SoylentNews is people
SoylentNews
Depending on who you ask, right now JavaScript is either turning into a modern, reliable language, or a bloated, overly complex dependency hell. Or maybe both?
What's more, there's just so many options: Do you use React or Angular 2? Do you really need Webpack? And what's this month's recommended way of dealing with CSS?
Like you, I spent far too many hours reading about all this, and at the end I still wasn't sure. So I decided to create a survey to see what everybody else thought. It seems like I must've hit a nerve, because I got over 9000 answers in just over two weeks!
Further down in the article, the survey results are listed, though not in an easily scrape-able format. Oddly enough, the site degrades gracefully, and does not require Javascript to be enabled.
http://stateofjs.com/2016/introduction/
-- submitted from IRC
(Score: 2) by bzipitidoo on Tuesday October 11 2016, @01:52PM
You don't like running unknown code from the web, because it's a security risk? No other reasons? That genie is never going back in the bottle. And what's the big deal anyway? Use a sandbox. Run your browser in its own virtual machine or something. I sometimes run a browser under a different user account. Even if you take no such measures at all, browsers are pretty good at sandboxing themselves.
Or just block JS. Use NoScript. Yeah, it's a pain that half the web won't work fully without JS, but it can be done.
Dumping client side computing simply isn't realistic or practical, whatever abuses the practice makes possible. There is far, far more computing power client side than server side. Dumping JS is a solution that is massive overkill to the problems. Especially when there are other solutions.
(Score: 2) by fubari on Tuesday October 11 2016, @02:46PM
r.e. Sandboxing:
I find this kind of thing is truly scary: Researchers this week turned up a new ransomware-as-a-service operation that pushes the first ransomware coded entirely in JavaScript. [threatpost.com]
*sigh* I need to dust off my sandbox research; can you make any suggestions? I became un-inspired with sandboxie a while back.
r.e. NoScript:
Most people I know can't be bothered to play the "NoScript wack-a-mole" game.
For me, noscript seems like reasonably cheap insurance about running unexpected code.
Some sites I visit have 10+ domains they want to allow.
Usually it works well enough with just the enabling the primary site, every once in a while I give up on NoScript and FireFox and use Chrome (but I have to really need something to do that; 80% of the time it is easier to ignore whatever it was that didn't work).
(Score: 2) by DannyB on Tuesday October 11 2016, @03:27PM
I thought the automated push of Windows 10 upgrades was over? Now you're telling me there is still automated push ransomeware?
Windows 10 has been installed on this computer.
To restore this computer to a usable state
please send 3 bitcoin to Microsoft.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by fubari on Tuesday October 11 2016, @06:04PM
Nice :-)
(Score: 3, Informative) by tibman on Tuesday October 11 2016, @04:34PM
That link is not that scary. It's not a drive-by thing. You have to download and run an exe, manually. They modified the open-source Chromium browser to add more JS commands. The ransomware is written in JS and has to run on this specially modified browser.
SN won't survive on lurkers alone. Write comments.
(Score: 2) by fubari on Wednesday October 12 2016, @08:22PM
Interesting - clearly I didn't get the "extra *.exe required" from my first read.
In broad brush strokes node.js seems analogous to .net's clr, or java's jre.
I've had trouble finding a "how it works" architecture overview, but I think I'd agree that the sky isn't falling after all.
Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine. [nodejs.org]
(Score: 1, Interesting) by Anonymous Coward on Tuesday October 11 2016, @08:54PM
Problem is that bzipitidoo and loRdTAW are both correct.
This will never, never happen for many different reasons, but might be nice to have a "trusted" cdn for js code, vetted by some volunteer group, with functionality that enables a bag of client-side conveniences but is relatively limited in functionality (compared to some of the current "OS-level" stuff). Add a plugin that allows only this vetted JS, wave a magic wand and get a critical mass of useful sites to use it, and.... never mind, I need some coffee.
(Score: 2) by Pino P on Tuesday October 11 2016, @11:28PM
Dumping JS is a solution that is massive overkill to the problems. Especially when there are other solutions.
And anti-JS diehards would claim that the best among "other solutions" is native applications. So they encourage application developers to make five native applications, one each for Windows, X11/Linux, macOS, iOS, and Android, instead of one web application. This imposes a greater cost on developers, to which anti-JS diehards say "not my problem" and "native apps have potential to be good rather than mediocre". Would it be acceptable to allow use of the web application without charge but put the native versions behind a paywall? That way, the cost of supporting anti-JS diehards would be placed solely on anti-JS diehards.
(Score: 0) by Anonymous Coward on Wednesday October 12 2016, @03:56AM
Look dipshit, it's ALL about the billions of web users who don't give a flying fuck about and are completely oblivious to YOUR difficulties.
Your job as a responsible 'developer' is to provide a safe and secure service. Nothing else. All your petty 'concerns' don't mean shit. Either provide a safe and secure service or fuck off and clean toilets.
Stupid lame justifications don't matter to those you're putting at risk with your shitty code and sorry assed excuses.
Playtime's over kids, grow the fuck up.