flat assembler
Message board for the users of flat assembler.

flat assembler > Heap > Why we should always disable JS (and flash)

Goto page Previous  1, 2, 3, 4 ... 13, 14, 15  Next
Author
Thread Post new topic Reply to topic
DOS386



Joined: 08 Dec 2006
Posts: 1904
> you disable JS. Otherwise, expect to be
> tracked and to have information about you
> sold to the highest bidder.

> Why we should always disable JS (and flash)

Don't forget to deprecate
F*C*-B*** too (I am proud NOT to have an account at F*C*-B*** Wink ) and use
other-than-Google searching engines.

Also, when sharing a movie, do NOT upload it to LOO-TUBE.

A damn sad develoment is, that
many persons and groups,
instead of having a website,
they just "allocate" space at
F*C*-B*** or LOO-TUBE, and
place most or all stuff and information only
there. So when following a
link or search result , you get just a messy FB
or LT page pressuring you to
login. No chance to find any
information, download anything,
submit question or comment,
etc.

Not to talk about websites
needing your (registered) mobile phone
number in order to register an
account (Yahoo etc).

_________________
Bug Nr.: 12345

Title: Hello World program compiles to 100 KB !!!

Status: Closed: NOT a Bug
Post 04 Apr 2015, 16:38
View user's profile Send private message Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1181
Location: Unknown
Quote:

and use
other-than-Google searching engines.

What do you think about this: https://duckduckgo.com

It has an interesting about page: https://duckduckgo.com/about

I do not care to be tracked by google or other companies but I am almost making an effort to change. D:

Quote:

you get just a messy FB
or LT page pressuring you to
login.

Haha, I hate that. Specially in "Quora" sometimes they do not let me see an answer and require me to create an account. But I still refuse to do so.

Quote:

Not to talk about websites
needing your (registered) mobile phone
number in order to register an
account (Yahoo etc).

That another thing I hate, I have a number reserved just for that (currently for Google).

I think we all pay the price, just because most people have facebook, google plus, reddit and cell phones they expect everyone to have one too. Those who do not, live a nightmare and they can barely do anything. D:
Post 04 Apr 2015, 20:47
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16509
Location: M87*
HaHaAnonymous wrote:
But they say disabling Java Script is not recommended:

    • Allow all sites to run JavaScript (recommended)
    • Do not allow any site to run JavaScript

Now here comes the question: If they recommend it isn't because it is safe to have it enabled!?

I'm asking that because those words come from security enthusiasts...
Who is "they"?
Post 05 Apr 2015, 00:23
View user's profile Send private message Visit poster's website Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1181
Location: Unknown
Quote:

Who is "they"?

The developers.
Post 05 Apr 2015, 00:41
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16509
Location: M87*
I doubt that "The developers" are "security enthusiasts".

There are some websites that "require" JS to function and thus the browsers developers would like their browser to appear to work with everything so they recommend to have JS enabled.

But security folk are different. If something can compromise you then they recommend not using it, or disabling it, or using an alternative.

IMO sites that need JS to be usable are not worth visiting. They are usually just those "fluff" sites with no meaningful content. Time-sucks that waste one's life with trivia. Flashy time wasting animations that serve no purpose other than to try and make one go "wow, cool". And, of course, obnoxious in-your-face adverts that distract and annoy incessantly.


Last edited by revolution on 05 Apr 2015, 08:33; edited 1 time in total
Post 05 Apr 2015, 01:01
View user's profile Send private message Visit poster's website Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1181
Location: Unknown
revolution
I agree.

But nowadays JavaScript is everywhere, just like a plague.

It is even present in FASM board:
Quote:

<input type="button" name="quoteselected" class="liteoption" value="Quote selected" filtered="javascript:quoteSelection()" filtered="getSelection()">


They use JavaScript for everything, some sites even use it for trivial things like hyperlinks. In many places there is an over use of JavaScript. Some even call it "client side scripting". D:

But Flash can be easily disable without noticeable drawbacks.
Post 05 Apr 2015, 01:11
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16509
Location: M87*
IMO the "proper" use of JS is to enhance the page for use, and not to be the only way to use the page. This board is usable without JS.

Using JS for simple hyperlinks is a clear case of misusing it. Using JS to animate things when the user has disabled browser animations is misusing it. Using JS to pull and display content is misusing it. Using JS to display in-your-face popups when the user has disabled other popups is misusing it.

Basically JS has too much control over the browser and can be used for anything from producing annoying dynamic content to full-on malicious harm.
Post 05 Apr 2015, 01:21
View user's profile Send private message Visit poster's website Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3494
Location: Bulgaria
Well, I think I have some ideas about JS-crisis-of-trust. There are several things that can be implemented only by using JS. For example, the server-push technology is impossible without using JS. This way sometimes we are forced to use JS, even if the most of the work can be made by using plain HTML+CSS.

The solution is to make a library of JS functions that to be installed on the client side (similar to GreaseMonkey scripts) and then to forbid any new functions declaration for the web pages but to allow function call.

