How Goebbelsian lies twist our lives

I live long enough to remember a vivid discussion, in the late 90s-early 2000s, about security risks introduced by Java applets. The common concern was that unrestricted execution of applets in browsers may compromise users' systems. Fast forward late 2010s-early 2020s.

Today, Java applets are history. They have been. They expired. As are Silverlight applications, for the most part. All of those pesky security risks are replaced by... a mad herd of JavaScript frameworks. Somehow this

is much safer than a scary Java applet. Is it? Let's review.

A Java applet typically required an explicit permission from the user to load, in their browser. It loaded entirely from the well-known and controlled environment of its owner. Browsers of the day provided required isolation mechanism that locked the applet in the JVM and barred it from accessing local resources. Compare that with the screenshot above and keep in mind that this is only a very moderate, tame, docile example. There are sites that load 3-5x more JavaScripts from HELL KNOWS WHERE.

Yes, that is exactly what we have grown accustomed with! We do not even bother to know what JavaScripts the web site loads or from where. And that is absolutely not a security risk, not at all [sarcasm off].

JavaScript can do anything on a web page. It can log keypresses. It can scrub canvas. It can intercept requests and responses. It can spy on the unsuspecting user and alter data that they exchange with the main web site. Nothing to see here, move along.

So, who shat on Java applets, 20+ years ago? Aren't they the same people who now replaced them with JS frameworks, silently, without raising any fuss about it? Follow the money!

Java and its applets were a brain child of a small, struggling but ethical company, Sun Microsystems. JavaScript frameworks are brain children of filthy-rich, brazen, into-your-face global monopolies: Google, Facebook, Twitter, Microsoft. There are absolutely no security risks with their solutions [sarcasm off].

Why am I raving about that? Because JavaScript sucks balls, and the sound of sucking is deafening. It is a huge waste of resources (processing power and electric energy). It nourishes poor coding skills, breeds duplication and boilerplate code, has compatibility problems, and many more issues that are impossible to resolve. But we love it, don't we? Always remember: JavaScript is an INTERPRETED language. It does not compile into binary executable format. It remains plain-text, in the memory space of the browser. Whole JS frameworks load into memory because there is no linking step that weeds out unused functions. This leads to elevated memory requirements on the client device, and that translates into obscene profits of semiconductor industry.

Most IT professionals are raving, flaming green types. They are also hypocrites because they ignore damage to Earth's environment that their obsession with JavaScript causes. Hypocrites them all!

Posted by: LinuxLies at 01:47 PM | No Comments | Add Comment
Post contains 485 words, total size 3 kb.