Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Firefox Mozilla

Firefox 23 Makes JavaScript Obligatory 778

mikejuk writes "It seems that Firefox 23, currently in beta, has removed the option to disable JavaScript. Is this good for programmers and web apps? Why has Mozilla decided that this is the right thing to do? The simple answer is that there is a growing movement to reduce user options that can break applications. The idea is that if you provide lots of user options then users will click them in ways that aren't particularly logical. The result is that users break the browser and then complain that it is broken. For example, there are websites that not only don't work without JavaScript, but they fail in complex ways — ways that worry the end user. Hence, once you remove the disable JavaScript option Firefox suddenly works on a lot of websites. Today there are a lot of programmers of the opinion that if the user has JavaScript off then its their own fault and consuming the page without JavaScript is as silly as trying to consume it without HTML."
This discussion has been archived. No new comments can be posted.

Firefox 23 Makes JavaScript Obligatory

Comments Filter:
  • why? (Score:3, Interesting)

    by bdabautcb ( 1040566 ) <bodaciouswaggler ... m ['oo.' in gap]> on Monday July 01, 2013 @12:36PM (#44156023)
    Are there still security issues with having JS enabled?
    • Re:why? (Score:5, Insightful)

      by Joce640k ( 829181 ) on Monday July 01, 2013 @12:41PM (#44156109) Homepage

      Maybe, maybe not ... but there's definitely a lot of privacy and distracting-advertising issues.

      • and this is the whole reason we disable JS :\
        • Re:why? (Score:5, Informative)

          by UltraZelda64 ( 2309504 ) on Monday July 01, 2013 @02:12PM (#44157501)

          Not to mention it has the nice side effect of saving CPU cycles and preventing web pages from going unresponsive. I tend to enable JavaScript (since disabling it breaks too many sites) but I don't allow it to do anything outside of the web page with the browser itself (manipulate windows or context menus). Of course, none of this really matters, because I've been running NoScript for a few years now and the only sites that are ever allowed to run scripts are the ones I specifically allow to do so.

          • Re:why? (Score:5, Informative)

            by Nutria ( 679911 ) on Monday July 01, 2013 @02:33PM (#44157819)

            Flashblock (and to a lesser degree, AdBlockPlus) is excellent for reducing CPU usage.

      • Re:why? (Score:4, Insightful)

        by Jeremiah Cornelius ( 137 ) on Monday July 01, 2013 @01:42PM (#44157053) Homepage Journal

        Now this furore is a little silly.

        Hey! Word to the wise: about:config I doubt the feature is actually removed...

        I assume that this is a UI change and that Mozilla is removing a button, that caused a greater cost to support, than justify with benefit.

        Really, the advanced web user, who is judicious about enabling script, can opt for a plugin, if they want a button.

    • Re:why? (Score:4, Insightful)

      by parkinglot777 ( 2563877 ) on Monday July 01, 2013 @12:45PM (#44156183)
      I doubt that there is no more security issue with JS (for now and not even talk about in the future). It may be a good time for me to use only Chrome for browsing, and use FF for developing web pages locally (for their easy-to-use Firebug add-on). Wikipedia (https://en.wikipedia.org/wiki/JavaScript) has some vulnerability issues for JS (may or may not be outdated by now).
      • Re: (Score:3, Insightful)

        by strimpster ( 1074645 )
        What are you doing in Firebug that you can't do in Chrome's developer tools? IMO Chrome's developer tools provides much better support to developers. There are a lot of features that Chrome's developer tools has that I don't think exist in Firebug, albeit that I haven't used Firebug on a daily basis in a couple of years. As an example, the Timeline/Profiles features for analyzing poor performance.
    • Re: (Score:3, Informative)

      by khasim ( 1285 )

      Are there still security issues with having JS enabled?

      One of the main reasons I switched to Firefox in the beginning was because they seemed to understand that NOT doing something stupid was preferable to layers and layers of patches for the stupidity.

      IE had ActiveX and such. It was stupid. It was a security issue. It was almost impossible to avoid.

      Firefox avoided the entire security issue by allowing functionality to be disabled. While you cannot be 100% certain that XYZ feature had no security issues (or

      • Re:why? (Score:5, Informative)

        by BitZtream ( 692029 ) on Monday July 01, 2013 @02:29PM (#44157763)

        IE had ActiveX and such. It was stupid. It was a security issue. It was almost impossible to avoid.

