is being USED FOR, is just insane.
AJAX and React are used to make webpages more interactive, a purpose you correctly claimed it was designed for just a couple of sentences previous. And Node is just the realisation of what Netscape wanted back in 1995.It is no more sane to be using JavaScript to run an entire application and to give it access to the things it has access to, than it is sane to be using a gun as a backscratcher.
That's a fault of the execution environment, not the language.The tool, JavaScript, by definition, SHOULD NOT be able to do things it is now being allowed and trusted to do. It wasn't designed for it, and it shows.
C was designed to be a systems language, then later, people started writing games in it. Since C wasn't designed for games, does that make it a bad idea to write games in C? Your logic says 'yes', a multi-billion industry says 'no'.The security is ALWAYS after-the-fact and is ALWAYS playing catchup.
Same as almost every other part of computing technology then.
-
Some guns are designed to kill; others are not. For instance:
I mean ... seriously? I realize you are joking, but you know damn well that the TOY you cited does not meet the primary dictionary definition of a gun. Quit trying to deflect.
Same as almost every other part of computing technology then.
Fair enough. Counter-point, explain why the VAST majority of infection points in the last 5 years have been either: Flash, Java Applets, or JavaScript based? Why is the TOOL itself, not a PROBLEM? I don't CARE who is responsible for it. If the browsers are implementing it wrong, it is still a problem, isn't it? Can't we as a professional group of people do better than this steaming pile of crap? Do we need laws to force companies and people to stop this nonsense and FORCE security at the design stage? How pathetic is that?
-
I mean ... seriously? I realize you are joking, but you know damn well that the TOY you cited does not meet the primary dictionary definition of a gun. Quit trying to deflect.
It meets the primary "Zero Tolerance" definition of a gun.
-
I mean ... seriously? I realize you are joking, but you know damn well that the TOY you cited does not meet the primary dictionary definition of a gun. Quit trying to deflect.
Definition of GUN
a piece of ordnance usually with high muzzle velocity and comparatively flat trajectory; a portable firearm (such as a rifle or handgun)… See the full definition
Full Definition of gun
1 a: a piece of ordnance usually with high muzzle velocity and comparatively flat trajectory
1 b: a portable firearm (as a rifle or handgun)
1 c: a device that throws a projectile
-
What about a hot glue gun?
-
does not meet the primary dictionary definition of a gun
Hence my inclusion of the word primary e.g. the FIRST, most common, definition.
kthnxbai.
-
You may have missed the "one(1)". It's very much a primary definition.
I can't help it if you are not able to glean meaning from simple numbers and letters. Primary does not mean "solitary", by the way.
-
A t-shirt cannon would fit that definition. Also, a pneumatic tube thing like they have at banks and pharmacies.
-
Primary does not mean "solitary", by the way.
Nobody tell him how many primary colors there are, okay?
-
I mean ... seriously? I realize you are joking, but you know damn well that the TOY you cited does not meet the primary dictionary definition of a gun. Quit trying to deflect.
And before you go off on one about the 'primary' definition, know that there is no such thing other than the definition you're using to build your strawman.Fair enough. Counter-point, explain why the VAST majority of infection points in the last 5 years have been either: Flash, Java Applets, or JavaScript based?
Because the growth of the Web and its related technologies has been driven by greed and capitalism, and has outpaced security.
Because the growth of the Web has made it an extremely lucrative target.
Because the growth of the Web has allowed droves of idiots who will click anything just to get to the dancing kittens.
All of which would have happened regardless of the technologies.
-
Jesus tap-dancing Christ. I knew I should have picked a different example than guns. My mistake, I thought I was speaking to adults in the professional community. (No, I am not new here). Consider the example withdrawn.
The new example is a BOAT. Boats are designed SPECIFICALLY with one purpose: float on water. They CAN be used for other purposes, but their intended purpose is TO FLOAT.
Happy now?
-
-
The new example is a BOAT. Boats are designed SPECIFICALLY with one purpose: float on water. They CAN be used for other purposes, but their intended purpose is TO FLOAT.
Gravy boat.
-
So, a raft is a boat, then?
Also boats: Witches and ducks.
-
Because the growth of the Web and its related technologies has been driven by greed and capitalism, and has outpaced security.Because the growth of the Web has made it an extremely lucrative target.Because the growth of the Web has allowed droves of idiots who will click anything just to get to the dancing kittens.All of which would have happened regardless of the technologies.
That isn't good enough. Apply that same train of logic to cars, and suddenly instead of people having their thousand dollars toys get bricked, or their money stolen, now people are dying. Technology and the advances of it are still to blame. Those excuses still work? Could they? Nope, because they had to make LAWS to FORCE the companies and people behind those companies to include safety in the DESIGN phase. Look at the shit-storm GM is in now for their (known) fault design on their ignition switches.
