Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://hachyderm.io/users/dalias/statuses/111176766320976991">Rich Felker (dalias@hachyderm.io)'s status on Saturday, 07-Oct-2023 22:24:50 JST</a><a href="https://hachyderm.io/@dalias" title="dalias@hachyderm.io"><img src="https://gnusocial.jp/avatar/40873-48-20221207231635.webp" width="48" height="48" alt="Rich Felker" style="position: absolute; left: 0; top: 0;">Rich Felker</a><div><a href="https://aus.social/@jamesh/111176407793243733" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/92094" title="pid_eins@mastodon.social">Lennart Poettering</a></li><li><a href="https://gnusocial.jp/user/136486" title="jamesh@aus.social">James Henstridge</a></li></ul></div></section><article><p><a href="https://aus.social/@jamesh">@jamesh</a> <a href="https://mastodon.social/@pid_eins">@pid_eins</a> <a href="https://metalhead.club/@mariusor">@mariusor</a> The problem with it being JS (and with none of this being documented or discoverable) isn't a matter of whether the JS code that's present is doing complex stuff that needs Turing completeness.</p><p>It's that it's not comprehensible to the user responsible for managing their own security. There are no limitations on the mechanisms they can use as a shortcut for reasoning (like they could with unix permissions) so they need to read/memorize/understand all that code!</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2137826#notice-4225373">In conversation</a><time datetime="2023-10-07T22:24:50+09:00" title="Saturday, 07-Oct-2023 22:24:50 JST">Saturday, 07-Oct-2023 22:24:50 JST</time> <span>from <span><a href="https://hachyderm.io/@dalias/111176766320976991" rel="external" title="Sent from hachyderm.io via ActivityPub">hachyderm.io</a></span></span><a href="https://hachyderm.io/@dalias/111176766320976991">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1618756">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Saturday, 07-Oct-2023 22:24:50 JSTRich Felker
in reply to
@jamesh @pid_eins @mariusor The problem with it being JS (and with none of this being documented or discoverable) isn't a matter of whether the JS code that's present is doing complex stuff that needs Turing completeness.
It's that it's not comprehensible to the user responsible for managing their own security. There are no limitations on the mechanisms they can use as a shortcut for reasoning (like they could with unix permissions) so they need to read/memorize/understand all that code!
In conversationSaturday, 07-Oct-2023 22:24:50 JST from hachyderm.iopermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice