/tech/ - Technology★

I'm late to the party. What's gained by making a website use only form submits for input and template rendering for output? What's lost by dumping javascript onto web pages?

>>1008732

infinite security,

negative security

>>1008739

I think I'm still missing something. What exactly causes dropping some jqeury to manipulate the dom to negatively impact security? Do you mean it opens the potential that the site will introduce malicious code, or that javascript is inherently malicious through built-in malicious code?

>>1008732

Just look at the kind of content and corporations that exist on jsless sites.

>>1008719 (OP)

https://wiby.me/

https://www.textise.net/

>>1008719 (OP)

why are you not posting on nanochan anon

I'm going to post this here because this probably doesn't deserve its own thread, and it's kinda related to what OP is talking about. I'm working on a personal website at the moment, and it's just a simple static site. I'm using Pure as my CSS framework of choice, and I'd like to use no JS at all.

I want the site to be responsive - no, I'm not one of those 'mobile first' fags, but the reality is that a lot of people will access it through their phone, so the layout needs to scale well at all resolutions. Most of the page already does this. The problem is, the horizontal menu on top gets cut off when I resize the window to look like a smartphone. Is there a solution to this that doesn't require the use of JS?

>>1008810

Why not roll your own CSS? And something like width: 90% would have it fit every resolution.

>>1008810

>CSS framework

Cancer. Write your own, pajeet.

>>1008811

I'll try to do that, thanks. I'm not a programmer or even a 'tech person', that's why I decided to use a framework that takes care of the basics so I can just focus on making the site look 'personal'.

>>1008719 (OP)

> is there any good search engine?

No.

>>1008812

Cancer. Reinvent the wheel again, no-project.

>>1008844

What's the point of this post? It's a PERSONAL website, so the CSS should also be PERSONAL. Unless you want your site to look like just every site out there.

>>1008850

>>1008858

>they don't use Mithril.js and Tachyons for CSS

never gonna make it

>>1008732

Javascript is used for things which could be done easily though server-side templating slowing down your browsing experience. There are legitimate use cases for JS, but they should always involve improving your existing HTML, not replacing it. Look at twitter for a particularily bad example of JS. You don't need client-side scripting to display 140 character messages, and maybe a couple images.

Also security/privacy, but those concerns pale in comparison to how fucking slow JS/DOM manipulation is

>>1008878

<You don't need client-side scripting to display 140 character messages, and maybe a couple images.

you do if you want it to auto update, retard.

>>1008890

Which could be implemented in what, 20 lines of JS? Auto-updating doesn't excuse the monstrosity that is twitter.com

>>1008893

Auto-update should be optional anyway, at user's choice. Else he can just hit refresh, if he wants to use browser without JS.

that's dumb

you might as well devolve the web to a list of text files with ctrl - f as a search engine.

not everything is autistic, backwards, and slow as fuck in tech as the rest of (((UN*X))) shitters

>>1008941

What you're suggesting is more like gopher than the web. There is a middle-ground and balance between your extreme and the other extreme that exists today. Basically your post is a straight up textbook falacy of the excluded middle.

>>1008719 (OP)

It's literally an unsolvable problem to determine if a website has scripts on it. Ignoring the fact that the content can change at any time (so it may have scripts the next minute after it gets indexed), which isn't even a theoretical problem, the syntax of HTML/JS/CSS is completely arbitrary and changes every time the big 3/4 browsers update every week.

You're best off going with somdething like http://wiby.me

>In other words, does no-js imply a certain culture (beyond just "fucking autistic weeb")?

Absolutely.

>>1008858

It's not a matter of what you want, it's a matter of what the user wants. Outside of the consumer-whore West, the user wants every website to look exactly the same. So for example he can tune his CRT monitor down to a nice 40cd/m^2 at night and read through 20 different websites without some bullshit suddenly showing a bright white screen and making the user uncomfortable. Even something as basic not changing between 40 different retarded fonts while researching a topic...

>>1008890

>We've detected that JavaScript is disabled in your browser. Would you like to proceed to legacy Twitter?

>[Yes]

>403 Forbidden: The server understood the request, but is refusing to fulfill it.

shut the fuck up you fucking oblivious muppet. twatter has nothing to do with basic acceptable web design. remember when graceful degradation was a meme? now they don't even try.

>>1008941

your bait is too obvious because you call UNIX shit slow compared to ----the web----.

>>1008844

>defending """CSS frameworks"""

>>>/HN/

>>1008758

/thread

>>1008878

>increasing server load and cost instead of allowing client machines to bear some of that cost

retard

>>1008950

What if you set your UserAgent string to google? :*)

>>1008994

>degrading your user experience in favour of minor performance gains

>using a dogshit language that can't cache templates

Found the silicon valley fuckwit

>>1008996

You're actually fucking retarded.

>>1008996

>literally billions of requests that don't have to be made

>minor

>>1008999

>>1009000

>silicon valley unironically thinks people prefer to load a blank page then spend 8 seconds making 60 http requests

>>1009001

absolutely freetarded

>>1009002

Try using your own websites on anything that isn't a developer workstation some time. Most people are poor and have shitty computers

>>1009004

I build extremely lean websites that run well on ancient hardware. This "JavaScript is slow" meme is a retarded fucking meme. Bad design is bad design. JavaScript isn't evil.

>>1009005

I'm pretty sure everyone thinks that. And maybe javascript isn't slow, but DOM manipulation certainly is

>>1009007

Alright, my dude. You're smarter than entire development teams at billion dollar enterprises.

>>1009008

Thank you. Please spead my gospel so I can browse the web on my chromebook once again

>>1009009

What websites are you visiting that a Chromebook can't handle? Like what? Modern JS frameworks are way lighter than shit like jQuery. Have you used Mithril? It's crazy lightweight.

>>1008719 (OP)

>In other words, does no-js imply a certain culture (beyond just "fucking autistic weeb")?

I think it does. While there are a healthy number of /tech/ types doing this, most people who don't have scripts on their page are low-tech types who care more about the content than the presentation.

However, ever since the coming of the GDPR, I've noticed a distinct trend regarding websites that put up cookie warnings: they are all completely worthless. If ever you see a website that demands you check your cookie settings before continuing, this tells you they care about tracking more than both content and presentation. Before the EU started its shenanigans, a website that set tracking cookies could defend itself by saying it didn't know better. These days there is no excuse.

There's an addon I saw called "I don't care about cookies". Presumably, this addon contains a list of all websites with cookie warnings. You could steal the list, and make a new addon that marks or removes every link to one of the listed sites.

>>1009014

>javash*t framework

>lightweight

Nice try Eich

>>1008758

Perfect. 10/10

I guess I'm no longer a weeb, but a wiib?

>>1009029

Good thoughts all around.

>>1008950

>shut the fuck up you fucking oblivious muppet. twatter has nothing to do with basic acceptable web design. remember when graceful degradation was a meme? now they don't even try.

no JS twitter works on my machine, you retarded nigger

Modern web is a platform for GUI application made with tools unfit for the job. HTML + CSS + JavaScript is a web analogue of GTK+ or Qt. So far I haven't seen a single suggestion to fix the web as a user interface framework, all suggestions usually come down to “LMAO! Just use white pages with text!” You might argue that we're using web wrong and that every modern site just should be a separate application or something among these lines but that's a whole other topic.

>>1008994

It doesn't increase the server load, unless you're using dynamic templates for every request (totally retarded idea except for very small traffic sites). The way it's normally done is your tool builds static html from the templates, and you serve the static html from a reverse proxy. Then your app server handles only requests for POST forms and such.

>>1009036

It's 7kb.

>>1009146

>it doesn't increase server load

An SPA that has to make one 300kb request instead of a traditional multi-page application that has to make 100 40kb requests (or more depending on how long the user sticks around)

hmmmm I really wonder which one will have higher infrastructure costs that can (AND SHOULD) be passed onto the user

>>1009115

>Modern web is a platform for GUI application made with tools unfit for the job.

Pretty much this. The niggers behind the big tech companies seem to have forgotten you can just write HTML. You don't have to generate it on every page load in something as slow as javascript. It's actually retarded to the point of being funny when you think about what they're actually doing lol

>>1009160

He doesn't mean small bundle size. He means it eats your fucking CPU and RAM.

>>1008732

Webpages are fucking documents, not """"apps"""".

Why the fuck do you need that?

>>1008719 (OP)

>does no-js imply a certain culture (beyond just "fucking autistic weeb")?

I dunno. "fucking autistic weeb" pretty much describes me and my no-js blog.

>>1008812

I don't want to hijack the thread with my pajeetness, but wtf even is a web/CSS/HTML framework?

>>1009162

>100 40kB requests

Implying the user visited 100 different pages? And what if they leave after the first visit because they realize your site is a bloated piece of garbage? Then you just wasted everyone time and bandwidth, didn't you nigger. By all means, cache js and css so that they don't need to be re-served. Don't pretend that bloating your page is saving anyone though.

>>1009193

>not knowing what a web framework is

>pajeet

Keep doing whatever your doing anon

>>1009223

I can't imagine being so stupid as to think that you know better than the billion dollar web industry because "LOL PROGRAMMING BAD, MARKUP GOOD"

>>1009223

>most people are bottlenecked by really slow CPUs

>not bad internet

dumby dumb retard

>>1009239

>web bloat is good because big corporations push it

The absolute state of (You)

>>1009239

He's right though. A simple html website is safer from hackers, and also doesn't force the user to have bigass bloated browser and botnet hardware to view it.

>>1009241

>JavaScript is bad because you're too retarded to understand basic programming concepts and practices

The absolute state of /tech/

>>1009256

>webshitter is so proud that he learned javascript that he jams it in to his websites like a square peg in a round hole

>>1009239

>the billion dollar web industry

they get their billions of dollars from shipping ads and analytics, not from making half decent pages. bad bait.

>>1009239

>An industry has a billion dollars' value, surely it knows better goy!

It's the C++ of the web. People poking around a festering, bloated corpse attached to a web browser. Even more people maintaining the few means of making it work. And because all of it is so fucking overgrown and cryptic, the job pays well and maintains said value. It's not better by any fucking means of the word, but it's great at making money, government bureaucracy-style. So, unless you are making money from it, it's objectively bad from your point of view.

>all of these shitters who don't know what a server is, let alone the cost associated with not offloading CPU intensive tasks to the end-user when possible

There's a reason it's done, and there's a reason none of you have jobs.

>>1009240

Who are you quoting?

>>1009272

>companies are making billions of dollars per year

>funding their own OSes, internet infrastructure, tech stacks

>never spend a single dime on p2p, decentralization

>literally stream 4k video to people who aren't paying and have ads disabled

>clearly they're trying to save a few pennies per user month on server time

Anyone knows some search engine filtering out websites without JS?

This site would be better and more responsive if it was programmed in javascript.

Prove me wrong.

Hahahahahahahaha How The Fuck Is This Question Real Hahahaha Nigga Just Use Lynx Like Nigga Or Links2 -g Haha.

>>1009260

Saved.

>>1009352

The site would be more responsive if it decoupled data processing and presentation. The trick is to be knowledgable about the protocol, HTTP, and understand that you should use static site generation.

JS isn't bad unto itself. It's the current state of affairs that is bad, that is:

>shitty devs add more js

>web becomes slow

>(((browsers))) come up with some optimizations that make this amount of JS bearable

>shitty devs add even more js

>repeat

)))we((( need a browser that is compatible with JS, but not in a way that endorses its overuse. I.e. it should implement only the very core of js, no bullshit like webrtc or webgl, and definitely no JIT compilation, only interpretation. This way we could enable JS on (((our))) site without having to trust the admin that much.

>>1009239

>I can't imagine being so stupid as to think that you know better than the 1.411 billion Chinese because "LOL TOTALITARIANISM BAD, FREEDOM GOOD"

>>1008719 (OP)

I use wiby for that, on a suitable browser (it's the perfect search engine for Links and w3m). Results like that tend to be more interesting, including a lot of old, forgotten websites. Those are always interesting to read. Their designs tend to be much better as well. Honestly, all I need is shit to read. Text and maybe some images. You can make it look pretty using html and it will still load instantly because it's old design running on new hardware, so of course it will be fast. Javascript just makes everything look cold and dead as far as I'm concerned, and it's difficult to say why. I have no use for it, it's slow and I despise phones, so I avoid it. Hell, I'd say that repelling phone users is always a good thing, I want them as far away from me as possible.

>Wouldn't the subset of the web consisting of no-js essentially be late 90s early 2000s web?

Well, a lot of these websites belong to people that have been around since then in the first place. You can also find websites that have been up for around 20 years. Those are always fun.

>beyond just "fucking autistic weeb"

Normalfags are the ones that ruined the internet (and everything else). If anything, autistic weebs are what you should be looking for.

>>1009223

>Keep doing whatever your doing anon

No seriously I hear about people using django and shit, but what is it? Do you write shitty python that spits out html or what?

>>1009068

because websites that have a ton of JS are corporate-to-consumer spam generated by markoff chains

>>1009076

because your IP wasn't placed on a blacklist for no reason, you fucking degenerate.

>>1009272

no website in existence has ever offloaded to the client, you dick fuck. they use JS for "UX enhancements". if they were concerned over performance they'd be generating the response with hardcoded assembly. the shit PLs they use are so slow it doesn't matter whether you substitute some templates locally or remotely. oh yeah and they wouldn't be using XML or JSON or whatever meme-ass format they use this week

>>1009561

you put a bunch of retarded "components" together and find out it's impossible to solve your problem in terms of them. DAE remember when even webshotters admitted that django is only good for implementing a blog?

imagine thinking JS is the only security issue on the web

>polyglot files

>browser exploits

>stagefright (and other multimedia-related issues)

>traffic distribution systems sending you payloads specific to your OS and browser based on your user agent (doesn't require JS)

>MIME confusion

>HTML5 browser locker

>etc

sure, JS is *a* security concern

but it's not the only security concern

>>1009588

Or the biggest security threat: The US Federal Government.

>>1009588

correct, but even not considering security, JS sucks ass and gives cancer to everything it touches

>stagefright (and other multimedia-related issues)

<looks it up

what the fuck that's not even a real issue. that's some phone shit or something, that's even less of real computing than web is

>>1009598

>what the fuck that's not even a real issue

are you retarded?

code execution is a huge deal

holy shit, people on this board are so stupid

>>1009594

>And bigass stuff like Firefox, Chrome, etc. are bound to have tons more than the minimal ones

not really

fewer people find security issues in small software projects that nobody uses, but that doesn't mean it's safer

it's like the BSD people who get confused and think fewer KNOWN/REPORTED security issues (due to fewer people using and auditing it) means there are fewer OVERALL security issues

these two categories are entirely separate

>>1009611

This isn't a BSD vs. Linux issue. Small codebase is esaier for people to actually audit, refactor, or re-implement compared to huge codebase. If you have any doubt, just look at systemd vs. basically any other init. And you can just write something entirely from scratch with a better/safer design, since the scope is smaller. With something that supports all the (((modern web))) you need a huge team of code shitters, so that doesn't happen. And that's how you end up with only a tiny number of browser "families" like Firefox, Chrome, and Webkit. Then it's easaier to write exploits that target 99% of people who are running those browsers.

>>1009588

JS is a *huge* security concern.

>>1009588

>polyglot files

One of the applications of exploiting polyglots files inside the browser specifically is embedding HTML/JS data into a picture file with steganography. You still rely on something to execute code inside the browser itself.

>browser exploits

Can't argue there, you can't just point the finger at JS and say that this is the only problem with webshit. But, rather than sitting with thumbs up your ass, starting with some mitigation is better.

>stagefright

How does this relate to browsers and JS specifically? The payload is delivered through MMS and exploits a shared Android library that's responsible for playing multimedia files in any program.

On the whole, I agree that it's not the only security concern. But I didn't see any anon say that in the thread either. And, as a user, it's a good starting point of trying to lessen the attack surface (along with obfuscating your browser agent, manipulating canvas data e.t.c.) Going full autism, I'd rather have a browser that is just a simple restricted HTML/CSS engine (meaning newer retarded tags are not parsed) that has bindings to applications for viewing/playing multimedia and an API for scripting client-side so you can use any language you want.

>>1008758

>wiby

>The continue button validates your browser via (((reCAPTCHA)))

No thanks

>>1009689

Works fine for me in simple browser without JS.

almost impossible. influencing normal web browsers would be better.

>>1009688

bruh, people on 4chan were tricked into renaming .png files to .hta (people really are that stupid), and they got pwned because they were polyglot files

it was called the cornelia virus and it's why 4chan has captcha in the first place

>obfuscating your browser agent

if you use a unique browser agent, you are easier to track, so it's better to use a generic/common one, not an "obfuscated" one

>Going full autism, I'd rather have a browser that is just a simple restricted HTML/CSS engine (meaning newer retarded tags are not parsed)

I'm a web developer and you'd be surprised at how much layout stuff depends on JS for modern frontend development -- like it or not, that's just how it is

>that has bindings to applications for viewing/playing multimedia

media players/viewers have security issues too, you know

here are just a couple examples:

https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-1032/Microsoft-Windows-Media-Player.html

https://www.cvedetails.com/vulnerability-list/vendor_id-6652/Media-Player-Classic.html

https://www.cvedetails.com/vulnerability-list/vendor_id-5842/product_id-9978/Videolan-Vlc-Media-Player.html

https://www.cvedetails.com/product/497/Adobe-Acrobat-Reader.html?vendor_id=53

https://www.cvedetails.com/vulnerability-list/vendor_id-317/Irfanview.html

https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-10916/Apple-Mac-Os-X-Preview.app.html

you can literally get arbitrary code execution if you make a malicious video file or PDF

>>1009588

While a limited subset of HTML+CSS (no embedded video/audio, no animations, no pseudo-classes, etc.) goes even further beyond, I'd think that merely omitting JS would hugely simplify a prospective browser's DOM (or DOM analogue) and all related interfaces, renderers and all.

>>1009734

and it'd work with like 2% of modern websites

>>1009720

> if you use a unique browser agent, you are easier to track

He's not talking about tracking though. He's just talking about obfuscating the browser so that probing it shows something altogether different than the reality, so that any automated exploits that are done on it will use the wrong target, and will thus fail. I don't know if this has any merit though, compared to simply reducing your attack surface to the bare minimum, by using a tiny browser with almost no features.

As for the rest of your post, do you realize you're in a thead discussing the SCRIPTLESS web? We don't give a shit how much JS is in normie websites like the ones you shit out at work. Personally I use Lynx and Links 99% of the time, and thus can't browse typical normie sites and like it that way. I only use Firefox when I need to do online banking or some other administrative task, but never for casual browsing. Not only it's far too dangerous, but I don't even like the modern web at all, and don't want to have anything to do with it.

As for videos, PDFs, and such, nobody forces you to save those, much less open them on the same computer or as the same userid. ARM boards are dirt cheap and it's simple enough to write a script that watches a directory for files placed into it and automtically scp them to the other computer, then deletes the local copy. Now with this simple method, you have minimized the risk, by sending it to a real containment zone that it can't escape from, unlike those VMs or sandboxes that all the cianiggers are shilling constantly.

>>1009417

JS compilation would be better than interpretation but ideally there should be no JS at all. The only proper use of JS I have seen is the automatic refresh on imageboards or the automatic refresh on a site like drudge; every other use isn't cognizant of what http is and what it's meant for.

>>1009737

Practically no loss. The vast, vast majority of web resources I use are usable in a text mode browser already. I'd bet that 8ch works fine on Links though I've never tried. Maybe I'd keep some SBCs or chinkdroids e.g. for banking, shopping, viewing trash websites when the need arises, etc.

