G
A
Alan
Is it just me, or is this beginning to look like spam? I can't make head
nor tails from the site anyway. Is it freeware?
S
sabresonic
this site is not so easy to navigate. on the top left corner of the page,
theres a hidden navigator menu. i havn't check the tools throughly, but
they all seems to be freewares
S
sabresonic
yep, but it's not spam and not off-topic
S
Sietse Fliege
John said:
John, why so negative?
Have you looked at their OpDirSF ?
Like I posted yesterday in the thread with subject "xp search/find
replacement", this may be something you want to try.
It might be just what you have been looking for, for a long time:
search (text in) files, *with exlusion* of folders/files.
It is a no-install, single executable.
Settings are stored in an ini file in the program's folder.
It is freeware, not even registerware.
You can *fully optional* leave your e-mail address on the download page.
Some people do find this handy, believe it or not.
And remember, you saw it in a.c.f. first!
M
Matt
http://members.chello.at/otmar.pilgerstorfer/opsoftware/optools/
Tools, and a reasonable info-page for each program - anything worth
bothering with is on this page.
But what a crummy navigation system - a piddlingly small target in the
top left.
A
Alan
Sietse said:Have you looked at their OpDirSF ?
Like I posted yesterday in the thread with subject "xp search/find
replacement", this may be something you want to try.
It might be just what you have been looking for, for a long time:
search (text in) files, *with exlusion* of folders/files.
It is a no-install, single executable.
Settings are stored in an ini file in the program's folder.
It is freeware, not even registerware.
You can *fully optional* leave your e-mail address on the download
page. Some people do find this handy, believe it or not.
And remember, you saw it in a.c.f. first!
Thanks for the heads Sieste. My "spam" call was probably incorrect then?
Just the frequency of the postings and the "odd" site configuration had
me a little suspicious.
J
John Fitzsimons
Hi Sietse,
Because I have taken a considerable dislike to their site setup ?
Being asked immediately I arrive if I want to download some javascript
sets me up to expect something more than usually irritating/invasive.
http://members.optushome.com.au/jfweb/pilger1
Yes, ONLY because you mentioned it and your recommendations are
usually top class !
Well, it certainly has potential. I find however that the lack of a
help file is more than a bit irritating. Assuming that everyone knows
what things such as "write a Out-File" is NOT helpful IMO. Perhaps it
means "Export the results to a file" ? It's anyone's guess.
Also, saying things like "Configure your prefered Editor" without any
explanation at all as to what that means and/or how to do that serves
to only extend my already very short patience, with that site and it's
programs, past it's limit.
Rather a pity IMO. Better site layout, explanations, help files, no
javascripts etc. and it could be a great freeware place to visit.
I was unable to download without entering an email address. When I
tried it gave me an error saying that no email address had been
supplied.
http://members.optushome.com.au/jfweb/pilger2
I guess you "okayed" the java script ? Maybe that was an email
harvester ?
You can *fully optional* leave your e-mail address on the download page.
Some people do find this handy, believe it or not.
You must be going to a different site to me. The email address was NOT
optional.
And remember, you saw it in a.c.f. first!
Yes,......a number of times !
Regards, John.
S
Sietse Fliege
John said:Hi Sietse,
Because I have taken a considerable dislike to their site setup ?
WOW! The smoking gun! The site uses the dreaded javascript!!!!!
I can't believe it!
You really took the trouble to make a screenshot and upload the image
file! To prove that this site uses js?????? Or what??????
YOU CAN'T BE SERIOUS!
When a site immediately (you seem to stress that) wants you to download
some javascript, what does that prove?
Should it wait 5 minutes??
Maybe it was for a navigation bar? Or a counter?
Surely it is all but helpful when you want to steer people away from
some site with potentially good freeware, just because it uses js?
And how on earth does javascript on a site "set you up to expect
something more than usually irritating/invasive".
YOU CAN'T BE SERIOUS!
