JavaScript User Prohibitions Are Like Content DRM, But Even Less Effective

Robotech_Master writes: It always puzzles me whenever I run across a post somewhere that uses JavaScript to try to prevent me from copying and pasting text, or even viewing the source. These measures are simple enough to bypass just by disabling JavaScript in my browser. It seems like these measures are very similar to the DRM publishers insist on slapping onto e-books and movie discs—easy to defeat, but they just keep throwing them on anyway because they might inconvenience a few people.

Try using Tor now with the fucking Cloudflare!

Damn near 1/2 the web switched on some shitty CloudFlare site blocking shit - and Tor users are being hit the worst!

No - No I will NOT turn on my javascript you fucking CloudFlare using sites. NEVER!

Re:Try using Tor now with the fucking Cloudflare!

[Mashiki]

Lot of sites switched to cloudflare as a cheap method of DDOS protection nothing more. It also makes it a pain in the ass for those of us who are out of the country and have to use a VPN service for work.

Re:Try using Tor now with the fucking Cloudflare!

More like somebody decided to DDOS a website to push it under Cloudflare "protection", with free HTTPS MITM included!

Re:Try using Tor now with the fucking Cloudflare!

[Mashiki]

So stop visiting those sites.

Sure, I'll just remove Zendesk and Cisco from the list of companies I occasionally have to do work with. I'm sure that will work out well.

Re:Try using Tor now with the fucking Cloudflare!

[ArsenneLupin]

So stop visiting those sites.

Sure, I'll just remove Zendesk and Cisco from the list of companies I occasionally have to do work with. I'm sure that will work out well.

Why not? Grow a pair, and the world will be a better place.

Re:Try using Tor now with the fucking Cloudflare!

Well, because in this case "growing a pair" means "convince the Unemployment Benefits guys that losing my job due to not going to necessary websites was a moral stance that I just couldn't resist"

Idiot.

Re:Try using Tor now with the fucking Cloudflare!

So stop visiting those sites.

Sure, I'll just remove Zendesk and Cisco from the list of companies I occasionally have to do work with. I'm sure that will work out well.

Why not? Grow a pair, and the world will be a better place.

So said the kid sitting in his Mommie's bedroom playing Farmville all day. Indeed.

Re: Try using Tor now with the fucking Cloudflare!

Seems to be working pretty well for me.

Re:Try using Tor now with the fucking Cloudflare!

Will you pay his living expenses when his income evaporates because of taking this stand? I won't.

Re:Try using Tor now with the fucking Cloudflare!

[Mashiki]

Why not? Grow a pair, and the world will be a better place.

Well, I clear around $7800/mo(not counting overtime which pushes me into the 138k range yearly) so if you'd like you can contact me at the above email address and I'll send you my paypal and you can start transferring the money over post-haste.

After all, when the company policy is to use xyz vpn while in HK or China you do what they say or you lose your job. This isn't rocket surgery.

Re:Try using Tor now with the fucking Cloudflare!

[ArsenneLupin]

Looks to me like you are actually part of the problem...

But anyways, feel free to post your Paypal here, I'm sure plenty of people around here would be able to make good use of it :-)

Re:Try using Tor now with the fucking Cloudflare!

[Mashiki]

Ah, being employed is part of the problem. That sure makes makes a lot of sense. Funny that it always appears that the guy with the loud mouth claiming that the other person is the problem when they're called out.

Ah, but it's the effort to deter that counts.

Nobody expects a "No Trespassing" sign to stop anybody from really doing anything they shouldn't, heck, you shouldn't expect your home locks to stop a burglar, and no, nobody thinks a "No Guns allowed" sign stops anybody with firearms.

But once you say "Stop, don't do it" then anybody making the effort to continue, no matter how trivial, has made an intentional action on their part.

Re:Ah, but it's the effort to deter that counts.

[Alwin+Henseler]

You might have been right if the DRM applied aligns 100% with legal boundaries. That is, allow what's legal and prevent illegal uses. And keeps doing so as circumstances / place / time changes.

But in practice, it never does. DRM on an e-book that prevents copying period, also prevents copying small snippets to use as quote. Which is perfectly legal - see "fair use".

Unlike author claims, the DRM on Blu-rays is far from broken. If it were, playing them on open source operating systems like Linux would be as easy as playing DVD's on there. But that's not the case. There's databases of per-disk decoding keys floating around. There's libraries that emulate some sort of virtual machine that's built into 'authorised' playback devices. There's other libraries that cut through parts of the DRM bullshit, or attempt to streamline the process.
But all of these are kludges, there's no 100% guarantee that a random Blu-ray will play (using open source, at the moment), and it's a lot of hassle for users who are just trying to play discs they legally purchased. I'm sure it's only a matter of time before the DRM on Blu-rays will be as irrelevant as that on DVD's, but we're not there yet and in any case it doesn't change the annoyance factor one bit.
What's more: these issues mostly bother legal users, those who download movies illegally couldn't care less. But the DRM will still be in place as long as the discs itself. Regardless of legalities.

There's countless examples like that. The technical measures are practically never capable of following legal developments, nor do they adapt to local jurisdiction. Or have a built-in kill switch that 'frees' a product when legal restrictions end. In my personal opinion: DRM simply lowers the value of products that it's applied to, PERIOD. Sometimes to the point of making those products worthless. Some DRM is just more annoying or difficult to circumvent than others.

Re:Ah, but it's the effort to deter that counts.

You might have been right if the DRM applied aligns 100% with legal boundaries. That is, allow what's legal and prevent illegal uses.

You're not saying I'm wrong, though. But actually, allowing circumvention is yet another legal avenue, which sometimes HAS been granted.

also prevents copying small snippets to use as quote. Which is perfectly legal - see "fair use".

There is no law, AFAIK, that requires them to make it easy for you to copy and paste the contents of their work.

Maybe it's just easier for them to let you go through some tedious step that most people don't bother with. If what you are doing passes the fair use test, well, no foul, but if it does, then they can get you and you have shown you know what you did.

In my personal opinion: DRM simply lowers the value of products that it's applied to, PERIOD. Sometimes to the point of making those products worthless. Some DRM is just more annoying or difficult to circumvent than others.

Unfortunately, unless you are a major media content owner, nobody will care much about your opinion. Heck, very few people care about Eric Flint, Cory Doctorow, or any number of others.

Re:Ah, but it's the effort to deter that counts.

[gl4ss]

just because something blocks you from accessing a context menu doesn't mean that you're not allowed to press save as.

besides, for all your examples you would notice if someone did that.

furthermore, are you really so stupid that you think people don't generally leave their guns at home when boarding a flight because there's signs(rules) saying so? wtf man, wtf. how would you know if a bar banned open carry if they did not post a sign. those signs, they stop a plenty of people from doing things other people don't want them to do. sure, they're not a fence or a wall or a safe, but they are not supposed to be those things either.

how would you know it wasn't private property without the no trespassing sign anyways? ok, so, in the desert around area 51 the signs stop nobody? you sure about that? how the fuck are hikers supposed to know that they are not allowed to go there unless they have signs up.

and back to the original subject - why do they keep pushing javascript fake drm? for the same reason sony shipped crappy cd drm that never worked. because someone SOLD THEM THAT DRM SOLUTION AND THEY WERE STUPID ENOUGH TO BUY IT.

Re:Ah, but it's the effort to deter that counts.

[Z00L00K]

But this also prevents those that may just want to make a quote and then link to the full story at the site.

The practice to think that all such actions are evil intended is sick.

Re:Ah, but it's the effort to deter that counts.

But this also prevents those that may just want to make a quote and then link to the full story at the site.

So you're one of those fuckers polluting the net with a 'click my ads, I'm just posting links' sites?

Re:Ah, but it's the effort to deter that counts.

[Bert64]

A sign is a notification...
A notification on a website could be placed within the text of the site itself, using javascript is a very poor attempt to do more than just post a sign...
It's more akin to an extremely low fence.

The worst part is that whoever requests stuff like this be added generally believe it's actually effective, but all it does is serve to irritate users.

Re:Ah, but it's the effort to deter that counts.

Actually bypassing DRM is illegal (even badly designed ones) and there is no fair use exception for it; unless the library of congress made an specific fair use exception to break DRM.

