Will FireFox-29 be required by Toms Hard Ware ?

[nss000]

Gents:

Last month I have had nothing-but-problems accessing this site with FFox-28. Now a new (spaz UI) version of FireFox , FFox-29 has been released. A (this?) new version appeared in my automagic UBUNTU updater ... and I rejected the DLoad. HATE the look ... W/O a dominate **BOOKMARKS** function button as if a web browser was anything other than its functioning list of bookmarks.

But anyrate, has THW been anticipating new FFox features and that's why lots of THW stuff is broken for me? I'm using Chromium now which of-course does NOT have NOSCRIPT which I'm guessing is the cause of issues.

NO I don't like to give ANY site a free grope W/O passing the NOSCRIPT filter.

 

[Someone Somewhere]

Noscript breaks many websites, especially those that rely heavily on AJAX type requests, like TH. I'd suggest URL-filtering certain domains if you want to block trackers, instead of indiscriminately blocking JS.

I don't think there's any changes specific to certain web browsers. I've never had major differences between browsers, excluding a couple of very minor issues.

EDIT: Forced a rollback to FF28 on my system (Kubuntu 14.04). No problems that I could see on a quick look.

 

[nss000]

AJAX ... I do not know AJAX or ever heard of it. Is it part/aspect of (evil) Javascript or some work-alike varient ? How does casual usrland defend itself against such forcible, unrequested and intrusive novelty --- except by dropping-out of the "context"? Kinda like dropping GNOME-3 and replacing it with Xfce ... as I have recently done.

I have never considered myself a Luddite, but perhaps a re-evaluation is in order. My presence at a website has financial value to the site, no less than others, as I'm a hobby-builder of computer and analog electronic items and influence my engineering students by casual comments. Surely my threat to withdraw from an website environment carries a cost to that site.

Noscript breaks many websites, especially those that rely heavily on AJAX type requests, like TH. I'd suggest URL-filtering certain domains if you want to block trackers, instead of indiscriminately blocking JS.

I don't think there's any changes specific to certain web browsers. I've never had major differences between browsers, excluding a couple of very minor issues.

EDIT: Forced a rollback to FF28 on my system (Kubuntu 14.04). No problems that I could see on a quick look.

 

[Someone Somewhere]

AJAX = Asynchronous Javascript And XHTML. Basically, it lets you send new HTTP requests to/from the server without refreshing the page. Without it, you'd lose Quick Edit, the tracked box up at the top right, the tag manager, and page loads would take far longer.

Javascript itself is not evil, and has many wonderful uses. The main issue is the trackers.

 

[randomizer]

Firefox 29 does have a bookmarks button, but it has a different icon now. It should be attached to the right of the button with the star icon. If you can't see it you might need to open up the customise screen (which you can do much the same way as in Firefox 28) and put it where it belongs.

Yes, you will have trouble using TH with NoScript if you block everything. JavaScript is not required to browse the forum but you will find page elements out of place (some blocking others entirely) and much of the site's functionality will simply not work. You will probably want to allow anything from *.tomshardware.com, *.tomsguide.com and *.bestofmedia.com for 90% of the functionality to work, but you can be selective if you don't care about certain things.

 

[jpishgar]

Our team does try to design for every popular browser to ensure compatibility, but the NoScript would definitely break us in different spots. Please consider adding us to your whitelist if it's a concern.

-JP

 

[nss000]

Doesn't JavaScript enable and infact encourage many forms of malware impossible with only HTML4/5 ? That was my impression. badware = javaware ... to be poetic!

Do I CARE about "quick edit" or "tag manager" whatever THEY are? Do I care about another 3ms loadtime for a web-page ??

I DO care very much about secure communications, robust stability and limiting risk. Perhaps I need to withdraw into a subset of the WWW ... a **safenet** expressing robust sets of security features and excluding all not toeing-that-line.

AJAX = Asynchronous Javascript And XHTML. Basically, it lets you send new HTTP requests to/from the server without refreshing the page. Without it, you'd lose Quick Edit, the tracked box up at the top right, the tag manager, and page loads would take far longer.

Javascript itself is not evil, and has many wonderful uses. The main issue is the trackers.

 

[Someone Somewhere]

Java is very very different to Javascript. You're probably referring to Java, which tends to have access to local features and is kind of like ActiveX in some ways.

See the blue tags under the thread title? You won't be able to edit those, and might not even be able to see them.

Anything that can react on a page without a reload relies on JS, basically.

The notifications counter in the top right, and the box of tracked threads below it both use AJAX.

 

[nss000]

You can understand how ironic this issue appears to me ... just in the last weeks several THW posters have encouraged me to try-out Xfce in-place-of GNOME ... because of the arbitrary constraints and changes imposed by GNOME. I HATED that imposition. Amazing -- I am now a quite happy (and liberated) Xfce user and going-for'ard intend to make it my DE.

