SoylentNews is people
SoylentNews
Depending on who you ask, right now JavaScript is either turning into a modern, reliable language, or a bloated, overly complex dependency hell. Or maybe both?
What's more, there's just so many options: Do you use React or Angular 2? Do you really need Webpack? And what's this month's recommended way of dealing with CSS?
Like you, I spent far too many hours reading about all this, and at the end I still wasn't sure. So I decided to create a survey to see what everybody else thought. It seems like I must've hit a nerve, because I got over 9000 answers in just over two weeks!
Further down in the article, the survey results are listed, though not in an easily scrape-able format. Oddly enough, the site degrades gracefully, and does not require Javascript to be enabled.
http://stateofjs.com/2016/introduction/
-- submitted from IRC
(Score: 5, Insightful) by Justin Case on Tuesday October 11 2016, @12:54PM
The idea that you would let any random asshat worldwide take control of your browser is so insane I don't know why it wasn't laughed out of the room the minute someone proposed it.
Oh, yes I do. Marketing.
But those of us who understand how things work know better.
Right???
It isn't whether the language is "mature" or "bloated". It is the fact that it comes from points unknown and runs on your computer. Java, Active-X... same problem.
You are responsible for selecting and vetting software from sources you trust. Then you test, deploy, and lock it down so that you have a known, stable computing platform.
17 years on and Cross-Site Scripting still infests about half the web!
95% of the drive-by downloads and other browser-based vulnerabilities are enabled by JavaShit. But still everyone plows on, oblivious.
Sigh... I give up. Go rot in malware hell, all of you ignorant trend-followers.
(Score: 1, Interesting) by Anonymous Coward on Tuesday October 11 2016, @01:35PM
To frame it a different way, the risk/reward tradeoff is good enough. Propose an alternative that is better.
(Score: 5, Insightful) by LoRdTAW on Tuesday October 11 2016, @01:38PM
The idea of JS isn't insane. Dynamic client side stuff is somewhat necessary like changing a displayed number without having to reload the entire page. But the problem I have with it is that JS should have no access outside of the page content itself. It should never have any ability to manipulate the browser window, open new windows, or access the file system save for presenting a file link to download. Half of the bullshit is because web browser devs are brain damaged and think things like dialogue boxes that keep tabs open in an infinite loop are acceptable(Google fixed this major fuck up in chrome only recently). Pop-unders/overs are enabled by the same brain dead design.
These horrible design decisions are due to the fact that people are trying to make the browser an OS or VM. It's absurd. You might as well make a word processor into an OS. That's all a web browser was ever supposed to be, display a page of text and pictures. Now its a media player, gaming platform, and emulator for whatever can be compiled into JS. Stop the madness.
(Score: 1) by shrewdsheep on Tuesday October 11 2016, @03:22PM
We have come round full circle indeed. You can develop webapps using the traditional desktop model by now (event loop, oo-widget hierarchy, etc.). E.g. http://www.cappuccino-project.org/ [cappuccino-project.org] (mostly) re-implements the Apple cocoa API. As browser/Javascript is the only true cross-platform solution at the moment this is a justification for that development model (and so called JS bloat) IMO.
(Score: 3, Insightful) by LoRdTAW on Tuesday October 11 2016, @04:41PM
I get the cross platform part. But hammering the square peg in the round hole is what modern web design is all about. There are better ways to do this. If you want a VM/OS then build one. Don't take a text/graphics layout engine and bolt on run times with hooks into the OS. It's dangerous, backwards thinking.
(Score: 2) by Pino P on Tuesday October 11 2016, @11:13PM
If you want a VM/OS then build one.
That would have the side effect of requiring many of your users to purchase a second device with which to use your VM/OS. Apple has made the business decision to make Cocoa Touch and WebKit JavaScript the only allowed APIs on iOS, because of past bad experiences with Java and ActionScript VMs.
(Score: 2) by LoRdTAW on Wednesday October 12 2016, @12:40PM
A VM or OS does not require a second device. If you want a good design of what a mobile OS/ desktop application should look like have a look at the inferno architecture developed at Bell Labs. http://www.vitanuova.com/inferno/ [vitanuova.com]
(Score: 2) by Pino P on Thursday October 13 2016, @02:57AM
A VM or OS does not require a second device.
It does if the maker of the device you already own has locked out VMs and other OSes, enforcing this with strict W^X and cryptography. Notice that iOS isn't listed under "Host Operating Systems" on the Inferno page you linked. And does "Linux" refer only to GNU/Linux or also to Android?
(Score: 2) by LoRdTAW on Thursday October 13 2016, @11:48AM
My point is not to hammer that functionality into an existing crap platform. The idea is to start fresh with a proper design. That was my point all along.
(Score: 2) by Pino P on Thursday October 13 2016, @12:30PM
Because of digital restrictions management, a user's paid apps, books, and videos will be incompatible with "a proper design". This means that after buying your "proper design", the user will still have to carry his existing device in order to retain access.
(Score: 2) by LoRdTAW on Thursday October 13 2016, @04:03PM
Things I speak of are theory. We can't easily make a better system because of momentum. But I wont let that stop me from exploring those avenues and looking at other platforms or dedicating time to them.
