Slashdot Mirror
Firefox Gets Massive JavaScript Performance Boost
monkeymonkey writes "Mozilla has integrated tracing optimization into SpiderMonkey, the JavaScript interpreter in Firefox. This improvement has boosted JavaScript performance by a factor of 20 to 40 in certain contexts. Ars Technica interviewed Mozilla CTO Brendan Eich (the original creator of JavaScript) and Mozilla's vice president of engineering, Mike Shaver. They say that tracing optimization will 'take JavaScript performance into the next tier' and 'get people thinking about JavaScript as a more general-purpose language.' The eventual goal is to make JavaScript run as fast as C code. Ars reports: 'Mozilla is leveraging an impressive new optimization technique to bring a big performance boost to the Firefox JavaScript engine. ...They aim to improve execution speed so that it is comparable to that of native code. This will redefine the boundaries of client-side performance and enable the development of a whole new generation of more computationally-intensive web applications.' Mozilla has also published a video that demonstrates the performance difference."
An anonymous reader contributes links the blogs of Eich and Shaver, where they have some further benchmarks.
Correct me if I'm wrong, but generally speaking, I was always under the impression that, as an interpreted language, javascript will never be able to run 100% as fast as natively compiled C code.
JS can always be faster!
Script kiddies will be able to infect a Windows user in record time! Seriously,I install Noscript automatically with every new build and show the customer how to use it. It has just gotten too easy to infect Windows with JavaScript and it seems like everyday you're reading of a new JavaScript exploit. So it is safer just to kill it than to take the chance. So for me and my users at least it doesn't matter how fast FF renders JScript,because it has just gotten too dangerous to use. It is like saying "We've increased the speed of ActiveX by 300%!". But as always this is my 02c,YMMV
ACs don't waste your time replying, your posts are never seen by me.
Interestingly, one of the linked blogs talks about how this could lead to more of Firefox being written in Javascript. I haven't done much non-web related Javascript programming, and I haven't really used those new frameworks, but it seems to me like application programming in Javascript is like trying to hammer a nail with the handle of a screwdriver. Sure, it might work, but there are much better tools for the job. What do you guys think?
All your base are belong to Wii.
Now if we can just stop all the xss. Now it's just xss 20-40 times faster (in certain contexts).
Actually, if JS gets fast enough, it could rival Flash. This is a good thing.
THL phish sticks
Expect this discussion to be full of astroturf, red herrings and trolls.
Isn't that like dividing by zero?
Experience teaches only the teachable. -AH
Will it make my Sony Bluray player take less than 10 minutes to boot and play a disc?
Firefox 3 already gave quite a nice performance boost to Javascript, enough to actually impress me (google maps is a great demonstration of this). It's good to see they haven't stopped there and are busy improving it further, a lot of software developers tend to spend too much time on making new features and not enough time fixing/optimising the existing one, but I think after the backlash from FF2's memory usage, Mozilla has rethought their priorities and I'm glad to say they're doing things right.
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
What does the scouter say about its power level?!
So this means the javascript exploit of the week will be executed 20-40 times faster? Well, hellyah that's an improvement!!1 WTG! Next up, work on activejavaflashscript-X, because we need all the bases covered!
the proceeding was a paid advertisement for the Russian Business Network-because taking care of Your business is Our business
Microsoft needs to embrace fast, cross-platform Javascript and here's why: because better Javascript use means more responsive, rich-content, user-customizable, next-gen web platforms. To meet the challenges of today's globalized, fast-changing environment, business needs to find ways to improve productivity while making better use of resources. That means more state-of-the-art service provision for Slashdot users eat mare pussy fuck all yall
Javascript still has its quirks because it works its magic client side. I am moving to use it as little as possible and never as a required piece of the site. PHP and other server side languages can do many of the things javascript can but with better support and accessibility.
"They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" Franklin
Most of my experience with Javascript has been adversarial just because one of my hobbies is screen scraping for raw data. For normal purposes though it seems like a near perfect solution. I have only a passing knowledge of its capabilities, but it seems that it's the rare technology that both hardcore comp-sci people and entry level developers can like. It's a custom purpose language, but doesn't it have first class functions? (They say every feature added to a language in the last 20 years is a less good version of something that's in Lisp, but I get the impression that the Javascript people really got it right.)
... also, I can kill you with my brain.
The theories behind tracing optimization were pioneered by Dr. Michael Franz and Dr. Andreas Gal, research scientists at the University of California, Irvine.
Hey that's my old compilers professor and my school!
This PDF looks like the paper the article is referencing.
It makes me want to go back to Win or buy a Mac or something. Recursing recursing recursing BLAM.