Now comes a similar case of imposed-external-constraints w.r.t. my browser function at THW among other sites. I do NOT appreciate the loss of NOSCRIPT protection and equally do not like arbitrary external changes imposed on my web-surfing habits. WWW users are not sheep to be herded into any usrland corral ISPs & web-site constructors may desire.

Frankly gents, as an active observer and buyer of web-advertized or discussed product since I (we) have-the-gold I (we) very-much make the surfing rules. Webland is littered with the broken and dried-out code-stacks of sites that ignored that fact.

Our team does try to design for every popular browser to ensure compatibility, but the NoScript would definitely break us in different spots. Please consider adding us to your whitelist if it's a concern.

-JP

 

[jpishgar]

As the earlier poster mentioned, you can still very much navigate our site with noscript enabled, and even use the forums. You just won't be able to utilize some of the functions that are built in. This isn't a change - it's been like this for at least as long as I've been with Tom's, and similar best practices are in place on a multitude of other forums which share a common software basis and set of conventions.

I'll pass your recommendations along, however, about possibly making a smoother ride available for users who opt for NoScript.

 

[nss000]

I have "enabled" THW within noscript, and it's still a very uncomfortable experience. No login no post many over-writes ... just a mess. OTOH no problem with Chromium I'm using now.

 

[randomizer]

I don't understand why you're happy to run JavaScript in Chromium but not Firefox.

Doesn't JavaScript enable and infact encourage many forms of malware impossible with only HTML4/5 ? That was my impression. badware = javaware ... to be poetic!

JavaScript makes it easier to install malware on the user's machine, but the JavaScript itself usually won't be malware (unless it exploits a specific browser vulnerability), it will just aid in loading some other payload from another location. JavaScript runs in a sandbox and can't reach outside of the browser except for a few specific cases (like cookies).

If a site that you are visiting has been compromised then having JavaScript disabled won't necessarily protect you though. You don't need JavaScript to ask the user to download a file.

Java is another issue. I wouldn't have a Java plugin enabled unless absolutely necessary, and these days that's pretty rare. Treat it as you would Flash (sadly, Flash is still common). Browser plugins aren't sandboxed and if a bad vulnerability is exploited the attacker may be able to run arbitrary code with the same permissions as the plugin's process (and potentially elevate those permissions).

Without JavaScript we'd have pretty boring and/or clunky websites. In most (but a decreasing number of) cases it's possible to do the majority of things without JavaScript, but you'll be forcing the user to reload the page over and over because you can't change it once it's been rendered. Some websites, although primarily web applications, are built such that the whole page is constructed with JavaScript and the server provides little more than the basic page structure and the necessary code to render the page in the browser. You wouldn't be able to use these at all.

There is no denying that JavaScript has become and will continue to become increasingly pervasive on every site. Complex web applications are now everywhere and these would be useless without JavaScript. In the same way that sites are dropping support for old browsers, they are also dropping support for users not running JavaScript.

At the end of the day you are running someone else's program on your computer. You either trust it or you don't.

 

[nss000]

Sir:

You have given a vigorous, thoughtful and expansive defense of web-bling, and I respect your effort. Like a good defense attorney you have undervalued the connection between ease-of-malware function and your "client" javascript. The fact that **I** don't need that bling detracts not-one-wit from your effort or from its alluring sirens call ... you DO remember how sailors & ships were lured ... well well I need not repeat the ol' story or explicitly make an analogy we both understand.

AFAICT javascript has NOT penetrated usenet, which is the better part of the "greater" web. Nor client/server email when you can find it (scum AT&T does not allow). No text blog needs it! And I have no need for puny javascript web-bound software, when I have two bravo home systems and a full set of open-source & WINED software able to CRUSH any squintsville motivated thru-web javascript apps. Always!

I don't need a javascript web. I don't want javascript-based risks. I don't favor blingish web environs. In some short time ( 3 years) a significant fraction of high.value web-users will simple drop-away from this cartoonish javascript-based web you imagine as they have dropped away from network TV. I'll be with them. Place your bets ...

 

[randomizer]

JavaScript is not just for bling any more (ugly sites with popup menus is where it gained popularity though). I wrote a small JavaScript-based application as an addition to a client's intranet website a couple of months ago. It's certainly more "blingy" than the rest of the site but that's because I didn't style it like it's 1998 (the rest of the site looks that old) and not due to the JavaScript. The main advantage is that it can be used by the client from their desktop or a mobile device without having to install separate applications. Had I gone with a non-web application I'd need them to upgrade the software each time I deploy bug fixes and feature additions. I'd also be requiring them to trust software which runs with the full permissions that they have on their machine. My JavaScript application does not have those permissions and does not need them.

JavaScript is not the problem itself, it's just a language. One can write malicious code in Python, C, Ruby, x86 assembly or any other language. Since it is just a language JavaScript isn't actually bound to the web. You are using GNOME Classic are you not? That's basically GNOME Shell with shell extensions to emulate the feel of GNOME 2. GNOME Shell is built with JavaScript and CSS, which makes it extremely web-like.

