Dude, you browse with JavaScript on?
Uhm, yeah, why wouldn't I?
It's totally insecure. Hackers could destroy your computer.
Hackers? What is this 1995? And, no they can't.
They can definitely steal information about you without you knowing.
Like what?
Like you're address book information or your browsing history, depending on your browser and settings.
So if I were to visit some dark corner of the internet where people ran malicious scripts like this, people might be able to capture that my name is Bob and I live at 123 Maple Drive Mayberry, NC? And that sometimes I look at boobs at The Daily Niner?
Yes.
But I don't use autofill on my forms at the browser level, they can't. What about you? Isn't like every single website you visit seemingly broken?
Well good websites are coded to work fine without JavaScript, and I can selectively enable sites I trust to allow it.
That sounds like a lot of work to maintain a whitelist manually. And it's not like you do a security audit of each site before whitelisting it right? You just decide to trust it, basically because you want to look at and use that website right now and JavaScript is the only way.
Yes but I'm much more likely to enable it on a big businesses website than some random blog. Look, I'm not alone here, millions of people have downloaded the NoScript plugin for Firefox alone.
I see that. Here's some empirical evidence for you though. I've never once blocked JavaScript on any of the browsers I've used. I browse around all day with little regard to my trust level of the current website. In general my trust level is actually fairly low. I know a lot of sites I visit are hosted on shared hosting by folks like me who aren't security gurus. I've had my websites hacked before on the server-level (nothing to do with JavaScript), which then inserted malicious JavaScript into my pages. I'm sure this has happened to many of those other sites I visit. Sometimes that JavaScript stores weird cookie data or redirects the website. Totally sucky and undesirable, but nothing that serious has ever happened to the point where I even consider just turning off JavaScript. I've never lost sensitive data or gotten spyware or anything like that.
Are you sure? Have you ever had weird charges on a credit card you've had to refute?
Well yeah.
Do you know exactly how that information was stolen from you?
No I don't, but I doubt it was JavaScript.
Doubt... Trust... two sides of the same coin.
Here's another reason I browse with JavaScript on. I like JavaScript. I write JavaScript. It does cool stuff and I like to see how other people use it. So I'm biased in that regard. As a web designer and developer, I don't like hearing how many people browse with JavaScript off. I want that to go away. I don't want to create gracefully degrading websites because it's often twice the work and only for accommodating people with outdated concerns about this technology. And don't tell me all about accessibility, I hear that most screen readers handle JavaScript just fine.
A site that works well without JavaScript also means it also likely has good architecture. It works great alone, and JavaScript adds to the user experience as needed. Relying on JavaScript entirely is just lazy.
You see it as lazy I see it as the future. So what about Flash, do you block that too?
No, I love Flash.
I knew I didn't like you. You're probably a PC guy too huh?
Dude, we're not going there.
Love the ending!
-PC guy.
I don’t get the ending… PC stands for Personal Computer, which means a computer system for personal use.
If you’re referring to Windows vs MacOS it just doesn’t make sense…
OnTopic: great story, to bad some “old” system administrators still think JS is bad and block it server-wide…
For at least a decade a Windows computer has been known as a Windows PC, or a PC. An Apple Macintosh has been known as a Mac. If you don’t get the ending, where have you been?
No one referring to PCs means “personal computer”, even if they think they do. It used to be that most manufacturers designed computers to be “IBM PC compatible”, and people just ended up using PC as shorthand. Eventually, “PC” ended up referring to any computer that wasn’t manufactured by Apple, since they were the last holdout on adopting the x86 architecture.
That’s passively-aggressive pedantics. You knew what he meant.
I thought it stood for Politically Correct.
I thought it stood for “Pretty Cool”
Wow, what an ignorant jerk. Sure there are some things that should simply work with JavaScript off, but would you really go to an extreme to disabling it?
I don’t get the ending though, you have something against Windows or am I missing something here?
Sup Sunny.
I believe the ending is a reference to Jobs banning Flash on iPad and hence ‘I’m a Mac and u suck!’ scenerio
Sites using flash usually have worse fail-back than sites that use JS.
So doing what you can do you HTML CSS and JS in flash is just wrong (i.e. a menu!)
The bug linked is a Safari’s bug, so this guys are likely using a Mac, the PC vs Mac thing is due to Apple adv “I’m a Mac, I’m a PC” just search on youtube for some of them.