This way, the web page will have the functionality, but will not be able to call any code that is not checked for safety. The fixed library can be audited and except the possible bugs can be made safety.
Post 05 Apr 2015, 05:24
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16509
Location: M87*
Why do we need server push for websites?
Post 05 Apr 2015, 06:20
View user's profile Send private message Visit poster's website Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3494
Location: Bulgaria
revolution wrote:
Why do we need server push for websites?


In order to show information that changes in time.

_________________
Tox ID: 48C0321ADDB2FE5F644BB5E3D58B0D58C35E5BCBC81D7CD333633FEDF1047914A534256478D9
Post 05 Apr 2015, 06:31
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16509
Location: M87*
You mean like the "refresh" header parameter?
Post 05 Apr 2015, 06:34
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16509
Location: M87*
revolution wrote:
Using JS for simple hyperlinks is a clear case of misusing it.
The Fresh source page has this very problem:

http://fresh.flatassembler.net/fossil/repo/fresh/honeypot
Post 05 Apr 2015, 06:36
View user's profile Send private message Visit poster's website Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3494
Location: Bulgaria
revolution wrote:
You mean like the "refresh" header parameter?


No. Refresh parameter works only when the client knows that the information get changed. Otherwise, it only will waste resources and still will get the changes with delay.

I am not talking, that it uses timers that is really bad design. (There is "rule number one of johnfound" that reads: "Using timers for control is always wrong").

Good design is when the refresh is fired by that one, who knows that something changed.

Additionally, reloading the whole page always breaks the user interaction with the page, which can be very irritating.


Quote:
The Fresh source page has this very problem:


We already commented this several times and you know the solution: just login as an anonymous user and everything will be OK. You should not register any accounts in order to do this.

In addition, this is not the Fresh IDE page, but the source repository, that uses third party software - fossil SCM. The Fresh IDE page uses JS as well, but works without it pretty well.

_________________
Tox ID: 48C0321ADDB2FE5F644BB5E3D58B0D58C35E5BCBC81D7CD333633FEDF1047914A534256478D9
Post 05 Apr 2015, 06:50
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16509
Location: M87*
JohnFound wrote:
No. Refresh parameter works only when the client knows that the information get changed. Otherwise, it only will waste resources and still will get the changes with delay.
Can you give a link to a website that requires server-push to function.
JohnFound wrote:
Quote:
The Fresh source page has this very problem:
We already commented this several times ...
And you still haven't fixed it. Surprised
JohnFound wrote:
... and you know the solution: just login as an anonymous user and everything will be OK.
Another "solution" would be to remove the JS coded links. Wink HTML supported hyperlinks ever since version 0.0 so it would then be compatible will all current and past browsers that have ever existed.
Post 07 Apr 2015, 13:26
View user's profile Send private message Visit poster's website Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3494
Location: Bulgaria
revolution wrote:
Can you give a link to a website that requires server-push to function.


"To function as intended" is not the same as "To function somehow". The below examples are "to function as intended":

1. Every web based chat needs server push in order to show the messages of other users in real time. Stopping the server-push, means this is not chat anymore.

2. Every web site that measures something in real time and displays the information online: weather stations, industrial measurement and data collection systems, the stock-market systems

3. For specific example: http://stackoverflow.com misses half or its features if JS (server-push) is disabled. And these features are pretty useful, not bells and whistles.

_________________
Tox ID: 48C0321ADDB2FE5F644BB5E3D58B0D58C35E5BCBC81D7CD333633FEDF1047914A534256478D9
Post 07 Apr 2015, 14:08
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16509
Location: M87*
I have no respect for websites that lie.
It's 100% free, no registration required.
You must be logged in to ask a question on Stack Overflow
Post 07 Apr 2015, 14:16
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16509
Location: M87*
So ignoring the required registration lie I couldn't find any evidence for requiring the server to push to me. Question Which part requires realtime updates?
Post 07 Apr 2015, 15:09
View user's profile Send private message Visit poster's website Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
revolution wrote:
the required registration lie

Here is a bit of information on that.

_________________
Faith is a superposition of knowledge and fallacy
Post 07 Apr 2015, 15:39
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3494
Location: Bulgaria
@revolution - the web site engine does not lie. Only people, that wrote the content.

And here are two more examples: Both my projects from this topic require server-push, because the web interface displays an information that updates in less than a second. In addition, they must be implemented with web-interface, because the information need to be monitored through the network, using web browser (from mobile phone as well).
Post 07 Apr 2015, 16:11
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
HaHaAnonymous



Joined: 02 Dec 2012
Posts: 1181
Location: Unknown
Registration is not required by StackOverflow to see the Questions/Answers (unlike Quora, I ask myself why this **** is so popular with such stupid limitations). The first thing I think when I want to have a website is: I am going to pay for this, not getting paid for doing this.

But most people are doing every thing for money and advertisers nowadays, there is almost no love. With few exceptions like the "FASM" board, for example. :D
Post 07 Apr 2015, 19:13
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4 ... 13, 14, 15  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.