On 06-10-2014 17:48, Matti Karnaattu wrote: > Node.js I've used it, and there is too much hype about it. It has it's uses, but can be replaced with other non javascript technologies, at least from the server side. > And this is current status. Apple, Canonical, Google and Microsoft > pushing their own competing front end ecosystems. And there is still > HTML/JS which is portable. > > I see current situation very ideal. If any of these end up being better than JS, I don't see any reason not to use them. > Not all applications are for that. Let's say, numerical analysis software, > video conferencing, electrical planning software.. or how about IDE with > realtime code analysis? I said a great deal is for it. Of course not all of them. But, the examples you gave aren't the best ones. I prefer to use a desktop application for those instead of running them from my browser. Just saying. > > It is very useful to see bugs while I write code without need to > compile. It is even useful in Word Processing to have real time spell > checking. > > These are not just cosmetic things. That's why you have scripting languages. Javascript is just another one that happens to be the *only* one in the client side. > Of course I control. It very possible to white list / black list > domains. It possible to limit all scripts to be launched from same > trusted domain > where I launch application. It is possible to install whole application > to own server if I want. It is possible to put whole application instance to > sandbox and require permission to camera, or limit memory usage. All > data client sends is possible to control and monitor. Well, this thread started because the OP not only controls what JS he opens in his browser, but he do not allow any. We already established that you can control, and allow or not it. The main issues are, the huge potential for misuse and the plethora of JS that tag along when you open a site and it start pulling scripts from thirdy parties, most of the time, not even encrypted. > > In security point of view, who manages server can't control what happens > in client side. Not always true. > Client is always untrusted and input need to check. This goes without saying. I go even further, you *always* should check your inputs, even software that run only on the server side. > Client > however can't control what happens in server. Also, not always true. > Client have to trust > server where data is send. The main point of this discussion. The internet is the most hostile environment possible. The browser, which acts in your behalf, shouldn't *have* to trust whichever the server sends and run it unrestricted. This design is flawed. > Everything else can be controlled. Biggest bullshit you wrote in this entire thread. > And JS is for making app. But it's not the *only* option. This is one of the greatest points of mobile apps. You can choose how to do things. Even on the apple world, which is way more restricted than the android one.
Cheers [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]