Why are you so negative? What do you get out of that?
Well, I did not recommend it, i.e. I did not say it is a good program.
I merely mentioned it, because in another thread you posted :
,quote>
"Such a file searcher IMO doesn't exist. At least 99% of freeware file
finders do not allow quick/easy exclusions. I have been looking for
something just like that for years. Every time I do a "text" search
for example I do NOT want to search all my .exe and .zip files.
I HAVE come across file finders that managed exclusions but they
either were NOT freeware and/or they were not " small and efficient".
Let us know if you ever find anything like you asked for.
</quote>
It sure is small (no registry entries, either) and has the rare
"exclusion" feature that you have been seeking for a long time.
I have not really tried it out, so I would not know if it is efficient.
And it's clear that it certainly is not perfect, GUI-wise, but do you
need it to be that? It is up to you to weigh cons and pros.
It could do with a help file, but it looks to be very usable without it.
WOW! You guessed right in one try!!! I'm impressed!
Really, what else could it mean?
What does it matter how it is formulated when you know exactly what it
means?
Read the next line : "DblClick the Result opens it with your Editor".
Put the two things together.
You can configure your editor to be something else than the default
(probably Notepad). Being able to do that is a standard option in many
programs.
You probably do not even want to configure that, but just in case:
Click on the button named S (with the tooltip Settings) and bingo!
You need to lighten up a bit.
Then ask yourself: can I do with it what I would want to use it for:
search with exclusion.
That may take the best part of 10 minutes to try out, without help file.
If the answer is yes, you can save yourself much more time in your
future searches. After years of looking for it, it may be worth that
little bit of patience.
I had no problem navigating the site. I have seen much better, sure, but
also worse. Overall: not perfect, but no reason to insult the author.
Hmmmm. I *must* have had a wrong recollection of what happened.
I am sorry about that.
I'm sure it happened because such things just do not impress me one bit.
Do I have to enter an e-mail address? Here you go : (e-mail address removed)
Everybody happy. My impression of having done that will not last longer
than 3 seconds in my memory.
( It proofs again that I still can fool myself.
I am not more perfect than that site and that program.
)But even if you enter a real addie : what on earth is the big deal?
If you believe that a freeware author like this one would "harvest
e-mail addies" to sell them, you'll believe anything.
The number of real addies entered, what would that be?
So, how much money would that earn you?
Let me break you the you would not get a Eurocent for the lot.
Think about it. Those lousy few would mean completely nothing compared
to the billions of addies that spammers already use. Added value for
spammers is zilch, nada.
And if you were a freeware author: how would you go about trying to sell
those addies you harvested?
Where would you go and would that not be a very nasty and humiliating
busssiness and the last thing you would want to do?
Ads, popups, etc. yes, apparently they still can earn you some money.
How curious then that you do not see any of those on this greedy man's
site.
Yes, I "okayed" javascript long ago. Haven't seen js-prompts since.
I'm quite sure you cannot harvest my addie with javascript.
If you have a hangup about javascript, that's your bussiness, but stop
whining about it, because that is getting really really old by now and
you'll accomplish nothing but yawns.
And stop insulting freeware authors who owe you nothing.
We owe them.
S
Sietse Fliege
Alan said:Sietse Fliege wrote:
Thanks for the heads Sieste. My "spam" call was probably incorrect
then? Just the frequency of the postings and the "odd" site
configuration had me a little suspicious.
Well, I am not sure about the spam call.
There are about 9 announcements since May 25, corresponding with 6 new
(versions of) OpTools. That is a bit too many, I think. Technically the
author is not OT, but I guess the common view is that authors should try
and pick up the "feel" for this group. It can be expected that
occasionally there will pop up one who for any of a number of reasons is
the odd one out. That does not necessarily mean he does not mean well.
Maybe he reads this and it "solves" itself.
And apparently I was wrong: providing an email-addie was not optional
(see my other post in this thread). Shrug.