        Mozilla Gecko (the framework Firefox is built on) makes extensive use of XPCOM, which is functionally equivalent of ActiveX in every way, except that it works outside of Windows.

        Some Firefox plugins are ... XPCOM objects.

        XPCOM has been at the core of the Firefox design as long as I've seen the source (I was embedding gecko into apps in my former life, at least 7 years).

        You have absolutely no idea what so ever what ActiveX is, nor do you have any idea what the actual problem with IE was that resulted in so many ActiveX related exploits.

        ActiveX is a self describing plugin system which allows an application to load and potentially use a plugin without any prior knowledge, EXACTLY like XPCOM in Firefox. Again, they are 100% functionally the same.

        Internet Explorer had retarded defaults (allow any unsigned activex to install without asking) to begin with, then those were 'fixed', and then the install without prompting exploits started, so malicious sites would install activex controls without your consent ... and then ... we also have to deal with all activex controls which were installed with improper ActiveX safety flags.

        The safety flags were 2 flags set aside to allow an ActiveX control to say 'hey, I'm safe to use in Internet Explorer' and 'I'm safe to allow any random website to use me in IE!'. The morons in the Excel team (as one example) would, out of ignorance, flag all of their controls for Excel as safe for IE/safe for scripting ... so IE thought it was perfectly acceptable to load a control that will read and write random files on the drive. Every time a Windows Update patch for 'ActiveX killbits' comes out ... this is what they are talking about, changing the OS to ignore controls flagged as safe when they are known not to be.

        Mozilla has no such support for flagging controls as safe for browser/safe for scripting. It tries to pretend it is an uncrossable barrier, but that is in fact no way the case.

        So any time an 'ActiveX' issue comes up, you should be aware that it wasn't an ActiveX problem, it was an Internet Explorer implementation of ActiveX, and other developers bad code that was exploitable.

        You really can't 'exploit' ActiveX any more than you can 'exploit' DLL or SO. You can exploit bad implementations of the loader.

        Imagine if Firefox allowed web page scripting to automatically install Firefox plugins. Would you blame XPCOM then? Thats what you do when you blame ActiveX.

        Finally, it makes you look fucking stupid when you blame ActiveX. All you do is make it clear that you don't actually know what the problem was, let alone understand what it was. You just sound like an ignorant drama queen.

    • Re:why? (Score:5, Informative)

      by Anonymous Coward on Monday July 01, 2013 @12:55PM (#44156351)

      Yes.

      Javascript is supposed to be sandboxed in all modern browsers, but that doesn't make it perfect. All the serious vulnerabilities I've seen over the past few years exploited the sandbox, and therefore required javascript to work.

      Also there is private information WITHIN the browser. Being inside the sandbox, that information is thus provided to websites.

      For example:

      Browser fingerprinting, using your installed fonts, screen resolution, etc. http://panopticlick.eff.org/ [eff.org]

      Mouse pointer tracking with javascript: http://jsbin.com/ufupol/98 [jsbin.com]

      Capturing information entered into forms and then deleted before submitting: various analytics tools

      Here's a random analytics provider I found on Google (There were plenty of others):

      We capture every mouse move, click, scroll and keystroke, by using a tiny piece of JavaScript copied into your website. The whole process is completely transparent to the end user, and has no noticeable effect on your site performance.

      http://www.clicktale.com/products/mouse-tracking-suite/visitor-recordings [clicktale.com]

      • Re: (Score:3, Insightful)

        by cdrudge ( 68377 )

        Not to nitpick, but those are privacy issues, not security issues. They aren't mutually exclusive of each other, but they aren't the same either.

        • Re:why? (Score:5, Insightful)

          by Jane Q. Public ( 1010737 ) on Monday July 01, 2013 @01:25PM (#44156787)
          Not to nitpick either, but they're both.

          When people can track what you are doing while sitting in front of the computer, it's a VERY BIG security issue.
          • Re:why? (Score:5, Informative)

            by jeffmeden ( 135043 ) on Monday July 01, 2013 @02:33PM (#44157825) Homepage Journal

            Not to nitpick either, but they're both.

            When people can track what you are doing while sitting in front of the computer, it's a VERY BIG security issue.

            Yes, JS is scary, but that bit of marketingspeak is a bit over the top: they can't see *every* click/keystroke/etc; just the ones that involve interacting with their site content. And, if you have to worry about them watching you use their site, you hopefully will leave before giving them any important information anyway.

