[mdoms]

I absolutely agree that JS is over-used, but for anything other than very static content I generally am not interested in kowtowing to the strict "no JS" folks. Javascript has become a fundamental part of the web, and for the same reason I won't put in extra work to make my sites work in IE, I also will not put in extra work to make my sites work for (a vanishingly small number of) people who pre-emptively block one of the most powerful tools in my belt.

On a side note, the first example the author uses for a menu alternative[0] is highly obnoxious. The "unobtrusive" example assumes that your page is written in PHP but doesn't declare this assumption up front, it leaves it until half way into the article. The example is not usable in a static website that won't properly handle a POST request. So the JS example is still vastly superior for many cases.

[0] https://css-tricks.com/unobtrusive-page-changer/

[boring_twenties]

> for anything other than very static content

Honestly, that would be a damn good start. Just the other day I took a look at a job posting here on HN. It was nothing more than the company logo and the text of the rec. After JS was enabled, that is. Before that it was just the plain text string "You need JS enabled to run this app." What fucking app, lol?

[aaomidi]

Literally modern frontend frameworks that don't want to do SSR.

Is it that surprising?

[boring_twenties]

The only useful content on the page was not only static text, but static plain text.

If the modern frontend framework can't display that without JS, then I think it's fair to call it a shitty frontend framework.

[aaomidi]

More so it's not configured to do that - which depends on the priority of the team working on it.

[boring_twenties]

Well that's true for anything, so it means nothing. I know someone who was told with a straight face, in a meeting about an out of control memory leak in some software, "not leaking memory wasn't in the requirements."

[chosenbreed37]

LOL! That must have been some poker face! Unbelievable!

[WrtCdEvrydy]

I mean, they're not wrong, but I've handled that stupidity by making sure my next requirements included "Do not have sexual intercourse with your coworkers" and "Be a professional software engineer"

Edit: It's kinda like the story of the guy on the ship who was forced to write accurate logs and wrote "The captain was not drunk today"

[aaomidi]

And leaking memory is actually a valid tactic when you're writing software for financial systems that have scheduled times to turn off.

In various HFTFs GC is completely disabled since that valuable cpu time is useful for other things.

[jchook]

JavaScript poses a large security and privacy risk.

Think browser fingerprinting, XSS, JS-based analytics, poor or missing CSP + hijacked npm modules, etc.

I generally keep JS disabled as much as possible.

[austincheney]

You can perform analytics almost as well from just the HTTP headers, you don’t need JS at all for fingerprinting, and hijacked NPM modules are probably still present even if there is no JS pushed into the browser.

[jchook]

Curious, how do you do fingerprinting without JS? User agent, header order, etc? How well does it work?

[Beldin]

Basically, each layer of any implementation of the OSI stack will have its own peculiarities. E.g. there's a paper on re-identifying computers via TCP clock drift.

How well they work depends on the amount of effort you're putting in. Since Javascript is easy and offers a very rich attack surface, there seems to be little rain to really plunge the depths of other layers.

[paulryanrogers]

Panopticlick did some of this with headers included, their order, and their timing. Which of course can be defeated without much loss of features. Tor Browser being one example

[ratww]

Cookie?

[aabbcc1241]

and also transparent pixel

[chewmieser]

That's great and it's your choice to disable it but his point was don't expect developers that rely on JavaScript to power modern web experiences to develop their site to fit your strict requirements.

JS does way more then just fingerprint users and open up security vulnerabilities. You're in a minority that's asking for fall-backs in a world that's so far removed from simple <noscript> fixes.

[throwaway_pdp09]

> power modern web experiences

So they're going to expect me to leave a major malware and privacy-invasion vector open so they can indulge in creating their 'web experiences'.

Nope. This sounds like kids playing around, not professionals working.

[errantspark]

Ahahaha come on my guy, effective people get to where they are because they can make good risk/reward assessments. Turning off javascript hasn't been worth the opportunity cost to a "real professional" for decades.

[paulryanrogers]

Security researchers and activists in oppressive regimes are professionals. And it's amazing how fast one can end up becoming one when your employer gets badly hacked or your government changes for the worse.

[errantspark]

I'm not saying there's no reason to turn off javascript, or that there aren't professions where that's a good default. But it's absolutely not the norm.