All in all, my attitude is to not be too hard on freeware authors.
A
Alan
Sietse said:Well, I am not sure about the spam call.
There are about 9 announcements since May 25, corresponding with 6 new
(versions of) OpTools. That is a bit too many, I think. Technically
the author is not OT, but I guess the common view is that authors
should try and pick up the "feel" for this group. It can be expected
that occasionally there will pop up one who for any of a number of
reasons is the odd one out. That does not necessarily mean he does
not mean well. Maybe he reads this and it "solves" itself.
And apparently I was wrong: providing an email-addie was not optional
(see my other post in this thread). Shrug.
All in all, my attitude is to not be too hard on freeware authors.
I totally agree. I guess I made the query (not accusation) because of
the frequency of posts + my own reaction to the "unusual" site design.
Good luck to him, along with all who present freeware to the world!
J
John Fitzsimons
Yep. Other sites with javascript don't require me to download
anything. You might be quite happy downloading "scripts" to your PC, I
am not. Many trojans, spyware etc. are executed by downloaded scripts.
99% of the javascript sites I visit do not require me to download
anything other than that required to render the page(s).
If the author is insulted then he needs to get a thicker skin. After
that he would do well to listen to criticism from visitors and
consider making some changes.
IMO if he acts on my comments in a constructive way then he will have
a better site, and help more people. Most freeware authors would IMO
be interested in that.
I prefer not to have my email address harvested or to lie to people.
It seems that neither concerns you. That's fine, I am talking for
myself, not you.
Plenty of web sites harvest address'. You have failed to explain why
you know that this site isn't doing the same. One does not need an
email address to record how many downloads occur on one's site.
As for the "help" issue just because *you* can understand something
well/quickly doesn't mean that everyone else here can. You are
obviously far more competent with computing matters than IMO the
majority of people here. My comments are often/usually written from
the perspective of "ordinary" internet users. A difference in our
outlooks.
< snip >
Regards, John.
S
Sietse Fliege
John said:
This is not true John, as we are talking about JS here (Netscape's
JavaScript or its browser independant variant ECMAScript, or its MS
variant JScript).
+++ JS is quite safe, because of its "sandbox" security model.
JS cannot write information to any file on the user's computer (except
to a cookie file).
JS cannot create any files or manipulate or access any program aside
from the browser.
JS can not e.g. delete files or execute viruses or implant trojans.
- Except only maybe when your browser has a JS security hole
(most likely based on a buffer overflow exploit) and you have not
installed the security update that fixes that hole.
Note: buffer overflow exploits are not at all specific to JS;
they can also turn up in other browser functions and indeed in many
other (type of) programs.
Even when you have an unfixed JS security hole, an exploit will
likely only work when some other (often rare) conditions are also met.
As JS exploits are browser dependent (read: most are MSIE dependent), JS
is even safer on non-MSIE browsers.
+++ You seem to differentiate between:
- JS code within the HTML file (when you'll see no prompt) and
- JS code within additional .js files (when you'll see a prompt).
Actually, there is no difference :
These .js files are used for instance if you have many HTML files which
all use the same snippet of JS code.
Instead of inserting the same code within each HTML file you can have
one .js file containing that one code snippet, which you then can access
from each HTML page through the SRC attribute.
(This lets you have compacter and easier to change and maintain HTML.)
+++ I believe that JS exploits are actually quite rare.
You must not mix up enabling JS with for instance active-x.
Malicious active-x is much less rare and much more unsafe.
When you surf the web and you get some nastyware installed doing so,
that almost certainly has to do with Okay-ing unsigned active-x (or a
non-MS equivalent, if there exists one), not with JS.
So you should at least disable unsigned active-x, or set it to require
confirmation and be careful when clicking OK, in MSIE.
Of course, you will encounter malicious stuff on the web only, if ever,
when the site owner has malicious intent.
You are likely to find them only on, say, warez and pron sites.
Probably also on sites where you can download e.g. mp3's.