In the end… preferring flash and let it load without asking your permission while being scared of JS is idiot. Flash is no more secure than JS.
yes… apple coined the term “pc” in their advertising campaign a few years back…….. right.
Someone should notify Microsoft and let them know that all their commercials with…
“….I’m a PC”
were wrong…..
Thanks for clearing that up Johan, lol.
I bet your running Linux! Mac or Linux PC (thats twice as fast, for half as much)? As a computer science major I got to go with the second choice.
<– linux
Ubuntu Linux and Mac here. Never trusted Windows.
amen to daniel
Linux all the way!
Ubuntu roxx… but Mas is still ahead :P but since i don’t have the money to buy it, Linux kicks ass =D
<- Backtrack based on Ubuntu
I agree with you and all below/above me :D
Linux FTW
pc …mac’s dont count up to their price vs. performance ratio … at least not anymore… a well made pc (!) can offer much more for the same price (mac’s are now made of the same parts as pc’s) … but u need to know what you’re doing ;)
as for javascript … stealing some unimportant data is of no concern of mine since i usually shout it out loud on the internet – passwords are of different concern but i havent had any important data breached … best security is to appear (and in my case to be) unimportant … otherwise get hardware firewall and you’re set ;)
When was the last time you checked Mac’s specifications? For one thing, Macbook batteries out of the box can be charged over 1000 times, about 3 times more than the average battery.
And a “well made pc” will probably cost the same, if not more, than a Mac anyways.
Even with specs “almost equal” the MAC OS is (at least for me) more simple, fast and productive than a Windows machine with twice ram and processor, cuz even having that windows machines still windows!
And about price, today many windows machines from HP, Dell, Sony and other cost amost the same that a mac.
I only miss a few windows games that I don’t run cuz I don’t think in Install Windows in bootcamp so soon. But if I wanna I can, just telling.
Mac isn’t just fancy and shine things, they aren’t cheap, but certaly not expensives, they just have a standart quality above the average, and is for that we buy then and not sony’s vaio that usualy cost more than a mac.
Buy Macs = Good Deal!
Buy Vaios = Spend Money!
And only for finish no ones care if a vaio come with a blue ray drive when u never ‘ll use all quality disponible in the disc!
@rafael: yeah, if you buy from the brand names of course you spending quite a bit, that’s why building your own pc is the only way to go, even if you want to run OS X, build your own hackintosh.
Price does not justify the hardware of a mac, the only good thing about a mac is the OS, but you don’t need mac hardware to run it these days.
“So what about Flash, do you block that too?
No, I love Flash.
I knew I didn’t like you.”
Priceless:)
totally agreed
Yep, same here!
Personally I love JavaScript, but block flash. Click the big black/white square with flash written across it to activate the particular object.
EXACTLY the same here…
My personal nemesis, the Antivirus2009/2010 malware, generally uses infected Flash banners as its delivery vector. It manages to sneak past pretty much every major security suite as well…
Flash is a bigger security hole than JavaScript. By far. Blocking JS generally strikes me as paranoia. Flash on the other hand…
I’ve had to deal with that. It’s a pain. But more of a concern is how successful it is – if a alert pops up on their desktop saying “You’re infected – subscribe now!”, the majority of people click it.
And I think you’re right about flash – javascript has quite a few built-in limitations for security reasons. Flash, however… most people have no idea that it has an offline storage that is pretty much unchecked.
lol…
I browse with blocked JS,
don’t want to get catched by google analytics :-)
This is off topic, but the slider on your portfolio website needs ‘prev’ and ‘next’ tabs or something. Because clicking those tiny circles can be down right difficult.
lol
lol, just block it in your dns entry if that’s your worry. while you are at it, block their ads too, or, route that and/or other requests through a proxy server. lots of tutorials on the net to help you out along with software to make you slightly more anonymous.
Urm, so if you block all JS then how come your blog uses JS? Do you maintain a whitelist too? :P
Doesn’t google analytics fetch non-JS users with a 1×1 transparent image?
I’ve always hated that the “Soviets will steal my files” folks ignore that any and all programming languages wills always have vulnerable points and exploits. Just like how blocking advertisements has a tendency to make Web Masters subvert and profit with affiliate marketing.
Take Flash and JavaScript (by extension: jQuery, MooTools, etc.) away and you get back to the 90s, the long forgotten era of static sites that looked awful.
You can’t do an MP3 or video player in HTML. You can’t do form fields validation in HTML (you can in PHP, but that’s wasteful, as the info needs to be sent to the server with each try).
