noscript is 10 years!

Lodewijk andré de la porte l at
Fri May 15 20:07:30 PDT 2015

2015-05-16 0:16 GMT+09:00 stef <s at>:
> webapplications shouldn't exist in the first place, there's OS level
> binaries
> that should be used instead. but i totally understand that the
> time-to-market
> and the RoI of hiring a bunch of dumb jsdevs is greatly more profitable
> than
> doing it right. the incentives of the system subvert and cannibalize the
> system itself. omnomnom.

Sorry, webapplications are the undeniable future because of how easily and
reliably they can be deployed to all devices. It's kind of why the JVM was
ever a thing, only much, much better.

The experience of transferring and then properly configuring rights to ....
oh look at that - hardly any users left

since you addressed sandboxing, i'm much more of a fan of reducing the
> attack
> surface than sandboxing. sandboxing should be only used in a
> defense-in-depth
> setup, with other factors being more important, like reducing all the
> layers
> of cruft underneath.

Sandboxing reduces the attack surface, and the potential of attacks.

> attackers are not much deterred by the sandboxing. whereas noscript is
> indeed
> in the interest of the user, not the industries.

Sorry, users like features. Users, in fact, like features so much that
nothing else actually matters. You can say it's in the interest of users,
but users worldwide are disagreeing with you. Users <3 JS.

Certain exploits (like the cache-eviction attack recently) are massive
breaks in security. It will be patched and all will be fine. So we will
continue to find and fix exploits, until perhaps the day that a small
subset of features becomes standardized and formally proven. The problem,
ultimately, is features. And it will always be features.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2548 bytes
Desc: not available
URL: <>

More information about the cypherpunks mailing list