Copying text from a website as a quote is fair use, except when there is some kind of DRM as breaking DRM for copying a quote is not exempted by the library of congress.

Re:Ah, but it's the effort to deter that counts.

[bytesex]

In the US, bypassing DRM is illegal. Not many other places. Of course, the US reserves the right to try any world citizen in absence for infractions not committed on US soil, so there's that...

Re:Ah, but it's the effort to deter that counts.

[StormReaver]

In my personal opinion: DRM simply lowers the value of products that it's applied to, PERIOD. Sometimes to the point of making those products worthless.

This is the reason I don't buy Blu Ray disks, ever, but continue to buy DVD's. The first thing I do with DVD's I buy is to extract them to my home media server, to keep the original disk safe and to be able to watch the movie from any computer in my house. Blu Ray makes this so painful that I just won't buy any. That type of access restriction lowers the value of Blu Ray to zero.

I totally get why illegal movie downloaders claim that the movie studios are the biggest cause of illegal movie downloading.

Re: Ah, but it's the effort to deter that counts.

What if you don't copy the quote from a book using copy/paste, but rather just re-type the quote by hand? No DRM circumvention there. Just more of a pain in the ass.

Re:Ah, but it's the effort to deter that counts.

Actually bypassing DRM is illegal (even badly designed ones) and there is no fair use exception for it; unless the library of congress made an specific fair use exception to break DRM.

"But actually, allowing circumvention is yet another legal avenue, which sometimes HAS been granted."

Hence my words. I don't see why people keep repeating what I already said.

Copying text from a website as a quote is fair use, except when there is some kind of DRM as breaking DRM for copying a quote is not exempted by the library of congress.

And there's no law that says they have to make that particular usage easy for you.

Re:Ah, but it's the effort to deter that counts.

those who download movies illegally

I recommend that people start using precise terminology for this.

Neither the uploaders nor the downloaders are necessarily acting illegally.

An uploader might be committing "copyright infringement", which is usually a civil issue. If someone is a defendant in a civil action, we don't use the term "illegal" to describe the actions alleged in the complaint against them.

If the uploader enjoys a profit from the infringement, then the uploader might be subject to criminal prosecution -- and it is only in this narrow case that the uploader can be said to be acting "illegally". In most criminal copyright infringement cases, the distributor has a thriving business selling the physical media. These criminals are sometimes called "pirates", and pirates are utterly uninterested at the notion of giving away their product for free via Internet uploads. Do not call someone a "pirate" unless they have been criminally convicted of copyright infringement (or an armed assault against a ship at sea).

It's crucial to understand that the downloaders are not necessarily committing "copyright infringement" at all. Only an uploader has potential liability for copyright infringement. If the downloader didn't distribute the material, then civil or criminal action against the downloader is not feasible. (Here I am assuming that the downloader only received the material, and didn't also upload it to others.)

Re:Ah, but it's the effort to deter that counts.

just because something blocks you from accessing a context menu doesn't mean that you're not allowed to press save as.

Indeed, but the thing about the block is it makes you go through a clear and intentional step.

besides, for all your examples you would notice if someone did that.

Yes, it is about giving notice before you take action.

furthermore, are you really so stupid that you think people don't generally leave their guns at home when boarding a flight because there's signs(rules) saying so?

We have TSA for a reason. Signs aren't enough.

wtf man, wtf. how would you know if a bar banned open carry if they did not post a sign.

Exactly! Though some places may ban firearms in general from bars, different strokes, y'know?

those signs, they stop a plenty of people from doing things other people don't want them to do.

Signs stop nobody, they give people who see them a choice to stop or not.

sure, they're not a fence or a wall or a safe, but they are not supposed to be those things either.

Exactly. You keep saying what I've already said for some reason!

how would you know it wasn't private property without the no trespassing sign anyways?

Hence why many places require those signs before you can prosecute a trespassing offense in many cases.

ok, so, in the desert around area 51 the signs stop nobody? you sure about that? how the fuck are hikers supposed to know that they are not allowed to go there unless they have signs up.

Area 51 is another example where they have more security because the signs don't do anything but let people know.

and back to the original subject - why do they keep pushing javascript fake drm? for the same reason sony shipped crappy cd drm that never worked. because someone SOLD THEM THAT DRM SOLUTION AND THEY WERE STUPID ENOUGH TO BUY IT.

Because like it or not, it's the effort that matters, not the effectiveness.

Annoying as it is, it does the job of serving notice.

Re:Ah, but it's the effort to deter that counts.

[dryeo]

America has successfully been pushing for other countries to make breaking DRM illegal. Here in Canada the US claimed we were worse then China for pirating and pressured the government to make breaking any DRM (excepting VHS tapes) illegal, not even the exceptions you guys get. All the trade treaties in the pipeline also include various ways to make IP stronger, copyrights longer and other BS.
American companies are well served by their government, much better then the voters/taxpayers.

Re:Ah, but it's the effort to deter that counts.

[thoromyr]

While I generally agree with what you are saying, if you are able to break the DRM by yourself without recourse to a cracking tool made by someone else (such as the previously mentioned turning off javascript and then copying from a website) then that is defensible. I don't recall the court and don't have a citation handy, but that was the criteria employed by a judge in deciding a case.

In other words, using a library to crack dvd encryption would be a violation of the DMCA, but if you independently wrote a cracking tool then that could legally be used for your own purposes. Pretty much bullshit, but it does apply to the example you provide.

Related to the futility of web-based DRM, a long time ago a photographer once asked me how to prevent people from taking his photographs from his website and reposting them as their own. My answer was that you can't really prevent people from doing that, but if you branded the image (embedded logo in it) then saved it as a jpg with the lowest quality that would satisfy him it would mean that someone "stealing" the image would either retain the logo or have to be satisfied with lower quality. (He didn't like that, insisting that there had to be a way to prevent people from swiping the images, and wouldn't believe me that they were all trivially circumvented. It was unacceptable to him for there to be a visible logo in the image. Oh well.)

Re:Ah, but it's the effort to deter that counts.

[chmod+a+x+mojo]

But in practice, it never does. DRM on an e-book that prevents copying period, also prevents copying small snippets to use as quote. Which is perfectly legal - see "fair use".

I'm sorry to hear that your fingers are broken and you can't type up your paper / article / whatever. By the way, how did you manage to write the rest of the words, including the proper citations of the text you wanted to copy? And hoooo boy, what if you wanted something from a physical book? Scan and OCR or just get lazy and take a photo of the page?

Re:Ah, but it's the effort to deter that counts.

What's so painful about it? Slysoft AnyDVD plus Handbrake = extraction. Granted, you do have to pay for AnyDVD, which a lot of Slashdotters would consider to be ideologically unsound, but I've found my lifetime membership was the best $100 or so I ever spent—especially when I find I've bought a non-region-1 Blu-ray by accident down at the local salvage shop that sells wrong-region discs from time to time.

Re:Ah, but it's the effort to deter that counts.

[harl]

Except that keeping people out isn't the point of "No Trespassing" signs. A legal requirement of trespassing is that you have to be told that you are not allowed there. Thus if there are no signs then you cannot be prosecuted unless an authorized agent finds you in the act and requests your departure.

Re:Ah, but it's the effort to deter that counts.

[Locke2005]

DRM doesn't plug the analog hole. If you wan't to copy small snippets from a book, type them in by hand like I do. The trivial cut-and-paste blocks aren't intended to prevent copying, only to make it more inconvenient. Agreed, it would be nice to have technological countermeasures better aligned with the legal restrictions, but the technology changes a lot faster than the legal framework for dealing with technology, and lawyers don't make any effort to align the law with the technology, do they?

Re:Ah, but it's the effort to deter that counts.

And it's also the effort by the site that counts. Stupid javascript that's intended to "catch" right button clicks on Windows, but actually (also?) pops up a message box accusing me of illegal and/or amoral deeds when I middle click is just unacceptable. And let's not forget about any other uses of the many mouse buttons one has nowadays, most of which are probably legitimate even in the eyes of the idiot that installed that javascript.

Re:Ah, but it's the effort to deter that counts.

[KGIII]

You don't like DRM, eh? What's your Slashdot password? Or you just selectively dislike it?