WTF Mozilla.
What does Java have to do with this story?
Climate Progress - Hell and High Water
I've written my share of JS-heavy apps and the boost will be nice for that. However, my complaints with JS don't lie with performance.
I think that's enough. I'm sure you could easily argue back but this is my rant about why this boost is not the saving grace to JavaScript.
Basically my point is that performance does not bring JS up another tier. It just prolongs the pain of having a grossly inadequate language for rich application development. JS does have some nice things about it (first-class functions, closures, for(..in..), etc.) but in no way would I consider it "good" for application development.
Step back and realize the movement is pushing applications into the browser. Yes, the same apps that currently use threading; the same apps that have more than 4 input widgets (input, select, radio, checkbox); the same apps that run slow even when written in native code; the same apps that depends on libraries of code; etc. JavaScript, as is, is not The Answer and this performance boost is just a Bluepill in disguise.
:wq
Wait 'til they see my new PlatypusLobster [tm] VM!
WHOOPIE!!!
Digg.com will almost be usable now...hehe.
-- Given enough time and money, Microsoft will eventualy invent UNIX.
Huh? Please mod down my parent for pure ignorance. Next he'll be talking about Ford performance, or perhaps horse racing. Javascript has absolutely NOTHING to do with Java.
In general, JIT systems can really provide CPU performance near C speed, or even faster for some benchmarks, once the application gets going. The catch is that you pay two penalties: startup time and memory. Lots of memory: for keeping stats on what needs compiling, trampolines to call in and out of the interpreter vs. JIT native code, and the native code *plus* the byte code.
Even dynamic languages like Python can have a JIT - it specializes a function for various combinations of argument types, and then provides a catchall generic version for general objects. The catchall version is not much faster than the interpreter, usually (in fact it could *be* the interpreter), but the specialized versions can be much, much faster. (Also blocks can be specialized within any of the function versions.) But all those specialized versions take up memory. So the JIT keeps stats and tries to make only the ones that really help.
Expect this discussion to be full of astroturf, red herrings and trolls
Ah, no problem. Just give the red herring to the troll and he'll let you pass the bridge :)
IF that's the case, he's a little chunk of hell:
http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/
Fundamentally, when C code is deployed, it is deployed as already compiled machine code, which takes essentially no overhead to execute directly.
When Javascript is deployed, after the source text is downloaded from a web site, it must first be converted into executable form suitable for a VM. That extra translation step is an overhead which must be amortized over the execution time of the code. Since most Javascript code takes very little time to execute in the first place, this translation overhead is a significant fraction of total computing time in typical applications.
It's true that for applications where a Javascript function takes a long time to execute, that translation overhead can be neglected, yielding comparable speed with C, however such functions are rare enough in ordinary web applications that the point is moot.
It would nice to see some demos of this with John Resig's Processing.js. It could definitely use the kind performance boost being discussed here.
In addition to a performance considerations, it would also be nice to have addtional some additional bit depth in JavaScript.
I anticipate JavaScript will continue to be very popular, but there are alot a lot of reasons other than performance that people won't want to use the language for writing desktop applications over C/C++/Java. That said, there have been alot of recent developments that have made me cautiously optimistic about the future of the language along these lines.
I hate Javascript. Using it is painful in ways that it doesn't need to be.
I haven't delved into the likes of Firebug to see how it works but when the language (again no libraries so I blame the language) itself only provides alert() then it's clear the creators weren't thinking about debugging at all. At least IE natively will let you debug JS!
Firefox has an error console that you can bring up to see errors in the script. This actually works quite well.
I am rubber, you are glue.
It won't be just from the Windows side - a good chunk of Linux-heads hate anything but static black text on plain white backgrounds. So this should get interesting...
Goes to show what you know. Real Linux-heads hate anything but static white or green text on plain black backgrounds.
Ever since the matrix, it's been green text on black background. That movie was 10 years ago, get with the times man!
Did you used to work for Sierra back in the 80s?
Until linux can run Windows games with a "clicky clicky,next next next" installer,and I can install those damned Lexmark all-in-ones that everyone seems to have there is just no way i can survive selling Linux boxes.
Then offer a bundle with an HP or Epson all-in-one, and possibly a Nintendo DS ;-)
Microsoft wants a slow javascript. Why? Well, they'd prefer you use custom Active-X controls, Silverlight, or even Flash (the Windows flash player is faster than ports to other OSs). You have to realize that slashdot readers like to felch sperm out of other dudes asses and that cross platform technologies breaks their monopoly.
What does Java have to do with this story?
