Re: JavaScript is only a tool

[Narcis Garcia]

El 25/7/21 a les 14:19, Lorenzo L. Ancora ha escrit:
>> Call it dynamism if you want.
> 
> This is how it is technically called and the distinction is important.
> 
>> Then dynamism it's (or should be) enough useful on most scenarios.
> 
> Server-side scripting is not an alternative to client-side scripting,
> the two things bring heavily different results and offer different
> possibilities. Not all client-side scripts can be replaced (or are
> convenient to replace) in this way. The opposite, unfortunately, is not
> true, because - when there are no security implications - offloading the
> computing to the client is always advantageous for a webmaster.

I partialy agree: server-side programming is not a complete alternative
to client-side programming: It's enough, not an alternative.
And I agree about advantages for webmasters (or service owners):
Client-side programs are a way to exploit client memory and processor,
saving server memory and CPU time. This applied massively is a great
profit for GAFAM, for example: Everybody's devices are their devices.

>>> Thus, the functionality offered by JavaScript can by no means be
>>> replaced by server-side processing, but server-side processing can be
>>> used to produce dynamic JavaScript to reduce the complexity of existing
>>> client-side code (this is an advanced technique, often used with
>>> server-side scripting frameworks).
>> This argument seems same as "functionality offered by Adobe Flash can by
>> no means be replaced by JavaScript" or "functionality of ELF or EXE can
>> by no means be replaced by Flash, ActiveX or Java applets" > What is
>> "enough" and what is "desirable" ?
> 
> I'm sorry, your question is too vague and my answer would be redundant.
> Can you elaborate it further?

More functionality does not always mean better result.
Or It may depend: if objectives are for people or for webmaster.
Who is working web developer for?

>> The need to use JavaScript grows with developer's dependence of it to
>> make a website nice or productive at his/her like.
> 
> There is no alternative to JavaScript, thus depending on JavaScript is
> equivalent on depending on CSS or HTML. Webmasters use these standards
> because there are no better/supported standards available. In general,
> webmasters always use the most widespread and supported technology.

My irony: If abuse is a standard, webmasters make us of standard.
There is no alternative to tracking and spying: No other technique make
equivalent results.

>>> Perhaps one could be in the condition of totally disabling JavaScript if
>>> underage or in a very reclusive community, otherwise there will be
>>> always a moment in which you will be forced to use it (and very often,
>>> as it should be, its execution is transparent).
>> Oh, I have not enough time to open a new thread about JavaScript
>> transparency and bad practices over average users.
> 
> The world is unfair. It would be an endless mail thread! ;-)

My irony: Unfair world is a standard; we better don't try to do things
better.

>> An HTML6 version is desirable to extend tags and properties that make
>> JavaScript less and less necessary to validate forms, change UI
>> behaviour (such as editor) or react to events.
>> In the meanwhile, JavaScript is the main trap for human beings.
> 
> "JavaScript is the main trap for human beings" ...
> yes, it is an unavoidable trap. :-)

This is a very pessimistic sentence, same as my latter irony.

> Furthermore, I'm sad to reveal the truth: markup languages like HTML
> (current and future versions) cannot replace scripting languages by no
> means. It is physically impossible, because a markup language with
> scripting capabilities becomes a scripting language, thus you would
> obtain only another kind of JavaScript. Actually, it is even worse,
> because a deeply integrated scripting system would be impossible to block.

I don't meant HTML with scripting capabilities but:
Properties or attributes as readonly, action, checked, coords, disabled,
ismap, method, scrolling, target, usemap, etc.
they all trigger web browser standard procedures to change page
behavior, and without them more and more client-side programming should
be necessary in the past.
I mean to increase standard HTML tags, properties and attributes (maybe
CSS too);
Most of HTML 4 pages were perfectly implementable in HTML 3.2 by adding
more and more JavaScript; an important improvement of HTML 4 was the
extension of tags and attributes that extends the **standards** and
avoids some JavaScript **patches** and client-side overcharging.

>> You are a bit confused:
>> End users don't demand this or that, but they respond to companies
>> competition to steal personal data and social data. Ens users demand
>> humanity, and GAFAM (for example) serve "fake social" humanity.
>> Web tracking is well-hidden under JavaScript "useful tools".
>> "Ens users expect the best"
> 
> Web tracking exists with or without JavaScript. Server logs and cookies
> are more than sufficient to track end users, only that there has been no
> economic incentive to implement server-side tracking, because
> client-side tracking, while being less effective, is also more economic
> and easier to deploy in production. If JavaScript disappears
> entrepreneurs will only find another way to track their users, both for
> bad and for good.

My irony: If web tracking exists anyway, we better don't do anything to
make easy for users avoid it. And a knife is only a tool.