[throwaway_pdp09]

> because they can make good risk/reward assessments

Indeed, and I made mine. No ads, not tracking, no risk of malware, no need for virus scanner, high speed page loading (ahem, when it works). Worth it? For me, sure! Peace of mind means a lot to me.

What's so hard about making web pages that don't use unnecessary tech?

[errantspark]

There's nothing wrong with it, I AGREE with you that we shouldn't ship 5 megs of some garbage framework with every blog post. The point I'm responding to is that it's somehow reasonable or common for "professionals" to run with JS off, and to not do so is "playing around". It's not. It's a very niche thing that very few people get an actual benefit from.

[brigandish]

> to power modern web experiences

This would seem an opportune moment to point out that modern does not always equal good.

[hilbert42]

"...JavaScript to power modern web experiences..."

What the hell are 'modern web experiences'? If you mean unacceptably slow, jittery pages loaded with megabytes of useless crappy data whose only purpose is to spy on users then I don't need them. I always avoid sites like that (and there's plenty more fish in the sea).

[sershe]

If Gmail or Twitter can do it, so can you. And hey, plain-HTML Gmail is actually vastly faster (noticeable even on my gaming PC, and much more so on my banking laptop) and basically as functional as the "regular" one.

Javascript is unneeded for vast majority of use cases, or is needed as an optional extra (like client side form pre-validation). 99% of existing Javascript on most websites is garbage that actually detracts from user experience; and it tends to grow like cancer - where one could get away with some nice enchantments on an otherwise Javascript-required website, one tends to instead end up with a slow, bloated monstrosity with pointless animations, sliding, etc. that cannot be used in multiple tabs, doesn't have capacity to link to a section of itself, etc. (see Chase banking website, for example)

And that is why I personally think no-JS should simply be an ADA-based legal requirement, like handicapped spots. That would force the usage patterns to move in the right direction.

[mdoms]

> If Gmail or Twitter can do it, so can you.

I don't have the resources or user base of Gmail or Twitter. Not even close.

[sershe]

Making a HTML-only website backed by server-side code is generally easier than having two interacting application - one on server, one on client. My point was that even complex, popular apps can easily be implemented in HTML-only without loss of functionality.

[lazyjones]

> Javascript has become a fundamental part of the web, and for the same reason I won't put in extra work to make my sites work in IE, I also will not put in extra work to make my sites work for (a vanishingly small number of) people who pre-emptively block one of the most powerful tools in my belt.

Perhaps you should just try without JS one day and you might be relieved off a large burden that comes with JS (a lot of security issues, complexity, organizing files and loading, crawling and indexing support). I think the threshold for switching to JS use should be higher than it is currently for all the people who just use it by default.

[hilbert42]

You are wasting your time preaching to those who've an agenda, presumably the author gets paid for writing JS so even if he/she actually recognizes the advantages then he/she isn't likely to follow up.

It's occurred to me from reading these posts that we need a few good coders to develop some logically equivalent test sites one using JS and the other without then advertise the fact on HN so as everyone can see and compare.

[forgotmypw17]

What percentage of city bus riders or public restaurant visitors do you think use the wheelchair ramp?

[codegeek]

In my opinion, that is not a fair comparison. Wheelchair ramp usage percentage may be small but they are built because of laws and helps people who actually need it. People are not disabled by choice.

Javascript disablers (and I have full sympathy as a dev. myself) are doing it by choice which is totally fine but it is still a choice, not a need.

[oAlbe]

I would argue that privacy is a need.

[hilbert42]

"...not a need"

By what criterion do you define a need? I've suggested some in my post that could easily be deemed a necessary requirement to require JavaScript to be turn off. It depends on one's circumstances.

[eeZah7Ux]

A lot of visually-impared users have to disable javascript to minimize pop-ups to use a braille terminal.

[lazyjones]

Don't expect typical web developers to care for 1-2% blind users when they've often ignored browsers with 5% or higher market share... Most don't understand that a one-time effort to get the last few % in revenue is worth it.

[janpot]

What percentage of people in wheelchairs are able to walk but choose not to?

[a1369209993]

Counting people with a broken leg who could use crutches but would be risk of further injuries due to avoidable things like falling over? More than the zero percent of people with javascript disabled who don't need either security or privacy.

[1v1id]

There's a difference between a small percentage needing something and a small percentage wanting something, though. If all wheelchair users could turn off their handicap at any time with no consequence, I think you'd be hard-pressed to find a wheelchair ramp anywhere.

[oAlbe]

If all JavaScript blockers users could turn on JavaScript at any time without consequences to their privacy and security, you'd be hard pressed to find JavaScript blockers as well.

[viklove]

If they're really concerned about privacy and security, their machine would be air-gapped and the web wouldn't even be available as an attack vector. What it really is though is a superiority complex fulfilling their need to be "better" then filthy JS developers who don't code in Rust and Scala.

[mdoms]

If I have a client requirement that calls for a high degree of accessibility this obviously changes my approach. I'm talking about things I make for myself, or for clients with less stringent requirements. Same argument goes for the IE crowd.

[johncolanduoni]

Screenreaders (including free and built in ones) have had JS support for quite a while. Using JS is very far from being the limiting factor for robust accessibility.

[tartoran]

I wonder who bothers to test their wonderful experience product on a screenreader. Regardless of this and regardless of the security threat JS execution poses, I find it hard to use the internet with JS disabled. However, when it comes to SPAs, I find that I like the older version of the website way more and also find it a whole lot more intuitive and usable.

[dariosalvi78]

TBH this comparison is a bit offensive. One can choose to use JS or not, those who are no a wheelchair cannot choose to walk.

[celticninja]

Public sector work makes these things a requirement, it doesn't have to work on IE, but it helps a lot if it does because lots of law firms have only got IE. JS is the same, we don't add in JS unless it's necessary, but there has to be a no-JS fallback option, which can be less pretty but still needs to be functional.

[hilbert42]

Correct, that's how it should be. A non-JS fallback ought to be essential for every site.

[mark_and_sweep]

> I won't put in extra work to make my sites work in IE

From my experience, running websites in Germany,

- you can still expect ~20% of desktop users to surf with IE or legacy Edge, and

- the above percentage is higher the older your users are (and lower the younger they are).

Also note that end of support for IE is still 5 years out.

This may be insignificant to you. For others, IE support is essential.

[matthoiland]

I've spent most of my career as a front end developer. We have three tools in our toolbox: HTML, CSS, and Javascript. We need them all and will push each to the extreme to create better experiences for our users and reimagine what the web can become.

I also work in the healthcare space with heavy HIPAA security requirements. Like any language/framework/platform there are best practices to follow for solid security and performance, and a good secops team should set meaningful requirements.

In short, I will show a "This site requires Javascript enabled" message 100% of the time if my site requires Javascript.

[throwaway_pdp09]

> and will push each to the extreme to create better experiences for our users and reimagine what the web can become.

OMG. For this 'better experience' and 'reimagining what the web can become' did you bother to ask the users you pretend to cater for? No?

Listen carefully: the only experience I want from any website is to get to it, get the info I want, then I fuck off sharpish. I do not want 'experience' or any bloody 'reimagining' thank you. I have work to do.

[eeZah7Ux]

Seconded. 99% of the crap on websites is not the information I need and it's wasting my limited resources:

- battery - monthly bandwidth cap - RAM - attention (pop ups, things that blink, things that scroll) - patience for privacy breaches

Pure text is the "better experience" most people want.

[notJim]

The obnoxious thing about this comment is that we often do ask users. Every company I've worked at does user testing and surveys, etc, and no one has ever complained about this stuff. Users do get excited for more interactivity and intuitive functionality, which is easiest to build in Javascript. You're assuming we haven't asked, when actually we have, and everyone else disagrees with you.

[dsparkman]

Thank You! I could not have said that better myself.

[duxup]

It's also their site... to make how they want.

[ativzzz]

The people who share your sentiment are a tiny minority, like IE users.

[ithrow]

The web is more than static websites.

[throwaway_pdp09]

Sure - see my comment elsewhere where I acknowledge that. But all I'm asking for is static sites where static sites are appropriate.

[couchand]

> I've spent most of my career as a front end developer. We have three tools in our toolbox: HTML, CSS, and Javascript.

While it may be common, this seems a somewhat problematic framing of things. You're first responsibility ought to be to an analysis of the problem space, determining the appropriate tool to use based on the needs of the project. If you've already chosen the solution before you've even considered the problem, then of course you would have trouble conceiving of the options outside that narrow set.

[hilbert42]

"In short, I will show a "This site requires Javascript enabled" message 100% of the time if my site requires Javascript."

That's why we users need replacement/plugin alternative JavaScript engines that will allow users to tweak settings and to send feedback/info back to the website that the user thinks that the site should receive. You or the site can then remain blissfully unaware that what you are receiving from the user's machine is cleverly-framed (disguised) garbage.