This article is about using a JIT to bring the speed of long-running JavaScript up to the speed of long-running Java. (I say "long-running" to duck the issue of VM startup time.)
bzzt. Wrong. This is a Monkey Island reference.
Just make sure that you have use for the astroturf too!
Anyway - improved performance is never wrong. It's all too common today to rely on the performance of the computer instead of better coding.
Good coding can improve performance a lot more than better hardware.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
while(1==1){alert ("I love non-modal dialogs")}
Sharepoint 2007 is a good example. Editing of the content is via a browser-based interface, which is quite script heavy. What's interesting is just how script heavy it is. While testing on an old laptop we have connected to an external link, I was a bit dismayed at how slow loading our site was. I got the impression that the browser was pausing before displaying the page for some reason.
Opening up task manager, I saw that before IE displayed the page, it would spin on 50% CPU (on an old hyperthreaded P4) for over 5 seconds before finally rendering the page. After some experimenting which yielded consistent results, I tried Firefox and the difference was dramatic, to say the least.
The upshot of all this is that we may need to recommend to our clients that they use Firefox to edit their Sharepoint 2007 sites, because it provides a significantly better experience than IE does if you have older hardware. On my own desktop at work (a reasonably modern Core 2 Duo) IE does spike the CPU usage, but generally it's for less than a second or two so it's not really distracting. Firefox is faster, but both are quick enough that it doesn't make a real difference to a human.
Completely off-topic: I used refreshes of the task manager process listing to judge how long IE was spinning for. I always assumed the default setting was to refresh the list once per second, and some quick testing now confirms that that is what it does. If you go to View -> Update Speed, the default setting is "Normal". The status tip for this setting says "Updates the display every two seconds". Clearly a lie - or is it? If you select "Normal", then the display does in fact update every two seconds, and there doesn't seem to be any way to get it to go back to refreshing once per second.
That leaves with the astroturf for you to worry about. ~AC
About the memory, you are correct (for now).
About the speed:
I made a benchmark written in a pure C subset of C/C++/C#/Java in all of these languages. A simple benchmark involving calculations with integers (primes) and floating point numbers (sums of products of square roots of primes). The result, when running a bazillion iterations:
C# and Java took 50 seconds, C++ took 49 seconds and C took 51 seconds. Other benchmarks I made showed similar results.
So for pure calculating, C#/Java + JIT is equally fast. For big real-life systems involving a lot of other stuff, the results might be different.
But it is a long time ago that Java et. al. were 3 times slower than native code.
Expect this discussion to be full of astroturf, red herrings and trolls
Ah, no problem. Just give the red herring to the troll and he'll let you pass the bridge :)
...and save the astroturf for the knights in the forest! Yes, it's not a shrubbery, but it's all we have. :)
I think they've done something very interesting, and I read the article that describes the trace trees. But I'm really curious -- with all the trouble that it takes to do this sort of interpretation, wouldn't it actually be faster and easier to compile the code into native machine code and then execute it? The compiler wouldn't just happily spit out machine code. It would take security into consideration. Most operations would be implemented by calls to well-defined functions implemented in the browser itself. Regarding security, the fact that code is compiled or interpreted really doesn't make that much difference. You can program a bash script to do a lot of damage, or you can write such a program in C. So I think the security issue isn't any different in this context. The compilation would happen the instant the code comes down the pipe, and unless the code is very long and complicated, I think it would be almost instantaneous. On a modern computer, GCC can pump through thousands of lines in a matter of a split second. A JavaScript compiler optimized to compile very quickly for acceptable results (with perhaps a nice optimization applied to inner loops) would do this beautifully. After the single compilation, you wouldn't need to keep track of all kinds of trees and trampolines and whatnot. The code would be executed as a function call from the browser into the produced object code. I think this could truly provide C-like speeds without the memory and algorithm requirements.
McCain/Palin '08. Now THAT's hope and change!
Having worked on emulators a bit...
Tracemonkey is not optimized for the common
case. Just the opposite is true, nearly.
In terms of total runtime, the common case
is that the Javascript is inner loop code.
You fail to immediately JIT this; instead
you waste time in the interpreter. Even if
the JIT translator is slower than a few passes
through the interpreter, why are you caring
so much about code that barely matters? Run
it through the JIT, avoiding the need to even
track if it is a hot spot or not. By doing
this, you can totally eliminate the interpreter.
Elimination of the interpreter means that you
can make the JIT even faster.
Finally, a hint about the type inference issue:
Hook your JITed chunks of code up to the variables
that they depend on. If the variable type changes,
invalidate the chunks of code that access it.
This means you only check for type change in the
code that can cause type change, rather than in
the code that merely reads the variables.
knee us? is that anything like a knee grow??