> A CMS does not require JavaScript and dynamism is enough (and for small
> websites it is fine, you can even use a flat-file database in these
> cases), however the correct presentation of the multimedia contents -
> that is, anything that goes beyond simple embedding - will require
> JavaScript. For example, using a socket to support a chat next to the
> video will require JavaScript, as well as allowing remote control of a
> streaming camera, leaving comments in real time, playing a multiplayer
> game, safely buy a product and so on. Countless websites have no choice
> but depend on JavaScript, mainly because, all these tasks, if performed
> without JavaScript, would make the site unable to support more than a
> few hundred users at a time and for those users it would be difficult to
> have good responsiveness, it would be incredibly inconvenient to have to
> reload the page for each interaction.

I feel this as a fallacy: If live chat and some multimedia behavior
(currently) require JavaScript, everything is better developed with
JavaScipt.
A small tip: A page not only can be refreshed by user action or JS
event. There are other refresh techniques by HTML.

>> This paragraph suggests you don't want society makes changes to progress
>> to a better world. It's like saying "a very recluse community use
>> electric-only vehicles".
> 
> Are you accusing me of something? Look, I limit myself to only describe
> facts, there is no personal opinion in my words. If you want an opinion,
> you have to ask for it explicitly.
> 
> Regarding the comparison, the answer is no, it is not the same thing,
> because electric vehicles are a very different type of good (material,
> innovative, luxury good) and are obviously subject to other economic
> rules. Governments, businesses, corporations and other entities make
> pressure to gain independence from non-renewable energy sources, so
> there is an enormous social/economic/ethical push toward the adoption of
> electric vehicles. The same cannot be said for the abandonment of
> JavaScript and, on the opposite, the rise of IoT represents a notable
> incentive towards its development.

I was using a (bad?) analogy to describe a fallacy.
My poor english does not give me anything better to be precise and
fluent in this thread. I'm sorry.

>> GAFAM lie to webmasters to they use tracking APIs and fonts, so GAFAM
>> track end users by using webmasters as an instrument.
>> And ens users (consumers) don't ONLY act to satisfy NEEDS; in the XXI
>> century people act to satisfy created extectations.
> 
> This is all true, I agree.

Then this is an important basis for me to avoid using 'end user' to
argument what they ask for, what they need, etc. Individuals freedom
(and including inexperienced users) is more important than a mass
audience apparent demand.

>>> JavaScript runs in multiple sandboxes and is no more or less vulnerable
>>> than other web standards. > I completely disagree because of the
>>> focus of phrase: JavaScript makes
>> user more vulnerable than other web standards (such as HTML). This is
>> because of 3 reasons:
>> 1. JavaScript's flexibility to do complex procedures.
>> 2. End user's difficulty to trust on what are doing JS complex actions
>> 3. Webmasters (such as GAFAM) bad practice to force people to accept new
>> JS procedures, and this is followed by web browsers updates that support
>> this evolution.
>> Take a look into difficult for webmasters to apply strict CSP & SOP to
>> websites.
> 
> 1. This is the reason JavaScript exists. If something is simple you
> likely won't need to use it;

For this, a better extended HTML could make components simpler, and
minimize client-side programming need.

> 2. Unfortunately, very few end users question the purposes of the
> scripts executed and study the code inside a webpage. Almost the
> totality of the visitors of a website do not even think about the
> presence of JavaScript, which goes unnoticed;

Ignorance (of end users) is the basis of their lack of freedom. This is
another capital problem of client-side programming (JS, Java, etc.).

>> This is a trap: I fee more vulnerable a website (also bank websites)
>> full of third party JavaScript than most of obsolete computers.
>> It's like to compare an old bycicle vulnerabilities with modern car with
>> updated firmware.
> 
> JavaScript allows banks to distinguish real web browsers from bogus ones
> and encrypt information in real time. In addition, third-party scripts
> (where required) can be included after an integrity check, therefore
> without the possibility of being replaced if/when the third-party is
> compromised.

JavaScript can, allow, can, can... The same (and more because
obfuscation) to do the bad. How can I trust a bank web Intranet with
third party components like Google fonts and 'doubleclick' ads?

>>> By law, banks have to discern legitimate users' legitimate web browsers
>>> from clients trying to simulate a web browser; they must also carry out
>>> checks on a time basis by law, to avoid brute force attacks and
>>> complicate the potential thefts of credentials (and I'm sure also other
>>> horrible frauds). Banks are forced to use all possible means to secure
>>> their web portals.
>>
>> Some law reference?
> 
> See PSD2 \ 2015/2366/CE. It also depends on the specific nation, e.g. in
> Italy all banks require an app inside the smartphone or an advanced
> token of some kind and won't work without JavaScript.

This is not true about JavaScript, and smartphone application is not a
requirement. I've studied EU's PSD2 and customer checking can be done
with IMAP, SMS and other mechanisms.
A different question is that some bank prefers to track their users with
proprietary apps (unrelated to JavaScript).

In the same EU, there is a german bank (one of the biggest banks) that
does not use any phone or connected device for PSD2 but an offline token
device (all in a chip with an LCD screen and numeric keyboard).