      • Re:why? (Score:5, Insightful)

        by Fuzzums ( 250400 ) on Monday July 01, 2013 @01:26PM (#44156803) Homepage

        Some sites have java script that disables context menus (right mouse button) and other things that I don't want. That's why I want to be able to control what my browser does and turn java script off if that gives me a better user experience.

    • Re:why? (Score:5, Insightful)

      by julesh ( 229690 ) on Monday July 01, 2013 @01:00PM (#44156435)

      Are there still security issues with having JS enabled?

      Javascript is used by most malware installation systems. The typical route is that a trustworthy hacked site is modified to include a <script> tag with its source on the malware hosting domain. The resulting script will then use some mechanism to attempt to install malware, either simply dropping an executable download on the visitor and hoping they run it, or attempting to exploit either a browser or a browser plugin bug. Turn off javascript, and the exploit is never downloaded, so can't run.

      There are also direct browser attacks that would require javascript to function, e.g. http://www.mozilla.org/security/announce/2013/mfsa2013-53.html [mozilla.org] or http://www.mozilla.org/security/announce/2013/mfsa2013-46.html [mozilla.org] (to pick a couple from the last month or two).

      So, yes, your system is still less secure if you have JS enabled than if you don't.

    • Re:why? (Score:4, Interesting)

      by Culture20 ( 968837 ) on Monday July 01, 2013 @01:16PM (#44156639)

      Are there still security issues with having JS enabled?

      Even if Javascript is 100% secure, running in an airtight jail, it's still using up resources on my computer. Sometimes if you leave a JS page open overnight, it will be pegging one of your CPU cores in the morning.

      • by jedidiah ( 1196 )

        Yes. Forgot about this bit. NoScript isn't just about security. It's also about performance. A lot of the extra nonsense that sites run just isn't necessary. It doesn't significantly impact the desired user experience to have all of that random crap turned off.

        It's much like food labeling or processes running on your PC.

        If you don't recognize it, chances are that it's to be avoided.

        • Re:why? (Score:4, Interesting)

          by rnturn ( 11092 ) on Monday July 01, 2013 @02:46PM (#44158019)

          ``It's much like food labeling or processes running on your PC.

          If you don't recognize it, chances are that it's to be avoided.''

          I've adopted that attitude when grocery shopping. I figure that if I feel a need to consult my old BioChem text to figure out just what that ingredient is, I shouldn't be eating it.

      • by rnturn ( 11092 )

        ``Sometimes if you leave a JS page open overnight, it will be pegging one of your CPU cores in the morning.''

        Had this happen more than once. I don't think it's really possible to figure out which tab is running the offending code. I wind up bookmarking the lot, bouncing the browser, and reloading each previously opened tab with the idea that, today, I'll finish reading that web page and can close the tab and keep the JS from pegging the CPU again.

    • by gl4ss ( 559668 )

      you can do all kinds of funny stuff with javascript, like use the computer for calculations, redirect the user to content he doesn't want randomly, fuck around with adverts...

      personally I don't understand this choice from mozilla, it's removing choice that could just as well have been buried a little deeper.

      it just shows how fucking out of touch current mozilla is. it's showing up on their % rate too, so they're trying all kinds of stupid shit and this "the user is a stupid dolt" move from them is just the

    • by naoursla ( 99850 )

      There are if the browser has a security bug.

      Security bugs that don't require Javascript are less common.

    • Re:why? (Score:5, Informative)

      by Giorgio Maone ( 913745 ) on Monday July 01, 2013 @03:22PM (#44158513) Homepage

      Are there still security issues with having JS enabled?

      Fresh from the summary of the upcoming BlackHat talk by Jeremiah Grossman, A Million Browser Botnet [blackhat.com]:

      With a few lines of HTML5 and javascript code we’ll demonstrate just how you can easily commandeer browsers to perform DDoS attacks, participate in email spam campaigns, crack hashes and even help brute-force passwords. [...] no zero-days or malware is required. Oh, and there is no patch. The Web is supposed to work this way.

  • by Verteiron ( 224042 ) on Monday July 01, 2013 @12:36PM (#44156041) Homepage

    As long as it doesn't break Noscript, I'm ok with this. It really IS folly to try to use the modern web without any javascript at all, but with Noscript I can still pick and choose which sites are allowed to run it in my browser.

    • by h4rr4r ( 612664 ) on Monday July 01, 2013 @12:40PM (#44156107)

      How well do screen readers deal with javascript?