The "screencast" still looks horribly slow compared to what native code did 10 years ago. Hard to believe this is now fast.
Let me know when IE stops being a stick in the mud so this will actually matter. No one in their right mind would bring a Firefox only web app to market.
But I don't think I use javascript for ANYTHING. I do however use Flash. Any word on a flash fix?
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
And stay off the chans.
At runtime you can tell what you should be optimizing for based on how the program is actually being used, something you cannot do at compile time.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Maybe I am wrong, but when I see that cpu-usage goes up, just for reading slashdot posts, I think there's something fundamentally wrong.
Bloat is taking the web, optimizations will not help, just make-it worse.
What's in a sig?
I guess the GP was right about the trolls.
This improvement has boosted JavaScript performance by a factor of 20 to 40 in certain contexts
So it's clear, that boost factor is only in certain contexts. If you boos IE's string concatenation you only boost ONE context and you get a JS parser faster than FF's and Opera's. When FF3 came out there was a lot of buzz about how slow IE is compared to everything else but that was only because of string concatenation and the tests were only considering overall performance.
I can't find any of the URLs with the statistics but who doesn't believe this could do a bit of digging before modding this down: removing string concatenation from the tests clearly proves IE7 is faster than FF3 and Opera.
Expect this discussion to be full of astroturf, red herrings and trolls
Ah, no problem. Just give the red herring to the troll and he'll let you pass the bridge :)
And if you're feeling nasty you can poison the fish before giving it to him (well, it doesn't make any in-game difference, but it's a red herring after all!) Also remember that you can learn an insult from the troll before bribing him, which greatly speeds up the later battles.
Ah, good times. :)
As a state gets corrupt, its laws multiply; the most corrupt states have the most numerous laws. (Tacitus, Annales 3:27)
It has long been shown (well, at least 10 years), at least theoretically, than run time optimized code /can/ be faster than compile time only optimized code.
That's because there's only so much a static optimizer can work on, because without some super advanced AI from the future it can't really tell what the code is actually going to be used for.
Runtime optimization of C is impractical (although it's been done) and not that useful anyway (the gains are not dramatic), while for interpreted code it's ideal and the results are impressive.
So in the end, yes, there are cases where this optimized JavaScript will be faster than the same C code.
That's why it's 20-40 times faster than before, and almost as fast as C, obviously!
Great post, I'd mod you up if you had points.
I think the belief that C is the de-facto fastest language is the misconception that it can be simply translated directly into assembler. On many operations, this is correct - there are assembler equivalents on many architectures for many language constructs (looping, arithmetic and so forth) and its low-level approach to arrays, memory usage and such mimic how assembler programs are written. However, it is not always the case, particularly when you start to use more complex language constructs. Filesystem calls, templates, structs, anybody?
C has the same problems as other languages. In some cases, it has MORE problems - as has been pointed out already, strict typing for instance can help a LOT in optimisation at compile time, something C cannot always benefit from. The one thing C lacks is a JIT compiler - runtime compilation can have some serious benefits, as we've seen with other languages.
NB: My experience in this comes from 68k assembler, writing relatively simple C on the Amiga and noticing how little work the compiler often had to do ;)
I know JavaScript is the future of everything only because it's the only language that is available on "The Cloud" access devices (read "web browser" for you non web3.0 equipped reader) and it's good it get some optimization but when I see image manipulation software written in javascript and running inside a browser I mentally form the image of a giant rubber hammer trying to force a screw into a concrete wall.
:)
I've done *a lot* of javascript dev over the last 10 years, and I can tell one thing, execution speed of javascript has never really been my most important issue. In order network communications, DOM manipulation and that retarded single thread execution model where way higher on my annoyance list.
My hope is that someone will come up with a "pluggable" script engine that can be updated on demand so that I actually use those latest feature instead of having to target 5 years old tech if I don't want to lose potential clients. And yes I imply they should port their engine to IE.
.
Using JavaScript as a general purpose language is a good thing?
Why?
On the off-topic note: Don't even bother thinking about the task manager, just download the Process Explorer and set it to replace the task manager. It's light weight and vastly superior to the task manager in every way. One of the utils I miss in Linux.
Switch back to Slashdot's D1 system.
tip: don't use Task Manager, for investigating performance issues, use PerfMon (under administrative tools on your start menu).
Open a performance report, add the %CPU counter for just IE (it'll be under the Process counter set).
You can get it to update faster than 1 second default, and get it to log to a file instead so you can view it later. Add a network counter and memory counter too for more insight.
Does that also mean it's NOT as fast as native C/C++ code because C# is blatantly not and thus is part of the marketing guff that you were gulliable to believe?
