rubini at gnudd.com
Fri Jun 28 09:18:05 UTC 2013
I doubt more than a handful people disable it.
> 2) This gives anyone a platform to play with parts of their owners
This is not clearly expressed. Who is anyone and who is owner
and what is equipment? The owner of a cellphone is the
manufacturer (you, Matthias, told us), so the sentence is unclear.
[ok, that's what I wanted to say, the rest is irrelevant, but
I already wrote it]
> 3) From a security point you are lost as soon as you give an adversary
> the opportunity to control your system.
I can't evaluate, I don't know javescript. I used to run Tcl, and the
"safe" environment in there is well designed. I *hope* all technology
is designed as well as Tcl was (recent versions are worse, imho).
But even if it is safe, it can use your processing power at will,
> 4) Only non-active web content can guarantee that you keep control over
> your equipment.
Lapalisse. Data is data, and code is code. If you think to access data
and you are unexpectedly executing code, you have a problem. At least
*I* have a problem. And a few losers like me. However, malware mostly
exists because expectedly-data is executed instead ("do not *open*
untrusted email" is the solution, they say).
> And the last question: if all above is true, do we want to tell this
> to the public? Does it help? Or would we be seen as being completely
because it would be seen as paranoid. The tech world is way beyond
this. Pursuing a loosing attitude, like I find myself doing every
day, is, well... loosing.
More information about the Discussion