Yeah. I usually don't even bother to enable script in cases like that.
My experience is that bad behavior without script is often a good indicator of a lousy website. Even if it isn't, it gives me an excuse to weed out stuff arbitrarily. There's obviously more stuff on the the web than there is time to read it.
One way to degrade gracefully without actually doing much work is to detect the lack of JS and put up a note - http://dribbble.com/shots/114735-Caring-for-those-with-disab.... At least it tells a no-script visitor that the page designer is aware of JS-incapable users and the associated issues.
Why stop with Javascript, though? Why not refuse to render images, or videos, or use any sort of plugin? For that matter, why not use Lynx?
I really do not understand the sort of Luddite motivations that drive someone to disable Javascript. You're drawing an arbitrary line in the sand that cuts you off from a great deal of perfectly legitimate functionality. Could you explain exactly what you're gaining in return? Isn't this just another incarnation of 1990s-era cookie paranoia?
It seems to me that if you use an up-to-date browser and an ounce of common sense when you surf the Web, you have little to fear from Javascript. And if you don't, no technological measures short of total disconnection will save you from yourself.
Why stop with Javascript, though? Why not refuse to render images, or videos, or use any sort of plugin?
Yes, I normally block videos and all plugins. I don't have to block images by default any more, thankfully the obnoxious animated ones have mostly moved to Flash.
Occasionally I'll switch browsers and permit specific youtube videos.
For that matter, why not use Lynx?
My recollection is that Lynx does not support proportionally-spaced fonts or images. If this is incorrect, I'll consider using it.
In fact, I do know someone who uses exclusively text-based browsers. She's doing research on accessibility issues for the visually impaired.
I really do not understand the sort of Luddite motivations that drive someone to disable Javascript.
Maybe if you didn't presume it to be a Luddite motivation, you'd have a chance at understanding it.
You're drawing an arbitrary line in the sand that cuts you off from a great deal of perfectly legitimate functionality. Could you explain exactly what you're gaining in return?
Well I will enable script for specific sites that I want to do business with. But it's done intentionally and limited in scope. If the site requires scripts from a bunch of shady domains and ad networks, I'm much less likely to do business with them.
By aggressively disabling Javascript and not installing Flash I gain:
1. Security: Less attack surface, less frequent patching, less risk of getting pwned by drive-by malware. Fewer trusted domains in my page origin.
2. Privacy: A lot of advertiser tracking stuff depends on script running in your browser. Declining to run their script seems to cut down significantly on the amount of personally-identifiable info you're constantly broadcasting as you use the web.
3. Faster page loading.
4. Fewer advertisements, pop-overs, and other useless blinking crap in my visual field detracting from the words and occasional image on the page which convey 99% of the meaning.
5. By avoiding proprietary plug-ins I follow open standard (w3c, IETF) technologies. These are consistently winners in the long run.
6. I learn a little about the mindset of the developer of the site. Take a look at who's running script in your browser in news.ycombinator.com and compare that to any of the Gawker media sites for example.
Isn't this just another incarnation of 1990s-era cookie paranoia?
Similar in some ways, different in others. Cookies have some very similar security properties to that of scripts WRT same-origin.
It seems to me that if you use an up-to-date browser and an ounce of common sense when you surf the Web, you have little to fear from Javascript. And if you don't, no technological measures short of total disconnection will save you from yourself.
That's the "all or nothing, it's hopeless, give up" argument and yeah most people are willing to give up their security and privacy when you throw that in their face.
But not me. I find it more interesting to learn something (e.g., what scripts are being used where and why) than I really care to see yet another video on the web (even if it does involve oscilloscopes).
That's the "all or nothing, it's hopeless, give up" argument and yeah most people are willing to give up their security and privacy when you throw that in their face.
No, it was the "Use sound computing practices and you'll probably be OK, but you could still be hit by a bus if you step outside and an asteroid if you don't" argument. In other words, the same sort of compromise that we all make every day when we interact with the world.
Thanks for the explanation; it does answer my questions. We probably won't be able to find common ground, though -- I actually prefer to see ads for oscilloscopes and hosting services, rather than tampons and farm implements.
No, it was the "Use sound computing practices and you'll probably be OK, but you could still be hit by a bus if you step outside and an asteroid if you don't" argument. In other words, the same sort of compromise that we all make every day when we interact with the world.