Do you not recall the history of hating DRM and where it got its origins from? RMS, back at MIT, was bothered by the admins insisting that people use passwords. So, he went around and bugged everyone to get them to either use the same password or, better yet, leave it blank. Passwords are a form of digital rights management. As is CHMOD but that's a topic for another day.

So, how 'bout that password? I suspect you'll say some funny things if you're sincere about that hate for DRM.

And yes, in case you think I'm serious, I'm mostly just poking to see what sort of reply I get. I don't actually want your password and you don't seem to be as 'passionate' as some who decry DRM while, of course, being logged in and protecting their account with a password, which is where the whole thing really got its roots.

Re:Ah, but it's the effort to deter that counts.

Because when you want to quote anything from a file on a computer in another place, your first impulse is to retype it by hand?

security

Nobody who cares about security has Javascript enabled by default to begin with, given its track record so far.

Re:security

[lucm]

With more and more single-page websites that use stuff like Angular, it is no longer possible to have a decent Internet experience without javascript. Might as well just browse the Google cache.

Re:security

The solution is simple: don't use sites that make it hard to use. Stop fighting their systems and wake up to the fact when you are doing so, you are spending your limited time on this planet to become their product. They sell your access to advertisers, that's the sole reason why they exist. The content is invariably scraped or plagiarised from elsewhere, too. The more effort you put into using these awful front-ends, the more you're conditioning yourself to be a loyal eyeball to that brand.

Re:security

[lucm]

What are you talking about? I don't "put effort" in using Gmail or Trello.

Javascript is a lot more than ads and tracking. It's a legitimate client-side web technology that makes it possible to run rich apps in the browser or on a mobile device without having to reload pages all the time and without having to use toxic stuff like Flash or ActiveX.

And how the fuck do you post on Slashdot if you don't have javascript enabled?

Re:security

And how the fuck do you post on Slashdot if you don't have javascript enabled?

I got NoScript enabled.

All I do is following the "Reply to This" link, enter text in the "comment:" inputbox, enter the capcha in its box, press "preview" and when all looks well press "Submit". Just like everyone I suppose, regardless of if they have JS enabled.

Something you could have easily found out for yourself by disabeling JS and see what you got. :-|

And although I agree with you that JS can certainly do a number of very positive, worthwhile things, its the abuse of it that concerns me.

P.s.
Slashdot, thank you for keeping your site usable for people like me, who do not wish to accept random active content onto their machines.

Re:security

web technology that makes it possible to run rich apps in the browser or on a mobile device

Kill yourself

Re:security

[serviscope_minor]

In firefox you can disable clipboard events only, which allows javascript to run but completely nerfs attempts to block copy/paste. about:config

Note however that it will break things like google docs until you re-enable them since that requires overriding copy/paste events apparently are necessary as the browsers provide them rather than more generic operators.

Re:security

[lucm]

Kill yourself

I think people like you play an important role on internet. You're like the crazy homeless people who make the subway ride more entertaining when you've left your kindle at the office.

If I can make a suggestion: maybe if you could sound just a little less like a petulant teenager making angry posts on Facebook, it would make you slightly more relevant. But in any event, keep up the good work!

Re:security

Are you sure NoScript has JS disabled for the same origin? If you ever see an animated "Working..." bar at the bottom of the page while the captcha loads, you have JavaScript enabled for the site.

Re:security

Eh, open up Chrome, open up the developer tools, just let the page load normally, head to the network tab, find the transfer with the data you're interested in, and enjoy.

Re:security

[lucm]

Just opening the Gmail inbox and looking at 1-2 emails and there's already 50+ different xhr calls in your developer tools console. Trello has even more.

I don't think you understand how internet works nowadays.

Trivial to bypass

[PhantomHarlock]

I am a photographer, and I have no problem sharing this:

If you want to get around the image obfuscation used by most photo sharing sites and more and more news sites, open up firefox, and go to view -> page style -> no style. That usually gives you the actual image displayed somewhere in the resulting page. No plugins needed.

If you want to better ensure your name stays with an image, watermark it, and add meta-data. Depending on how annoying the watermark is, someone could take the time to paint it out, and meta data is trivial to strip. As the saying goes, if you can see it, you can take it. If you're that worried about it, don't show it to anyone.

Re:Trivial to bypass

There is a photo 'protection' system I have seen recently (cannot remember the name) that genuinely obfuscates around this.

It's pretty heinous in implementation -- the photos get split into tiles and reassembled in a Canvas, like Google Maps. It's not really going to thwart a screengrab and I bet it's pretty ugly in terms of battery life/CPU on mobile. I would not want this on my website.

Of course if you want your photos to be seen, you play the social media game, and that means sending unobfuscated images to _someone_, where they will be stolen. It happens to everyone and there's no reason we photographers should be first to be protected.

If I remember what it was bloody called I will reply to myself, though, because it was interesting in its heinousness.

Re:Trivial to bypass

[Aighearach]

I bet it's pretty ugly in terms of battery life/CPU on mobile

It is likely to be nearly free, because the 2d video hardware handles moving the squares around. From a CPU perspective it is just re-ordering an array and making a few API calls to the video driver. The standard fiddling of the DOM that modern websites do with JS is way worse.

I always just assume that the photographer doesn't want the unwashed masses to see their work, so I oblige them and find content that wants to be Free. Content wants to be Free, but not all content. Humans want to be Free, but not all humans. Free humans should use Free content. Everybody wins! Even elitist-DRM-guy, who is protected from the limelight.

Re:Trivial to bypass

I've used DigiMarc for years as a way to invisibly watermark images. The only time I've had to use this was someone linking to images on my website, using my bandwidth. I changed the pics the links he pointed to, to random 4chan memes. He then threatened to sue, and claimed ownership of my images. Well, a DMCA takedown notice sent to his ISP and the ISP above him did the job. I then change my web code to only let people with a Referer header from my site view the pictures (primitive, but deters stuff), and moved on.

Re:Trivial to bypass

I just go to the page source and search for "jpg". I like collecting photos onto my hdd, or rather now cloud service storage, and it's an easy enough way to get past Flickr's obfuscation.

Re:Trivial to bypass

[thegarbz]

I like Flickr's attempt at blocking the image. If I want to download an image in Chrome I normally right click the image and hit S on the keyboard. Then save it somewhere. If a Flickr image is marked as download disabled and I right click an image in Chrome and click S I still get given a familiar save as dialogue. Except this time since Chrome doesn't think I clicked on an image it downloads the page. .... with the image at every available resolution. Just sorting the resulting folder by size gives the image.

This isn't even a wilful bypass, it's an accidental bypass.

Re:Trivial to bypass

I know you're right, but I get a perverse pleasure from bypassing half-arsed copy protection. If I get blocked doing something simple like grabbing an image it's like a red rag to a bull.

Re:Trivial to bypass

[lucm]

Looks like the opposite of sprites, so it's probably called pepsi

Re:Trivial to bypass

heh nice trick. Also tools->page data->media works too for everything.

Re:Trivial to bypass

[Falos]

>If you're that worried about it, don't show it to anyone.

This. "Three men can keep a secret if two are dead."

Once you release something in the wild, any illusion of control over it exists on a voluntary basis. If you want moral (but not logistical) claim over it, put it behind conditional agreement. You don't see corporates protect their trade secrets with propaganda posters - you have people sign a fucking NDA and you STILL maintain a need-to-know over sensitives that you keep relatively quarantined.

Because information is a contagion, not a possession.

Re:Trivial to bypass

"Just testing the old 'If you can see it, you can take it'. I don't even give a fuck about the photo of a fruit bowl and flower vase, honestly."

Re:Trivial to bypass

Even with download turned off, as long as you can view the source, just look for the image URL being used as the background image on a DIV. It's all there.

Re:Trivial to bypass

[thegarbz]

Yeah there's always a way but you missed my point, the point was that their copyright prevention system is so useless that the same shortcut key combination that used to download images still downloads the images (just some HTML and CSS files as well).

This is less than useless. This is useless to the point where someone doesn't even understand computers will still download pictures but may not even realise what's going on. It's everything I've come to expect from the yahoos at Yahoo.

Re:Trivial to bypass

Also only uploading lower quality online and keeping highest quality material archived and for proof of original content should anyone ever contest it.