Illegal sites and dodgy money making sites. Stuff like that.
(I surf with JS enabled in MSIE, as I do not visit the dark alleys of
the web.)
+++ In my experience freeware authors do not have malicious intent :
- Freeware authors do not include viruses/trojans in their software.
I have installed countless freeware and the worst that I encountered was
confirmed false positives from my av-software.
(An exception was when what were presented as freeware turned out to
be spyware, i.e. when phoning home without consent.
This however sooner rather than later got detected and reported.
So they mostly changed their tactics and now inform you, mostly on
their web site and at least during installation, that e.g. a third
party program is also installed. We then are not talking about
freeware anymore.)
- Freeware authors do not have malicious code in their web pages.
I never encountered anything like that on freeware sites, even though I
surf with JS enabled in MSIE.
I even can not remember the last time, if there ever was one, that I saw
someone else reporting that nastyware was installed by just visiting a
freeware site. Let alone due to JS, rather than active-x.
I argue that the freeware world is a relatively safe haven on the web.
And that it is good to stress that. And bad to say otherwise.
JS is used on very many sites, and also on freeware sites, of course.
Should you suggest that all freeware sites that use JS are unsafe,
because they may have malicious intent, you would discredit the freeware
world, which does not deserve that.
Should you single out one author's homepage and say that you would not
bother with that site, because it uses JS, you'ld steer people away from
that site, for no good reason at all.
You'ld give bad "advice", as people might miss out on good freeware.
You'ld insult the author, as you'ld suggest that he might have malicous
intent, although all he is doing is offering you software for free.
Of course, anybody who is positively sure (and can prove it) that some
freeware site does have malicious JS, is strongly encouraged to post
that here in a.c.f.
See above. There is no difference between JS code in a html file vs the
same in a js file. No reason to worry at all.
Sorry, I worded the above alinea badly, which is confusing.
Of course I did not mean to say that you insult the author when you
comment on his poor site layout, explanations and missing help files.
I believe I acknowledged all that, myself.
However, there are two ways in which you do insult the author, IMO.
+ When you suggest that you dont trust his JS.
I have explained that in length above.
+ When you suggest that he is harvesting e-mail addresses.
I have explained that in my last post.
One must have a very thick skin indeed, when you give software for free
and in return someone suggests to stay away from your site, because of
possible malicious intent on your part.
First: I do have at least one email address that I would never use on
the web. On the web I use additional ones that I can easily dispose of.
I have only argued that I am quite sure that entering a real (e.g. a
HotMail) address (as opposed to the (e-mail address removed) address) on this one
site would not lead to that address being harvested.
So yes, I am concerned about my email address being harvested, but no, I
am not worried about this site.
Second: I lied? I don't understand. Where did I lie?
The author asks: "Your email address?".
Script 1: Suppose, I enter my main address.
I'll not read the mail that the author subsequentially sends there.
(I have a problem reading all my mail, already.
I would filter those messages and never see them.)
Am I obliged to read them? No! So, am I a liar, then? I think not!
Script 2: Suppose I enter a HotMail web mail address.
I'll not read the mail that the author subsequentially sends there.
I'll only occasionally check to make sure that that box is not full.
Is this script really different from script 1? I think not!
Script 3: Suppose I enter (e-mail address removed) .
I will not be able to see any messages sent there.
Is this script really different from scripts 1 and 2? I think not!
The author knows or should know that an email address entered does not
mean at all that any mail sent to that address will be read.
So why does the author require an email address?
I don't know, but he may have several good reasons. To name just one:
Entered email addresses do provide a reasonably accurate counter for
the number of downloads.
In that case: even if I don't read his mail, I do count.
I can only repeat myself.
I have explained that harvesting addresses in order to sell them makes
only sense when you manage to harvest *hugh* numbers of addresses (which
this site will not manage), 'cause else it would not earn you a cent.
(So he may "harvest" but will not be able to sell.)