      I am almost certain it is poorly, as we add more shiny and BS we reduce usability for a lot of folks. Well we actually reduce usability for everyone, but for some people usability goes to zero.

    • by djl4570 ( 801529 ) on Monday July 01, 2013 @12:43PM (#44156157) Journal
      I'm running FF23 beta on my personal system and NoScript is still working as before.
      • by girlintraining ( 1395911 ) on Monday July 01, 2013 @01:02PM (#44156459)

        I'm running FF23 beta on my personal system and NoScript is still working as before.

        People seem to be forgetting that javascript can break a lot of accessibility readers. Everything about HTML, CSS, etc., was about separating content from layout. Javascript shits on that entire model, as does Java, ActiveX, and most other plugins.

        Web developers should continue to create websites that don't require javascript, and we shouldn't be in such a hurry to move away from that. The promise of the internet was accessibility, the ability to freely share information, and to connect everything together.

        This push towards app-ification of the internet, the W3C caving to DRM in HTML5... it's after the very heart and soul of the internet. The internet we built, as hackers, as creatives, as professors, academics, researchers, scientists... it's being gutted. And Firefox, the white horse of the "free" internet, in it's 11th hour of need, chooses this?

        They should be ashamed.

    • by dicobalt ( 1536225 ) on Monday July 01, 2013 @12:45PM (#44156185)
      If it breaks NoScript I'm going to get a shiny new pitchfork and then visit the people who decided to do this.
    • by Hatta ( 162192 ) on Monday July 01, 2013 @12:49PM (#44156251) Journal

      The folly is in writing pages that cannot be viewed without javascript. If you want to run software, run it on your computer, not mine, because I don't trust your code.

      And anyway, there's very little that actually uses javascript for anything useful. Most sites that are unusable without javascript could have easily been coded to be usable. Are drop down menus really so critical? If anything there needs to be more pushback against sites that don't degrade gracefully, not less.

      • by amicusNYCL ( 1538833 ) on Monday July 01, 2013 @01:11PM (#44156589)

        The folly is in writing pages that cannot be viewed without javascript.

        The folly is assuming that the internet is still all "web pages" instead of applications. There are plenty of useful web applications around, and I develop one of them. There isn't a non-Javascript alternative to it, it has around 1.5MB of (unminified) Javascript code written by us (plus about the same for third-party frameworks) and relies on maybe a total of 4 actual HTML pages (index, a dedicated non-JS login form, and 2 content launchers), which usually do nothing except load various Javascript interfaces. This is a software-as-a-service platform, we develop and host the software and other companies and organizations pay us to set up an installation for them to use (and us to maintain).

        If you want to run software, run it on your computer, not mine

        You're the one using the interface, you execute it. I'm happy to execute all of the actual logic for the application on the server, but your browser is more than capable of rendering the interface. Even IE6 could handle this thing (slowly).

        And anyway, there's very little that actually uses javascript for anything useful.

        I hear that sentiment periodically. It's complete bullshit. Google's services are the obvious screaming example of useful Javascript. Hell, Google's push for faster Javascript in Chrome, which bled over to the other browsers after they got left in the dust by V8, is the reason why browsers are so fast with Javascript today. A prime example of Javascript making a site more usable is Facebook, regardless of your personal opinion of social networks in general or Facebook's corporate policies. Imagine if every time someone clicked the Like button, the entire page reloaded. That's obviously not usable. There are plenty of sites and applications that interact with users in similar ways (small individual actions on a much larger interface) where it would be stupid to not use Javascript to keep the data transfer and response times to a minimum.

        • by Hatta ( 162192 )

          There are plenty of useful web applications around, and I develop one of them.

          I've never used a web app that was better than the native alternatives. Chances are if you built a native networked app with portable code your app would be a lot better.

          your browser is more than capable of rendering the interface. Even IE6 could handle this thing (slowly).

          Speed wasn't my complaint. Security is. But it is worth noticing that browsing gets a lot faster when javascript is turned off.

          Google's services are the obvi

          • I've never used a web app that was better than the native alternatives. Chances are if you built a native networked app with portable code your app would be a lot better.

            Thanks, I'll keep that in mind for our online university system. It's always helpful to get fundamental architecture suggestions from any random person who doesn't know the requirements. You might enjoy producing an application that will work on 99% of operating systems currently in use and keeping that thing updated, but I think I'll stick to a model that doesn't depend on the OS or the users to update their clients.

            Speed wasn't my complaint. Security is. But it is worth noticing that browsing gets a lot faster when javascript is turned off.

            That sort of depends what you're doing. Going back to the Facebook example, it would use

        • by johnlcallaway ( 165670 ) on Monday July 01, 2013 @01:35PM (#44156957)
          The other folly is web authors expecting people to just let code on some unknown server run on my box. If something requires javascript, the author should have the decency to detect it is disabled and either fail gracefully or send the user to a page saying javascript is required. A large part of javascript out there is simply 'pretty printing' or other 'kool' type of manipulation that isn't necessary at all. I'll gladly give up the automatic mouse over pop-ups, annoying text boxes that travel down screen, and pop-up/roll-over menus for standard HTML. Too many web page authors like to use things just because they are cool instead of things that actually add value. Sure, I like calendars that are clickable. But I don't have to have them, just let me enter the god damn date and accept several different formats instead of being lazy and forcing me to use a calendar because someone is too lazy to actually have to code something.

          Sure .. Goggle requires javascript. But I'll be damned if I'll let doubleclick or a host of other servers run their javascript on my box whenever I visit a web page, even if I trust it. If NoScript stops working, I will be searching for alternatives. I browse with NoScript and often run into pages that fail miserable. But I can select the list of servers I trust and reload if I choose to.

          Or not use their web site at all.

          It's all anecdotal, but it seems that I get far fewer virus infections than many people that just blindly turn it on.
        • The folly is assuming that the internet is still all "web pages" instead of applications.

          If that's your assumption, that's your problem. I come from a time before "the web" and the Internet WAS applications. And now we have an application called a "web browser" whose job is to render a MARKUP language, not be a remote compute server for people who want to provide content that looks exactly like they want it to look and do it without consuming CPU cycles on their precious servers. The comment about turning javascript off on a browser being as stupid as turning HTML off is just ridiculous. The b

        • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Monday July 01, 2013 @01:54PM (#44157261) Homepage Journal

          The folly is in writing pages that cannot be viewed without javascript.

          The folly is assuming that the internet is still all "web pages" instead of applications.

          The irony is that you're assuming that he's not making a distinction between classic pages of content and applications when he says "pages".

          Google's services are the obvious screaming example of useful Javascript.

          Google is a perfect example because their primary namesake service works without Javascript. The other services would be a PITA to implement fallback on, you'd basically be implementing them all over again, so there's at least a good excuse for not handling that case. What I think most people are upset about (here I go making assumptions) is pages of content that don't need Javascript which are designed to require Javascript for one reason or another — usually either as a means of forcing advertisements on viewers, or because it's easier than doing the same thing in CSS, even though that is completely possible.

          There are plenty of sites and applications that interact with users in similar ways (small individual actions on a much larger interface) where it would be stupid to not use Javascript to keep the data transfer and response times to a minimum.

          What's stupid is not using a content management system which can gracefully degrade to HTML. Even Drupal and Wordpress manage to achieve this in most cases. My website has AJAX page loading and all that fancy crap, but it also works perfectly fine if you disable javascript. It just takes more full page loads. These things exist and you don't even need to pay for them if you're cheap, which is a condition with which I can identify. If your whole site depends on quick response to a feature (to use your example, the "like" button on facebook) then you have a clear reason to require Javascript. But contrarily, a newspaper which fails to show me news content when I disable Javascript is demonstrating to me that their function is not to show me news, but to show me advertisements. This is not shocking, but it disinterests me in their content.

          TL;DR if your webpage can reasonably degrade to plain HTML+CSS (or even HTML) and it doesn't, then you're just making bullshit excuses; if it reasonably requires Javascript, then users will reasonably enable Javascript.

    • As long as it doesn't break Noscript, I'm ok with this. It really IS folly to try to use the modern web without any javascript at all, but with Noscript I can still pick and choose which sites are allowed to run it in my browser.

      The one thing that NoScript is missing is the option to say "if the site imports scripts from fewer than X domains, just run them all". That would smooth the process out quite a bit. Sites that import from 25 different domains just for the privilege of taking over my monitor to display ads don't even deserve the CPU cycles that Adblock Plus will spend on them.

    • Glenn Gould used to take a lot of flack for refusing to shake people's hands even though we all know that you can't go through life refusing to shake hands. Perhaps he had a good reason?

      Even if you're less of a sociopathic hypochondriac than Glenn Gould, there's still an issue concerning how automatically one reaches out. I'm a little more hesitant to offer my mitt to a vagrant person who's just popped out a discrete alleyway with flecks of an old newspaper stuck to their shoe. Colour me paranoid. And y

    • +1

      I'm fine with this so long as noscript can still disable JS for whatever sites I specify (which is all until I whitelist them). In fact, this is the main reason I still use firefox at all. If this goes away, then for me there's really no point in using firefox any longer.

  • by h4rr4r ( 612664 ) on Monday July 01, 2013 @12:39PM (#44156079)

    Why is this a thing?
    Why must we dumb down everything?

    • Simple != Dumb (Score:5, Insightful)

      by sjbe ( 173966 ) on Monday July 01, 2013 @12:48PM (#44156233)

      Why must we dumb down everything?

      More like simplifying. Everything should be made as simple as possible but no simpler. Why have a menu option that never gets used? That is pretty much the definition of pointless. I'm pretty geeky and like to tinker with things but a menu option that never ever gets used is wasteful.

      I cannot remember the last time I disabled Javascript and I'm pretty confident that somewhere north of 99.9% of users never disable it either. Much of the modern web would be useless without Javascript. So long as there remains a method (extension, etc) to disable it if desired (ala NoScript) I really don't see the big deal.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Just because you don't use that options doesn't nobody else does. And im pretty confident that that 99.9% figure of yours is wrong, i myself and other people have disabled javascript explicitly and as shocking as it may sound, most sites do NOT need javascript to function properly, and most of those who do are not worth it.

    • Ah the "Dumbing Down Excuse" which is akin to the Intentionally Make it more difficult preference.
      Making something easier to use isn't always dumbing it down. For Disabling Javascript (Not just blocking some of it), it is a feature that most people will no longer, if they do they intentionally put themselves in a disadvantage.

       

  • by Anonymous Coward on Monday July 01, 2013 @12:41PM (#44156115)

    They just removed the easy way to turn it off to prevent simple mistakes. You can still turn it off behind about:config or with extensions for those that need it.

  • by Anonymous Coward on Monday July 01, 2013 @12:42PM (#44156129)

    (atleast in nightly) Its just hidden, you can still enable/disable javascript in the about:config menu and addons like noscript still work.

  • by Anonymous Coward on Monday July 01, 2013 @12:52PM (#44156305)

    Ad networks are compromised all the time. Ads are the primary users of javascript. Coincidence?

    Who gives a shit if websites break when java or javascript are turned off. I turn that shit off as much as possible, I use NoScript becuase I despise the fact that no matter how careful I am, no matter how up to date I run my antivirus, my browser, and my JRE, I can STILL get a goddamned drive by infection if I allow javascript to run unchecked.

    No, Blowzilla, the problem is NOT with users clicking things they have no idea about, the problem here is JAVASCRIPT. Its just another ActiveX, its just another virus vector. It needs to be eliminated from use entirely. It SHOULD ask permission to run by default. That way websites can at least put in a message "To see video you need to say Yes to this." "To read this article you need to say yes to this." and the ad networks can start working around things by going BACK to gifs and static ads and links instead of crap that blares through my speakers about shit I do not care about (seriously, is everyone coming to Slashdot a big corporate IT manager in charge of buying new server racks? IBM and others seem to think so) while using fast-moving images (hey just like the BLINK tag but with pictures!) to try and distract me from...the CONTENT.

    Seriously, this is a retarded move, thank you Mozilla for INCREASING the number of infected machines on the web. I am sure the Russians and other blackhat collectives thank you.

    Morons.

  • by doom ( 14564 ) <doom@kzsu.stanford.edu> on Monday July 01, 2013 @12:55PM (#44156347) Homepage Journal

    Personally, what *I've* always wanted is a way to turn JS on and off that's more easily accessible. I often want it off, to try to get more consistent behavior (whizzy JS crap is often completely non-standard and confusing), but every now and then I need to flip it on to see if the apparent breakage is because some lazy programmer didn't feel like thinking about how things degrade.

    But Mozilla seems determined to alienate users like myself, so this current bonehead move is hardly a surprise.

    And yes, many "modern" web sites these days seem to require javascript-- thanks to google who made it ultra-cool and groovy.

  • I'm a web developer and have taken JS & CSS for common for years and years now. Spent about 6y working at a small local web design shop and it just wasn't feasible to double contract amounts to make sites work without JS.

