47

I guess I'll have to start blocking javascript too 😶

Is noscript still the best choice?

https://twitter.com/MalwareJake/...

Comments
  • 1
    @FrodoSwaggins
  • 4
    @JoshBent this is just messed up 😒
  • 1
    @FrodoSwaggins I know, sad that you were right about it though, as js itself can be quite useful.
  • 1
    @FrodoSwaggins I see noscript has a ton things whitelisted like basic bootstrap etc. so it seems not to be as bad as I thought, is there anything on the list you would suggest removing?
  • 8
    @FrodoSwaggins "it’s useless stupid and websites shouldn’t be using it" Sorry?
  • 6
    JavaScript is great when it's used to compliment the HTML, but so many lazy developers use it to replace HTML and CSS as much as possible. I've already blocked a number of websites, may have to do this as well now :(
  • 5
    @FrodoSwaggins doesn't explain what you said though. He blamed some bad developers while you are calling javascript useless and stupid.
  • 19
    @FrodoSwaggins the reason has been performance. Rather than making users wait to get a lot of data, it fetches them asynchronously using JS. Everything is enhanced over time. Just because HTML was first built for just displaying hypertext that does not mean it should stay that way all the time.

    Not all the websites are just about paragraphs. If you use internet just for reading articles, that's a different story. How would you use devRant website? Would you like the website to reload everytime you are upvoting someone?

    With every great things come the evil parts of it. Obviously some people will exploit the technology and use it for their own advantages, but that's why you have plugins like uBlock or Ghostery to block ads, social or spying scripts.

    And latest exploit is not javascripts fault. Intel knew about meltdown for a while and they should have taken actions a long time ago.

    Blocking a technology is not a solution. Every single modern electronic device is vulnerable. You just have take precautions when using them.
  • 0
    @tahnik asynchronous loading is fine for data heavy websites that do a lot of complex stuff, but for a simple news site or forum, it's simply not necessary. And even with this, there are good and bad ways to do it, most seem to do it the bad way.
  • 2
    @Wozza365 again, it's all about how the developers are using it. People used axe to build civilisation but they also used it to kill people.
  • 1
  • 0
    @tahnik so we have to be cautious about using these sites that are using JavaScript without good reason. If their website then breaks then it's their fault for being lazy jQuery developers.
  • 0
    @Wozza365 most of the time, using uBlock or Ghostery is enought. They block most of the dodgy scripts around the internet.

    And yes, it's the developers fault if their website breaks.
  • 0
    @1989 good question lol!
  • 0
    @tahnik ghostery sucks these days and ublock still fails to stop a lot of ads including popups, but blocking scripts on those websites stops all of it.
  • 0
    @1989 this is the official page about the exploit(s)...
    Ah what am I saying? You already clicked on it 😂
  • 3
    @FrodoSwaggins I assume you don't drink water either just because too much can kill you
  • 1
    @FrodoSwaggins duh, that was just an example. What about:

    -- Messaging platforms
    -- Real time notifications and updates
    -- Highlighting (Syntax and etc)

    And there is the front-end frameworks which is enabling the massive companies to deliver their contents to millions of users.

    And why are you focusing so much on the meltdown? Couple of days ago it wasn't even known to general public. How do you know that the linux kernel or even you web browser doesn't have these sort of vulnerabilities?

    And fuck me, the app you are using is made with JavaScript.
  • 2
    Is there a way to make a website request JavaScript permission on browsers with js blocked?
  • 0
    @FrodoSwaggins Shit, no one wants to believe in making so many efforts to do something they cannot justify. Hence it takes something big happening to for people to take action.
  • 0
    @Bitwise wonder which version is the one on windows, can't find that anywhere to check if I am already on the newest patch
  • 0
    @Bitwise frodos point is that this is the fix to a known exploit, there may be others that are unknown and potentially as severe as this one.
  • 0
    Don't chrome extensions, such as adblocks, use JS themselves?
  • 0
    If on AMD, no worries brah/ettes. 💯
  • 1
  • 0
    I have already moved away from chrome and using Mozilla and brave.
    Eventually want to shift to brave, they have good blockers for unusual trackers. Also moving to duckduckgo.

    Shift entirely to Duckduckgo and brave. New year resolution 2018.
  • 2
    @no0bdeveloper

    "- Unknown Mozilla developers can distribute addons to users without their permission

    - Mozilla developers can distribute addons to users without their knowledge

    - Mozilla developers themselves don't realise the consequences of doing this

    - Experiments are not explicitly enabled by users

    - Opening the addons window reverts configuration changes which disable experiments

    - The only way to properly disable this requires fairly arcane knowledge Firefox preferences (lockpref(), which I'd never heard of until today)"

    https://theverge.com/2017/12/...
  • 0
    @JoshBent @Bitwise Variant 1 only affects Linux if the optional CPU flag is manually enabled, which is highly unlikely to be so. By default, AMD is immune. This is also confirmed by Linux AMD engineers.
  • 0
    @Bitwise What are you even talking about? AMD is immune to all three variants by default, you're reading bad sources and need to read the official AMD release and their Reddit. AMD is only vulnerable to Spectre v1 IF you compile your own Linux OS, and MANUALLY set an OPTIONAL CPU flag to enable that allows unprivileged access to privileged access functions, which no one will do or likely has ever done outside of testing environments. It's flat out immune to Spectre v2 and Meltdown due to its architecture design.

    Intel is vulnerable to all 3 by default, AMD is immune to all 3 by default, period. Sorry to burn your favorite chip maker, but Intel messed up like they did in the 90s.
  • 0
    @Bitwise No problem, sweet cheeks, but do realize you're the one spreading false information and clearly don't understand the vulnerabilities at all.
  • 1
    @Bitwise No worries, we all take tech personal here 🤣
  • 0
    Don't blame the language, blame the people.Anything who can replace js will be exploited...
  • 0
    @FrodoSwaggins block js if you want your browsing experience to be pre 1995. As much as we shit on js, it has enabled magical things. In the age of service oriented architecture, the design practice is to separate the view logic completely from the model. That means you create a service that exposes a REST or GraphQL interface which can serve a plethora of clients - desktop, web, mobile etc. websites are now single page apps which are made entirely in JS. Now websites can be as interactive as a desktop or mobile app. In fact desktop apps have by far been deprecated in favor of web apps as they are way more accessible. Web apps can even work offline if designed for it. And the frameworks are striving to make all of that more and more seamless. To block js on principle is to throw away all our achievements in the past 10 years.
  • 0
    @FrodoSwaggins minimal? I can cite you numerous case studies where they’ve improved so much. Not only performance but the teams overall productivity. You can start by reading the puppet labs state of DevOps reports. 2014 and 2015 you’ll find extremely interesting
Add Comment