I can second the "noscript" thing. "Default deny" is good practice. No- one has to explain it for firewalls ( any more I hope), so why do we have to explain it in other places? On Thu, Jan 23, 2020 at 7:00 PM Don Tai via talk <talk@gtalug.org> wrote:
I regularly browse with javascript turned off. I use NoScript. While it is a hassle, I whitelist trusted sites, but refuse script from 3d party sites. There is a bit of setup to do to whitelist sites. Scripts have long been abused. Browsing without js restores a bit of honesty in web pages, as a lot of the razzle dazzle crap code is not executed. I seek information more than eye candy. Cross-site scripting risk is near eliminated, making web browsing safer. You can also see which sites have added a whole lot of crap onto their script code and which 3d party sites they employ. This will colour your selection of credible web sites.
As well I intermix browsers as well as use Tor.
I encourage you to try it. Tilt the advantage to the user with the NoScript plugin.
On Thu, 23 Jan 2020 at 18:30, o1bigtenor via talk <talk@gtalug.org> wrote:
On Thu, Jan 23, 2020 at 3:37 PM D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
| From: o1bigtenor via talk <talk@gtalug.org>
| In this vein - - - - a contact who in computer terms calls himself a
dinosaur
| refuses to allow javascript on his computers doing all his browsing on text | based browsers. In his opinion javascript is a serious accident already in free | fall. What you're sharing only emphasizes that. Maybe its time to join his | anti Javascript position?
Thank you for your response!!
The issues are a little more intricate.
They usually are - - - grin.
Note npm is a repo (mostly?) for JavaScript to run under node.hs. node.js is a server-side thing. It runs JavaScript on the server. Not
in
the client (browser).
JavaScript itself isn't terrible.
What is unfortunate, I think, is the unfettered creativity JavaScript in the browser allows web designers. They misuse it, just like they did Adobe Flash previously. To some extent this is caused by the good sides of JavaScript: how easy it is to learn, how easy it is to wip up complexity, how easy it is for the page creator to take control of the browser experience.
From what little I know what I"m thinking is that the browser user needs to have some tools to control what the browser does - - - - that seems to be unobtanium at this point.
What I was talking about was how easy it is to inject malicious code
into
the ecosystem. That isn't actually the fault of the language. (It is imaginable that one could design a language that prevented some abuse.)
In fact, the language+browser have been designed to limit the damage that could be inflicted on the client side. The npn problem is mostly server-side, I think (I'm not sure).
Making something easier (cheaper, faster, more understandable, ...) allows it to be used more, often to excess. Unexpected side effects can ensue.
- increasing efficiency of cars makes driving cheaper so people drive more and end up using more total energy (gasoline).
Our obsession with individual transportation has become a major cost factor in one's personal economy.
- computers became a lot cheaper. So a lot more money is spent on computers.
- programming has become easier. So a lot more pointless programs have been created.
- when I worked on optimizing compilers, I thought that I was trying to make existing programs run faster. Then it struck me that it allowed programmers to write programs in a simpler and clearer way and have the compiler eliminate the performance cost.
Interesting.
Here's a random example of npm use:
Thanks for the sharing!
I'm wondering if there even is a way of reining in the wild possibilities in javascript in a browser. If there is it would be quite nice if this would happen quite soon. I'm finding that the web has become quite a frustrating and a very very far from useful place to look for things.
Regards --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- David Thornton https://wiki.quadratic.net https://github.com/drthornt/ https://twitter.com/northdot9/