So, even with security issues, it’s unwise to turn JavaScript and Flash off.
(I’m biased towards JS. I write it too. I hate Flash ads and websites written entirely in Flash.)
Well, you can do an MP3 or video player in HTML only …. and limited validation now … but I still agree with your point as a whole.
“Take Flash and JavaScript away and you get back to the 90s”
Totally true!
Nope, because HTML5 and CSS3 are coming.
Are coming when?…
You know it takes a VERY, VERY long time for that kind of technology to be called web standard, right?.
HTML 5 and CSS3 wont be viable for atleast 4-5 years, unless your target is something very specific (like iphone – ipad web development).
…in 2015 when enough people switch from IE6 and IE7.
Well you can already use some functionalities of HTML5 and CSS3.
you can, of course.
but they’re far from being well-enough supported to rely on exclusively. Even across the more widely-supported elements, good browsers vary in their implementation. And until IE jumps on board, you have to assume that half your audience won’t know what’s going on.
Well a lot of CSS3 can be used without a prob, it’s just a cosmetic addition, IE users don’t even deserve to see them :)
exactly: it’s not essential.
but a lot of the cool html5 stuff needs to have an IE-fallback or they’ll be left out completely – and unfortunately, they’re a big part of the market. And if you’re going to make a fallback, chances are it’ll work in other browsers too; so why code something twice?
Guys, America is not the only country in the world. I’m in Peru at the moment and majority of people here are still using XP desktop boxes, very few macs because of the poverty line. It’s actually like that in most countries in South America.
If you think that ‘people’ will be using HTML5 and related technologies by 2015, think again. There are more developing countries in the world than you realise.
The world is not made up of geeks who upgrade at the drop of a hat, and the world is not USA.
A. “you get back to the 90s”
Clearly you don not grasp the concept of Progressive Enhancement.
B. “you can in PHP, but that’s wasteful,”
So you rather rely on client side validation, which doesn’t work when JS is turned of.
Then you could submit your data using JS… If JS is turned off: no validation needed because the data cannot be submitted.
You could easily pass a token through the submitted form (e.g. have JS add a hidden field) that lets the server know whether or not the data has been validated client side and, if not, validate it on the server side.
So, that would be providing an enhanced user experience if a user has JavaScript, but providing the same basic functionality to all.
Wonder what we could call that?
All we need next is a video to go along with the dialog.
Lovely! I love the ending!
Haha, nice little way of putting it!
I think that the advent of JS frameworks means that websites with javascript are going to be a lot more common (mingos listed a couple of good reasons alone).
One of the things I love about jQuery is the .load() function, and that you can tell it to load a certain element from the page, meaning that you can have fancy AJAX effects, and still have the page display fine for non-JS browsers
It’s quite hard to read. Add “— ” to newlines, please.
Why do you want a dash and a space after newlines? To show that it’s a quotation? Like this:
– Dude, you browse with JavaScript on?
Isn’t it obvious that the article was a dialogue? Or perhaps I don’t understand what you mean.
No, please don’t.
I’m a bit biased against Javascript because I’ve had websites with unnecessary Javascript (falling snowflakes, trailing cursors, ugh) freeze my computer . I used to browse with it off just for a faster experience. I didn’t use it because, oh no, I didn’t want to inflict that on my visitors!
But now most sites I browse either require it or enhance my experience. So I just leave it on.
I browse without Flash, though.
I see the 90′s and early 00′s left a lasting impression on you… (snowflakes, trailing cursors etc)
Haha…love it!
-PC girl :-)
Amazing, haha. I couldn’t agree more. I hate throwing out a great idea to be accomplished with JS, only to hear “but what about when it’s disabled? then the effect would be useless!”
Ending note – down with Flash.
:)
A good conversation between to biased people.
The only real annoyance I have with javascript, is the “evil” sites which you sometimes inadvertently enter while image-googling, that have a confirmation dialog that no matter what you answer, brings up a new confirmation dialog and a file for download (malware), so you can’t leave the site before you shut down the browser or turn off javascript.
I do understand the someone might like Javascript to provide nice new features to a site, but unless you are doing a very specialized website or a web app, then the site can use JavaScript, but should not rely on it.
And with the upcoming features of HTML5 and CSS3 it is becoming easier to ditch some Javascript: CSS 3 transitions… HTML 5 video… even out of that, you can already make animated images without resorting to gifs or flash on Firefox with animated PNGs. If you can’t make a blog or a generic site without needing to rely on JavaScript, then you’re stuck in 1999.
And I do not like Flash either (unless for what is supposed to be used for: flash games… until <canvas> takes it that… :P ). I use NoScript with the FlashBlock function if you’d like to know.
My new site won’t render without javascript, just to keep “conspiranoids” away.
Haha, cool. But i don’t really like the ending, i’m a PC guy and i see nothing wrong with that. It seems the “PC vs Mac” commercials made web developers think they’ll be cooler if they use a Mac.
I do my development on PC, i love JavaScript (read jQuery) and i hate Flash (and IE of course).
It’s not about been cooler, it’s about working faster. Have you try working with a mac? I think you don’t.
Putting aside a few spelling mistakes, maybe you are right about the working faster, i don’t know since i never tried working on a Mac.
Can you explain me how do you work faster on a Mac?
i’ve worked on loads of macs. lost a lot of work due to various mac crashes, and even due to deliberate osx behaviour. after having to use macs for three years, i refuse to use them anymore. windows all the way, or occasionally linux!
If you’re not used to Macs or the interface simply isn’t for you, it won’t really help you work faster will it?
I do everything on my Windows 7 laptop. FileZilla for FTP, Notepad++ (which has tabs) for file editing, and Photoshop for graphic stuff. Oh and Firefox of course for browsing and development tools.
It really depends on what you’re used to and how you use it. It doesn’t matter what magical feature you add to Macs, they can’t make you work more efficiently than a PC might.
I agree.
P.S I use all the same stuff as you do (Windows7 on a laptop, FileZilla, Notepad++, Photoshop) but for browsing i use Chrome and for development i use Firefox because of the dev tools.
Same tools here: W7, Notepad++ (With NppFTP plugin), Photoshop, FileZilla, Firefox + devtools. Couldn’t live without these tools.
Also, I think the author of this post is just stupid to make a mac/PC-thingy out of it. Sure, most of the Mac user who would like to turn off JavaScript probably don’t even know how to do it ;)
That so spoke for us web developers. We just hate those paranoid guys all fearful of JavaScript’s potential harmfulness and inconsistences and blah blah – I’d bet most of them don’t know JavaScript at all.
And hey, the ending was hilarious!
Brilliant.
whats with all the anger towards anti-javascriptors? I run noscript CONSTANTLY, your lucky to get temporary javascript permission with me. Javascript should bee like CSS, unnecessary and only adds aesthetic to the webpage, I shouldn’t notice it when its gone.
you should notice, but you should still be able to make good use of the site.
Where have you been? JavaScript adds a ton of good use to websites. Some stuff may seem unneeded, but other stuff (especially with forms) really speeds up your task at hand.
Also, how does having CSS disabled make the site look the same? Maybe only to a blind person…
he didn’t say css didn’t change a page’s appearance; but that it (should) be aesthetic. Webpages should not be unreadable when viewed with a default stylesheet.
Lol, great text.
Minor typo: in paragraph seven, “you’re” should be “your”
Ha, good stuff
- Life-long PC Guy
Heh, awesome. I never disabled JavaScript because I don’t browse suspicious websites :-)
you should read up on XSS
I love JS; without it, web browsing is just like curry without salt.
I think i’ve had this same conversation. Also, I like how a “conversation” about js is slowly turning into a conversation about PC vs Mac.
- Linux Guy :-)
I like to look at numbers – at every single site we maintain, less than 1% of the users have turned js off (we use our own analytics, not Google’s).
The hard question is: why should the web community ignore IE6 users (5-10%) and be picky with non-js users (<1%)?
:: claps ::
IE6 should just hurry up and die because it is an abomination to web standards.
Important content/functionality should be accessible without JS to be consumed by devices that do not support the language. (Too many mobile devices, Screen reading devices like JAWS, Nintendo Wii, etc.)
“IE6 should just hurry up and die because it is an abomination to web standards.”
I’m getting tired of hearing this to be honest. Most websites on the internet actually work fine in IE6 because most websites were designed to work with it. As much as web standards are important, IE6 compatible websites (most websites) actually work fine with current browsers – otherwise, people would never use a browser that only worked for the latest website (just need to look at plain text files to appreciate that not all technologies need to be replaced).
We as Web designers have nobody to blame but ourselves for keeping IE6 “alive.”
It’s a simple solution. Don’t implement IE6 workarounds. Let your website fall apart on IE 6.