If GM can be held to account for that level of shit, then all of the people and companies behind web-tech can be as well.
-
Holy hyperbole batman!
So, how many people were killed by your eBay exploit?
-
-
Holy hyperbole batman!
So, how many people were killed by your eBay exploit?I gather English isn't your first language? If so, fair enough, allow me to educate:
instead of people having their thousand dollars toys get bricked, or their money stolen, now people are dying
What that means, in English, is when presented with condition A, results B happen. The "now" modifier in conjunction with the "instead of" lead-in, transforms the following X condition, so Y results happen to mean: consider case A to B, those results are not terrible, however, consider case X to Y, those results are terrible. IN COMPARISON between the two, why is case A to B considered acceptable, but case X to Y is not.
Yes, this will be on the test.
-
I've already burnt down a small forest's worth of your strawmen, yet you insist on building them.
If you can prove that Web software exploits are responsible for over a million deaths every year, then you can compare software to cars.
-
Apply that same train of logic to cars
See? You should have gone with the car analogy. Can't go wrong with car analogies.
-
They CAN be used for other purposes, but their intended purpose is TO FLOAT.
Submarines are boats, and they're designed specifically not to float.
One box cuts just before this bit:
The noun submarine evolved as a shortened form of submarine boat (and is often further shortened to sub).[1] For reasons of naval tradition, submarines are usually referred to as "boats" rather than as "ships", regardless of their size.
-
I give up, I am dangerously close to channeling blakeyrat. I am muting this thread. Those who, I know damn well, have a vested interest in JavaScript because it is their job, are working my last nerve. If you wish to be willful contradictory and refuse to debate in a reasonable or logical manner, and instead focus on pedantic language deconstructions (protip, I am not a professional debater, I am a developer), then I am disinclined to engage in the discussion further.
-
For someone who tries to educate me on the intricacies of the English language, you're failing pretty hard on the "how do I do analogies" part.
Also: A classic maneuver - creating a thread filled to the brim with hyperbole and bad analogies and then running home to mummy when no one agrees.
-
"how do I do analogies" part
That is why I keep suggesting cars! Everybody gets those!
-
focus on pedantic language deconstructions
instead of complaining could you flag? someone could get a
out of this.Also: I don't know why you are replying to me. I hardly do JavaScript, let alone ask her money.
-
Those who, I know damn well, have a vested interest in JavaScript because it is their job, are working my last nerve.
You have no idea what I do, so don't pretend you do. And if JavaScript disappeared tomorrow, I'd simply learn what replaces it.Of course, you'll never read this, because instead of listening to reason, you've thrown your toys out the pram and run off with your ball, muttering something like 'I don't wanna play anymore'.
-
Of all of the web-enabled languages out there, JavaScript is the most problematic and cancerous
Because, uh... it's effectively the only language nowadays that runs client-side?
It matters fuckall what language is being used. What matters is what APIs you have access to.
Of course, you'll never read this, because instead of listening to reason, you've thrown your toys out the pram and run off with your ball, muttering something like 'I don't wanna play anymore'.
Beaten at your own game, eh?
-
@RaceProUK said:
Of course, you'll never read this, because instead of listening to reason, you've thrown your toys out the pram and run off with your ball, muttering something like 'I don't wanna play anymore'.
Beaten at your own game, eh?
…touché…
In all seriousness though, yes I do acknowledge my hypocrisy
-
@RaceProUK said:
Of course, you'll never read this, because instead of listening to reason, you've thrown your toys out the pram and run off with your ball, muttering something like 'I don't wanna play anymore'.
Beaten at your own game, eh?
-
-
What about a hot glue gun?
Does it throw a projectile? If not, it's not really a gun, but just called that due to the overall shape.
-
Goddamn, when is the new album coming? I know there were legal issues, blah blah but those are resolved. Waaaaaaaaaaaaaaant.
-
-
Submarines are boats, and they're designed specifically not to float.
Actually, they're designed to float, but not completely. If they were design to not float, they'd sink.
-
Surprise! It was actually a valid argument. My non-troll side was showing. Won't do it again, sorry!
-
All joking aside, though-- fuck JavaScript. And yes, also, fuck it's abusers. It's a tool-- a stupid tool that shouldn't exist the way it does or be allowed to do half the things it does. But it's also absolutely abused with impunity by millions of knob-fobblers.
I'm in the same (floating) boat as @valerie-- NoScript everywhere, whitelist cautiously, revoke with prejudice and fuck third parties.
-
than enable this shit to run by default
Isn't it cute how naive they are?
You can't make JavaScript go away! It has already infested every single platform out there. It isn't for web pages anymore, it's everywhere, extending its tenta... wait...
Why is JavaScript's O'Reilly pet a rhino? Wait, a butterfly? An owl? dafuq O'Reilly?
That book is the 4th sign of the apocalypse: "Node.js for PHP Developers"
Submarine - Wikipedia
