On Wednesday 10 September 2008 04:31:10 James Mills wrote:
step 4. "Audit code to be sure it isn't evil".
That's nice in theory, but can you honestly say that you meticulously examine every line of every piece of code that you download before running it? It's just not practical to do that, so most of the time we rely on the reputation of the author/distributor/website or whatever that we got it from, together with how long it's been around for problems to be found. Programming language plugins for web browsers are in a special category, though, because they make it easy for unsuspecting people to run code without even knowing they're doing it, so taking steps to limit the potential damage is warranted. -- Greg