>>1009737

what kind of autism are you on, you cock sucking faggot

you just stated that 98% of websites are programmed with JS. while that may be true, it ignores the fact that not even 1% of them actually remotely have a valid reason to use JS

>>1009740

>As for the rest of your post, do you realize you're in a thead discussing the SCRIPTLESS web?

Nice reading comprehension, buddy. I mentioned those things in response to what someone else wrote. If you could actually read, you'd know that.

They mentioned a browser "that has bindings to applications for viewing/playing multimedia"

>>1009610

you sound like a black millennial with a hint of autism. it's not an issue because i don't have a phone, and the subject of this thread is web browsers, not phones

>>1009756

The web doesn't cater to privacy-valuing people and it never will. JS makes frontend and SPA stuff easy, but you and a lot of privacy-oriented people think it's okay to have web design standards from the 90s. Here's the thing: even though this board is an echo chamber of neckbeards who want websites to be as unprofitable as possible, foregoing ads and tracking which make them money, the fact of the matter is that the web isn't going to bend over backwards just to meet the demands of some dude with asperger's syndrome.

Whether you like it or not, people who have websites want to make money, and privacy-centric design is not conducive to profit. If you can come up with a viable freetard business model, then you can solve the issue of privacy. But until then, there will be Cloudflare, recaptcha, and Google Analytics everywhere.

>>1009758

>i don't have a phone

You don't have a phone and you're calling other people autistic? Oh man.

>>1009759

What are you even arguing for?

>>1009720

>it was called the cornelia virus and it's why 4chan has captcha in the first place

HTA is a mistake that could only be conceived by Microsoft. But yeah, this shit is why you actually remove IE if you use Windows.

>I'm a web developer and you'd be surprised at how much layout stuff depends on JS for modern frontend development -- like it or not, that's just how it is

Even being disconnected from webdev, I had to learn through using uMatrix. That's what I meant by full autism. A niche engine that purposefully ignores this, so the functionality can be replicated with client-side scripting later if it gets to that stage.

>media players/viewers have security issues too, you know

No software is immune to bugs and most of it is full of holes. What I have in mind is, by separating these parts into separate programs, you can sandbox and restrict the shit out of audio/video players and image viewers, while leaving the browser largely untouched.

>>1009761

Privacy is an issue of business, not just JavaScript. This board isn't an indication of what most people are like. Most people are fine with JS and tracking and all that jazz. They don't know or care.

Privacy isn't just invaded for fun, it's done to make money. Ads and data mining. All businesses want to make money, and most websites are businesses, not just for fun. They have operating costs and all. Unless you're a NEET, life is expensive.

What I'm saying is that, if you can come up with a business model that respects privacy, everything else will fall into place. NoScript won't change the fact that more and more website really require JS in order to work. Freetards consistently fail to come up with privacy-oriented business models.

>>1009720

>bruh, people on 4chan were tricked into renaming .png files to .hta (people really are that stupid)

what the fuck is .hta? some mac shit? why am i executing code because the file extension changed? the tool is stupid, not the user. literally no file manager on linux will execute code by double clicking on a file

>it was called the cornelia virus and it's why 4chan has captcha in the first place

4chan had a captcha since at least 2006 you fucking meme. and no that's not the reason. the reason is to prevent automatic posting, just like every other captcha

>I'm a web developer

correct

>and you'd be surprised at how much layout stuff depends on JS

no, i wouldn't. none of the retarded bullshit webdevs have done since ruby, hell perl/cgi, has surprised me

>for modern frontend development

kill self

>media players/viewers have security issues too, you know

correct, meanwhile the entire web _is_ a security issue and physical health issue

>>1009765

>what the fuck is .hta? some mac shit?

are you trolling or just dumb?

>literally no file manager on linux will execute code by double clicking on a file

wrong (unix-like OSes can infer a file type based on its shebang/content type sniffing, and can figure out what to do with it even based on its contents rather than filetype), but I get what you meant to say, which is that you think it won't execute code from an image file -- but that's also wrong, because there are image viewer exploits

>>1009764

As far as I can tell, nobody is arguing that the current Web should be stripped of JS. Rather, I'm seeing interest in finding, agglomerating or (if necessary) recreating a useful and usable web in parallel to the current web. This doesn't imply any appeal to mainstream users, much like building a command line tool doesn't appeal to the average Facebook nerd.

>>1009759

>>1009764

>What I'm saying is that, if you can come up with a business model that respects privacy, everything else will fall into place.

>But until then, there will be Cloudflare, recaptcha, and Google Analytics everywhere.

I think trying to compete with Google and Mozilla with this is a mistake to begin with. No small project can compete with them in terms of latest features. It's just that, right now, there are browsers like Links/2 and w3m on one end and everything WebKit/Blink based on the other. Nothing that is just concerned implementing basic/restricted features and adding primitive AJAX so small websites work properly, as far as I know.

>All businesses want to make money, and most websites are businesses, not just for fun.

Here's what I find confusing - ad blockers aren't exactly unknown technology, even for mobile. Hell, normalfags know about them and use them. So, with trackers and analytics included, which websites can cover their operating costs with ads? Is it even viable for, say, a small business running a basic front page in 2k19-14d?

>>1009767

Others maybe aren't but I certainly will.

We believe that most of the web does not need to be dynamic and increasing complexity on server-side applications is one of the main reasons for the web obesity crisis. The common approach nowadays is to do everything on the server, including parsing requests, modifying files and databases, generating HTML and all that using unfit languages like PHP or JavaScript, which is a security and efficiency nightmare.

Over the years we have seen massive amounts of security holes in numerous applications of tools commonly used for these jobs (PHP, node.js, CGI-implementations, …). The reason why we are in this situation in the first place is due to the fact that the jobs of data processing and data presentation, which should be separate, converged together into one.

The solution is to rely on static regeneration independent from the web server, which just serves static files. You can still implement e.g. form handlers for dynamic content which run as their own network instance and operate independently from the web server. What’s left is just to generate the static content using the database and repeating this process in case the database is updated.

This way the jobs of data processing and data presentation are separate again, with many advantages. All requests are handled with constantly low latency, with the possibility of serving everything directly from RAM (using a ramfs). Separated concerns make it very unattractive to attack the web server itself and the attack surface that is left, if it is present at all, is the separate form handler, which can be implemented in a very simple, safe and efficient manner.

In case there is an attack on this infrastructure and the attacker manages to DoS the form handler, the serving of content is still unaffected.

suckless.org/quark/

>>1009770

>suckless

boomer garbage

>>1009767

>As far as I can tell, nobody is arguing that the current Web should be stripped of JS.

uhhh, yes we are.