First of all, both C# implementations and C/C++ implementations generally generate native code.
Now, you have to separate languages and implementations. C/C++ implementations are still somewhat faster than C# implementations. Why? Because people have been optimizing compilers and processors for C/C++ for 20 years.
However, intrinsically, C# is the "faster language": C/C++ is a bitch to optimize, and equivalent C# code tends to have more opportunities for optimization.
Furthermore, a JIT implementation is intrinsically the faster implementation for long-running, compute-intensive software: C/C++ batch compilers lack information about runtime types and runtime statistics.
C/C++ have always been horrible from the point of efficiency. One of the most "efficient languages" (in the sense of being able to compile it into efficient code) is Fortran. However, numerical software may be moving to JIT-based systems because it's so much more efficient.
The catch is that you pay two penalties: startup time and memory.
That's a problem with the JVM, not JITs in general. The reason the JVM is slow is because of Java's bloated libraries and Java's idiotic way of storing and organizing libraries.
You are ABSOLUTELY wrong! C# by its very nature can not be as fast as C.
The C# JIT has all the information that a C compiler has (essentially, the entire source code). In addition, it has a lot of global program information and it has runtime statistics. And, the C# language has better defined semantics. All of this taken together means that C# can be optimized better than C.
In terms of performance, C is a lousy language; Fortran is a "faster language" than C.
The only reason C even runs as well as it does is because people have invested 20 years in making compilers squeeze out the last cycle, because C compilers play fast and loose with C semantics at high optimization, and because even CPUs have been tuned to accommodate its semantics.
You should use Process Explorer and tell it to "replace task manager" under options. Process Explorer shows you exact CPU usage and will draw a graph of resource usage for any process.
Interetingly, our tests are showing almost the opposite approach. Our app downloads (and hence parses) a lot of javascript on every page load. We don't actually execute all that much on load though, so the major component of page load time is parse time.
Our testings showed parse time speeds to be:
Safari -- by far the fastest
IE 7 -- fast
IE 6 -- moderate
FireFox 2 -- slow
Haven't tested FireFix 3, so dunno if they sped up parse time, but point is there's more than execution time involved in page load.
I am rubber, you are glue.
You mean goo..
With great power comes great electricity bills.
Logged in (excellent karma) and posting anonymously:
I post offtopic/troll stuff on slashdot anonymously (and occasionally with my karma bonus). Why? I don't know why others do it, but I do it in response to lame stories, lame comments, and lame moderation.
I can (and do) write out articulate, knowledgeable comments, but if they're just going to get modded down for not conforming to group think while blatantly wrong information is modded up, I might as well post a comment about a dude eating shit or having sex with a horse.
It does make me laugh when people accuse me of being a paid MS employee trying to derail the conversation. +4 informative, indeed!
Nope, I do mean glue.
1) Never do anything you don't need to.
Applied properly, this gets into all kinds of code assessment that is trivial to do but needs tracking.
Think of it as filling a sparse matrix of unknown dimensions when doing step 2.
2) Never do anything twice, (right down to the iron.)
Applied properly, this gets into all kinds of execution assessment that is trivial to do but needs tracking.
3) Repeat 1 and 2 until you run out of RAM.
Then you need to get judicious on its ass.(By pruning the sparse matrix [when the only penalty is refilling the matrix.])
JIT compilation gets things out of the way by not 'going there' (the 80/20 rule applies nicely to code execution/optimization,) or gets things over with 'once and for all, (the 99/1 rule applies when you've got the right kinds of memory structures [handles as opposed to references,]) and can result in stuff you wouldn't want to decipher since the optimization depends on the actual order of execution.
But it can run almost as fast as the iron can handle.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I am curious as to how this new engine performs on older computers. I want to know, is it the evolution for this kind of software rooted in the capabilities of newer computers, or is it evolution of logic concepts based on R&D that is also easily accessible to old hardware still?
Some of us prefer green text.
... has a cost, in terms of cpu cycles and memory.
For compiled code, that cost is paid at compile time.
For interpreted code -- JIT or any other sort -- those costs are paid at run time.
Let's try to be at least a LITTLE analytical about this.
if M (the amount of memory required) consists of m1 + m2 + m3, where:
m1 is the amount of memory required by the compiled code
m2 is the amount of memory required by the compiler/interpreter/optimizer
m3 is the amount of memory required by the problem data
Then it is pretty easy to see that m2 is zero at runtime for compiled code, and that the difference (if any) in m1 for the (supposedly) superior real-time optimization will be far, FAR less than m2 (which will be zero at runtime for compiled code).
