Re: JavaScript is only a tool

[Narcis Garcia]

Previous: Sorry for my poor english.

El 24/7/21 a les 17:40, Lorenzo L. Ancora via ha escrit:
> The world wide web has evolved and end users are more demanding because
> they want multimedia content, real-time interactions, high accessibility
> and much more. End users expect the best.

You are a bit confused:
End users don't demand this or that, but they respond to companies
competition to steal personal data and social data. Ens users demand
humanity, and GAFAM (for example) serve "fake social" humanity.
Web tracking is well-hidden under JavaScript "useful tools".

"Ens users expect the best"
Did you make a serious survey to ask what people consider "the best" for
their life? Some logical on this argument is really similar to logical
from "demanded food" vs "the best food".

> JavaScript is required for chat, A/V streaming, live streaming,
> security, ecommerce, gaming, social networking, banking, and so on, plus
> it brings significant benefits in terms of security and accessibility in
> many other more traditional applications, especially if the site is
> large and needs faster ways to present information (end users rarely
> spend more than 30 seconds on a web page if their attention is not
> immediately captured).

I completely disagree, and some JS-free CMS prove it.

>> 1) I do not want to. Give me the WWW, the Web, distributed network of
>> documents, not the network of applications. 2) You can have interactivity
>> just by using something like VNC/telnet/X11 remote input/output sharing.
> 
> I hope this is a joke and you are not serious: nobody would grant you
> remote access to their computer just to show you a document or make a
> business offer. This has no sense whatsoever.
> 
>> I assume that Microsoft Windows is used because it is necessary too?
>> If their needs and tasks are
>> ecommercing and running Windows-compatible-only videogames, then yes, it
>> is necessary for them. Web/WWW and web-browsers are about
>> documents/knowledge sharing. I do not use Windows, have never own
>> smartphones, do not use bank card -- how can I live without them if they
>> are necessary? ZFS for me is necessary without any doubts. Do not put
>> completely various tasks in one basket.
> 
> This looks like an attempt of Argumentum ad Passiones based on the words
> "Microsoft" and "Windows", a dialogue technique to bring an interlocutor
> into fallacy. Did you really think I wouldn't notice? :-)
> 
> For the rest, the overall paragraph is very unrealistic and could only
> be true if you lived outside of society or are a member of a very
> recluse community.

This paragraph suggests you don't want society makes changes to progress
to a better world. It's like saying "a very recluse community use
electric-only vehicles".

> Please don't try to associate the fear/negative opinion towards
> "Microsoft Windows" (proprietary software solution) with JavaScript
> (standard programming language), because they are totally unrelated.
> I wasn't born yesterday fella.
> 
>> Billions of users can not be wrong?
> 
> End users only act to satisfy their needs, there is no right or wrong.
> The same goes for webmasters, they want more visitors and so improve
> their websites to attract and fidelize them.

GAFAM lie to webmasters to they use tracking APIs and fonts, so GAFAM
track end users by using webmasters as an instrument.
And ens users (consumers) don't ONLY act to satisfy NEEDS; in the XXI
century people act to satisfy created extectations.

> JavaScript runs in multiple sandboxes and is no more or less vulnerable
> than other web standards.

I completely disagree because of the focus of phrase: JavaScript makes
user more vulnerable than other web standards (such as HTML). This is
because of 3 reasons:
1. JavaScript's flexibility to do complex procedures.
2. End user's difficulty to trust on what are doing JS complex actions
3. Webmasters (such as GAFAM) bad practice to force people to accept new
JS procedures, and this is followed by web browsers updates that support
this evolution.

Take a look into difficult for webmasters to apply strict CSP & SOP to
websites.

> Obsolete computers are vulnerable and its your responsibility (or the
> responsibility of your sysadmin) to install the security patches when
> available. If you don't update your system, disabling JavaScript can
> only reduce the attack surface and the only solution is to disconnect it
> from the Internet. If you own vulnerable hardware, don't use it to
> browse the Internet in the first place.

This is a trap: I fee more vulnerable a website (also bank websites)
full of third party JavaScript than most of obsolete computers.
It's like to compare an old bycicle vulnerabilities with modern car with
updated firmware.

>> Banks could be fully satisfied with TLS/IPsec
>> secured ordinary HTML forms, BBS/telnet/VNC/whatever remote sessions.
>> Neither banks, nor governments need to run arbitrary closed software on
>> my computer.
> 
> By law, banks have to discern legitimate users' legitimate web browsers
> from clients trying to simulate a web browser; they must also carry out
> checks on a time basis by law, to avoid brute force attacks and
> complicate the potential thefts of credentials (and I'm sure also other
> horrible frauds). Banks are forced to use all possible means to secure
> their web portals.

Some law reference?

> Ecommerce will never disappear, it can only increase over time.
> If someone told you that ecommerce will disappear, they obviously meant
> that they are moving to Antarctica, where the Internet connection is
> absent.

+1

>> Agreed. That is why most people hate advertisements and tries hardly not
>> to see those annoying animated web pages. I remind that beauty colorful
>> products selling in completely irrelevant task/need for free software
>> people, for people in need of sharing information, not selling the
>> products. Modern Web browsers, JS, CSS: for selling products -- agreed.

Today's problem is the selling of people's information itself, beyond
products.

> Everyone hates advertisements, but they are necessary for everyone, even
> for those who distribute free software but do not intend to ask for
> donations, for example. Without ads, you wouldn't be able to download
> anything for free, because domains, servers and staff have a cost.

Internet is a communication infrastructure.
Communication does not require advertisements.
I enjoy live talking with my neigboors and we don't need advertisements
to do this at our street. I can pay a table and some chairs to enjoy a
sunday with my friends, and I don't need advertisements to be happy with
them.

I feel this thread is a conversation from really different worlds.

>>> From the point of view of security then, since HTTP is stateless and the
>>> telnet/ssh sessions are statefull
>> Actually that is complete hypocrisy. Because all modern Web-browsers,
>> HTTP/2 and HTTP/3 are very hardly try to *exactly* leave session
>> long-lived as much as they can. Literally keeping TLS resumption tickets
>> for days. telnet/ssh sessions in practice will last only when you work
>> with the remote side. TCP can be stateless, but not the cookies and
>> JS storages.
>> Wrong word. I mean "fallacy".
> 
> This does not make the protocols stateful, they remain stateless.
> Developers, in fact, have to respect the standard and the state must be
> kept with distinct means. In addition, webmasters and web server
> developer cannot base their commits on inconsistent - albeit
> standard-compliant - client software behavior.

You are supposing webmasters and developers they all make their job with
good practices and to be kind with end users. This is unrealistic.
-- 
Narcis Garcia