[LINK] Study shows pop-up warnings are ineffective
Karl Auer
kauer at biplane.com.au
Tue Sep 30 10:54:45 AEST 2008
On Tue, 2008-09-30 at 10:14 +1000, Stilgherrian wrote:
> On 30/09/2008, at 9:58 AM, Rick Welykochy wrote:
> > is it even practical these days to disable JS?
> No matter what we do with computers on Teh Internetz, there needs to
> be program code running on the end user's computer as well as on the
> remote server. It doesn't matter whether the code is JavaScript in a
> web browser
There's a fundamental difference between JS software and browser
software. The latter treats Web data as *data*; it displays it, that's
all. JS is a snippet of code that is then *executed* by the browser
locally.
> Every single trust mechanism we try to build must sit on top of some
> trusted layer below
There's a difference between trusting the layer and trusting some series
of executable statements arriving into that layer. Deciding whether some
arbitrary chunk of code is OK to execute is a world more complex that
just deciding what to do with an image or some text.
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au) +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
More information about the Link
mailing list