Please don't jump all over Anne R Allen's blog...

... telling her how dumb this is. She knows, she didn't put those wheels into motion herself, and she sounds pretty gutted and apologetic.

Play nice.

As a non anon coward

[the_Bionic_lemming]

Yeah. Scripting - it's shut off unless needed. For me to enable any scripting I really do have to want the cheese.

I'd rather find another site before any scripting is enabled in my browsers - and to accentuate my level of paranoia - I stopped loading Adobe stuff 5 years ago.

Re:As a non anon coward

[ls671]

Yeah. Scripting - it's shut off unless needed. For me to enable any scripting I really do have to want the cheese.

Please enable javascript to see the big boobs then, please download and install our special plugin to see everything...

Re:As a non anon coward

[the_Bionic_lemming]

Real life can provide big boobs. It's easy, just have a house and a paycheck - once that gets out big boobs flock to use and spend that.

Re: As a non anon coward

[WarJolt]

Don't forget to turn off cookies too.

Re:As a non anon coward

[ls671]

Duh, I know this but some like to Go for the eyes Boobs! GO FOR THE EYES! before they play with the in house ones.

Re:As a non anon coward

> Real life can provide big boobs

Your son's boobs from eating Cheetos and playing Halo marathon's while he "studies game design" don't count. Neither do the "costuming is not consent" politically correct lesbian wann-be's who've taken over the boards of the science fiction conventions, even as they shove their 40 inch waists into corsets to try and shove them up into 40 inch bustlines.

                  https://www.youtube.com/watch?v=pyuXOr3NP_k

My eyes are still bleeding from that one.

Re:Please don't jump all over Anne R Allen's blog.

[Robotech_Master]

That's why I added the update right at the top explaining about that before the story even got picked up on Slashdot.

circumvension will be the offence

not the inadequate protection. We live in a society, we're not animals.You know its wrong.

Re:circumvension will be the offence

not the inadequate protection. We live in a society, we're not animals.You know its wrong.

So why do organizations seem to think it is perfectly ok to steal Open Source software by not observing the conditions of the agreement. They are perfectly happy to build their products on Open Source and then deny the users of the product the same rights they enjoy. They are perfectly happy to deny the *software* it's right to be used and improved by those open source software users for all users. They do the same to creative commons license users and whilst BSD license users don't demand attribution (IIRC) I'm certain we could find a few cases of theft of their software as well.

Yes, I said theft, because that's what it is.

We live in a society, we're not animals.You know its wrong.

It's also wrong for those industries to violate the rights of the professionals in the software industry who make a contribution to society in their own way for their own motivations. It is wrong and it is hypocritical at the same time. Why is this being enshrined into trade laws like the TPP? To make it legal, even though it's wrong.

"Few"?

[Ixokai]

I think you underestimate how many people this sort of thing stops. Yeah, it won't stop most techheads, but the inconvenience is enough to stop most people. Hell, most people don't even know you can turn off javascript. Most people don't even know what javascript is.

That's sufficient for their purposes, really. They can't stop everyone, no system is perfect, its enough for them to minimize it.

Re:"Few"?

I second this. Often when implementing this the objective is to have the average user choose to hyperlink to the source blog or forum post instead of cut/pasting which removes the ad revenue and user tracking that you can get from someone following a link. Making it more convenient to share a URL instead of cut and pasting is going to change the behavior of 95% of your users to do what is most convenient. So the fact is that using JavaScript to prohibit cutting and pasting directly effects revenue, no matter how clever you think you are for finding a workaround, you're just a really small statistic.

Re:"Few"?

[Art3x]

I read the article, and it turns out it isn't mainly about how easy it is to bypass JavaScript restrictions. That's a part of it, and maybe he needs to be reminded of the majority's computer competence. But that's not the gist.

It wasn't so much, "Ha ha, watch me bypass your flimsy JavaScript." It was more, "Oh the senseless inconvenience you put me and others through," and "This copy-blocking clashes with the Internet like a plaid shirt and checkered pants". A few of his points:

1. If you don't want your stuff copied, why put it on the Internet?
2. I found the article in the first place because it was excerpted by another publication.
3. Copying and pasting little tidbits is part of social media.
4. The person you're really worried about, who will copy the whole thing and try to pass it off as their own, probably knows how to bypass your measly JavaScript.

Re:"Few"?

[turbidostato]

"I think you underestimate how many people this sort of thing stops [...] That's sufficient for their purposes, really. They can't stop everyone, no system is perfect, its enough for them to minimize it."

Probably you are right, and that's a problem on its own: most users don't know how to bypass these kind of measures... but most providers seem not to know what they are doing either.

A naive example: I was looking for a second hand car and I was taking notes on candidates: some sites didn't allow me to copy&paste data like vendor's telephone number or car's plate number (well, it wouldn't avoid it, just making it absurdly cumbersome). How this benefits anyone, either prospective buyers or sellers!?

A dangerous example: working for an important company, I had to use their ill-thought "vpn" system, which made very difficult to make my legit work but still wouldn't stop me damaging the systems I was working on (which I was tempted to, out of frustration). Trying to explain security people both why this was a problem and how they could change their configuration to better fit their intended purpose, even within the letter of their security policies, would be answered with a bland looking like "what the heck is this guy talking about?"

Re:"Few"?

[gstoddart]

Oh, and don't forget:

5. The way the DMCA is written it doesn't matter how pathetic or useless the lock is, merely that someone tried to digitally protect it.

So, don't forget that defeating this flimsy javascript, is (according to a law bought and paid for by the copyright cartel) just the same as defeating crypto or breaking a physical lock.

And those people don't recognize any of your points like how this incompatible with the intertubes. They bought a law which doesn't give a crap about any of that. Just because you can defeat it won't protect you from copyright claims.

Re:"Few"?

[thoromyr]

Actually there is a court tested exception where if you crack the "lock" yourself it is okay. It is using someone else's tool that will get you into trouble. The trivial case of the web-browser based "protection" gives a practical application of this.

Now, its a defense not immunity so it doesn't protect against a lawsuit. However, you shouldn't run afoul of the DMCA on that particular point.

Re:"Few"?

[thoromyr]

So much the #4. Yes, there are counterexamples*. But anyone who is actually interested in stealing stuff can put in the extremely modest effort to discover how to bypass Javascript protections.

Put it this way: if so many people can work out that they need to download a torrent application and then wade through torrent search results in order to pirate a movie I think anyone interested in plagiarism can work out turning off Javascript.

* my wife discovered that some of her online photographs had been "stolen". It was really kind of strange because they aren't -- themselves -- artistic (the art isn't in her photographs, but what is being photographed) and they were bulk included on a page consisting of numerous "stolen" images. A really diverse collection of images without any sort of theme or coherence. There was no evidence that it was anything other than the most casual of dragnets that swept up numerous images. Would it have been stopped by using a Javascript "protection"? Possibly. But really, who cares?

Re:"Few"?

[thegarbz]

They can't stop everyone, no system is perfect, its enough for them to minimize it.

Minimising only works if you can provide the same restrictions on all plays of the content. If you only minimise then the content "becomes available" by other means. Once it's available non-techheads have no problem accessing the content.

e.g. Blu-ray. My girlfriend has no idea how to rip a blu-ray, doesn't have the hardware, the codecs, doesn't know which software she needs to decrypt it, or how the encryption scheme works. That doesn't stop her from having files like The.Avengers.x264.bluray-[guy-who-did-the-ripping].mp4 on her computer.

She also doesn't bother stripping DRM from ebooks, but when you can download a torrent with every ebook released in a given year in one go DRM free, why would she need to?

Re:"Few"?

[dunkindave]

Oh, and don't forget:

5. The way the DMCA is written it doesn't matter how pathetic or useless the lock is, merely that someone tried to digitally protect it.

So, don't forget that defeating this flimsy javascript, is (according to a law bought and paid for by the copyright cartel) just the same as defeating crypto or breaking a physical lock.

Nope. You installed NoScript, or had javascript turned off due to annoying pop-ups, either done for legitimate reasons, then when you visited the site in question saw something you liked and copy/pasted it. No warning appeared. The fact that a "protection mechanism" was applied, but it only did anything when a subset (even if majority) of people went there, means they would have no valid recourse against you. Unless, perhaps, you were stupid enough to brag about how you got around their protections, but probably not even then.