(Score: 0) by Anonymous Coward on Tuesday October 11 2016, @04:10PM
You might as well make a word processor into an OS.
AKA emacs.
(Score: 2) by bzipitidoo on Tuesday October 11 2016, @01:52PM
You don't like running unknown code from the web, because it's a security risk? No other reasons? That genie is never going back in the bottle. And what's the big deal anyway? Use a sandbox. Run your browser in its own virtual machine or something. I sometimes run a browser under a different user account. Even if you take no such measures at all, browsers are pretty good at sandboxing themselves.
Or just block JS. Use NoScript. Yeah, it's a pain that half the web won't work fully without JS, but it can be done.
Dumping client side computing simply isn't realistic or practical, whatever abuses the practice makes possible. There is far, far more computing power client side than server side. Dumping JS is a solution that is massive overkill to the problems. Especially when there are other solutions.
(Score: 2) by fubari on Tuesday October 11 2016, @02:46PM
r.e. Sandboxing:
I find this kind of thing is truly scary: Researchers this week turned up a new ransomware-as-a-service operation that pushes the first ransomware coded entirely in JavaScript. [threatpost.com]
*sigh* I need to dust off my sandbox research; can you make any suggestions? I became un-inspired with sandboxie a while back.
r.e. NoScript:
Most people I know can't be bothered to play the "NoScript wack-a-mole" game.
For me, noscript seems like reasonably cheap insurance about running unexpected code.
Some sites I visit have 10+ domains they want to allow.
Usually it works well enough with just the enabling the primary site, every once in a while I give up on NoScript and FireFox and use Chrome (but I have to really need something to do that; 80% of the time it is easier to ignore whatever it was that didn't work).
(Score: 2) by DannyB on Tuesday October 11 2016, @03:27PM
I thought the automated push of Windows 10 upgrades was over? Now you're telling me there is still automated push ransomeware?
Windows 10 has been installed on this computer.
To restore this computer to a usable state
please send 3 bitcoin to Microsoft.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by fubari on Tuesday October 11 2016, @06:04PM
Nice :-)
(Score: 3, Informative) by tibman on Tuesday October 11 2016, @04:34PM
That link is not that scary. It's not a drive-by thing. You have to download and run an exe, manually. They modified the open-source Chromium browser to add more JS commands. The ransomware is written in JS and has to run on this specially modified browser.
SN won't survive on lurkers alone. Write comments.
(Score: 2) by fubari on Wednesday October 12 2016, @08:22PM
Interesting - clearly I didn't get the "extra *.exe required" from my first read.
In broad brush strokes node.js seems analogous to .net's clr, or java's jre.
I've had trouble finding a "how it works" architecture overview, but I think I'd agree that the sky isn't falling after all.
Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine. [nodejs.org]
(Score: 1, Interesting) by Anonymous Coward on Tuesday October 11 2016, @08:54PM
Problem is that bzipitidoo and loRdTAW are both correct.
This will never, never happen for many different reasons, but might be nice to have a "trusted" cdn for js code, vetted by some volunteer group, with functionality that enables a bag of client-side conveniences but is relatively limited in functionality (compared to some of the current "OS-level" stuff). Add a plugin that allows only this vetted JS, wave a magic wand and get a critical mass of useful sites to use it, and.... never mind, I need some coffee.
(Score: 2) by Pino P on Tuesday October 11 2016, @11:28PM
Dumping JS is a solution that is massive overkill to the problems. Especially when there are other solutions.
And anti-JS diehards would claim that the best among "other solutions" is native applications. So they encourage application developers to make five native applications, one each for Windows, X11/Linux, macOS, iOS, and Android, instead of one web application. This imposes a greater cost on developers, to which anti-JS diehards say "not my problem" and "native apps have potential to be good rather than mediocre". Would it be acceptable to allow use of the web application without charge but put the native versions behind a paywall? That way, the cost of supporting anti-JS diehards would be placed solely on anti-JS diehards.
(Score: 0) by Anonymous Coward on Wednesday October 12 2016, @03:56AM
Look dipshit, it's ALL about the billions of web users who don't give a flying fuck about and are completely oblivious to YOUR difficulties.
Your job as a responsible 'developer' is to provide a safe and secure service. Nothing else. All your petty 'concerns' don't mean shit. Either provide a safe and secure service or fuck off and clean toilets.
Stupid lame justifications don't matter to those you're putting at risk with your shitty code and sorry assed excuses.
Playtime's over kids, grow the fuck up.
(Score: 0) by Anonymous Coward on Tuesday October 11 2016, @03:08PM
People are oblvious because marketing forces prevent the real message of its dangers getting out, and many sites are nearly impossible to use now without it. getting people not good at IT things to actually do more than click next...
By making it easier for everyone, we made it easier to slip on the cuffs. Escape is very hard now.
(Score: 0) by Anonymous Coward on Wednesday October 12 2016, @04:01AM
Blame the "marketing forces" but ya'll fucked up and let it happen.