Similarly, if we look at P, the amount of processor resource required, we can break it down into p1 and p2, with:
p1 being the cycles used to perform the problem
p2 being the cycles used to optimize the code
Again, p2 is done in real time with interpreted languages, JIT or not, and is done at compile time for compiled code. At runtime, the amount saved in p1 by (supposedly) superior optimization will only exceed p2 in the case of repetitive problems executed for long periods of time. Remember, at execution time (which is what we care about), p2 is ZERO for previously compiled code.
It takes a very long-running, highly repetitive program for the improvements in efficiency from superior optimization to overcome the overhead of realtime compilation.
For short, non-repetitive executions, interpretive execution is HIGHLY unlikely to prove superior to previously compiled code.
In a very large fraction of the computer programs run today, the compile time exceeds the run time of the program. When you consider interpretive code as requiring "compilation" every time it is loaded, you begin to see the advantage of previously compiled code.
The major reasons for using interpretive languages have always been the improvements in the development cycle. Raw execution performance of interpretive code (JIT or otherwise) is unlikely to ever exceed that of compiled code, for C or any other language, for exactly the reasons outlined above.
Hey I fucked your mom in the ass and it was great. She's such a slut!
http://people.mozilla.com/~schrep/tm-image-adjustment.swf
Microsoft absolutely needs fast cross-platform Javascript for some of the stuff they are developing.
In short, it's hardly worth to optimize engine specifically for the piece of crap that is SharePoint JS code. There are certainly better examples around :)
Javascript is, fundamentally, just as good as Java (and the qualities of Java as a language are, of course, highly debatable).
While that may be true, it's not particularly relevant. Javascript and Java have nothing to do with each other besides the name.
Yes, they both have C-derived syntax, but they are not otherwise related in any way.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
I'm out of my mod points today, but that is truly amazing!
I love it when people try to defend "Web 2.0" by claiming that anyone who thinks web development is misguided is just a technophobe who wants to return computers to the state they were in in 1991. Yes, if someone says, "AJAX is bad," clearly they are also against GUIs, the Internet, and personal computers. After all, there is clearly no use for computers except as web clients or servers in this day and age, in their eyes.
Palm trees and 8
Reply to your offtopic problem:
You can delete / rename the following registry key and the settings will revert to the original ones:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager
No Javascript runs faster than any Javascript.
There is no background.
On the Mac you would have a hard time finding another browser that is so steadily going down the tubes, with every so-called new release or update (whatever buzzword they're using now
It failed to load the css stylesheet for Slashdot, just now, but a refresh, coming from another link on the style-butchered page brought up the CSS. If you're on another platform you cannot imagine what a huge pain in the ass it is.
So why use it, right? I mean, if you don't like it, use something you think is better. I know that, and I feel bad bitching, but I use the Web Developer add-on all the time, and on Qwest dsl, it's convenient to use FlashBlock.
The versions of web developer-like plugins for Safari, just suck; it's as simple as that. Otherwise I'd be on Safari. But it's far more proprietary-behaving than Firefox.
Let's face it, they set out to make a better browser that would feel 'comfy' to Windows Internet Explorer users, and they seem to have succeeded, I guess. But it is not a Mac thing, at all. I tend to gravitate towards apps that, if they are supposedly designed to work on multiple platforms, they try to pay at least some minor attention to the platform's API. Firefox fails on this count. I'd rather use IE in Windows 2000 Pro, any day of the week. And I would, if it wasn't for a shitload of Adobe apps on my Mac setup.
Why don't the Firefox developers just borrow somebody else's balls and say, "The Macintosh is too small of an installed footprint, so we don't give a shit." And that would be fine with me. I use an Apple, I, myself, am NOT Apple. And besides that, wanna know what I think? If Mozila/Firebox borrowed those balls and said, "We're sorry, we're really a Windows app..." I'll bet they'd have several hundred million more downloads, globally, for Windows OS. Think about it
If the new version is better on Linux and Windows, well I say congratulations. And I mean it, because I don't want other people's experience with software to be shitty, because I know what that's like. I get enough of that with fucking Apple OS.
Well, since you refuse to answer my last post? Here goes:
"The fact that Javascript is used to take advantage of them is completely irrelevant" - by zoips (576749) on Saturday August 23, @04:41PM (#24721311) Homepage
That sure makes sense (NOT!):
Since javascript is used, then javascript has everything to do with it.
Speeding up javascript processing should have taken a 'back seat' to securing it (and, what YOU noted, in browser's document-object model etc. et al).
For example, if one was to turn off javascript, then one would be proofed vs. this attack and many others, period!