It would be like putting a loud and irritating noise-maker outside your door and therefore believe anyone who ignored it, covered their ears, or wore earplugs were actively defeating it, but then crying foul and suing when deaf people still came by since they didn't know it was there, or people did cover their ears since they thought the noise was an error by you. The judge would chuckle a little, look at you, and say dismissed.

Just because you can defeat it won't protect you from copyright claims.

As the saying goes, you can sue for anything, so you can't protect yourself from someone making a claim. But in this case, their claim would fall flat and be dismissed in about one legal step.

Wouldn't the point of this stuff

[rsilvergun]

be to trigger the DMCA. No matter how trivial it is you just violated the law by bypassing it...

Also how slow a news day does it have to be for this to make the front page of /.? Seriously, it's not even a blog post. There's no content.

Re:Wouldn't the point of this stuff

Also how slow a news day does it have to be for this to make the front page of /.? Seriously, it's not even a blog post. There's no content.

Hey, it's three days before Christmas. Of course it's a slow news day.

Re:Wouldn't the point of this stuff

Wouldn't the point of this stuff be to trigger the DMCA. No matter how trivial it is you just violated the law by bypassing it...

Nope. I suggest you read the DMCA. If its trivial to bypass its not considered an effective method, and as such does not fall under the DMCA.

Having said that, I do not know of any case which tested this provision ...

Re:Wouldn't the point of this stuff

[Blue+Stone]

The DMCA's text cites "effective measures" being circumvented. Not sure this little trick qualifies. Wouldn't want to have to argue it in court, of course. ;)

Re:Wouldn't the point of this stuff

[DarkTempes]

I think you're right that it doesn't count but not because it's "trivial to bypass" but because the javascript copy-block is not necessary to access the work and doesn't "[require] the application of information, or a process or a treatment" to access the work.

If you did a simple ROT13 encryption of the text and had javascript decrypt it on load and included copy/paste blocking then I think it'd probably count even though it wouldn't be very effective.

Or if the javascript only "allowed" you to copy/paste 1 word at a time then I think it'd count but wouldn't be very effective.

My layperson interpretation:

(a)(1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
(a)(3)(A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and

Definitely bypassing a technological measure here but does it "effectively control access"? ...

(a)(3)(B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

... I don't think our javascript copy-block technological measure here qualifies as effectively controlling access to the work.

(b)(2)(B) a technological measure “effectively protects a right of a copyright owner under this title” if the measure, in the ordinary course of its operation, prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title.

Sounds like the simple javascript copy-blocking would count as a technological measure protecting the right of a copyright owner. But (b)(2)(B) shouldn't apply to (a)(1)(A) as they're different subsections dealing with different issues.

The DMCA: https://www.gpo.gov/fdsys/pkg/...
The US Code is modifies: https://www.law.cornell.edu/us...

Aggregators

[Bite+The+Pillow]

Years ago, fark.com went from external images to hosted images. I didn't see the endgame.

This week, JavaScript is required to load the images. It's vendor lock in all over again. Because who uses an external host if you can just click upload?

And then I see the same advert every 5 posts.

Forbes is a white page to me, LATimes us just the menu with a word or two, and several other sites have absolute divs that cover most of the content.

Your whining about idiotic DRM is just the tip of the iceberg. Bypassing by disabling is one thing. Loading a giant page that renders illegibly requires server resources that, as long as I mostly have wi fi, I'm willing to refresh repeatedly to ensure it really is a problem with the site.

Re:Aggregators

[Ksevio]

Moving to hosted images is probably more of a security/privacy thing since external images would let you track every person that viewed them. It also helps weak servers that might not be able to handle the load.

Re:Aggregators

Moving to hosted images is probably more of a security/privacy thing since external images would let you track every person that viewed them. It also helps weak servers that might not be able to handle the load.

And it stops two things that otherwise break the web:

1) The Pickle Incident: User links to example.org/12345.jpg and a few years (or hours!) later, the site admin types "cp goatse.jpg 12345.jpg"
2) The Decay of the Web: User linked to tumblr.com/whatever_1280.jpg in 2015 or farm4.static.flickr.com/1234/fuckyourfacade_of_protection_b.jpg in 2010 or geocities.com/12345.jpg in 2005 only to find that in 2020, the company known as Yahoo has gone bankrupt and all the links are 404.

Fark made the decision to host images for reasons both political and technical.

Re:Aggregators

It is for security/privacy, but not just for what you listed. External content cannot be controlled. Whoever controls the external content can change it to whatever they want, when they want. So the cutesy image that was there when the at the time it was linked to and shared on some other site may change to a shock image at some point. Or hotlinking might be disabled or could serve up another image altogether for the hotlinkers. Or the server gets overloaded really easy, which causes nobody to see it. That is a liability for sites that thrive on other people's content, so those sites use the sledgehammer of just hosting everything that is found. It's a cute gimmick too: the sites that host other people's images without their consent don't care if they get a DMCA request to pull the image, since everyone on that cared about the image has already moved on by the time a request has been put forward. I.e.: the site that hosted the other person's image has already profitted off it.

Re:Aggregators

[Antique+Geekmeister]

> since external images would let you track every person that viewed them.

It's particularly crucial to Akamai and ad.doubleclick.net's collaborations. (http://motifcdn2.doubleclick.net/EMEA/ad-in-a-box/LiveStreaming/LiveStreaming_Build_Guide_EN.pdf ).

As a warning, don't be confused by those pseudo-random looking URL's for web images. Many of them do come from the same set of back-end services run by a relatively small set of companies, and they provide tremendous metadata about web use down to the individual purchaser level. Just because the data is "pseuonymized" does not protect it from analysis of the initial raw data, which is often poorly secured by the software companies themselves.

Re:Aggregators

[henni16]

Years ago, fark.com went from external images to hosted images. I didn't see the endgame. This week, JavaScript is required to load the images. It's vendor lock in all over again. Because who uses an external host if you can just click upload?

Uh, I've Javascript disabled an no problem seeing images in Fark threads.
As a matter of fact, if you've Javascript disabled, there's no "upload" to click and you have to use an external host (Fark then downloads the image from there onto their servers).

And I wouldn't call some forum rehosting external images on their own servers "vendor lock-in".

Re:Aggregators

[henni16]

There is this.
But the reasons I've heard more often are

• * (hardware performance / hosting prices have reached a point that iit's possible now)
• * doing SSL without browser complaints will be difficult if the page contains 3rd party images included via http instead of https
• * images will still be there later; in most old threads, especially photoshop contests, they're mostly gone because the hosts don't exist anymore
• * easier to moderate threads (no need to run their scripts anymore that check old threads for images which have been swapped out, either by the user or the host)
• * easier to use because you neither need to know HTML nor have an external host

Re:Aggregators

[thoromyr]

I've hit sites that have really stupid javascript created overlays to obscure the page so you have to see their advertisement. Really annoying on a phone or even a tablet, particularly when they manage to push the close widget off of the devices screen. Fortunately, I've discovered that (at least most of them) are defeated simply by canceling the page load as soon as the content appears. The page then presents just fine without having run the javascript to display the advertisement.

Re:JavaScript.

[Aighearach]

Sorry, false pedant, in this case "Javascript" is just a colloquialism for ECMAScript.

Re:Please don't jump all over Anne R Allen's blog.

Good work (and also in your followup in your own comments).

My comment was not aimed at you, I assure you!

How do you stop someone from viewing the source?

[mark-t]

Serious question.... is it even possible to disable browser hotkeys while they are on a page so that they can't view the source code to the web page they are visiting?

Re:How do you stop someone from viewing the source

[Alwin+Henseler]

Who says you're using a browser to view or render a web page's contents?

Avoid Litigation

[avandesande]

Another possibility is they are trying to avoid getting sued by content providers- that they have applied best practices to protect media.

Re:How do you stop someone from viewing the source

[mark-t]

Even assuming that one is.... afaik, there is no way in javascript to disable menu items, or even the hotkeys to those items.... can you imagine a webpage blocking alt-f4?