>>1009766

No, I'm not wrong. They don't execute executables. Pcmanfm doesn't. Dolphin doesn't. Nautilus didn't last time I checked 10 years ago. They will give a popup asking if you want to execute this file. They wont automatically run Python on a Python script either. Double clicking should be safe by design. Fucktarded OSs like Windows have it wrong (no, a popup asking some obscure fucking question about "we don't know where this file is from", is not a solution). I'm sure Linux fucks it up too here and there, but at least they try.

>but that's also wrong, because there are image viewer exploits

Irrelevant. That's a different problem. And no, on my OS there are no image viewer exploits since the JPEG decoder is written in ML.

>>1009759

>The web doesn't cater to privacy-valuing people and it never will.

This isn't about privacy, but you're right, JS is also bad for privacy.

>JS makes frontend and SPA stuff easy,

It's literally 1000x easier to program a GUI with real software (such as ML or even C) than making something that works in the big 3-4 web browsers, has real performance numbers, actual security (as opposed to the web where you spend 3 years patching the latest variants of CSRF/XSS/clickjacking) and a decent user experience.

>muh SPA buzzword of the year

kill yourself kiddo

>but you and a lot of privacy-oriented people think it's okay to have web design standards from the 90s.

No, I think (know. it's not even debatable) programs should be written in programming languages, instead of hacked into some bullshit code sections that get included by a .HTML file. The web is for static documents, and even for that it's shit.

>Here's the thing: even though this board is an echo chamber of neckbeards

It is, now go back to your echo chamber of transexual millennial faggots, like reddit or HN.

>who want websites to be as unprofitable as possible,

<hahaha lmfao you aren't even sucking dick? it's like you want to be poor [U+123456][U+123456][U+123456][U+123456]

>foregoing ads and tracking which make them money,

No, I'm not part of the anti-ad circlejerk. Ads were never a real issue since I have JS,cookies, and referer[sic] header off and browser over Tor.

>the fact of the matter is that the web isn't going to bend over backwards just to meet the demands of some dude with asperger's syndrome.

The web wouldn't bend over to fix any issue ever. It literally took them 10 years to get a <video> tag and it's still complete shit. And they had to meme HTML5 with that which just introduced a bunch of bloat.

>Whether you like it or not, people who have websites want to make money,

Yes, most websites are just consumer trash, glad we agree here.

>and privacy-centric design is not conducive to profit.

Actually it is, since it still works just as fine to the user, but you failed to even state what false trade-off model you're operating under.

>If you can come up with a viable freetard business model, then you can solve the issue of privacy. But until then, there will be Cloudflare, recaptcha, and Google Analytics everywhere.

No you niggerfaggot. Using JS is not a business model. You can do your homo analytics shit just fine without requireing watching a loading wheel to scroll down the page. Hell you can do it in JS, and 99% of your lusers will leave it on, while anyone who cares about having a non-shit browsing experience will turn it off.

>cuckflare

It's funny because cuckflare is just a fad and offers you nothing as a business. It's literaly snakeoil. Again, Google Analytics is fine, you can put whatever you want on your website, what we need is to make JS no longer exist. We're talking about changing mechanism here, not policy.

>ur autistic cuz u dont have phone

<hahaha oh man lmfao you dont even have a phone i bet u dont even stare at your phone while on the crosswalk using GPS to get 1 block out of your house which is the furthest you'll ever go aside from work and entertainment. how do u even get a girl without instagram lmao virgin

>>1009764

no actual useful website is a business you clueless fuck.

>NoScript won't change the fact that more and more website really require JS in order to work.

that's why we use scraping dipshit. you really are fucking clueless. i'm doing research on the last 30 years of display technology. I'm not going to sit through and watch your little loading wheels every time I want to see the next paragraph of a forum post. i'm not going to even look at your """SPA""" even once. I scrape every website into my database and search through them. That is how bad the web is now, it's too fucking slow for anything aside from the consumer cock sucker who reads a paragraph on buzzfeed and hits the 'like' button.

>>1009771

>using ad hominem instead of addressing the very real argument presented for static site generation

t. soydev

>>1009748

I tried Lynx, Links, and w3m. They all work fine here and on endchan. With Lynx you have to configure an external image viewer like feh or sxiv, unless you're okay with saving the images to disk first.

>>1009757

> They mentioned a browser "that has bindings to applications for viewing/playing multimedia"

That's MIME types in my book, and you don't need any kind of scripting for it to work. It's just basic configuration.

>>1009759

> But until then, there will be Cloudflare, recaptcha, and Google Analytics everywhere.

Funny how people didn't need those to make websites in the 90's, and how those websites sucked less than the modern web.

>>1009772

You can also outright disable that file manager functionality at compile time, or even remove the relevant code entirely.

>>1009772

>And no, on my OS there are no image viewer exploits since the JPEG decoder is written in ML.

You got me interested. Which library are we talking about?

>>1008878

>which could be done easily though server-side templating slowing down your browsing experience

Sure. Building the entire website on the client with JS like youtube does is a really great user experience.

And those fucking grey bars which are supposed to represent text probably take longer in loading then the actual text itself.

It's all about appearing fast and responsive. Not about actually being fast and responsive.

If you write XHTML pages can be parsed faster. If you put everything in a CSS file it gets cached and doesn't have to loaded extra for every single subpage as inline CSS.

All CSS which appears on multiple pages should NOT be inlined.

>>1009838

that shit's retarded. just use links in graphics mode. they should even add optional support for videos, and it wouldnt be too hard

>>1009772

>larping this hard

nobody believes you

>>1009882

>being so gay that you think any of this is unusual

Why the hell would you not want javascript though?

This isn't the 00s anymore, theres no reason to not use it.

Modern webbrowsers have managed to be faster then ever before.

I'd rather have a locally rendered javascript file then having a http request with my personal info sent and read aloud on the server side, like seriously? do you niggers not understand the security problem with not using javascript?

Web cacheing in early web was especially a problem, the only thing a scriptless web would work with is just plain documents which has no real use aside from being used on small time local machines.

>>1009689

the fuck are you on about? recaptcha is only used to submit websites so that bots cant abuse it. Its not used for searching. recaptcha is also not botnet, its literally a standalone php script. Fucking retard.

>>1009976

and by recaptcha I meant secureimage. They don't use recaptcha at all.

>>1009976

>php

>This isn't the 00s anymore, theres no reason to not use it.

performance, security, better user experience, etc (no some JS LARPing as a GUI inside some shitty unstable web browser does not give you the benefits of a real GUI)

>Modern webbrowsers have managed to be faster then ever before.

false and what the fuck does that mean.

>>1009986

((PHP))

>>1009988

(((<PHP)))

>>1009575

>because websites that have a ton of JS are corporate-to-consumer spam generated by markoff chains

^

>>1009970

>the only thing a scriptless web would work with is just plain documents which has no real use aside from being used on small time local machines

I don't know what you do on the Internet but I can't think of a website I visit that wouldn't work just as well (if not better) without layers and layers of jQueries and Angulars and Reacts and Normalizes and Bootstraps and Materializes and Semantics and Schemas and Metros.