Sooner or later we'll have a plethora of such engines and then the tide will have turned.

[enriquto]

> to create better experiences for our users

I do not fucking want an "experience", I want hypertext with some images.

[hilbert42]

Touché! Precisely!

[hilbert42]

@mdoms

"I won't put in extra work to make my sites work in IE, I also will not put in extra work to make my sites work for (a vanishingly small number of) people who pre-emptively block one of the most powerful tools in my belt."

Well, I'm glad to be one of that vanishingly small number who still has the wherewithal to block one of your most powerful tools—as we've damn good reasons to do so.

I could be as rude and as arrogant as you have been and just state my piece then leave—which is that things were absolutely fine with the internet until @#$%^&!)s like you came along and &^$%&* it up with JavaScript—but I'll actually proceed on and give you a few very good justifications as to why JS stinks! I know I won't change your mind but hopefully a few others may take cognizance from this summary.

First, it's not JavaScript per se that's the problem, rather it's you web developers who are at the heart of the trouble. The fact is you don't know how to or won't use JavaScript responsibly. Tragically, putting JavaScript into your mob's hands is about as irresponsible as giving kids a loaded 105mm howitzer to play with.

Let's begin (this is the short list):

1. Technology to do everything that most visitors to websites wanted to do was already in existence before JavaScript came along. Back then, the only things that we users had to content with were irritating animated GIFs and 'sparkling' text and the like but they pale into insignificance compared with the problems that JavaScript has brought for us users.

2. JavaScript slows the rendering of many website pages down to an absolute crawl. Moreover, I'm not talking about a minor degradation in page-rendering speed either, in fact it's an enormous reduction, so much so that it's hard to believe (unless you're one of the sans-JavaScript cognoscenti who's already applied the 'secret' of turning JS off). …And it is a secret you developers wish to keep too; for obvious reasons it's not a topic you JS devotees want aired in public (discussions such as this are rarely debated in the tech press and when they are they're kiboshed at the first opportunity).

3. JavaScript introduces irritating time transitions into the time it takes for web pages to render. Frankly, these jerky effects and 'noisy-like' delays irritate the hell out of many of us users. Of course, you developers probably don't even notice them as you've the latest-and-greatest high speed hardware which (often) reduces them to a tolerable level—and even if you did you wouldn't care anyway as JS serves a much too an important role for you web-side developers to bother eliminating the problem. Anyway, we users have a solution—just switch off JavaScript and voilà the problem instantly vanishes.

4. Nuking JavaScript stops—kills stone dead—the vast majority of painfully irritating ads, popups begging for subscription as well as all those other annoying and unnecessary animated visual effects that so often fills web pages. Not only are they distracting but also they clutter pages and obscure text. Again, our solutions is to turn off JavaScript and we're now back in control—not the website. You don't even need to install sophisticated script blockers, NoScript etc. (it's a no-brainer really).

4.1 If you're worried that you might have to turn on JS in a hurry and the settings aren't available or immediately accessible then just install a Toggle JavaScript add-on into your browser. It will install a button on the browser's Navigation Bar that allows you to toggle JS on and off (nothing could be simpler). (Incidentally, it hasn't gone unnoticed that you website developers have managed get browser developers to remove the JS on/off setting in the setup/preferences menu of some browsers, for example, Firefox.)

5. Another huge gripe among many users is the obnoxious practice of websites stopping users back-linking to the previous page as sites deliberately break or expire the page immediately the user moves forward—and they often do so without any good reason (i.e.: when there's no real need for security). Even 'good' sites such as DuckDuckGo are into this damned annoying caper. If that were not enough, we see websites regularly abusing—deliberately punishing—users who refuse to use JavaScript by rendering the visited page blank unless JavaScript is turned on. Then there's the annoying practice of websites using overlays to force users to do the website's bidding. This is nothing other than abuse of the user by the website—it's a case of 'we'll fuck you up properly unless you do exactly what we damn-well tell you to do!' You developers really do have a damned hide and what makes it much worse is that you actually get indignant because some users "...pre-emptively block one of the most powerful tools in your belt". With an attitude like that then fuck you!