Using shift key

[ajyand]

Some of the UI restrictions can be evaded just by pressing a special key like "shift" or "ctrl" while using the mouse and it does not require to disable javascript. I was so frustrated once that I copied the entire text from the page and posted it as a comment to tell them look, I can copy and paste.

Re:Using shift key

[edtice1559]

The probably thought that you just loved their content so much that you were willing to type the whole thing out in order to better remember it. Now they'll disable copying comments so that others won't copy and paste from there! (Only half funny, unfortunately)

might inconvenience a few people?

[fred911]

I would venture to say that it inconveniences more than a few, the majority of whom have no idea there is an alternative. Typically Joe Sixpack is clueless a click bait victim and the bread and butter of 90% of content sellers.

Besides, Janice in accounting don't give a fuck!

Re:How do you stop someone from viewing the source

[cfalcon]

Javascript is a steaming pile of shit, riddled with vulnerabilities and broken from tip to top.

So of course they try to allow some overrides:

http://stackoverflow.com/quest...

Basically, you can google anything with "javascript disable" and get developers asking how to fuck their users in the pee hole. Often, there's an answer.

It wouldn't actually prevent users from viewing source though- I'm not aware of a way to do that. However, if there is, you can find it at good old google bombing expert sex change:

http://www.experts-exchange.co...

Also note: the real workaround for this isn't globally disabling javascript, though if everyone did that the web would shape up immediately. The real workaround is the various -monkeys that let you redefine pieces of javascript locally. Many sites go through several hoops to prevent loading on a browser that won't run their shitscript, but redefining parts and/or loading your own CSS can get you around most of it.

Re:JavaScript.

lolololol surely not even slashdotters of 2015 are this retarded?

Re:JavaScript.

[Psion]

Nope, sorry. It's called Javascript, but it has nothing to do with Java. It's a totally different, interpreted language.

Re:Please don't jump all over Anne R Allen's blog.

Congratulations, you made a bad situation worse for her. You're a douchebag.

Used to be worse

Used to be that every other page used to have nonsense right-click "prevention". Don't see it nearly as often now.

Re:How do you stop someone from viewing the source

[mark-t]

I did google before I asked the question... I saw many claims, but none seem to actually work, even without disabling javascript. Nonetheless, the article at the link in the summary said that Ctrl-U hotkey was somehow disabled for them.

Re:JavaScript.

[ChunderDownunder]

good old Eczema.

Tor is owned by the US Navy and CIA

More than half the funding has came from the US navy and CIA, and was created originally in the US navy. Tor provides you absolutely no anonymity, and is completed owned by the powers that be (and soon the powers that were) . It can even be owned by regular folk.

It's funny how smart our masters are, the ultimate wolves in sheep's clothing. Financing Google, Facebook, and every other intelligence apparatus that tricks dumb human beings into giving up their privacy in exchange for a convenience messaging platform. There's also been extensive research into psychology in the CIA and ego, and how human desire will do anything to be noticed and feel important, even if they have 0 qualifications starting otherwise. This is why so many people use social media, because the CIA has found that upwards of 80% of human beings are narcissists.

Want to be really anonymous? Hack a bunch of boxes in foreign countries and use them as multiple proxy tunnels.

Re:JavaScript.

Nope, sorry. It's called Javascript, but it has nothing to do with Java. It's a totally different, interpreted language.

You have been trolled. Hope this helps. Have a nice day.

Re:How do you stop someone from viewing the source

[cfalcon]

Yea, like I said, I'm not aware of any way to do that. If there is one, it won't be effective in general. What they probably did was put a shit lot of linefeeds after a "Viewing source is disabled" comment at the top of the HTML- I'm not even joking, that's a real thing people do lol

But you really can intercept Ctrl-U. The thing is, most browsers simply ignore it, for obvious reasons.

You probably saw this mewling poopsack:
http://stackoverflow.com/quest...

And this dumb jive turkey:
http://www.makingdifferent.com...

There's plenty of code in there that does it. You'll also find that, in general, working around it is as trivial as not using a shitty browser that listens to bad advice like that. I don't doubt that the guy ranting ran across something that actually did what he said it did, somewhere.

Seriously, can you believe that some browsers in the modern day trust remote code? It's really dumb.

Do you lock your house door?

[iamacat]

You got to realize that someone knowledgeable in physical locks can bypass them as easy as you can bypass Javascript right click popups. Yet both still reduce undesirable actions, such as your story being reposted in full on someone's blog without giving credit, link to the source or a chance for you to make money on ads.

It makes a difference when you at least communicate your wishes clearly. Not saying that copying is illegal, or implementing this behavior is best policy, just that it at least significantly reduces copying in practice. I see some other sites that automatically append a link to source to the end of copy buffer. That is probably a much wiser policy for retaining existing readers and acquiring new ones.

Re:Do you lock your house door?

People don't put their valuables against the windows advertising what they have. Putting something online is giving it away. If you want to make money from your "thought" via a fucking shitty blog, tough shit, you won't. Slap up a paywall if you have any genuine readers that give a shit.

A tech can disable javascript blockage in 2 seconds, a locksmith can take 20+ minutes to defeat a basic household lock. Massive difference. The tech can automate and education others in seconds. The locksmith cannot. Try again, shill.

Re:Do you lock your house door?

I don't know about you but I have transparent glass in my Windows that people can easily see through. I don't see that as an invitation for people to do what they like with my possessions. I can defeat standard Window glass with a brick in well under 2 seconds. Should I replace it with opaque reinforced steel?

Re:Do you lock your house door?

If the shit you put on display is gold plated you might as well use transparent aluminium windows, or it really is an invitation for people to brick your windows and take your shit. And now imagine that after they take your shit they replace your broken windows so you end up with "there's no sign of forced entry" :)

Re:Do you lock your house door?

I have heard that people steal non gold plated things

Doesn't work for me

I can't copy the content and hit Ctrl+U just fine. Chrome on Linux here.

Re:How do you stop someone from viewing the source

[mark-t]

The only thing I understood it was possible to disable in js was direct copy/paste, by intercepting mouse clicks on the panel, and disallowing the user from selecting text in the first place . That's a pretty far cry from disabling a hotkey, let alone a program menu item (fwiw, copy paste still technically works on the pages that try to disable it too, they just don't let you select text in the first place by intercepting the mouse click, so there's never anything to copy).

Yep...

[SharpFang]

Sometimes they don't even notice.

There was this site with "lessons" in using some API or library. There were code examples. And if you tried to select and copy, to paste an example into a compiler, a dialog would pop up telling you that the content is copyrighted and you're not allowed to copy it.

And at the bottom of the page was a survey, "What can I do to improve these lessons?"

I filled it out, with my email and a sarcastic comment about the copy restriction - that maybe forcing people to retype the examples isn't the best way of teaching. The owner of the site wrote me with a solemn apology, informing me that she didn't even notice the (dis)functionality was in place, and that it just got installed with the CMS and she didn't disable it because she didn't know it was there...

So... whoops?

Re:Yep...

So someone who is trying to teach you to code doesn't even know how to QA his own site?

Re:How do you stop someone from viewing the source

[tlhIngan]

But you really can intercept Ctrl-U. The thing is, most browsers simply ignore it, for obvious reasons.

Well, in Firefox and probably others, shift-right-click bypasses all right-click javascript. So if a site disables right-clicking, you can just hold shift and still access "View Page Source" in the context menu. Or anything else - I use an addon called "Nuke Anything" that lets you remove bits of the page and right-click javascript often disables that...

Re:How do you stop someone from viewing the source

[cfalcon]

Right, these assholes made everyone have workarounds. In Chrome, I have "Enable Copy" and "Enable Right Click", and if things get really rough then I go through some kinda monkey or whatever, but that's normally not an issue. I've never seen a browser in recent times that lets a website actually intercept Ctrl-U, but in strange aeons even common sense may die.

Sometimes is good enough

Sometimes all the publisher/programmer is show that things have been put in place to help protect it even if they are easy to bypass.
Ultimately you can avoid all key/mouse capturing by taking out your camera, and taking a photo of the screen. Can't really program around that.

Re:How do you stop someone from viewing the source

[cfalcon]

This website claims to disable Ctrl-U as well:

http://codingcrazy.com/disable...

