On Tuesday 19 October 2010 04:00:31 Ian Clarke wrote: > On Mon, Oct 18, 2010 at 4:37 PM, Matthew Toseland <toad at > amphibian.dyndns.org > > wrote: > > > > Yes, they are *capable* of using a browser with no Javascript, but they > > are > > > not forced to. > > I'm just going to deal with this point-by-point, because people keep > throwing out arguments and I've yet to see a convincing one: > > > Well, that's not the point - they might be accessing their desktop's node > > from a phone. > > That doesn't necessarily preclude Javascript, and it could preclude a > non-Javascript option (many phones aren't good at rendering websites even if > they don't use Javascript). > > Furthermore, are we really going to predicate our entire decision process on > this extremely edge use-case? > > > Or they might be using a headless server > > How, plugging their nervous system directly into a serial interface? If > they are using a headless server it is almost certain they'll be using it > from a client that is capable of running a Javascript-capable web browser.
It occurs quite regularly in support. It's amazing how many geeks think they can remote admin a server and yet don't know about ssh -L port:localhost:port ... > > > or using ssh -X (which tends to slow down heavy javascript apps > > enormously). > > Now you are really dredging the barrel for edge-use cases. You want to > inconvenience 99.99% of our users so that people who want to tunnel their > connection to Freenet's web interface over ssh -X can have a snappy user > experience? You are now almost parodying your own argument! > > > Or they might be a blind linux user etc. > > Perhaps I'm missing your point, but doesn't Linux support browsers that > support Javascript, and doesn't GWT have accessibility support? Not reliably, unfortunately, according to tsp. But of course this will be fixed eventually. > > > However, the real issue is that a lot of privacy aware people, who are an > > important part of existing freenet users and contributors (the vast majority > > judging by responses on FMS) turn off Javascript in their web browsers - to > > enhance their security when browsing *the web*. > > And wouldn't these super-paranoid users be following our advice to use a > separate browser for Freenet? No. Our standard advice *has been* to use a separate browser, however as soon as we can reliably start a browser in privacy mode from the rabbit we are going to stop asking them. Because this makes life easier. We might warn them if they then use a different browser. Unfortunately at the moment there are bugs with this - sometimes the browser comes up in normal mode. But IIRC we are warning the user very mildly if we *think* we managed to launch a browser in privacy mode, at least on Windows. Making it easy, convenient and the "obvious default" to do the right thing the right way is an important principle in building secure, usable systems IMHO. > If so, its a non-issue. They can enable > Javascript in the browser they use for Freenet, secure in the knowledge that > we have pretty robust filtering of Javascript from anything downloaded from > Freenet, and the only Javascript they'll be running will therefore be > written by us. > > And then they click on the rabbit icon and it launches the same browser with > > privacy mode enabled. If it then tells them that Freenet only works with > > Javascript enabled they will probably be rather annoyed. It's true that > > mixing code and HTML is iffy (although IMHO HTML is supposed to be > > structure, so it's not that iffy), but there are lots of ways to deal with > > that e.g. Bombe's nano-templating engine. > > If they are as paranoid as you claim they are then this is merely an > inconvenience. Why are you trying so desperately to avoid inconveniencing a > small minority of our userbase while right now AS WE SPEAK we are probably > losing hundreds of users per day who are put-off by our current UI? Because IMHO of the users who actively contribute, or who are most likely to stay, they are a *LARGE* proportion. Maybe not a majority, but a large enough group that upsetting them is a really bad idea. > > You can't claim that you are motivated by a desire not to inconvenience a > small minority of users when the status quo is that hundreds, perhaps > thousands of users are inconvenienced every day because Freenet's UI sucks. Most of the casual filesharers would not have stayed anyway because there is no content. I'm not saying we shouldn't do everything we can to solve that - starting with better performance, better UI and better tools - but cutting off our natural users is a really bad idea. And some of them - a small minority but a strategically significant one - have good reasons for their paranoia. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101020/4a28c461/attachment.pgp>