And that at the same time his site does not have any of those ads or
popups, etc. that you see on so many sites. Which makes it even more
unlikely that he wants to profit financially from those who download.
I have not said one does, but it had occurred to me and I agree that
counting downloads may very well be one (maybe a main) reason for his
use of the email address form.
There are other ways for counting, but this method does not require cgi
for instance. It may just be the way he prefers for convenience.
You might find that other methods might be more suitable, but that does
not make him an address harvester.
We do not know why he requires an email address.
But we really do not have to worry too much about that either.
If you want to try his software without any risk, just use a disposable
email address. Not much wrong with that.
There is an analogy to the JavaScript issue.
You stress that freeware authors in general and this one in particular
may have malicious intent: they/he may use malicious JS and may harvest
email addresses.
I argue that in fact there is very little evidence to support that.
And that you insult this author, who probably is a good man.
And that you do us and the freeware world in general no favor, in the
process.
Thank you!
But I really doubt that. And know for sure that I amgreatly helped here by a lot of people who are more competent with a lot
of these things overall and in detail than I am.
I agree.
I should probably have been more considerate in that post and maybe in
this one as well.
But I do take the subject seriously and may get lost in trying to word
it all.
A
Alan
Sietse Fliege wrote:
<snip excellent content>
Very sane & sensible information Sieste. Hopefully you have dispelled a
few of the myths that browsing anything other than pure HTML from the
early 90s will blow away your hard drive, or vaporize your database. It
just goes to show how much misinformation grows from the hyped up claims
of those (MS bashers) hell bent on trying to cut down tall poppies.
Malicious rumour mongering probably does more damage than the relatively
rare instances of malicious code encountered on the web.
<snip excellent content>
Very sane & sensible information Sieste. Hopefully you have dispelled a
few of the myths that browsing anything other than pure HTML from the
early 90s will blow away your hard drive, or vaporize your database. It
just goes to show how much misinformation grows from the hyped up claims
of those (MS bashers) hell bent on trying to cut down tall poppies.
Malicious rumour mongering probably does more damage than the relatively
rare instances of malicious code encountered on the web.
O
ozzy
Alan said:
Unfortunately, I agree with John & he has very VALID concerns.
ActiveScripting (JS) is dangerous. I never enable JS (javascripts) either.
Good coders don't use it as there are much better alternatives. Over 90% of
the pages I visit don't require me to enable them & those that do I skip
with good reason. They are hiding something. I have been coding over 30 yrs
& have seen a lot & know what I can do with JS, so I am confident others can
too. I politely suggest that you update your JS knowledge. Spammers &
hackers have; so should you.
Please checkout some respected sites references:
http://www.stanford.edu/group/web-creators/javascript_security.html ,
http://www.novalynx.ca/technical_info.php ,
http://www.tbtf.com/resource/mail-html-ru.html ,
http://search-engine-ranking-rules.com/dangers-flash-seo.html ,
http://kimihia.org.nz/articles/cookies/activex (pay attention to the
differences between activescripting & activeX... many confuse them) ,
http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00221.html ,
http://www.martin-yachts.com/legal-information/security.htm . Many of
these pages are dated (2001 & earlier) & some from regular business' but it
just shows you that everyone else knew of the dangers since 1996, so my
question is WHY DON'T YOU? I would not be claiming to others (especially
newbies) that there are no possible dangers in JS when there is.
ozzy
A
Alan
ozzy said:
I didn't disagree with John at all. And I don't deny any of the
*potential* that's there with JS in web browsers, any more than I'd deny
the potential of batch files in wiping hard drives. I was just
complimenting Sieste for his sanity amid the oft' hyped up paranoia. In
answer to your question, I *do* know of (at least some) of the potential
dangers - I just try to keep them in a sensible perspective. To brand JS
in general as a bad thing, as you seem to be doing is simply peddling
the kind of misinformation and hype I was referring to. Nor did I "claim
to others that there are no possible dangers in JS". I suggest you
concentrate on reading the post properly, before posting the
preconceived reply you have at the ready in your trusty holster.