Now, please note that my original posting noted that the majority of attacks the past few years also involved javascript (via bad site code, or html mail attacks that use javascript, & lastly in bad adbanners) - turn off the use of javascript (& other script related features + plugins like FLASH, you are essentially immune to they.
So, I'll ask the question this way: IF ONE WERE TO TURN OFF THE USE OF JAVASCRIPT, THEN, WOULD ONE BE IMMUNE/PROOFED VS. THIS ATTACK (yes, this one) AND OTHERS LIKE IT THAT I NOTED FORM THE MAJORITY OF ATTACKS ONLINE THE PAST FEW YEARS (like you read about over @ SECUNIA.COM, SANS, SECURITYFOCUS, & YES, HERE ON THIS SITE)?
ANSWER = YES, YOU WOULD BE!
APK
1.) Turn on the developer menu under advanced preferences. This gives you DOM and CSS inspection, network activity monitor, user agent selection, JavaScript console and other basic web dev tools.
2.) Download Drosera. The download instructions for Safari 3.1/3.0 have you download a version of WebKit, but you don't need to install it. Just install the version of Drosera that comes in the DMG. You'll also need to enter the command to enable WebKit script debugging (provided in the link), restart Safari and you're ready to go.
I think FireBug still beats the Web Inspector/Drosera combo in a few areas (e.g. I'm not sure if you can dynamically alter CSS like you can in FireBug) but these tools get you most of what you're accustomed to in FireBug.
Or try Camino: http://caminobrowser.org/
I didn't answer your post because you clearly didn't read mine, or at least failed to comprehend it. It is not a Javascript issue, it is a browser security issue. Yes, turning off Javascript eliminates the problem. But that's merely treating a symptom, not the disease.
As I said, if more browsers than IE supported multiple scripting languages you would see these exact same attacks in other languages. It's like claiming that because Windows is written in C/C++, and Windows has lots of virus problems, therefore C/C++ are at fault (well, C++ is for being a shoddy language >_>), not Windows security.
Does this make sense to you now or is it still flying right over your head?
Look at the nanojit code! Thank you for nothing... really.
"Does this make sense to you now or is it still flying right over your head?" - by zoips (576749) on Monday August 25, @10:43AM (#24736899) Homepage
Going to make this simple for you, ok?
[b]Answer me 1 single question ->
QUESTION = "IF I TURN OFF JAVASCRIPT, AM I or AM I NOT IMMUNIZED VS. THIS ATTACK & ALL OTHERS THAT USE JAVASCRIPT?"[/b]
(ANSWER = YES, I AM (no matter HOW you try to "cut up the pie", it just works, period (and, you KNOW it, hence your unwillingness to answer that simple question - so, I answered it for you)).
APK
P.S.=> What I know works, is this: You turn off javascript? You are IMMUNE to this AND OTHER attacks, that use javascript... & as to not reading others' replies? I said it was "JAVASCRIPT RELATED" in my first post to which you replied, did I not, verbatim? Yes, I did. It clearly IS 'javascript related', because when I turn off javsscript, an attack such as this cannot even TOUCH my system, period. Now, is THIS point flying "over your head"?... apk
No, I get your point. It's just flawed. This is pointless.
"No, I get your point. It's just flawed. This is pointless." - by zoips (576749) on Monday August 25, @03:56PM (#24741391) Homepage
It's flawed, eh? Somehow, I think not - just based on your unwillingness to answer a SIMPLE question from myself, to you!
(Funny how you still won't answer a SIMPLE question)...
Well - Here it is, again/once more, (& a mere YES or NO, will do from you, nicely, as an answer):
QUESTION: IF I turn off javascript usage in my webbrowser (or email program, OR even say, an app like Adobe PDF reader), am I, OR AM I NOT, immune to attack that involve the usage of JAVASCRIPT?
ANSWER: Let's hear it from you... & again, a SIMPLE YES or NO, will do!
APK
P.S.=> BUT, then again, we already KNOW the answer (YES - turning off javascript usage will 'immunize' someone vs. javascript related attacks online), don't we...? apk
Yes, turning off Javascript eliminates the problem. But that's merely treating a symptom, not the disease.
"I already agreed with you." - by zoips (576749) on Monday August 25, @05:26PM (#24742825) Homepage
Then, apparently since you AGREE WITH ME? Your point was flawed - it's pretty simple to fix, in that IF you don't use javascript, then you ARE SAFE vs. attacks that involved the use of javascript... period.
This is all I needed to see, the fact you agreed with me!
(MY POINT? That you, THINK (twice) before telling someone THEIR case is flawed, especially when you agree with it, yourself).
