Reply #113: JavaScript is also stateless. [View All]

I use CGI all the time. But the CGI code on my Web server is written securely. JavaScript is purposefully stateless. Yes, there are exploits, but administrators try to keep things up-to-date and these are plugged, hopefully quickly. That's why I run only peer-reviewed, open source software on my machines. Exploits are patched quickly.

Plus, there's the issue that the Javascript exploits expose the server end, not the client end. And yes, there are also exploits on the client end. Anybody who uses Microsoft IE is crazy because it has so many unpatched exploits. That's why I use Firefox which at least gets patched in a timely manner.

If somebody wants to hack my port 80, all they will get is my Apache Web server. It is the only thing which answers on port 80. Web browsers do not answer port 80 since that port is reserved for Web *servers*. Web browsers connect *to* port 80, not the other way around.

Exploits happen, but the government that wants to take the trouble to find exploits for all the particular connected machines is foolish when they can just sit on the line and read whatever comes across it.

Have you heard of Echelon? The NSA is this very minute reading a vast proportion of Net traffic including possibly this very post. And they don't need to open any ports, hack any machines, or try to install viral code on my Linux boxes to do it.

Information that goes across the Internet is *not* secure. It has *never* been secure and it never will be secure. Once one knows that, one can relax and not worry about governments making individual connections to individual machines because they already have the tools to read everything we do here without going to that trouble. So sleep soundly and resign yourself to the fact that these extra connections are almost certainly normal Web traffic.