| > I pay $1/month for a paper statement. I doubt | | You're lucky. I've closed accounts when each notified me that | they wanted $8.95/month to mail me a single sheet of paper | with 1, 2 or, at most, *3* transactions on it! Note that | one of the banks was 1500 miles from here -- so its not | a "local phenomenon". |
TD Bank. And they're open on Sundays, too. :) I'm not sure I even want to know why you have numerous bank accouts on the other side of the country. :)
| Do you own any securities? Do any "trading"? |
No. I'm not a gambler. Frankly I think straight gambling on the stock market should be illegal, with something like a 90 day minimum period that stocks would have to be held and no option for buying options, which are merely bets. Then people would be investing in companies rather than just a big, glorified gambling hall.
| > You sound like you know what you're doing, so I | > wouldn't be inclined to tell you that you should change, | > but my way also works. Nearly all possible online attacks | > require javascript. | | If you look at the history of vulnerabilities, you'd realize that's | not the case. Buffer overflow exploits are still common -- despite | EVERYONE knowing about this sort of potential problem (yet | continuing to write NEW code that has the same flaws). |
Buffer overflows require executable code. The point is to go back to what the Web was meant to be: A resource that can be accessed. Not remote software. However you look at it, nearly all risks online require script. It's true that there has been at least one issue with JPGs. That was actually a vulnerability in gdiplus.dll, the Windows extended graphics library. There was also once an issue with EMF files. It's not impossible to face a vulnerability with script disabled, but it's *very* unlikely. With script enabled, on the other hand, you're a sitting duck.
PDF exploits, as well as Flash, are also script issues. The MP4 bug you link to is a Flash problem. Likewise, the MP3 bug you linked to is with script in iTunes. What you're talking about is all executable code. The point is to get executable code out of the browser. Don't use Adobe crap at all. Don't enable script. Don't install Java. Don't run videos and music in browser plugins like Flash. Don't enable script in your PDF viewer. (For me this is easy. I don't like things moving on webpages while I'm trying to read. If I want to see a video I'll download it, so I can save a copy, and play it in VLC. If I can't download it I can't be bothered. I'm not going to sit around "watching TV" on my monitor.)
| Having NoScript block all domains, here, means I often | have to take several attempts to view a site -- successively | enabling more and more domains until the site "appears" | to work. Some sites are very deliberate in refusing to work | without Jscript enabled. Some refuse to work without Flash. |
Yes. I guess it depends a lot on what sites you visit. I have noticed lately that more sites design to break without script. Maybe not all deliberately. The code has gotten to be such a mess that it's hard to tell. I don't use highly interactive sites, so I've never needed Flash. I've never even had it installed. And fortunately it's being phased out.
One of the increasing problems I've seen is kiddie sites hosted by Wix and Squarespace. They get small business people to set up sites for free or cheap. It's all a very simple, drag-drop-and-choose-options kind of operation. People think it's clever that they made their own site. But the pages are actually pseudo-JSON muck that directs the loading of the page from the Wix or Squarespace server. It's completely broken without script. The nasty thing about it is that it breaks because it's using client- side processing to put the page together. PHP and ASP would work just fine server-side, but Wix and Squarespace are cutting corners.
I was looking at a site yesterday by some very talented designers and engineers. Heatherwick.com. Their website is a mess, with the noscript code inside script blocks! These people are award winning designers with big gallery shows, yet they can't build a website with the most basic functionality.
Another one I've noticed recently is Forbes.com. I used to go there sometimes for news. Now there's actually no webpage at all. Their pages are either built from script or hide the content inside script. They're actually, in some cases, embedding the entire HTML string inside script variables! That's so idiotic and wasteful that it can only be a case of trying to make their site break without script.
It's got so bad, and some of the script I see is so bizarre and convoluted, that I recently wrote a tool to sort it out:
formatting link
It's only for people who are familiar with webpage coding, but I find it can come in handy sometimes.