Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [tor-talk] Programming language for anonymity network

Aymeric Vitte vitteaymeric at gmail.com
Fri Apr 18 02:54:00 PDT 2014


Redefining anything in js is visible as "your nose on your face", as 
well as importing silently anything, whatever obfuscation/minification 
means are used it's trivial to check.

But here you do not have necessarly to import things and/or libraries, 
you can package everything with your app so you control your package and 
nothing can come from the outside or be injected.

Node is not an enormous platform with tons of dependencies, easy to check.

My opinion...

You should bring node to FF OS :-)

Regards

Aymeric

Le 18/04/2014 11:34, David Rajchenbach-Teller a écrit :
> On 18/04/14 11:30, Aymeric Vitte wrote:
> [...]
>> - nodejs is easy to audit (assuming that modules like V8 can be
>> audited), you can override node's functions/objects if you like
> [...]
>
> Actually, in my mind, that's one point against safety of Node.js
> applications. Redefining, say, Array.prototype.forEach is a good way to
> introduce hard-to-track bugs. Doubly so if this is done silently by
> importing a package (almost sure the latter is possible, but I haven't
> actually checked).
>
> Cheers,
>   David
>
>
>

-- 
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140418/1efd0960/attachment.html>


More information about the liberationtech mailing list