I just hit my https://wiby.me/surprise/ bookmark and got this example: http://www.cremebrulee.com/creme.htm

Let's not overlook the stupid JS requirement for supplemental links without target=_blank fallbacks, nor the unbulleted instructions, nor the horrid color palette, nor the mediocre recipe, nor the use of volume over mass for measurement. However, the site looks and (aside from the aforementioned defect) works perfectly fine without JS despite being a "plain document" of "no real use." I don't see what any Web 7.0 botox injections might add to the user experience. Judicious use of CSS and JS can certainly enhance the user experience but I can't think of anything that should outright require either beyond real-time Flash-like games.

>flash

>real-time

jej

>>1010413

email and websites with generally higher server load, for one.

Javascript is a locally rendered thing, if you use strict https requests you'll be offloading all tasks onto the server, which is a nightmare for verious reasons.

If you somehow do have the power to hold such a task it still doesn't prevent the general security risks of having some random person hijack another person's web traffic via some bullshit cache error.

javascript helps with better loading of HTML, so the server doesn't always have to send back a full htmldoc and every other part of the website that had to be created on the fly instantly, you can't just cache someone's private email html and service it publicly like that, it needs to be generated on the fly otherwise you're fucked.

Generating something like that serversided puts way to much on the server when you consider a large email provider will have to service the same thing to thousands of other users.

A place like 8chan can get away with pure html service because generally no one here has usernames or any of that.

But this isn't the case with a majority of websites.

The example link you gave is literally just a slab of static text, it doesn't require anything because it's just a document.

Pure html is not applicable to the much larger tasks that the web now services.

The web is no longer just documents and because of that different requirements are needed

For small simpler tasks that have a reason, javascript is perfectly fine, but i will admit that the overuse of it in tedious tasks such as redundant styling of a website would be better off done with CSS.

And, no one likes tracking scripts so the case of javascript being a security nightmare comes purely square on the implementers and the retards running it's standardization.

Javascript in theory is perfectly fine, but the larger part of poor handling and misunderstanding has cause it to be really, really shitty.

>>1010715

>there are people this insane sharing the world with me

scary thought

>>1010577

>The example link you gave is literally just a slab of static text, it doesn't require anything because it's just a document.

This is most of the Web though; very few sites need to be dynamic by default. Looking at my history, I see the following classes of sites:

* E-commerce (incl. eBay): Base pages don't need personal information and can be statically generated and transmitted; bid status, cart status and other account information can be added on top of it by JS as a user convenience but should otherwise be viewable on dedicated pages.

* API Documentation: I really didn't expect this to break when I disabled JS but for some reason the DOCUMENTation to an API requires JS and XHR to be fully displayed.

* Webmail: I mainly use a desktop client and sometimes an app on my Chinese portable location transmitter but when I need to check my GMail accounts, the site surprisingly works better without JS (in "basic HTML" mode).

* Wikis: I don't remember whether I have JS activated on Wikipedo et al. and I don't care to look because I'd be very sad and angry if it was a requirement.

* Archive sites (IA, Wayback, Archive.is...): Not sure why Wayback requires JS (it shouldn't, except for the complex graph views) but the rest of IA works well without it and so do all other archival sites I use.

* Forums: I just stop using a forum if it switches to NodeBB, not because of the JS requirement to write posts but because NodeBB has no soul. Every other forum software I've used works perfectly fine without JS, as they should, which for the sake of brevity includes all the imageboards I browse.

* Random informational websites (IT, electrical, news, whatever): Usually fine, except for some MSM news sites that just display a massive full-screen social media icon without JS but that's no big loss though I can't understand why a site as static as a news outlet needs JS. Also this site uses cookies to understand how you use the site and to improve your experience!

* Personal sites: Usually fine, JS more often than not superfluous kitch shit (which I love and enable; only good application of JS right there).

* Video sites: Often broken but could work with a simpler <video> tag. The few people who wouldn't use JS already use an ad blocker or youtube-dl anyway. I'd pay 5$/mo on a couple sites for a premium service that gets me bare, ad-less <video>-embedding documents.

* Google Docs: Need this because some people use it for some reason. I'd rather not use web apps and I wouldn't shed a single tear if the project's servers caught fire and took its team along on a ride to hell.

* Bank sites: One requires JS and looks to be made with locally-sourced Angular, other one is plain HTML with Google Analytics (why the fr*ck would you trust a 3rd party resource as a bank?). Both are stupid uses of JS.

* GitHub: Works without JS for the most part, some parts require it for a good reason, some require it for stupid reasons, but generally fine.

* Non-GitHub GitHubs: Hit and miss. The group of self-hosted services that breaks without JS coincides with the group that expects you to deploy with Docker. I would have never guessed. There's no reason why an event-generable file index should require JS.

* Social media: I'm sure FB and Reddit work fine without JS and that FB, LinkedIn, Instagram, Tumblr and practically everything else is broken. Don't feel like visiting any of those sites to check. I get that people want live updates but my opinion here is roughly the same as the one stated for e-commerce and video sites.

* Search engines: All the ones I know work fine without JS, as it should be.

* Control panels (Transmission, Syncthing, ...): Transmission works fine without JS, Syncthing probably doesn't and I don't feel like trying. No reason to outright require it though, especially for a local single-user service.

* Web IRC: I use it as a convenience when I can't tmux into my IRC box. It's an OK application of JS. Could easily live without it.

* Trello: I need to stop using this.

>>1010736

this is peak autism

Google Docs is better than any office software, including Microsoft or LibreOffice.

How does it feel to know that a webapp does it better than the native apps? Get fucked, nutbag.

>>1010760

>>1010718

>Pajeet desperately tries to justify his javashit

>>1010760

>Google Docs is better than any office software

I'd rather go the pen, paper and fax route than interact with this unholy amalgamation of hacks.

>>1010760

Google docs is horrible. My first experience a few months ago with it was trying to paste in a 5 page essay typed up word into googledocs and it hung my whole browser for like two minutes. Never looked at it again after that

>>1010763

>>1010764

>>1010802

Honestly Google Docs justwerks for me, no need to worry about material not being shared with your groups etc it just werks. And I'm a gentoo user of many years so fuckya lame-o's!

