Hacker News new | past | comments | ask | show | jobs | submit login

What's that Google is working on, and it's a much better environment. The code lives on your computer all the time, and you (in theory, assuming the proper browser settings) can make sure you are using a constant version of the code that matches up with what other people are using and auditing.

You can't lock down JavaScript at all. Your browser should (in theory) tell you when a plug-in is asking to be updated and give you the option to say "nope."

In theory, you could even walk up to a brand-new (assuming uncompromised) computer and reinstall the plugin. But you would still need some way of knowing that you were installing the same version you decided to trust earlier. Recognizing checksum pictures, I guess?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: