As I previously wrote[1], I don't see a real threat here. There are much richer targets out there like jsfilddle or jsbin. Why are viruses or malware more common on Windows than Linux? A large reason is because of the larger pool of potential victims and possibly the sophistication of the average user. Are there linux or mac viruses, yes? Are they as common, no. This gets to be philosophical though, so I digress.
If the community is uncomfortable, then perhaps we should have a peer review process where trusted members of the community can vouch for a script, which ties an approval to a hash of the script. Unvouched scripts get a warning banner in the playground to warn the user to carefully review the J code before running it. Typically J code is short and easy to review. If anything looks dodgy, don't run it. The threat model isn't that different from someone putting a nefarious script on the wiki or rosetta code and hoping that someone downloads it and runs it on their local J system. The probability might be slightly higher that the J Playground will attract hackers but the potential impact is much lower, so I'd call it a wash. Again, the J code is running sandboxed in your browser, it can't delete any files on your local machine or read any files on your local machine. 1 - http://jsoftware.com/pipermail/general/2022-June/039259.html On Mon, Jun 6, 2022 at 4:43 PM Hauke Rehr <hauke.r...@uni-jena.de> wrote: > I’d love to see more hackers here, > and there already are quite some. > > the press/the media abused that term > hackers are usually good people > it’s malicious people one has to defend against > > That being said, I agree as well. > > Am 06.06.22 um 22:07 schrieb Henry Rich: > > I agree. If we attract users, we will also attract hackers. > > > > Henry Rich > > > > On Mon, Jun 6, 2022, 9:04 PM Ian Clark <earthspo...@gmail.com> wrote: > > > >> (retrying -- previous attempt apparently not sent…) > >> > >> Coupled with some sort of ability for anonymous 3rd parties to > contribute > >> code for others' use, doesn't this feature pose a security risk to the > >> casual user? > >> > >> This might arise if the J Playground were to acquire a fan club or a > >> special-interest group outside Jsoftware's control. E.g. a > >> social-media-based one. > >> > >> Sorry, just my nasty suspicious mind at work. I guess this cloud of > >> suspicion falls on any playground implementation of 2!:0. > >> > >> > >> On Mon, 6 Jun 2022 at 05:51, Raul Miller <rauldmil...@gmail.com> wrote: > >> > >>> 2!:0'open("https://www.jsoftware.com";)' > >>> > >>> Possibly, in the playground we should have browse_j_=: {{2!:0 > >>> 'open("',y,'")'}} > >>> > >>> (Or maybe it would be better to incorporate that concept into the full > >>> definition of browse_j_ ...) > >>> > >>> I hope this helps, > >>> > >>> -- > >>> Raul > >>> > >>> On Mon, Jun 6, 2022 at 12:39 AM William Szuch < > bsz...@wsa-fincon.com.au> > >>> wrote: > >>>> > >>>> How can I link to a website from the J Playground ?. > >>>> In Qt I can use: browse_j_ 'https://www.jsoftware.com' > >>>> > >>>> Bill Szuch > >>>> ---------------------------------------------------------------------- > >>>> For information about J forums see > http://www.jsoftware.com/forums.htm > >>> ---------------------------------------------------------------------- > >>> For information about J forums see http://www.jsoftware.com/forums.htm > >>> > >> ---------------------------------------------------------------------- > >> For information about J forums see http://www.jsoftware.com/forums.htm > >> > > ---------------------------------------------------------------------- > > For information about J forums see http://www.jsoftware.com/forums.htm > > -- > ---------------------- > mail written using NEO > neo-layout.org > ---------------------------------------------------------------------- > For information about J forums see http://www.jsoftware.com/forums.htm > ---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm
