I'm starting to feel like no-javascript-guy is some type of HN novelty account. Seriously man, not a single person here cares that you don't use javascript. Move on.
I strongly disagree. Gnosis is being ridiculous here in complaining that something interactive needs code, but it's equally ridiculous for non-interactive pages to need javascript. I've seen pages with the entire content in the html, set to invisible, that needed javascript to turn the text black. That is shameful web development. It shouldn't take 10 billion clock cycles to make the page appear. Html, css, javascript, they each have their own jobs, and it's valid to complain when someone does it wrong.
But again, it's only valid to complain about/mock javascript on non-interactive pages like blogs.
> But again, it's only valid to complain about/mock javascript on non-interactive pages like blogs.
Which is a bit part of the point of this, it is an interactive page. Though again I'll disagree further and say it isn't valid at all to simply complain and mock. A reasonable discussion on usage of javascript, or browser-based applications would be worth having. Just saying "not gonna use it" isn't interesting.
Again, you're talking about javascript on application pages. I am perfectly fine with javascript on application pages. My only complaint is when there is no fallback on simple document pages.
"Gnosis is being ridiculous here in complaining that something interactive needs code"
You know, not everything that needs code needs to be run in a web browser.
Is it really so ridiculous of me to oppose opening my browser up to Javascript exploits and spying by the likes of GoogleAPI?
I'd be happy to run the game in any of the standalone, non-browser-based Interactive Fiction game engines like Frotz[1], Zoom[2], and Inform7[3] out there that this particular game might have been written in. And I would have had no problem playing it then.
Standalone engines are subject to fewer attacks from untrusted code, so they're probably easier to exploit than a browser. So I can't really agree with you on a security perspective. And incognito mode / using a separate browser profile / portable browser installs are all options to completely preserve privacy that are either as convenient or more convenient than installing an interactive fiction engine.
"Standalone engines are subject to fewer attacks from untrusted code, so they're probably easier to exploit than a browser."
Probably? This is purely speculative.
I'd be interested to see any actual exploits of Interactive Fiction engines. So far, they are a much less attractive target to malware authors than web browsers are. That alone makes me prefer them over web browsers, no matter what their theoretical vulnerabilities may be.
"incognito mode / using a separate browser profile / portable browser installs are all options to completely preserve privacy"
Users are often tracked by their IP addresses as well as OS and browser fingerprinting, which Javascript can facilitate. Try going to Panopticlick[1] with Javascript turned off and then with it turned on and see the difference.
"that are either as convenient or more convenient than installing an interactive fiction engine."
But I already have multiple Interactive Fiction engines installed, so using them is perfectly convenient for me. As for others, how many people do you think actually bother to use a separate browser profile or even "incognito mode"? Not a hell of a lot. And if they do, they might also do what I do and disable Javascript altogether.
>So far, they are a much less attractive target to malware authors than web browsers are. That alone makes me prefer them over web browsers, no matter what their theoretical vulnerabilities may be.
I sympathise but find it quite contrary that you prefer to download standalone engines over something sandboxed in the browser. Although I believe there is some unknown percentage of users who won't turn on Javascript for this game, I can only imagine that a vanishingly small percentage of those might take a stance similar to yours.
The other obvious flip-side of your argument is: Javascript has a much bigger potential audience than IF engines these days. That alone makes Javascript preferable to develop for. The security and privacy issues do not make enough of a dent in Javascript's userbase to make this a serious consideration for developers.
I care slightly, because it's such a very strange stance to have. I just can't understand this aversion to js. Do they want the browser to just display html forever? Go back to the way things were? Do they actually think that will happen? When the browser is _the_ application platform, what will they do?
The point is that it's valuable for game developers to realize that some people can't play a game that requires javascript. The comment helped facilitate that.
Everyone can plan a game that requires javascript. A vanishingly small number of people actually wont. Reading anything more into this single comment is silly.
From your comments you seem to actually be interested, so let me tell you about it from my neo-luddite POV.
I love games ( I actually _pay_ for games I like ). I also run with my browser fairly locked down. If you've made a game like this and want me to take more than 10 seconds on the web page, at the bare minimum have it load _something_ without scripts and without requesting anything from another domain ( this means jquery, google apis etc )
This game is a great example of one I wouldn't look at because it loads nothing until a request to googleapis is enabled and scripting is turned on. Perhaps it is overly judgemental on my part, but I assume that failing to provide _any_ level of graceful degradation in a design indicates a poor effort. It takes 5 minutes to add this to your landing page and will save you a tiny percentage of bounces.
tldr: make sure your landing page loads something. anything. Ideally a short message telling users what awesome things enabling the site scripting does for us.
Game developers should learn that Amish people exist, at which point they're aware that all computer-related things will have people who choose to not them. They'll also learn that it's not a big deal.
"he is instead annoyed by your post to announce your minor decision to the world"
Well, I'm annoyed by these other people's announcements of their minor decisions to play this game despite it being a threat to their security and privacy.
So, I don't agree with the mouthbreathing masses. It won't be the first nor the last time.
You know these same people would probably be exploited by some dancing baby app, punch the monkey game, or porn app which they fell all over themselves to install, and then announced to the world how great it is!
Yeah, I don't want to be hacked or tracked like the rest of these morons are. Sue me.
EDIT: Remember, your votes decide the type of discussion you'd like to be having in the future. So down vote me if you'd like to see more bullying on HN.
I use noscript, and am continually annoyed by web pages that feel they need to run code on my computer to load. I get it when people complain about things needlessly using Javascript.
With that in mind, what the hell were you expecting? Even in the 90's web based games used flash. What exactly was the 'secure' alternative? A game needs to run code, whether natively or in your browser.
Have you ever heard of games that don't run within web browsers?
That's what I thought this particular game might be.
In fact, there is a slew of standalone, non-browser-based Interactive Fiction game engines like Frotz[1], Zoom[2], and Inform7[3] out there that this particular game might have been written in. And I would have had no problem playing it then.
This is not an interactive fiction game. While primarily text-based, it uses rich UIs based around that text, and the input mechanism is not command-based, but instead generally button-based (or in the case of the third and fourth parts of the game, partially arrow-key-based). In addition, the end of the game isn't actually text-based at all.
The developer would have to ship their own custom engine, at which point you have unsandboxed code running under your user account on your computer, instead of code sandboxed in the browser (which is probably the most generally available and secure sandbox for arbitrary code that exists right now). You are quite unlikely to give the game a full code review to make sure it's not making any analytics requests or shipping your data off to the program author, so that is probably worse from a logical security standpoint.
Now, if you're worried about the request to load JQuery from ajax.googleapis.com, you could've pointed out originally that this is a concern for those who worry about their privacy, and most on here would agree with you. I'm not actually sure why the author of this game decided to use the CDNed JQuery, when the rest of their scripts are unoptimized and loaded from their own server.
'Secure' interpreter? Fair enough. I'm afraid that would likely make it harder to get started though. Not to mention that JS probably has support for better graphics assets than a regular text game interpreter.
"JS probably has support for better graphics assets than a regular text game interpreter."
This game was billed as a "minimalist text-based game", for which any of the standard Interactive Fiction interpreters would have been more than adequate.
Incidentally, many of these IF interpreters are able to display graphics, and sometimes even sound -- though the usefulness or appropriateness of those features in the context of IF is debatable.
I'm sorry, what basis do you have for saying 'your browser has been owned,' as if it were inevitable and I were merely unaware of it? Just because I have JS enabled does not mean I'm indifferent to security. Besides my OS, I also monitor traffic through my router and modem.
Please don't assume that your abundance of caution entitles you to dismiss others as ignorant or indifferent to security matters.
All I'm saying is that absence of evidence is not evidence of absence.
It's possible that your security has been compromised and you are simply unaware of it. It's great that you monitor your network and take other security precautions. It would probably be even better if you also avoided running Javascript apps written by people you don't trust. Wouldn't you agree?
> If the source is available to the public it is open source.
That's not the usual definition. The usual definition of "open source" revolves around having an open source license.
> I may not have a copyleft license, but for that we have other terms like "Free Software".
"Free Software" and "open source" are approximately equivalent (the FSF "free software" definition and the OSi standards for "open source" aren't identical, and there are probably some license that meet one but not the other, but they are close enough in practice that its not a huge difference.
"Copyleft" is a much narrower term than either "open source" or "free software". Most open source or free software licenses are not copyleft.