>>1010718

are you a millennial webdev who just found out about the real world? everything he said was concrete facts, not some conspiritard shit

>>1010577

shut the fuck up retard. you're literally the only one in the world who thinks JS is giving you security or performance. look at these two string subtstitution operations:

/whatami
<b>You are a:</b>
<p>${x}</p>
->
<b>You are a:</b>
<p>faggot</p>

/muhfancyjsonapi/
{youare: ${x}}
->
{youare: "a faggot"}

literally the exact same thing. also why the fuck would you ever log into a web service? (oh because it's a piece of shit that makes me waste my time doing that to view some stupid video)

also: your typical php forums support users without JS and without cookies (but im sure you'll get butthurt over the session being in the URL)

>>1010811

just an observation, I've noticed many guhnoo/linux users tend to prefer web apps, often because there is a lack of good native productivity suites (and no, LibreOffice is not acceptable, nor is it the be-all and end-all of work-related software)

if there was a better developer base for linux distros, you wouldn't resort to proprietary botnet web apps

it's weird to be all about freetard shit for your OS and then you just say "fuck it" and go full botnet for websites, which is no better than an OS with built-in spyware

Pajeetscript """developers""" get the rope first

>>1010824

I use Google Docs on windows10, mate. You've shown too much by ranting about this to such an extent. What I mean by saying I'm a gentoo user is that these things aren't mutually exclusive, I don't use gentoo because muh tinfoil either.

Come back when you're over 16.

>>1008941

hello, chaim.

>To buy stuff from us, accept these cookies.

No.

wiby.me has some old 90's style sites.

>>1011198

wtf is that?

>>1010977

yeah buddy, anyone who disagrees with you is jewish

imagine being this delusional AND racist

>>1011192

how else will they have a login system?

people on this board are paranoid to a retarded degree, you think everything is malicious even when it's not

take your pills

>>1011192

Are you retarded or something?

>>1011227

t. Schlomo Goldshekelbergstein

>>1011226

searcher of js and generally script free webpages.

>>1009772

You are 100% correct, that guy is an idiot who can't see beyond shit-tier business practices and can't comprehend making a website with a motivation other than money (even if money is also a goal).

These days people seem to just make apps instead of pages. So we get the JS monstrosities instead of sane HTML. It has nothing to do with security or performance, it's the same attitude as what makes newspaper and stores nag you to install their mobile app instead of just using their site. They can show a bunch of stupid flashy UI with bright colors and animations, which makes stupid people easier to influence. Stupid people being the target audience of many such sites.

>>1009970

>Why the hell would you not want javascript though?

Webdevs are idiots, so it's easier to just take away JS even though it has benefits as well, than to get them to stop abusing JS and making awful sites. It's called "this is why we can't have nice things". I'd rather have the drawbacks you list than the problems if modern JS based sites.

>>1010824

Well webapps are cross platform so sometimes it's the only way to use software that devs won't bother porting.

Your impression is off, though. A lot of people use native programs like LibreOffice. I use it for personal documents, but for work I'm unfortunately forced to use Gdocs because my bosses are too retarded to understand collaboratively editing anything else, and often there are gay formatting requirements that are hard to do in LO.

>>1009970

>Web cacheing in early web was especially a problem

Is this supposed to be bait?

The complete opposite is true. Back in the day everyone (even YT and wikipedia) used XHTML and external CSS which is easy to parse, cache and has no security exploits.

>is just plain documents which has no real use

Wrong, YT could operate perfectly fine.

Video streaming can be done without JS too. Comments could be iframes which could be navigated like search results.

Search results could be navigated like they were back in the day.

That dynamic comment/search result function is the only thing people like JS for. If one implemented a continue loading on input html element in browsers that could be done without html too.

>>1011428

> without html too

*without JS too

>>1008941

You have to ctrl-f anyway since search engines return dozens of unrelated results.

>>1011227

Have you not used the web before 2005? When user didn't have cookies enabled, the session was encoded as a random hex string in the URL itself (or sometimes alternately as a form field).

Of course that doesn't store the session to a local file on user's disk, like cookies do. So the user has to login by typing his credentials for every new session. But maybe that's what he wants, or else he'd have enabled cookies.

>>1011420

>gay formatting requirements

literal 14 year old

>>1011469

nigger

>>1011456

> was encoded as a random hex string in the URL itself

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

https://www.owasp.org/index.php/Session_Prediction

https://www.owasp.org/index.php/Session_hijacking_attack

https://www.owasp.org/index.php/Insufficient_Session-ID_Length

https://www.owasp.org/index.php/Insufficient_Entropy

you could do something like this:

example.com/password_reset.php?&session=1232452434342342&new_password=hunter2 (whatever the session was)

or just send someone a link to this:

example.com/password_reset.php?&new_password=hunter2

then, if they clicked on it, while they were logged in, they'd reset the password to whatever you want

>>1011482

Do you just click any random link you come across?

The latter literally isn't a problem for anyone that ought to be outside the ape pen in the zoo, and the former literally has the solution in the second sentence of one of your links.

>>1011490

I guess you didn't read about any of those infosec concepts I mentioned

you can hide CSRF in a fucking img tag

>>1011520

(and no, it doesn't need to be clicked on, just loaded)

it's weird how people on this site are pro-security when it comes to javascript but as soon as I mention shit like CSRF and predictable session tokens then the retards here pretend that it's not a real problem

just because you don't understand it doesn't mean it's not a problem

>>1011490

retards like this actually exist

>>1011544

>not to click on any links

but you don't have to click a link for those issues to be a problem

>>1011482

Which isn't a problem when the key is encoded in the URL as the attacker would also need the key to do anything

>>1011261

I just want to see what they have on their site without having to accept a fucking license agreement for fucks sake.

I shouldn't need to sign a consent form to see a goddam menu.

>>1009771

imagine being so insecure about youself and everything that you have to call out someone for being a boomer to avoid having to listen to them, which would lead to a shattering of all the lies you have been fed.

>>1011549

or you can just use cookies, which is what most people do

>>1011482

there is absolutely nothing wrong with putting the session in the URL. anything that causes it to not work (such as referer [sic] header) is broken and should be removed. you webfucks are so far up your own ass you will add an entire OS to workaround CSRF and other retarded bullshit that only exists in your world to remedy your problems

>>1011490

shut the fuck up retard. clicking links shouldn't be a security risk

>>1014270

and is worse in every way now fuck off and read about capability security or basic software engineering concepts or something

>>1008719 (OP)

Isn't the solution just to run an extension that switches-off all js?

>run alien code to kill other alien code

Well, yeah ... b-b-but, they're the good guys ...

>>1008743

>corporations

>jsless sites

Are there any?

>>1008824

Unfortunately this.

>>1008742

it's not what you describe that's the problem, it's the javascript abominations that actually end up being created.

>>1008742

How the exploits work is by leveraging the linked source document library for js or jq or whatever. Even if the site only uses scripts for rendering or someshit the entire library is available to use. If the site has form fields for submission to the server, then the site is fucked because even if the form field isn't exploited the packets can be manipulated to include some code that exploits the linked script library. This is why jews at meguca are spook liars. The only way around this is to create a cistom library link or host only the relevant code and needed library context on the site. No library free-for-all.

