Hacker News new | past | comments | ask | show | jobs | submit login

Do you really believe that if Apple wrote their own interpreter for their own custom language that serializes into JSON it would be safer than using one of the battle-tested LUA implementations?



Lua, not LUA. It's Portugese for moon.


I was suggesting that they don't have executable code at all, that they use static configuration. But it may not be possible within their problem domain, I don't know. I always prefer static solutions until dynamic becomes necessary.


Between code signing and sandboxing, this probably isn’t any more dangerous than the JS that Safari downloads and runs every time you open a webpage.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: