Conversation
Notices
-
@kat I dislike the fact that website content is delivered in a manner that requires a virtual machine running the source code and often even some human interaction. I very much prefer my web content to be available statically.
If the site provides javascript as a layer on top of statically available content, I don't care. But if I'm left out because of #NoScript, it's not something I want to take part of.
- Zorak likes this.
-
@mk Guns don't kill people, javascript kills people.
-
@mmn @mk in the not too distant future if developers and manufacturers continue not to care about security then I expect that javascript + in-car entertainment systems connected to CANbus will end up killing people.
-
@kat Lots of data is static anyway, accessing it dynamically only means APIifying it. Which means locking it away, unaccessible and making it "closed data". I was at a conference here in Umeå where someone from Google talked about their "openness". "Our APIs are accessible to anyone", they said. The data? Under their control. And the APIs disappear one by one...
-
@moshpirit @mmn @mk Many modern vehicles have an entertainment system so that passengers (or maybe sometimes the driver) can watch movies, listen to music or browse the internet. Often the entertainment system is physically wired to the CANbus which controls the critical systems in order to obtain things like speed/rpm and to control windows, lights, sound volume, door locks, etc. CANbus was never intended to be a secure network and was certainly never intended to be connected to the internet. The entertainment systems are often running old unpatched software with a huge list of known vulnerabilities. It's only a matter of time before bad things happen to these systems, and the worst scenarios would be quite unpleasant indeed.
-
@mmn @mk @moshpirit There has been some stories in the media in the last year or two about bad automotive systems safety, but my feeling is that this is just the tip of the iceberg and that there's a lot of dubious and vulnerable software out there.
-
@bobjonkman No, it's that without laoding content you can gain some milliseconds and make sites load "faster" (because there's a dynamically loaded spinning wheel instead of a progress bar!).