J
John Fitzsimons
Why not read ozzy's links ? JS is not IMO as safe as you are
suggesting. Even if you are correct I am still not interested in
anything creating, or writing to, a cookie file.
From a "web bug", or BHO perspective, that is still too much.
IMO very few people update their system to counter such exploits. So
they are vulnerable.
There is a difference between rare and non existent.
A site can look innocent enough but still have malicious intent.
You are only speaking from your own experience. There is nothing
stopping a freeware author from including a virus/trojan with his/her
program(s).
No, we are talking about programs that are often advertised as
freeware but in reality are spyware. An increasingly common situation
these days.
You cannot speak for all freeware authors.
I didn't say that. I make an assessment on all the things *combined*.
I wasn't critical of it using JS only that it tried to download
something in JS apart from the normal browser JS requirements.
I don't. Why should I ? You admit yourself that JS security holes
exist. You are free to trust everyone if you like. I don't.
Having got "spam" for YEARS due to supposed "freeware" downloads
I am not excited about sites that demand an email address for
downloading files. The fact is that some sites that offer supposed
"freeware" DO harvest email address'. Not necessarily for re-sale but
to sell you something from them at a later date.
Okay, so you haven't * yet * had a site offering you freeware spam
you. Fine. Stay on the net and it will happen. It isn't "if" it is
"when".
You suggested I put (e-mail address removed) . Is that "Your email address?".
It certainly isn't mine. If you/I aren't telling the truth then IMO we
are lying.
By considering "probabilities" I would say for email harvesting. From
my many years on the net the overwhelming majority of sites that have
demanded an email address from me have later sent me spam and/or
others have.
A possibility, but a lot less likely than harvesting for spamming.
So ? Doesn't stop that site from spamming me themselves.
IMO it looks like you aren't paying attention to what can happen in
the "real world". A number of freeware sites have gone "commercial". A
number of freeware programs/utilities have gone "commercial". He may
wish to profit financially at a later time.
< snip >
Regards, John.
A
Alan
John said:
"Ignore" is incorrect. Both Sieste and I have had regular input to the
issues of browser and e-mail security, which I think shows that we are
both concerned with locking houses and burglaries. "Put into appropriate
and realistic context" would be closer to the mark.
Again, inaccurate. The issue, like most things, is not black & white.
You may prefer to see the issue as a 2-pigeon-hole one - "paranoid" and
"head in sand", but I prefer to find the sensible middleground. This is
where the truth usually lies.
LOL! This is true, except for the MS adulation, which would definitely
be vehemently denied by colleagues had you been in the office this
morning. I guess I'm guilty here of a "usual suspects" mentallity
though... can't imagine why. Perhaps there's the same mentallity of
rejecting all new technologies post 1980s, point blank, as having no
place on the web at all... the way you seem to be pigeon-holing JS.
A
Aaron
I use them on my site, but I suppose you won't miss much with them off.
Altough I noticed lately that the rise in spambots has led many sites to
hide their email addresses using javascript.
I suppose you could use a form email, but some visitors still prefer the
comfortable of sending email through mailto links.
With eagerness i checked out the following sites
Both sites are similar. Not much here, looks outdated
?? one line about Dangers of JS , for SEO, not for users.
Page doesn't exist.
Talks mostly about the dangers of HTML. This I agree with, even with JS,
web-bugs from spammers can be irriating.
I think the risk is acceptable, if you take some precautions. It's all
about comfortable level. Use a good antivirus , do some http filtering with
proxo , and you should be okay IMHO.
Personally, I was disappointed with the quality of the links.
Aaron
Altough I noticed lately that the rise in spambots has led many sites to
hide their email addresses using javascript.
I suppose you could use a form email, but some visitors still prefer the
comfortable of sending email through mailto links.
