Archive of UserLand's first discussion group, started October 5, 1998.


Author:David Valentine
Posted:2/21/2000; 12:52:40 PM
Topic:scriptingNews outline for 2/21/00
Msg #:15158 (In response to 15154)
Prev/Next:15157 / 15159

HTML in the OS is fine, in fact good. Hey, it's basically a styled text display engine, with linked scripting features. No problem there, every OS should display styled text. Now, being able to script messages, No, No, No (did I say, No?). Can one say big security hole? I've got scripting off, because a couple of spams came across that opened a window to an adult web site. Scripting in message may be cool, but note that it can be abused, and should be defautled to off. This ain't TCL and java (even if the name is javascript). There is no sandbox. Most users need a sandbox because they are not knowledgable enough to log into a secured account an run unwary programs. I think linux could be sandboxed: any script in mail, news or http should be run in a nobody account with no permissions to do anything.

MS did not just put an HTML API in the OS. Tbey licensed an application code, modified the code application, sold the application as part of a plus pack, bundled the application with the OS, gave it away for free (which really screwed the people they licensed it from. Luckily they had a minimum payment, which MS really did not want to pay), then said it's part of the os, and is not an application. Even then, not enough people were using it, so they paid people to use the free software (eg AOL).

This page was archived on 6/13/2001; 4:54:22 PM.

© Copyright 1998-2001 UserLand Software, Inc.