>>1018889

I will add that even on a site that accept no input, such as a html and img document, the media can have scripts added and, only if your browser allows scripts, the code will pose a risk.

nobody ITT has mentioned freenet yet? it's like 90s web.

it is an alternate internet, not a proxy like TOR.

it uses alot of CPU, bandwith, and hard drive space, because everybody pitches in for the network operations, but you choose how much to commit.

it runs on Java RE, not sure what implications that may have.

it is all static websites - doesnt even have the PHP capabilities that could run dynamic browser based games. still, some people on FN are designing games that can operate on that network. there is a way for third party input to a website, sometimes implemented as a guestbook or comments section on a blog, may be adaptable as input from players on an online game, i haven't checked it out much, but your thread reminded me of it. sure could be fun to have an 8chan analog community running sites on FN.

I have not used it in some time, because it didnt have much new content I'm interested in (politics). but if folks here want to prop up that network I would reinstall it to contribute and see what you all produce.

https://freenetproject.org/pages/download.html

https://freenetproject.org/pages/help.html

"Freenet is a separate network, which does things differently, because there are no central servers. This is why we don't support Javascript, server-side scripting etc on freesites: Everything must be rewritten to work on a distributed network. But the advantage is there is no single server which can be compelled to hand over your private communications or which can be shut down."

"Why we do this

I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet"

-Mike Godwin / Electronic Frontier Foundation"

bumping for FN...

any web developers here? has anybody tried making a freesite yet?

I'll set it up and post a freesite soon, and post the link so you can check it out and gi

>>1019072

>Oracle limits the encryption strength available on the JVM that runs Freenet;

Java: not even once

>scriptless web

jp websites have a little amount of script and also feels like it's still 2007. when they do have scripts it is only for videos or very little amount of ads plus they don't suck google ads/syndication/analytics dick too much unlike in the entire west and FVEY.

what caused this? the soyboy webdesigners caused the propagation of this 'responsive' cancer design and is really popular in the west than the east.

heard of scripts? get ready for web assembly. you are powerless, die goyim

I just disable javascript in my browser. (have a small plugin that let's me toggle it without going into the options) A surprising amount of websites actually do work without javascript enabled. The ones that absolutely refuse to are usually no loss.

I have another browser instance/profile for ebay/banking/etc.

>>1021293

You mean this? https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8170157

>>1021293

That's not a thing dickfuck. Some businessfag who can only reason in memes implemented that. Let's analyze this in baby steps for your brain:

>Some variable called "plz_dont_use_strong_crypto" exists somewhere

>But we can still write our own functions

>Crypto is implemented by writing functions, the existence of some variable called "plz_dont_use_strong_crypto" has no effect, unless we know about this variable and then choose to look at it inside our function

>Such crypto libs already exist

>We can also set the flag to off even if the libraries needed it, or just make them not check the flag

Now consider that OpenSSL still has the same bullshit and I wouldn't be surprised of OpenSSH had some shit like this too, and that all crypto shit has been using tiny ass keys since oblivion as well. OpenPGP clients have all used broken tiny algos such as SHA1 and even then the convention in OpenPGP has been to post the last 32 or 64 bits of that shit hash. Just fuck off. You're probably one of those faggots who thinks he's elite because he knows how to write a basic sorting algo in C. No, anonymity-critical software should NOT be written in C. Even when considering side channels, C can still not prevent that other than a few hacks which are available for other PLs anyway.

So you're basically saying we should use one of the worst PLs ever made (C) and risk RCE vulns because Java has one stupid shit in it (I know Java actually has lots of stupid shit, but at least it's memory-safe).

You know what sucks? Those stupid file-sharing sites. Not only most of them need javascript, but they spam you with ads and SIGN UP TODAY FOR SHITC0CKS PRO EDITION! bullshit and want your name, email, phone, etc. They have "bait" download links that look like they're legit but just spawn ads. Then if when you get the real one, it downloads at 5 Kbps and keeps spawning ads telling you to upgrade. What a shit! In the old days before these crap "services" you just hosted the files on your ISP's web space or FTP server, or maybe uploaded to alt.binaries.whatever.the.fuck on Usenet. There! No fucking ads and endless bullshit.

>>1019072

Last I checked there was nothing on Freenet except cp.

>>1021293

It was a legal requirement.

More like: laws, not even once.

>>1022434

I've never seen CP on Freenet. But I don't go looking for it like you do.

There's other content there. Forums, blogs, music and movies, etc.

>>1022434 Freenet's anonymity is quite weak so many people were caught by the police. So many pedophiles quit using Freenet. Most of them use Tor or I2P. They are more secure than Freenet.

>>1022915

I've not used i2p but use TOR and TAILS regularly, am posting from TOR now. I wish more people would use freenet for things other than cp, to give it real value, so it doesn't die as a project just because the pedo community would abondon it. if anything, that could make it safer and more enjoyable for normies to use. it is a good project, and even if it has flaws now, they could be better corrected if it has a supportful tech community using and critiquing it. the idea of hosting websites for free is more important IMHO than it being 100% untracable. are you using a perfecrtly untracable system to post here now? it's not always needed anyways, unless you want to use FN or similar platforms for CP... it would be cool to see more tech sites and legit content spring up on there

>>1022158

good info. thanks

>>1021293

is that primarily a local issue or a connection issue? in other words, does the encryption of the JVM only matter if an attacker has access to your file system? or is it an issue with the network activity and it's encyption? I'm not enough of a coder to analyze the source and determine much yet, but if you have specific issues with the methods FN uses, perhaps it can be addressed and corrected, and the network could be made more secure from the participation

>>1008824

>>1010760

I took a look at i2p and pretty much half the websites were dead. It seemed like a ghost town.

>>1023228 Tor users are ten times more than I2P users, maybe.

>>1023370

Not sure abotu 10 times if you're talking about relays. By the way, there's this thing called lokinet that's supposed to replace i2p.

>>1010715

This. I also want a scriptless web. I've grown up with this shit and I've been searching for alternatives for a couple years now. Maybe there's a way to build a network like Tor, though it doesn't necessarily need the anonymity features. It just needs to have a special browser engine that's incompatible with JavaShit.

>>1010718

>people having different opinions is scary

Go crack open another soylent and play your switch, you big blubbering bitch.

>>1022426

in the old days l1337br0s hax0red FTPs and uploaded their shit there

>>1022434

that was literally never true

>>1022915

They were caught by false positives, it just so happens that there are lots of pedos on freenet so if you arrest random Freenet users, chances are you'll find one with CP on his PC.