I disagree with your predictions. People have not dropped away from "cartoonish" GUIs and gone back to typing into a terminal window. The vast majority prefer a more interactive user experience. This doesn't mean that you have to. However, you'll be stuck with Usenet and text blogs.

 

[Someone Somewhere]

That said, I know at one point the site had multiple different skins users could choose. An HTML/CSS only site could be useful for those on old browsers or slow machines.

 

[randomizer]

They'd have to be pretty slow.

 

[nss000]

1998 ... old? Oh my dear sir ..... considering that my 1947 FOX double-barrel 16-gauge was the finest American shotgun ever designed ... and the 1958 Chevy Impala was the finest American car ever designed and the 1932 ... oh damme I need to colorize Mona Lisas mascara .... & you prolly think a pack of Camel Straights needs a new font for the word TURKISH and that Thucydides verb-forms in description of Corinthin navel preparations for .... oh, you DO know Thucydides, eh ... not too far before your time ... hehehe ?

Mechanical function can always be improved; aesthetic design can almost never be improved ... see any classical Greek art-work or 20,000 BC Euro cave-paintings for details. I have encouraged topic-drift for which I apologize, but 1998 ... old ... !!?

JavaScript is not just for bling any more (ugly sites with popup menus is where it gained popularity though). I wrote a small JavaScript-based application as an addition to a client's intranet website a couple of months ago. It's certainly more "blingy" than the rest of the site but that's because I didn't style it like it's 1998 (the rest of the site looks that old) and not due to the JavaScript. The main advantage is that it can be used by the client from their desktop or a mobile device without having to install separate applications. Had I gone with a non-web application I'd need them to upgrade the software each time I deploy bug fixes and feature additions. I'd also be requiring them to trust software which runs with the full permissions that they have on their machine. My JavaScript application does not have those permissions and does not need them.

JavaScript is not the problem itself, it's just a language. One can write malicious code in Python, C, Ruby, x86 assembly or any other language. Since it is just a language JavaScript isn't actually bound to the web. You are using GNOME Classic are you not? That's basically GNOME Shell with shell extensions to emulate the feel of GNOME 2. GNOME Shell is built with JavaScript and CSS, which makes it extremely web-like.

I disagree with your predictions. People have not dropped away from "cartoonish" GUIs and gone back to typing into a terminal window. The vast majority prefer a more interactive user experience. This doesn't mean that you have to. However, you'll be stuck with Usenet and text blogs.

 

[Someone Somewhere]

Web design tends to be more in the realm of fashion than art, and even then art definitely changes from time to time (though it largely seems to have a significant art; something isn't "real" classic art unless it's more than about a century).

 

[randomizer]

For a 20-odd year old industry, yes, 1998 is old. Cars weren't first made in the early 90s but we weren't discussing cars. "Old" is different in different contexts.

 

[rustoms]

I'm using Chromium now which of-course does NOT have NOSCRIPT which I'm guessing is the cause of issues. NO I don't like to give ANY site a free grope W/O passing the NOSCRIPT filter.

Try HTTP Switchboard: https://github.com/gorhill/httpswitchboard#http-switchboard-for-chromium

It's RequestPolicy + NoScript + ABP, but with an ergonomic UI. It can be used in any way you want, anything in between blocking everything to blocking nothing.

For instance, I disabled all blocking for tomshardware.com, because as you will see it's full of stuff here, and as I didn't want to chase all the proper permissions just to post this comment, I just disabled filtering, but then *only* for this site. For everything else, I use my default deny mode. I would be unable to go back to NoScript, you just don't get that kind of total control.

 

[Someone Somewhere]

I'm using Ghostery in Opera. Seems to have a really good set of pre-loaded scripts. Wipes out all the trackers but everything works fine.

 

[nss000]

Agreed ... as long as you agree that Aztec priests and Babylonian mages were ALSO in the calculation business.

For a 20-odd year old industry, yes, 1998 is old. Cars weren't first made in the early 90s but we weren't discussing cars. "Old" is different in different contexts.

 

[Someone Somewhere]

Not calculation so much as information movement.

 

[nss000]

Feynman in one of his obscure lectures observes that the complexity of Aztec astronomic calculations does NOT need to be reproduced for every interested student. (He compares casual historic description to his own cute Feynman diagrams rather than the Greens-function integrals they represent).

So YES I am twisting your (evidently young) tail to admit the continuity of computation (visual) metaphor from the pre-Babylonian base-60 baked_clay boffins thru GNOME-3 potterifying devs .
Masters of each age would --- I believe -- immediately recognize eachother over a (baked_clay?) pot of bitters.

Not calculation so much as information movement.

 

[nss000]

And yes, IBM was founded 1911 ... I daresay you have a foreshortened vision of industrial computing ... but there WERE French 18-th Century weaving machines that ran on punch-cards ... some say the cards had nude-babes etched on the back side ... corrupt as most real Gauls are I don't believe that of-course ........

For a 20-odd year old industry, yes, 1998 is old. Cars weren't first made in the early 90s but we weren't discussing cars. "Old" is different in different contexts.