Re: Looking at the wrong holes
I'm with Cynic_999 to a large extent with this one. Running random third party code is asking for trouble, and absolutely requires one's machine implementation to be exactly as per the manuals in order to be safe. The manuals are turning out to be mere pipe dreams...
Trouble is that literally everything that happens today that has anything to do with the Web (i.e. almost everything) totally relies on running unsigned, random JavaScript. It doesn't matter what else we do, whilst we have this dirty habit we're going to be inviting potentially malevolent code to run on our machines. There's been some surprising successes in proof-of-concept demos written in JavaScript to exploit CPU flaws.
I don't hear Google campaigning to do away with JavaScript. Rather the opposite in fact...
It is possible that we'll look back on this episode and wonder what all the fuss was about communications encryption when we weren't bothering to check what code we were running at the end points.
Biting the hand that feeds IT