With scripts enabled, it actually seems to disable Ctrl-U in Firefox and Palemoon (not Chrome). Obviously there are easy workarounds (addons solve it easily, but also just changing dom.event.contextmenu.enabled to false lets you happily right click). What do you see when you go there in those browsers?

The point is, obviously there are easy work arounds, and obviously most browsers ignore this crap, and obviously no users will really be stopped (the point of the top article). But, that still leaves some real questions. One, why would javascript even HAVE shit like this? This is part of my general rant about javascript being awful at every single level- in this case, the spec implies to the coder that he is in control of someone else's box. That means that the spec is implied as some kind of malicious hack that browsers and users have to work around. These commands shouldn't even exist in the first place! Two, why would anyone expect a browser to listen to this garbage, even a little? Right click is an interaction between the user and the browser, there's never a good reason to intercept that. Three, how are there coders in ANY language who don't understand this shit? Like you're writing vaguely-C-like code and you don't even understand that if you turn off a usability function, it will just make everyone pissed at you?

Yep...

[alfalah]

Sometimes they don't even notice...http://www.afu.ac.ae/en/admission/graduate-admissions/

Re:How do you stop someone from viewing the source

[cfalcon]

> can you imagine a webpage blocking alt-f4

Sure, it's the onclose event. By javascript spec, any attempt to close the window should run the onclose stuff, which can simply return false, thus preventing the browser from closing.

Sample for an onclose event (this just fires an alert) is here:

http://www.htmlnest.com/javasc...

You'll notice that it doesn't actually work- not only can you alt-F4, you can also just close the damned window. This is because modern browsers no longer fully support this ludicrously awful command.

But it's still valid javascript. Because javascript is a goddamned nightmare.

Re:How do you stop someone from viewing the source

[cfalcon]

..as a note, http://codingcrazy.com/disable... does seem to fuck with a default setting firefox or palemoon. Maybe it won't for you, I dunno. You don't need an addon to fix this behavior or anything, of course.

I hadn't noticed

[evanh]

With No-Script blocking all scripting by default, it hadn't dawned on me that such activities occur.

What pisses me off

[DrXym]

Are sites which say enter your email address twice, but won't let me cut and paste the value from the one field to the other by trapping keyboard events. Yeah I get it, you're trying to stop email typos, but there are other, less annoying ways to deal with this problem - a confirmation email for example - and the chances are the site has one of those too.

Re:What pisses me off

[swilver]

Asking things twice makes sense when the field hides what you typed, like password fields. It makes zero sense for email fields.

Re:What pisses me off

Are sites which say enter your email address twice, but won't let me cut and paste the value from the one field to the other by trapping keyboard events.

There are several solutions to that problem:

1) Use Linux, which has a middle mouse-button function that copies and pastes without using the clipboard.
2) You can still drag-and-drop text into the restricted field.
3) Use a form-fill tool like LastPass

Re:What pisses me off

[Actually,+I+do+RTFA]

What are the other ways? I want to upgrade a few forms,. but I don't know what to.

Re:How do you stop someone from viewing the source

google is not a verb asshat.

Re:How do you stop someone from viewing the source

[angel'o'sphere]

What does ctrl-U do? I'm on a Mac and as far as I can tell there is no ctrl-U equivalent.

Re:JavaScript.

[narcc]

I'm very curious as to who still finds this informative? There was some confusion 20 years ago, without question, but that hasn't been an issue for a very long time.

Re:JavaScript.

You'd be surprised. I caught a junior dev copy/pasting Java code from some StackOverflow question into his JavaScript. This not two years ago.

Re:How do you stop someone from viewing the source

[cfalcon]

satya nadella is that u

I googled "is google a verb" and it says yes:
https://www.google.com/?gws_rd...

Then I bung it:
http://www.bing.com/search?q=i...

So if even bing agrees that google is a verb, I guess that over rules "anonymous coward who can't capitalize for shit"

Re:How do you stop someone from viewing the source

[cfalcon]

Your issue isn't that you are on a Mac, it's that you are in a version of Safari of 6 or later. In Lion and before, it was Strange Nordic Whilygig + U.

First, you could run firefox or chrome or whatever.

Second, Safari -> Preferences / Advanced Tab, ensure that the develop menu is on, then you can control click and get some options, among them view source.

This is obviously not as nice as having a keyboard shortcut like you used to have. If that's a deal, just grab a third party browser.

I think he missed the point

The point of DRM is not to stop people but to document that you have to purposely defeated it to bypass it. Its like putting a weak door lock on. Does it make breaking into someone house less of a offense because the door lock was weak? Absolutely not. The point this guy is making is false. He proposes that because DRM is weak that it should not be used. In fact its not there to stop everyone from accessing, copying, or distributing material. Its meant as a warning that it is copyrighted and you are violating the law by using it. You could say a water mark on a paper or a notarized document could easily be copied too. But that does not make it any more legal to do so.

Re:I think he missed the point

[Roodvlees]

Copyright law is shit and should be overthrown. With JavaScript blocking the content is already on your computer. How are they going to find out that you disabled JavaScript and got full access? I guess it serves the purpose of some sort of threshold.

Re:How do you stop someone from viewing the source

[angel'o'sphere]

Ah, so ctrl-U is the short cut for "view source"? Did not get that from the comments.

Even if that is completely disabled, you could just save the page and open it in a text editor.

The developer menus are obviously always activated on my browsers :D

Thanx for the info.

Re:How do you stop someone from viewing the source

Good thing that it's Alt-U on Haiku OS

The average user

[Roodvlees]

You overestimate the average user.
They have no idea that that stuff can be bypassed so easily.
If they did know, they'd think it's too much work.
Then they'd forget about that being possible.

Re:The average user

[edtice1559]

They would see that the person who provided them the content didn't want them to copy and paste and was willing to comply with the request. Sheep! (Half funny)

Re:The average user

[PNutts]

You overestimate the average user.
They have no idea that that stuff can be bypassed so easily.
If they did know, they'd think it's too much work.
Then they'd forget about that being possible.

Burma Shave!

Re:JavaScript.

Just because you can't see the .jars doesn't mean they're missing!
Mason .jars. Freemason .jars. It's a conspiracy! They're in league with the lizard men! I read it on InforWars!

Re:JavaScript.

Uninformed maybe, but not retarded. If you don't know anything about JavaScript other than its use in <script> tags, then what's the most likely explanation:
1) a compound word for "Java script", or
2) a scripting language with "Script" in its name, leading to the ridiculous expression "JavaScript script"?

Re:JavaScript.

[Black.Shuck]

Sorry, false pedant, in this case "Javascript" is just a colloquialism for ECMAScript.

I like this idea, but I think history says that JavaScript was coined long before Netscape handed it over to ECMA.

Re:JavaScript.

[U2xhc2hkb3QgU3Vja3M]

Some programmers weren't even born 20 years ago. New people will make old mistakes because they haven't learned about them yet.

Re:How do you stop someone from viewing the source

[U2xhc2hkb3QgU3Vja3M]

If you need to write a "Web application" then you need access to things people expect to work, just as it works in their OS.

Re:How do you stop someone from viewing the source

This website claims to disable Ctrl-U as well:

http://codingcrazy.com/disable...

I sent him a copy of the source code of his web page.

Not really

[bigsexyjoe]

You can do things like block the default behavior of the hotkeys and stuff. But you basically can't stop someone from getting the source code, because the web is open.

Re:Not really

Well, you can't stop someone from getting the source code because you must deliver it to the client side for it to do a goddamned thing. A server LITERALLY SERVES THAT AND NO OTHER THING

Ineffective, and rarely tried

[bigsexyjoe]

Yes, we all know that if they let you look at the page, your computer will download all the associated files and you'll have them. Just taking the files out of your Firefox cache is an obvious solution. Going in with developer tools already open is another one.

That being said, most people don't even try these measures anymore. They used to be a lot more common. But even the average web user is getting more sophisticated.

The new effort is to try to bake DRM into the browsers themselves.

If you're so concerned about security...

Create a few free Linux virtual machines in Azure or AWS. Add https everywhere, but put in no JavaScript protection at all. After a few uses, delete VM and cobble up a fresh one with a new name and identity. If you don't like the cloud, you can do this on your own system.