    That said, there's no reason to require JS if it can be done without. Lots of page book-keeping, like menus, active page indicators, etc, can be done with CSS. Some stuff, like Amazon's polygonal focus on subnav can degrade nicely. Fantastic. But I'm not going to build an Ajax-y interface AND a static HTML interface (for free) to coddle people with nothing more than a distrust of JavaScript.

  • by Kethinov ( 636034 ) on Monday July 01, 2013 @01:09PM (#44156559) Homepage Journal

    I miss the days when web developers still gave a shit about progressive enhancement.

    I miss the days when you couldn't be considered a real web developer unless you could make a CSS Zen Garden (http://www.csszengarden.com) skin without cheating by changing the markup or using JS.

    I miss the days when you were only considered a good web web developer if your site was usable with both JS and CSS disabled because you used semantic HTML.

    I miss the days when accessibility still mattered.

    I miss the days when writing semantic HTML, enhancing it with CSS, and enhancing it further with JS was considered the best practice, rather than starting with just JS and an empty body tag as is so common today.

    I miss the days before the now popular false dichotomy of thinking that progressive enhancement is extra work was popular among web developers.

    I love that the web can do more now and compete with native apps better. But I hate that web developers are so quick to unnecessarily abandon progressive enhancement in the process when that's what made the web great to begin with.

    • by Intrepid imaginaut ( 1970940 ) on Monday July 01, 2013 @01:25PM (#44156777)

      I miss the days when web developers still gave a shit about progressive enhancement.

      I miss the days when you couldn't be considered a real web developer unless you could make a CSS Zen Garden (http://www.csszengarden.com) skin without cheating by changing the markup or using JS.

      I miss the days when you were only considered a good web web developer if your site was usable with both JS and CSS disabled because you used semantic HTML.

      I miss the days when accessibility still mattered.

      I miss the days when writing semantic HTML, enhancing it with CSS, and enhancing it further with JS was considered the best practice, rather than starting with just JS and an empty body tag as is so common today.

      I miss the days before the now popular false dichotomy of thinking that progressive enhancement is extra work was popular among web developers.

      Those days never existed. Seriously, do you remember what things were like back in the 90s? Or the early 00s? It's a bit early for the rose coloured blindfold to drop I think.

    • I miss the days when you couldn't be considered a real web developer unless you could make a CSS Zen Garden (http://www.csszengarden.com) skin without cheating by changing the markup or using JS.

      That sure never happened.

  • by b1ng0 ( 7449 ) on Monday July 01, 2013 @01:22PM (#44156719)

    Stop posting this "user's" aka Dice's stories on Slashdot! His entire history of posts all link to the user's own i-programmer.info site in order to generate traffic and ad impressions. Enough is enough already!

  • I use NoScript to browse with JS disabled and only turn it on for sites I trust/want to get something done with.

    If this change breaks NoScript, I'l switch to Chrome.

  • by excelsior_gr ( 969383 ) on Monday July 01, 2013 @02:12PM (#44157497)

    Nevermind JS. Did they fix the cache problems already?

  • noscript (Score:4, Informative)

    by Barefoot Monkey ( 1657313 ) on Monday July 01, 2013 @02:26PM (#44157705)

    Anyone writing a javascript application should know to add a <noscript> tag to the page embedding the scripts.

    <noscript><p>This page is built using Javascript, but it seems that you have Javascript disabled on your browser. Please enable Javascript and refresh this page to continue.</p></noscript>

    I think that's a much more robust approach. The user understands what's going on, and you don't have to rely on every browser preventing Javascript from being disabled.

  • by toonces33 ( 841696 ) on Monday July 01, 2013 @02:34PM (#44157837)

    My main beef is that I may have 30-40 tabs open, and find the browser consuming 50% CPU on the laptop - all because of misbehaving javascript that runs and performs useless updates in the background. And firefox doesn't make it easy to figure out which tab is the culprit, so you just have to start killing them at random until the CPU usage goes down. At least until you learn from experience which websites have the offending javascript.

    On many web sites I use the javascript is gratuitous. Eye candy and whatnot, or huge scripts to manage useless comment systems that I never use.

    And why do I care? It makes the machine sluggish and burns through the laptop battery more quickly, and the laptop runs hot.

    But Firefox can do what it wants - I still use noscript and adblockplus to selectively block scripts.

Genius is ten percent inspiration and fifty percent capital gains.

Working...