> Obviously, I cannot start citing the laws of every nation in the world,
> but in general the law of the various countries states that banks (and
> in general anyone who receives custody of an asset) must do everything
> possible to protect the security of the customer and the data entrusted.
> For example, almost all banks require a token or a digital certificate,
> which must be bound by very stringent time factors to avoid the
> fraudulent reuse of authentication codes. In addition, during all
> transactions the bank is obliged to verify that the user is real using a
> special intermediate page, tracking him to avoid data theft, person
> replacement and so on. Unfortunately, all of these security measures
> require JavaScript and often even captchas.
> 
>> Today's problem is the selling of people's information itself, beyond
>> products.
> 
> This is why we call it "Information Society". ;-)

Better "society" than "market", because JavaScript is more a problem for
society, and an oportunity for the market.

>>> Everyone hates advertisements, but they are necessary for everyone, even
>>> for those who distribute free software but do not intend to ask for
>>> donations, for example. Without ads, you wouldn't be able to download
>>> anything for free, because domains, servers and staff have a cost.
>>
>> Internet is a communication infrastructure.
>> Communication does not require advertisements.
>> I feel this thread is a conversation from really different worlds.
> 
> Internet is a communication infrastructure.
> Infrastructure requires money to be maintained.
> Ecommerce and ads are a source of income to sustain it.
> JavaScript is required to sustain both and thus the Internet.

What if I pay my money for my computer, my Internet link and my web
hosting? Why do I need to pay with my freedom and privacy?
When I buy a product through eCommerce, I'm paying it with money too.
"When you don't pay for a product, YOU are the product" -> This is the
basis of GAFAM and their JavaScript use. Ads are only the top of the
iceberg.

Most of JavaScript what is run on your web browser is GAFAM's
And GAFAM's don't make money to maintain Internet infrastructure but to
exploit people's freedom and personal data, making even more money with
it by selling to other companies and governments.
(I hope you don't need new references about this)

>>> This does not make the protocols stateful, they remain stateless.
>>> Developers, in fact, have to respect the standard and the state must be
>>> kept with distinct means. In addition, webmasters and web server
>>> developer cannot base their commits on inconsistent - albeit
>>> standard-compliant - client software behavior.
>>
>> You are supposing webmasters and developers they all make their job with
>> good practices and to be kind with end users. This is unrealistic.
> 
> Webmasters have all interest in being standard-compliant, so they can
> target more devices and receive more users. They make their interest,
> which in this case coincides with that of end users.

Again you confuse end users interests, additionaly because ens users
have the interest of being respected too.
You are telling like ICT world and people's world are the same, thus
their interests are the same. With this, a fallacy is developed as a
marriage of GAFAM's and governments interests with ens users interests.

>> I enjoy live talking with my neigboors and we don't need advertisements
>> to do this at our street. I can pay a table and some chairs to enjoy a
>> sunday with my friends, and I don't need advertisements to be happy with
>> them.
> 
> I am very happy for you. Then you will go home and turn on the TV, where
> you will find commercials, otherwise you would not have any TV program
> except the news. Then you will read the morning paper, where there will
> be advertisements. When you start driving, you will notice the presence
> of billboards in the streets. At work, you will certainly receive
> advertising emails, some of which will end up in the SPAM folder. When
> you'll have a doubt about solving a complex problem at work, you will
> search the Internet, where the search engine and then the websites will
> show advertisements. Back home after work, you will stop for a coffee at
> the bar, where there is a poster advertising a famous drink on the wall.
> In line to pay for the coffee, you will notice that the radio is on and
> shortly afterwards an advertisement for a new insurance company will
> start. Once out of the bar, a truck will pass in front of you, and on
> its side you will notice the presence of a large advertisement for a
> museum in the suburbs. When at home you'll relax in the bathtub but,
> after a few moments, you'll hear far away the voice of a speaker mounted
> on a van, announcing an upcoming spectacle. At the end of the day,
> before going to bed, you'll end your reading of "I Malavoglia" by
> Giovanni Verga, an important novel and, before closing the last page,
> the last image you are able to see before dozing off, is the written ad
> containing an offering to get a discount on the next book, "The Divine
> Commedy" by Dante Alighieri.

You've describen the difference: I make the effort to meet my friends on
street, pay some chairs, choose conversation subject with them... and
when I turn on TV I don't talk with friends (but they all say are my
friends), I must eat unsolicited ads, etc.
I prefer to share media contents with a real social network (my friends
share some movies or documentaries with me; ads free), my morning paper
is the information I looked for (not XX century newspaper)... I make all
I can to be happy, and my happiness has a strong component called
freedom. This is the free will vs ads stressing influence.

> ...in your dreams, you'll then start remembering the catchy song from
> the ads and you'll wakeup with that in mind, ready to live another day
> as one of the many cogs of the modern economy.

Does fit in a modern economy a society with people we want to change
things? If the answer is 'no', then you should choose some side on this
society.
Society is developed (analogy with web) or is pre-determined?
Are we talking in a thread because we want the things work in a way or
another? Or there is nothing to do because it's a standard?

-- 
Narcis Garcia