APK
P.S.=> Yes, says ALL I, or anyone else reading here, needed to see... Thus, I rest my case... as to idiots? Well, for someone that disagreed with me, & now suddenly agrees with my point?? Well... I'll let others reading, do the judging... simple! apk
Then, apparently since you AGREE WITH ME? Your point was flawed - it's pretty simple to fix, in that IF you don't use javascript, then you ARE SAFE vs. attacks that involved the use of javascript... period.
So I take it is your opinion that if browsers used Python instead of Javascript as their page scripting language that we would not see XSS attacks?
This post thread at slashdot is about javascript... thus, I said nothing about anything except javascript, since it is the topic of this post. I like keeping on topic, unlike yourself. Do I disagree with you on other tools you mention (VBScript, Python, etc. et al)? No, but, discussing they is off-topic... & I don't "set myself up" for that, being called "off topic", period.
NOW, since javascripting is widely used in attacks online, I am ontopic (you aren't)... Simple.
HOWEVER - It is GOOD to see you FINALLY agreed with me, & conceded that much, on this much though - that by simply turning off javascript, an end-user/surfer, are safe vs. attacks by its misuse.
APK
P.S.=> The same goes for any other scripting language (or their underlying object model) too - fix the bugs or potential for them, by all means... I am NOT disagreeing with anyone on that account, NOR, did I once say I did... can you show me WHERE I may have done so? No, you cannot... period! apk
Now you're just being disingenuous. Offtopic my ass...
"Now you're just being disingenuous. Offtopic my ass.." - by zoips (576749) on Monday August 25, @06:16PM (#24743499) Homepage
Well - is this a post topic thread about Javascript, or not? New NEWS - it is about javascript (not any other scripting tool for webpage functionality enhancement)!
Plus, NOW that you've been FORCED by reason to agree with my point? That does the job for me...
(My point was simply that turning off javascript, the topic of this post on slashdot, immunizes folks to attacks via javascript - to which you HAD to agree, because it simply, works, for proofing folks vs. javascript based attack...)
See, your now resorting to profanity directed my way (out of "geek angst" no doubt on your part, @ being forced to agree with myself, lol)...?
Well - this is ALL anyone needs to see @ this point.
THUS, again: "I rest my case..."
(Thanks for making that possible by the way (nothing like a GOOD 'win', based on pure unadulterated logic, facts, & YES, reason (that forced a "YES APK YOU ARE RIGHT" out of you, in essence))...
APK
You're right. I was trying to point out that the problem is not contained specifically to, nor inherently caused by, Javascript. Silly me.
"You're right" - by zoips (576749) on Monday August 25, @06:54PM (#24743961) Homepage
Yes, I know... I'm right - Pity you had to concede I am, 2x now in fact!
First via the methods I extoll for protecting users from javascript based attack online (or not)...
Secondly, the fact also remains that you could NOT find me stating that other tools/scripting languages could NOT do the same (mess end users up).
Again/once more - The topic here is NOT anything but javascript (see topic title)... I stayed STRICTLY on the topic, javascript, period.
(AND, I never once disagreed with the fact other scripting languages could potentially (more than just that of course) could also... not once, & you looked for that, & did not find it (as I said you would not, lol))
----
STILL - It was good getting that:
"YES YOU ARE RIGHT APK"
out of YOU though, because, no matter HOW you 'slice & dice it', I am correct on my methods for keeping users safe online vs. javascripted attacks
----
(&, yes - even others like them that use other webpage enhancing languages/scripts)
So - turn them off (where you absolutely DO NOT NEED THEM for required functionality out of a webpage (such as shopping &/or banking ones)?
WELL - You can't get touched by them, period...
(I am correct, that as far as my stating that a simple measure like turning off javascript in email, webbrowser, or other apps that use it (e.g. I gave was Adobe PDF reader), just plain works for securing end users vs. attacks by javascript, period)...
APK
P.S.=> People reading/fellow slashdot readers, I have a question: Is there a pill for "geek angst"?
If so, can you let zoips in on them??
Thanks... he's experiencing a "geek angst" attack (@ having to admit the person he is debating with (myself) is right)
Poor guy! lol... well, back to listening to "IN A WORLD OF HUMAN WRECKAGE" by Sponge (as I picture the SMOKING CRATER that zoips is crawling out of now, lol... reminds me of IRON MAN hauling himself up out of the crater when he was shotdown by that tank in the new Marvel Film: IRON MAN, lol)... apk
I browsed the first twenty or so comments here and saw nothing but "Microsoft", "pig anuses" and other troll stuff!
Can we maybe forget these Javascript discussions and perhaps go back to civilized talk about COBOL?
Like in the olden days?
...
.
- aqk
F U