Rinse, lather and repeat.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:How do you stop someone from viewing the source

[mark-t]

Wow... the website genuinely does block Ctrl-U, as well as other hotkeys, such as F12 to activate Firebug, which I didn't know was possible, although just clicking just once in the address bar while the page is showing, and then hitting the desired hotkey bypasses this.

Also, of course, the menu choices to access the source in this way are still enabled and work normally.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Please don't jump all over Anne R Allen's blog.

What's even dumber than the javascript DRM, is how it was sold to Anne R Allen's blog: This "DRM" and some other things too, such as needing to manually approve each comment, are supposedly measures against hacking.

Javasript is the Next Flash.

[JustBoo]

Javasript is the Next Flash. Its time is coming. I have to use it, and it is a nasty buggy little language with so many amateur practices built right into it I need a shower after using it.

It is a "language" developed over a weekend by a guy at Netscape to push some HTML around back in the nineties. It was meant to be a throw away effort. Built NOT to last. He called it Javascript because Java had just come out and he thought it would be cute to give it that name. Following the Law of Unintended Consequences it actually caught on.

Re:Javasript is the Next Flash.

[Actually,+I+do+RTFA]

The difference is Flash is 100% silo'd. Javascript is like a metasizied cancer.

Also, Flash's AS3 is an object-oriented language with a well defined implementation. JS is neither.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:JavaScript.

lolololol surely not even slashdotters of 2015 are this retarded?

Pssh, as if. Slashdot is now Tumblr.

Re:JavaScript.

Well played sir, well played indeed.

Re:JavaScript.

[Locke2005]

Nah, Slashdot couldn't be Tumblr... Tumblr has much better porn!

Re:How do you stop someone from viewing the source

[cfalcon]

That's a lie, and that's bullshit. This destroys the user interface, and should never be allowed or tolerated. If these guys weren't malicious, they'd implement a little drag-down menu that would do all their things, or have a standard way of visibly showing the difference between an in-app menu and user level application menu. Even supporting this shit in the code makes developers confused, and they think they can vector hotkeys and tie them to ground.

Fucking idiots and assholes, enabled by a monumentally shitty language API.

You know you can find them whining that they can't stop the user from CLOSING THE BROWSER? After all, the "webapp" shouldn't close when the user says close, and the fact that it's somehow standing on the browsers head is something that needs to be bypassed in that stupid language. The fact that things like "onclose" stopped being implemented, and the fact that they are currently finding workarounds for "stop this page from creating additional dialogs" is a big problem.

The design is broken from head to toe.

Re:How do you stop someone from viewing the source

[cfalcon]

That's nice of you, because apparently if he lost his original file, he wouldn't have a backup! You're doing the work of the gods, sir!

Re:How do you stop someone from viewing the source

[cfalcon]

The website tries to own the right click key too. It tries to vector everything it can, but you'll notice that a lot of it fails to work in many browsers, and all of it is trivially able to be worked around.

Javascript is such a turd lol

Re:How do you stop someone from viewing the source

[cfalcon]

> Ah, so ctrl-U is the short cut for "view source"?

It's in the links and is quite googlable, but the post I made discussing viewing source should have been the tipoff :P

> Even if that is completely disabled, you could just save the page and open it in a text editor.

Dude, if they think they can disable Ctrl-U, they ALSO think they can disable Ctrl-S and Ctrl-P. Depending on how gullible your browser is, one of the above links tries to do that too.

> The developer menus are obviously always activated on my browsers

Nice. So Safari already has a mode that steps so far above this stuff that you didn't even realize there were ANY people, ANY where, to whom it might inconvenience, because Safari makes it not even a thing. Excellent.
The article doesn't make this point much, but it should- that a lot of modern browsers ignore ALL this stuff anyway.

What if...

[BitterKraut]

...in the not-too-distant future, the html document you requested will not load, and you'll be shown a short notification instead, saying "please use an OS and browser that comply with our DRM policy"? I am already seeing lots of messages of that flavor while I'm browsing the web using Linux/Firefox, tracking disabled. The claim is that I am trying to view valuable content without paying for it (pop-under windows and user tracking being the currency).

Re:How do you stop someone from viewing the source

[angel'o'sphere]

Yeah, my bad, did not notice that the title of the thread was "Re:How do you stop someone from viewing the source" ;D

Following the stack overflow links I was more wondering about the idiotic approaches many use to accomplish that goal, and I did not really figure by reading them what ctrl-U was supposed to do.

So Safari already has a mode that steps so far above
Not sure if it is far above ... I used to use Chrome, but it has several nasty drawbacks for me. I stopped using FireFox since it is automatically updating and you can not prevent it. Actually I wonder if I should try to write my own browser. A browser that simply does nothing as long as the user does nothing. It pisses the hell out of me that every stupid web site thinks it needs an "autoreload" Javascript and as soon as you enter a WiFi network where you have to enter credentials via a web page, all "autorelaoding tabs" lose their content.

Does not even need to be an autorelaod, a simple XmlHTTPRequest is enough to get the whole page redirected and the back button often does not work when you are finally connected.

Right now, besides Safari, I use Opera. The only browser that honours the "don't start flash movies automatically" setting when a tab gets "restored" after restart.

But Opera is hiding the close Icon/Button under the websites flavicon ... only a visual glitch, but why people come on those ideas ... that is beyond me.

Re:How do you stop someone from viewing the source

[cfalcon]

One of the big problems with writing a browser that does what the user wants is how aggressively ludicrous the javascript devs can be. For instance, many browsers have a setting that disables the ability of right click to be controlled from the HTML, but of course javascript can POLL this flag, and act on the result. The browser shouldn't be leaking user state like that, and it certainly shouldn't allow a savvy user to be asked to pull down their pants and bend over. It's totally possible to create a browser that does all this- but little flags to ignore bad-by-design features are both fiddly and doomed to failure.

Examples:

Everyone hates popups. Popup blockers became a thing, then they just were enabled by default. But then javascript offered popups, and now you can get blockers to disable them. And how many websites do you visit that look reasonable until about 10 seconds in when they suddenly overlay a gray or black box over the whole fucking screen, and force you to interact with them (and keep in mind, the fact that interacting with them removes the overlay is ENTIRELY optional!)? Savvy users will use ublock origin (or Remove it Permanently, or many other things) to eliminate shit like this. Even fucking Wikipedia does this! So there's a workaround, but not a solid generic fix for this shit. The fact is, the browser needs to be fundamentally incapable of taking remote commands like this, while ALSO appearing to take these commands from the server side, to prevent hostile devs from shitting the bed when they detect this.

The "right" answer wouldn't just stop this stuff- it would cut it all off at the source, no matter how clever or evil the javascript writers become- because at least on the evil axis, there seems to be no limit.

Re:How do you stop someone from viewing the source

And asshat is not a noun. What's your point?

A bit off topic, but...

[Superdarion]

... Slashdot has turned me into a screener. With posts like this one, I always check if they're from our friend Bennet before I go to the comments section.

Re:How do you stop someone from viewing the source

Doing as you said, I googled "is not a verb asshat", and all I got was this shitty reddit post: https://m.reddit.com/r/funny/c...

Re: JavaScript.

[ChickPea]

Java is to JavaScript as ham is to hamster.

Re:How do you stop someone from viewing the source

Here's what the accepted answer at expert sex change says (in case anyone is interested):

PresidentUTA Accepted Solution on 2001-11-03 at 18:47:09 ID: 6616667

Well their is a way to scramble the code so it doesnt make much sense, you can find that little nifty script / prgm at - http://www.dynamicdrive.com/dy... - Not to bad, combine this with the click disabler mentioned above and you are set

Not much of an expert if you ask me.

Re:How do you stop someone from viewing the source

Maybe he's an expert at bad advice?

Re:JavaScript.

[Aighearach]

History, or at least English, also teaches that etymology is just for nerds and is not instructive of meaning.

Re:JavaScript.

[Black.Shuck]

History, or at least English, also teaches that etymology is just for nerds and is not instructive of meaning.

I think etymology gives very clear meaning to your previous post.

Re:JavaScript.

[Aighearach]

Good point. And SCSI was intended to be sexy rather than scuzzy. Nerds love etymology, but they know not to honor it. ;)