With eagerness i checked out the following sites
Both sites are similar. Not much here, looks outdated
?? one line about Dangers of JS , for SEO, not for users.
Page doesn't exist.
Talks mostly about the dangers of HTML. This I agree with, even with JS,
web-bugs from spammers can be irriating.
I think the risk is acceptable, if you take some precautions. It's all
about comfortable level. Use a good antivirus , do some http filtering with
proxo , and you should be okay IMHO.
Very sane & sensible information. Thank you.
Personally, I was disappointed with the quality of the links.
Aaron
A
Alan
Aaron wrote:
Thanks for doing the checking. I couldn't be bothered myself, having
preempted more of the same old thing. Sounds like you've pretty much
verified my suspicions, but I thought I'd take a look now anyway.
Site 1 - 2 of 3 dead links... not too reliable.
Site 2 - repeated info from site 1.
Agree - only one reference to JS in the second, the first mainly to
HTML, except for the stupid unending window spawning trick, that's
hardly a security issue.
I managed to connect to it, and only had to read the first para to see
where the author was coming from - "Your browser, a version of Microsoft
Internet Explorer, does not comply with many of the accepted standards
used on the web. It also has a large number of problems which allow
malicious web sites to take over your computer. For your optimal viewing
pleasure we recommend you install one of these browsers: Mozilla, Opera,
Netscape 6, K-Meleon, Skipstone, Galeon, or Konqueror." Further
lingo/clichés confirm the author's agenda... dead giveaway.
Maybe John might now understand why the "MS basher" reference slipped
into my reply. Maybe ozzy might remove it from his "respected" list too.
Concur - nothing to do with JS; everything to do with HTML
This is probably the most sensible of the "references" - without hype or
panic, it mentions some potential for risk, and some simple fixes to
eliminate it - no SMD (scripts of mass destruction) rubbish here... sane
& sensible.
BTW, the links above came from "ozzy"...
while this ^^^^ was my comment on Sieste's take on the issue.
Me also, but it's what I expected. If this represents a subset of
"respected sites" on the issue, I remain (reinforced) with my attitude
on JS on the web. In the manner of analogy, as used by John, I'm no way
convinced to avoid getting into a car at all costs, because cars get
into accidents and people die, and that getting into a car will
therefore kill me.
Thanks for doing the checking. I couldn't be bothered myself, having
preempted more of the same old thing. Sounds like you've pretty much
verified my suspicions, but I thought I'd take a look now anyway.
Site 1 - 2 of 3 dead links... not too reliable.
Site 2 - repeated info from site 1.
Agree - only one reference to JS in the second, the first mainly to
HTML, except for the stupid unending window spawning trick, that's
hardly a security issue.
I managed to connect to it, and only had to read the first para to see
where the author was coming from - "Your browser, a version of Microsoft
Internet Explorer, does not comply with many of the accepted standards
used on the web. It also has a large number of problems which allow
malicious web sites to take over your computer. For your optimal viewing
pleasure we recommend you install one of these browsers: Mozilla, Opera,
Netscape 6, K-Meleon, Skipstone, Galeon, or Konqueror." Further
lingo/clichés confirm the author's agenda... dead giveaway.
Maybe John might now understand why the "MS basher" reference slipped
into my reply. Maybe ozzy might remove it from his "respected" list too.
Concur - nothing to do with JS; everything to do with HTML
This is probably the most sensible of the "references" - without hype or
panic, it mentions some potential for risk, and some simple fixes to
eliminate it - no SMD (scripts of mass destruction) rubbish here... sane
& sensible.
BTW, the links above came from "ozzy"...
while this ^^^^ was my comment on Sieste's take on the issue.
Me also, but it's what I expected. If this represents a subset of
"respected sites" on the issue, I remain (reinforced) with my attitude
on JS on the web. In the manner of analogy, as used by John, I'm no way
convinced to avoid getting into a car at all costs, because cars get
into accidents and people die, and that getting into a car will
therefore kill me.