5.1 What is it about you power-hungry control freaks that make you so nasty and antisocial? Have you ever heard of the science of ergonomics or even diplomacy? Perhaps Dale Carnegie's How to Win Friends and Influence People, should be a part of the JavaScript syllabus: https://en.wikipedia.org/wiki/How_to_Win_Friends_and_Influen...

6. When I first started to use the internet a page of text was 2k bytes in size; nowadays, it's usual to see web pages blow out to between 1MB and 5MB which is just outrageous. Turning off JavaScript can prevent some of this traffic downloading. This not only speeds up web page rendering but also saves your line/data costs. (Remember the user is the one paying for the data costs—not you! It would be interesting if governments were to tax websites if pages exceeded a certain size—after all, large web pages are unnecessarily contributing to greenhouse gasses. Methinks a carbon tax on excessively sized web pages would be a brilliant idea!)

7. Without JavaScript, cryptominers find it more difficult to use your machine's CPU time for calculations; similarly, identity theft is more difficult so is the ability to take over your machine or put dangerous payloads on it. Moreover, even figuring out your time zone and location becomes more problematic for the remote website if JS is disabled. This all helps to maintain privacy.

8. Without JavaScript most invasive trackers are blocked, so are many of the privacy-invading techniques used by websites. Without JS, websites can't even stocktake users' font lists let alone use many of their nefarious tricks to spy on them. To get some idea how effective turning JS off is, visit EFF's Panopticlick website, https://panopticlick.eff.org/, then toggle JS on and off. Nuking JavaScript isn't a universal panacea for privacy nor will it completely stop browser fingerprinting but it's a damn good start! Here's the results of Panopticlick's test on my browser sans JS. You'll note that without JS switched on, 18 pieces of private information were blocked from this nosey test site.

Screen Size and Color Depth — no javascript,

System Fonts — no javascript,

Limited supercookie test — no javascript,

Hash of canvas fingerprint — no javascript,

Hash of WebGL fingerprint — no javascript,

WebGL Vendor & Renderer — no javascript,

Language — no javascript,

Platform — no javascript,

Touch Support — no javascript,

Ad Blocker Used — no javascript,

AudioContext fingerprint — no javascript,

CPU Class — no javascript,

Hardware Concurrency — no javascript,

Device Memory (GB) — no javascript.

9. Not satisfied with all that lot, you mob want even tighter coupling into the innards of our machines, to do that you've even 'conned' the W3C, World Wide Web Consortium, and IETF, Internet Engineering Task Force, to adopt new technologies such as WebRTC. These technologies further obfuscate what websites are doing on users' machines.

It's precious little wonder you website developers are so enamored with JavaScript. You've never stated the real reasons why JavaScript is so essential to your existence, it's been your dirty little secret for many years and it's time we users spelt it out in spades. At no time were we users ever consulted about JavaScript's invasive features nor were we ever told in advance that you were going to steal our privacy and to do so you'd use JS as your frontline tool.

Finally you need to recognize that many of us just DO NOT want fancy wanky web pages! When I read a book I'm not distracted by subscription notes popping up out of the page and I don't expect it to happen when I'm visiting a website! Just because the technology allows it, it doesn't mean that it should be used or abused. (I note you're not alone here, TV and video editors are forever fast-cutting or using damned annoying distracting visual effects.). If you feel that you must cater to the attention-deficit generation who needs baubles bangles and beads bobbing around every second then produce two threads to your websites. The fact is that most of you developers have fuck-all knowledge of user ergonomics or how the human mind actually absorbs knowledge. As a starting point I'd strongly suggest that you at least have the decency to recognize your limitations.

It has to be said that we users are at war with you and your websites—a war that you started and that up until now one in which you have held the advantage. These days, with privacy being on everyone's lips, I can only hope that eventually things will turn in users' favor. You web developers have so maimed, distorted and damaged the internet over the last 20 or so years it seems to me that eventually the scope of your work and how you carry it out will—of necessity—have to be legislated. It only takes one country to introduce laws and regulations and the dominoes will soon fall. The sooner it happens the better.

[mdoms]

This is unhinged. Seek help.

[hilbert42]

OK, you've started with an opinion. Now use formal argument with evidence to rebut the claims (they're pretty specific so don't wander too far off topic).

It's funny how they become speechless and all go to ground at this point.

[zelphirkalt]

Well, I hope you then also avoid 3rd party JS and make your own first party served JS free a.k.a. libre., non-minified and readable. Then I could accept your JS to be run on my machine. If you already do so, thank you for being such a good example.