[116721] in North American Network Operators' Group
RE: Follow up to previous post regarding SAAVIS
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Fri Aug 14 17:42:14 2009
Date: Fri, 14 Aug 2009 17:41:56 -0400
In-Reply-To: <86481589-3D72-4AD0-B52C-27209C560AC3@merit.edu>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "mkarir" <mkarir@merit.edu>
Cc: "nanog-post@nanog.org" <nanog-post@nanog.org>, NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> ... Dont know what web 2.0 is but the new portal is a web based
> object management system complete
> with "recommended" changes and inconsistency lists.
> We just added prefix allocation check with backend information
> from PCH (prefix checker tool).
Web 2.0 is marketroid drivel-speak for a method of continuing to ensure tha=
t Web Applications are uninspectable and unsecurable. It is based on doing=
partial document refreshes using code executing within the browser, usuall=
y in such a fashion that it modifies the document tree directly through for=
eign (ie, from the net) code execution in the context of the current user (=
or, because of the zillions of holes in those browsers supporting code exec=
ution, with the priviledges of the OS itself).
It is highly insecure and cannot be secured by any products currently avail=
able. It is best to stay as far as possible from anything claiming that it=
is Web 2.0. Hallmarks of Web 2.0 are gratuitous javascript and java appli=
cations which cannot be disabled. Enabling any type of even minimal securi=
ty on any web site that is "Web 2.0" buzzword compliant results in the disp=
lay of completely blank pages. Web 2.0 pages will indirect all hyperlinks =
and navigation through javascript. Not because it provides anything useful=
but rather in order to force people to enable dangerous crap in their brow=
sers (javascript, java, Flash Virus, &c)
--
() ascii ribbon campaign against html e-mail
/\ www.asciiribbon.org
