[GoLUG] Writing an internet server

Ron ron at bclug.ca
Wed Aug 27 04:39:13 EDT 2025 

Kevin Chadwick wrote on 2025-08-22 03:23:

> I'm not even going to reply to most of your mail as it is frankly 
> completely out of touch with reality.

Says guy who thinks rewriting over a million lines of code will produce
a JS engine immune to security vulnerabilities.

And claims / complains JS is slower than... before introducing JIT? And 
thinks an even slower JS engine is a Good Idea™.




> Everyone knows browser security is terrible

Typical FUD, "everyone knows $not_true_thing".

Considering exposure, install base, and daily usage, plus the decade the
big tech companies worked on hardening browsers, it's no wonder you
can't provide links to frequent cases of users getting pwned and just
throw out unsupported allegations.

Anything in the past 10 years in JS that was half as bad as "Heart
bleed" in bash?  I'm not recalling any such thing.


I'm not saying JS is perfect, nor never has vulnerabilities, just saying 
it's greatly improved and needs to be *realistically* compared to 
alternatives.



> I know you haven't been watching the number of js bugs over the 
> years that are due to memory issues like I have, they are frequent 
> and often the majority.

You seem to know a lot of things that you've just pulled from thin air.

Do these memory bugs lead to mere annoyance of scripts crashing, or are 
you claiming user's security is impacted. Because I'm not seeing much of 
the latter.

Even if true, users are not getting their systems hacked very often this
way. It's more frequent for big hacks to be either social engineering or
unpatched software.


> Mozilla hardly if at all maintain v8 they just plug it in.

They have their own JS engine (they call it a JS Virtual Machine) called 
SpiderMonkey, they've *never* used V8. You have no idea what you are 
talking about.


> Rust isn't even the language that Hoare invented or wanted. You 
> would think Mozilla would evaluate all existing languages before 
> inventing a new one that turned out to be inferior.

I suppose your citation for that is "my feelings" again?


> Ada was built with far more money and expertise than Mozilla could 
> afford and more time than Google, Mozilla or Microsoft would afford.

That doesn't make it the best choice for running in a browser. The 
competition was Java and Java Applets at the time. Then Active-X 
(shudder - those were the days when browsers were gaping security holes, 
you're just a wee bit out of date).


Also, you conveniently ignore how this Ada code would get distributed to
a billion users. Binary executable files?

Are malware developers somehow unable to learn Ada?

Does Ada not allow for executing `rm -fr ~` or other creative nastiness?

Would Ada code need to run in a sandbox then? Which does not exist that 
I know of (could be wrong). Something JS has already and is battle 
tested daily by a billion users...



Ada seems like a great language, but that doesn't make it the best
language for every application.


Here's a post about JIT in V8:

> Understanding Just-In-Time (JIT) Compilation in V8: A Deep Dive
> 
> Exploring V8’s JIT Compilation, Ignition, and TurboFan for Optimized 
> Performance

https://medium.com/@rahul.jindal57/understanding-just-in-time-jit-
compilation-in-v8-a-deep-dive-c98b09c6bf0c

More information about the GoLUG mailing list