Hi, Since JavaScript has a client-side execution model and since the all the JS scripts are downloaded in plain text format (even if sometimes obfuscated) along with the html code, then can't we assume that JS code is available in source format and hence can't be classified as closed source programs? > What I suggest is just to use the same old JavaScript interpreter we have > used before the JIT was introduced, which they undoubtedly keep working for So much effort and expertise were spent to bring JS execution to higher performance levels using VMs like V8, Tamarin, Squirrelfish, and we're speaking here about a 6x to 8x speed up ratio compared to an interpreted execution. JIT VMs are important for the end-user experience, being in the context of the web or webapp and are a corner stone for the next-gen Web where most applications are going to be written in HTML5 and JavaScript and almost near-native execution performance is going to be desired (think <canvas> and WebGL for in-browser standard 2D and 3D rendering), and In my opinion Fedora should pave the way for such kind of bleeding edge tech. Security comes from an implementation which is specification compliant and projects such as Firefox, WebKit (and any other browser which claims to be standard compliant) that won't save any effort to get to that point. Techniques such as sand-boxing would also help a lot mitigating malware and other security issues and constitutes a complementary design approach for an overall improved browser security model. -Ilyes Gouta On Thu, Aug 19, 2010 at 5:10 AM, Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> wrote: > On Tue, 2010-08-17 at 21:31 +0200, Kevin Kofler wrote: >> Adam Williamson wrote: >> > Shipping a Firefox with no ability to use Javascript would be more or >> > less equal to not shipping it, frankly. No-one would use the thing. >> >> What I suggest is just to use the same old JavaScript interpreter we have >> used before the JIT was introduced, which they undoubtedly keep working for >> those platforms which don't have JIT support available at all. That doesn't >> mean no JavaScript support, just a performance impact which is probably >> negligible on most sites > > Gmail makes very heavy use of JavaScript, so I bet the difference there > is significant. There may be Free Software web applications for which > the same is true, I'm just not familiar with them. I know you won't > believe me; someone who knows how will have to perform a test. > >> and much better security. > > You haven't convinced me of this. Are vulnerabilities that let one > inject enough code to exploit the JIT (particularly after the SELinux > patch) really that easy to find? But others have a better understanding > of attacks in machine code than I do. > > -- > Matt > > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel > -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
