I can second the "noscript" thing. "Default deny" is good practice. No- one has to explain it for firewalls ( any more I hope), so why do we have to explain it in other places?
On Thu, Jan 23, 2020 at 7:00 PM Don Tai via talk <[email protected]> wrote: > I regularly browse with javascript turned off. I use NoScript. While it is > a hassle, I whitelist trusted sites, but refuse script from 3d party sites. > There is a bit of setup to do to whitelist sites. Scripts have long been > abused. Browsing without js restores a bit of honesty in web pages, as a > lot of the razzle dazzle crap code is not executed. I seek information more > than eye candy. Cross-site scripting risk is near eliminated, making web > browsing safer. You can also see which sites have added a whole lot of crap > onto their script code and which 3d party sites they employ. This will > colour your selection of credible web sites. > > As well I intermix browsers as well as use Tor. > > I encourage you to try it. Tilt the advantage to the user with the > NoScript plugin. > > On Thu, 23 Jan 2020 at 18:30, o1bigtenor via talk <[email protected]> wrote: > >> On Thu, Jan 23, 2020 at 3:37 PM D. Hugh Redelmeier via talk >> <[email protected]> wrote: >> > >> > | From: o1bigtenor via talk <[email protected]> >> > >> > | In this vein - - - - a contact who in computer terms calls himself a >> dinosaur >> > | refuses to allow javascript on his computers doing all his browsing >> on text >> > | based browsers. In his opinion javascript is a serious accident >> already in free >> > | fall. What you're sharing only emphasizes that. Maybe its time to >> join his >> > | anti Javascript position? >> > >> >> Thank you for your response!! >> >> > The issues are a little more intricate. >> >> They usually are - - - grin. >> > >> > Note npm is a repo (mostly?) for JavaScript to run under node.hs. >> > node.js is a server-side thing. It runs JavaScript on the server. Not >> in >> > the client (browser). >> > >> > JavaScript itself isn't terrible. >> > >> > What is unfortunate, I think, is the unfettered creativity JavaScript >> > in the browser allows web designers. They misuse it, just like they >> > did Adobe Flash previously. To some extent this is caused by the good >> > sides of JavaScript: how easy it is to learn, how easy it is to wip up >> > complexity, how easy it is for the page creator to take control of the >> > browser experience. >> >> From what little I know what I"m thinking is that the browser user needs >> to have some tools to control what the browser does - - - - that seems >> to be unobtanium at this point. >> > >> > What I was talking about was how easy it is to inject malicious code >> into >> > the ecosystem. That isn't actually the fault of the language. (It is >> > imaginable that one could design a language that prevented some abuse.) >> > >> > In fact, the language+browser have been designed to limit the damage >> > that could be inflicted on the client side. The npn problem is mostly >> > server-side, I think (I'm not sure). >> > >> > Making something easier (cheaper, faster, more understandable, ...) >> > allows it to be used more, often to excess. Unexpected side effects >> > can ensue. >> > >> > - increasing efficiency of cars makes driving cheaper so people >> > drive more and end up using more total energy (gasoline). >> >> Our obsession with individual transportation has become a major cost >> factor in one's personal economy. >> > >> > - computers became a lot cheaper. So a lot more money is spent on >> > computers. >> > >> > - programming has become easier. So a lot more pointless programs have >> > been created. >> > >> > - when I worked on optimizing compilers, I thought that I was trying >> > to make existing programs run faster. Then it struck me that it >> > allowed programmers to write programs in a simpler and clearer way >> > and have the compiler eliminate the performance cost. >> >> Interesting. >> > >> > Here's a random example of npm use: >> > >> > <https://www.electronjs.org/> >> > --- >> Thanks for the sharing! >> >> I'm wondering if there even is a way of reining in the wild possibilities >> in >> javascript in a browser. If there is it would be quite nice if this >> would happen >> quite soon. I'm finding that the web has become quite a frustrating and a >> very >> very far from useful place to look for things. >> >> Regards >> --- >> Post to this mailing list [email protected] >> Unsubscribe from this mailing list >> https://gtalug.org/mailman/listinfo/talk >> > --- > Post to this mailing list [email protected] > Unsubscribe from this mailing list > https://gtalug.org/mailman/listinfo/talk > -- David Thornton https://wiki.quadratic.net https://github.com/drthornt/ https://twitter.com/northdot9/
--- Post to this mailing list [email protected] Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