Users will either upgrade or stop visiting your site. The majority will get fed up of visiting broken sites and upgrade their browser, the others at least won’t be visiting your site again with IE6.
Win-Win.
@steven
eventually all technologies do need to be replaced, its how we improve and provide better experiences. Deciding when to replace them is the key point in question. Will you still be making this statement in 5/10 years time when browsing the web will be radically different? I don’t think so. Yes most websites do work in IE6, yes, but at a cost. Are you a developer? Do you know the pain developers go through to ensure technolaggers are looked after? IE6 sucks, and MS needs to start using some of their huge profits to make the web a better place for all of us.
Sorry if I’m ranting too much, my project is being held back for launch (so its costing me, as my client does not understand browser compatibility issues) because of IE6 issues
as we design and build applications, we must consider the *relative* importance of IE6 users.
For many biz apps I’ve worked on considering the IE6 group is an imperative, as many proprietary/legacy apps (and as the companies that license them are quite cost sensitive in terms of upgrading) require a *certain* version of windows that will only allow the users IE6.
Sad, but true.
While we all know that the % of IE6 users continues to decrease in general, if you’re developing for the general biz environ, you still gotta respect it.
‘Cause that’s what your clients demand.
That said, I can’t hate IE6 too much.
I’ve had so many billable hours b/c of it, how could I?
I work at a web agency and we have dropped CSS support for IE6 and take for granted that users have JS enabled.
And I love it!
Fair point! I digg that!
Here in Spain a disconcerting number of people in the English speaking community still use IE6.
I see this because I am a PC Tech on the side and whenever I see them using IE6 I tell them ‘Dude you are using a 10 year old browser! What’s with that? Let me fix it for you :)’.
I usually get the reply ‘What’s a browser? Oh do you mean my ‘Internet button’?’.
Hahaha, internet button. Thanks for the laugh Mike.
That is exactly what makes content undeniably accessible to me … that even after 10 years, you can still access it with IE6.
From the latest episode of the IT crowd.
Haha, I hadn’t seen the latest episode yet. Brilliant!
And I’ve seen many computers that are THAT badly infected, you would not believe!
By the way, I’m not geeky enough to pain LOTR figures :p
Ultimately, IE6 will only die if (5-10%) IE6 users will wish it to die!!
We designers, developers or creative agencies/studios can’t decide over it…!!
But we *can* stop supporting it…
According to w3cschools.com MSIE6 is down to 7.2% market share.
Actually up 0.1% since last month, think the only way to kill that bugger is to stop supporting it.
Problem is that MANY major companies with an IT policy has MSIE6 as their only supported browser!
Every single language has flaws that can be exploited, but people always pick on javascript.
Truth is: if your security is so weak that someone can take personal and bank info through a simple javascript exploit, you might as well print them on a billboard.
Not to mention that anyone can write to detect whether or not you have scripts enabled, and have a backup trojan/virus/etc. ready and waiting.
I think if people just stopped browsing porn, warez, and torrent sites, JS-based hacks and security issues would be virtually non-existent.
Great post, Chris, I like the unique style it was done in.
Yeah, take all the fun out of the internet…
I assume you’ve never been to a ‘normal’ site that’s been hacked and had malicious JS plastered all over it?
Of course it’s usually hidden and you can only see it with NoScript / JS turned off – and yes usually it’s spam or redirects or whatever, but a redirect today, tomorrow the world!
Thats just a great story. I enjoy the ending with the flash.
Louis – you try to get people to stop browsing those types of sites and you will be a very rich man – I guess we have to put up with these problems :/
Great post guys
The conversation was going on nicely, but I didn’t get the ending. I’m a PC guy and I love Flash. What’s the relevancy?
Exactly.
not sure I really got the gist of the post, but if you’re just saying that people are too paranoid and should not block javascript, then you don’t have kids!
My dad just paid a couple hundred dollars to a tech to remove all the spyware that was clogging his computer which had no firewall of course ;)
I have no firewall and i never had any problems with spyware, malware, worms, trojan horses or any other animals whatsoever.
The problem is that your kids or your dad click every single “you won million dollars” or “you are our 1 millionth visitor, claim your prize” banner.
Don’t block JavaScript, block computer access to your kids and your dad. :P
+1
Ohh, wait. He paid couple hundred dollars to someone to install an antivirus program and hit Scan&Delete button or maybe just reinstall the OS?!? I think i just found my job, ripping off non-techi people :)