What I hear you saying is that we all have to weigh risk vs. benefit as we interact with the world. I certainly agree in principle, but maybe we don't judge the sides the same way.
I saw one study claiming the majority of PCs (59%) are pwned by malware. This seemed to be a bit biased and non-scientific, but we know there are multi-million node botnets so the actual number is quite high. So the comparison isn't with the risk of getting hit by a bus, the baseline expectation from the typical user behavior you advocate is to be compromised periodically.
I work for a data security company by day and research that stuff at night too. So I'm painfully aware that on any given day there are usually multiple not-yet-patched vulnerabilities. Occasionally I have customer info on my computer, info about not-yet-public vulnerabilities, or I just can't afford the energy needed to clean up afterwards if I were to get pwned. I judge the downside risk much higher than the upside.
So I mostly interact with the web with a browser Noscript mode, and even that via a series of virtual machines and remote access that don't allow file or clipboard sharing. It turns out that I liked the web better without the 2.0 anyway.
We probably won't be able to find common ground, though -- I actually prefer to see ads for oscilloscopes and hosting services, rather than tampons and farm implements.
Now if there were a way to allow only Oscilloscope Pr0n I'd be all over that. I do in fact have DigiKey and Mouser whitelisted. :-)
I certainly agree in principle, but maybe we don't judge the sides the same way. ... I saw one study claiming the majority of PCs (59%) are pwned by malware.
How many of those attacks came through Javascript, though? It would be interesting if there were a public resource that keeps track of attack vectors, so we could accurately assess the risks.
How many of those attacks came through Javascript, though?
The majority of the opportunistic drive-by web malware seems to depend on script. Sometimes the vulnerability is in the Javascript interpreter itself, sometimes the attacker wants to lightly obfuscate web sites and payloads from scanners, and sometimes it seems the malware authors are just lousy web designers using script gratuitously.
If you also eliminate Adobe products from your attack surface, you've bypassed a huge percentage of web malware.
Of course if you're the subject of a targeted attack then all bets are off.
It would be interesting if there were a public resource that keeps track of attack vectors, so we could accurately assess the risks.
It's pretty unfortunate that one of the leading videos is by a russian female who doesn't really know what's going on. Asteroids on an oscilloscope is much cooler than her.
Thanks, I had a lot of fun making this. I think it might work better on an analog scope rather than a digital sampling scope. There are a bunch of other interesting videos on there as well.
funny though, as that's the only reason I clicked this article. I wonder if the purpose is to encourage new accounts or warn people. Seems like bright highlighting makes them more prominent and thus sends a message that they're more interesting than the boring grey account names...
Yeah, I expect more of a "warning" color for new users than for old-timers. New users are more likely to be a problem than older ones, if only because they're more likely to be spambots.
Ahem, we prefer vector monitor thankyouverymuch. =)
Actually the architecture of those old Atari vector games is pretty remarkable given the technology at the time. You had a 6502 with the game logic, generating a list of items to be drawn by a second CPU, implemented entirely in TTL with a custom opcode set of it's own. All in under 16K of object code.
Yup. The color vector games had next generation set of hardware, but same idea. The color was a neat hack by varying the intensity of the beam, hitting differently colored phosphors layered on the inside of the glass.
The color/3D Atari vector games used the Analog Vector Generator, which used op-amps to trace smooth lines of arbitrary length and angle on the screen. It also seems to fall out of calibration as the years go on, which is why you see a lot of Star Wars and Tempest machines with jittery images.
If you really want to get esoteric and hackish, the Cinematronics vector games of the era had NO microprocessors in them at all. It's all bit-sliced TTL gates and EPROMs to hold the object code. Wrap your noggin around that one.
About the same time I was playing too much Atari Star Wars I was also using HLH Orions on my CS course - the early models had bitslice based CPUs and had user programmable microcode:
Ah, this brings back memories! Back in... 1990? I was playing with a homebuilt laser show like this, and also used the oscilloscope to test the output without worrying about the resonance behavior of the mirrors. (Our mirrors were connected to slaughtered speaker coils with hinges and had pretty horrific frequency response.) The output was the sound outputs on my Amiga. I never wrote asteroids for it, though... ;-)
I remember seeing a Tektronix vector display terminal being used as a front-end to one of their flatbed pen plotters. They spoke the same language, so you could preview your plot before wasting ink and paper on it.
