I recently got a message from a webmaster who had no idea their website got their visitors' web browsers to run third-party Javascript from Goggle domains. This is how out of control JS has got. It's time for browser makers to make JS opt-in, so that people who serve it have to justify what it does and why users ought to let it run on their computers. Like they've done with addons, after all JS is just any uglier hack for temporarily adding code to the browser.
#MakeJavascriptOptional
As someone who writes web apps in Elm, I disagree. My apps show nothing but a “turn on JavaScript” warning without JS. Pleroma is even worse. It displays nothing without JS. Here’s the home page HTML for impeccable.social:
<html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,user-scalable=no"><title> Impeccable</title><!--server-generated-meta--><link rel="icon" type="image/png" href="/favicon.png"><link rel="stylesheet" href="/static/font/css/fontello.css"><link rel="stylesheet" href="/static/font/css/animation.css"><link href="/static/css/vendors~app.b2603a50868c68a1c192.css" rel="stylesheet"><link href="/static/css/app.db80066bde2c96ea6198.css" rel="stylesheet"></head><body style="display: none"><div id="app"></div><script type="text/javascript" src="/static/js/vendors~app.4b7be53256fba5c365c9.js"></script><script type="text/javascript" src="/static/js/app.670c36c0acc42fadb4fe.js"></script></body></html>
@billstclair
> My apps show nothing but a “turn on JavaScript” warning without JS.
Why? This is graceless degradation for one thing. I don't see why anyone thinks they're entitled to run programs on other people's computers without opt-in consent. How about you design it to serve an HTML/CSS web page when people visit it in their web browser with JS turned off or blocked, explaining what JS allows the app to do, and asking them to please turn it on? #Pleroma needs to do that to, #Pixelfed has.
Because my web apps rely on JavaScript to do ANYTHING. That's their nature.
Yes, I could do that computation on my server, but that focuses all the compute time where I have to pay for it, whereas the amount of CPU my apps require per user is tiny, compared to the vast unused power of a modern PC.
Also, modern virtual DOM technology allows a webapp to look and feel just like a regular application. I know of no way to do that with all the computation on the server.
I'd rather get new things done than do everything twice, once on the server and once in JS in the browser, with the inevitable differences between the two to constantly fix.
JS is mature technology, with good sandboxing. Yes, it enables ad tracking, as do cookies, but you can already turn those off in your browser if you don't like them. Good browsers, like Brave, allow scripts to be enabled per site.
My first couple of blogging systems used user input, in a few different formats, to create static HTML web pages. Loads fast, but all the boilerplate is duplicated, over and over.
My most recent, still unfinished blogging system (which will likely remain unfinished due to social media largely taking over the microblogging space), goes to the other extreme, stores static page representations on the server, and does the rendering in the browser.
I've drunk the Kool-Aid, and no longer see any reason to resist running JS, for web sites I create, and in web sites I browse. It's everywhere. You're blowing into the wind.
you may trust everyone on the internet to execute arbitrary code on your machine, but i find that attitude extremely foolish. javascript has sandboxing, yes, but i wouldn’t trust a sandbox that is regularly broken at a yearly event. Pwn2Own has been running for years and they’ve managed to break the web sandboxes every time.
@xj9 @billstclair @strypey Plus what with Spectre and family, it's a very bad time to put much faith into a sandbox.
Though I would say if we are going to insist on continuing to run sandboxed programs on the client, Elm would be simpler language to sandbox than JavaScript. I'm going to make that argument in detail eventually.
Elm is certainly easier to sandbox, though convincing any appreciable fraction of the web development community to move to it will be a hard sell.
JS ain't going nowhere. Neither is Windows. Huge business investments in both, with only a tiny fraction of their markets caring about anything but that it mostly works.
> JS is mature technology, with good sandboxing.
🤣 🤣 🤣 🤣 🤣
https://bugzilla.mozilla.org/show_bug.cgi?id=1487081#c16
> JS ain't going nowhere.
Yeah!
Like the divine right of #Kings!
And what about the #Pharaoh?
I'm amused (not) about the total lack of historical perspective of so many #US programmers.
Guys, if you can't see how primitive is our discipline, you'll always be a good, nice and clean #slave.
“I’m amused (not) about the total lack of historical perspective of so many #US programmers.”
Old problem. We lispers fixed it long ago, and functional languages have done even better, but the New Jersey Approach beat the MIT Approach in the marketplace. I wish it weren’t so (said the MIT graduate who writes Lisp for a living).
I am reminded of Richard Gabriel’s classic, “ Lisp: Good News, Bad News, How to Win Big”.
https://www.dreamsongs.com/WIB.html
Not sure if I understood what you mean, actually. 😕
But, to be clear, I think that we should move beyond this dichotomy.
#WorseIsBetter is collapsing anyway due to the curse of #Frankenstein.
But the future won't be "the right thing".
The future will be #simplicity.
Simplex sigillum veri.
http://jehanne.io/2018/11/15/simplicity-awakes.html#the-curse-of-frankenstein
