In general, when a downloadable application needs to access a service that requires an API key, how is the application's developer supposed to make the operations controlled by the key available to the application without making the key available to rogue developers who could use the API key to impersonate the application? This is the case for the "consumer secret" in a Twitter app.
Some servers send a small starter page and load more as you scroll
Anti-script hardliners would prefer to follow "Next Page" and "Previous Page" links.
Some countries even have metered residential connections, which is fairly terrible but still something that those users have to deal with.
Hardliner: "Do I have advertisers or payment processors in those countries yet? Do I have translators to translate our articles into the native languages of those countries? No? Then I needn't take special measures to serve users in those countries. Besides, if they're on a metered plan, they can just not follow 'Next Page.'"
Do you want to lose an entire email or document because you refreshed your browser, accidentally clicked a link, or had a browser crash?
Hardliner: "I won't. My mail is in a native mail user agent, and my documents are in a native text editor or word processor."
What about losing a large form submission due to a misclick?
Websites with large form submissions already provide a save button. Slashdot labels its button "Preview". This way, the values already entered are stored in the next version of the document.
So the page can refresh itself for live updating content.
Likely reply of anti-JS hardliners: "I don't want live updating content in the web browser. I'll press Ctrl+R to poll for new content when I want new content, thank you very much. If I wanted live updating content, I would download, compile, and install a native application that provides live updating content, such as an IRC client."
Without script,... every action... a full page reload.
And thats a show-stoper... how exactly ?
I can think of three reasons:
Perceived latency
Consider a machine on which a native IRC client is not currently installed, such as one to which you cannot forward port 113 for identd. For this, you would need to use a web-based front-end to IRC. Without client-side script, how would this web-based front-end check for new messages? Would the user have to mash F5 every few seconds in case another user sent a message to the channel? And even if it did, how would it add the new messages to the scrolling list of messages sent to the channel without having to resend old messages?
Bandwidth inefficiency
Say you have a discussion page where randomly chosen users who have not posted comments to a particular discussion can collaborate on choosing a score for how constructive each comment appears to be. Then the user can choose a score threshold above which comments appear in full and below which comments appear abbreviated, with only the subject, author, and first few words. If the user chooses to expand a particular abbreviated comment, and client-side script is on, client-side script fetches the full text to replace the first few words. Without script, the would have to save the state of which comments the user has chosen to expand and reload the entire HTML document, including the full text of all comments that are expanded on account of score or that the user has chosen to expand. This set of comments already expanded would also have to be included in the link or form for every single comment that isn't already expanded. Having to reload all the comments for each expansion would quickly run up the user's data bill.
No way to input a drag
Forms allow capturing clicks using the ismap attribute of an <img> element. A collaborative real-time whiteboard application without client-side script cannot let the cursor draw a curve by moving the mouse while its button is down.. Instead, the user would have to click each point along a polyline, with a full reload of the HTML and image every time.
If the webpage designer is even just halfway* competent only the HTML text will be downloaded
Even if doesn't have to redownload images or stylesheets, a web application free of client-side script has to redownload the entire HTML, not only the HTML for the parts that the user's interaction has changed. In addition, the new document would load scrolled either to the top of the document or to the top of the section identified by a fragment identifier, not to the exact point to which the user had already scrolled.
You don't want to know how many websites place their style-sheets in-line
They do this to reduce perceived latency. On a satellite or cellular network, each HTTP request may add a second to round-trip time. Thus placing style declarations required for the first screen inline can be a good thing because it reduces the number of round-trips needed to display the beginning of the document. I believe the pattern nowadays is called inline style above the fold.
Give me a spec for what such a tool should do, and I might see if someone can build one and release it as free software. Does this feature set sound right for a minimum viable product?
Read and combine hostname blacklists chosen by the user
Periodically download updated blacklists from URLs chosen by the user
Periodically resolve hostnames chosen by the user as most commonly accessed, such as yro.slashdot.org, twitter.com, and explosm.net, and cache them locally in case of DNS outage
Without script, you're limited to the checkbox hack, navigation to other documents, and form submission as the only means of interaction, and every action other than the checkbox hack results in a full page reload. Some web applications aren't very usable under these constraints. On these apps, disabling JavaScript is good for showing "please download our native app or enable JavaScript" notices.
And even in earlier versions, such as the Firefox 52 that people are using in order to give Mozilla a few more months to make necessary APIs available to WebExtensions, the user can turn on Tracking Protection system-wide by entering about:config and turning on privacy.trackingprotection.enabled. The drawback is that several sites, such as TV Tropes, intentionally conflate tracking protection with an ad blocker and block page views until the user activates the "Disable protection for this site" control.
Are you seriously suggesting a program should run with root privs just for the sake of ease of updating??
The application's main process should not. Only its updater process should. But on Windows, unless an application is obtained through Windows Store, the updater process has to ship as part of the application's installer.
APT doesn't run natively on Windows. It runs in WSL, sure, but browsers are X apps, and WSL isn't intended to host X apps yet. For this reason, each browser on Windows must include its own update mechanism.
The slow SSD was fixed in 5.1 according to your link.
My experience owning a Nexus 7 (2012) that had been updated to 5.1 contradicts the link's claim that the slow SSD was fixed in 5.1. The SSD in 5.1 was still far slower than the SSD in 4.4.
Apparently, depending one what apps were installed before the update, some people were still having performance problems, but that went away if they did factory reset, so it probably was just the apps doing it.
How often does a Nexus 7 (2012) need to be factory reset in order to prevent apps from causing this problem?
My PC has several user accounts. Obviously, none of them can update the browser. Only root updates the browser
How long does it typically take from the day the browser publisher publishes an update addressing a security vulnerability to the day root arrives, such as from vacation, and installs said update?
Ops - you're talking about some system that forbids third party browsers.
I was referring to Windows. Windows has Windows Store, a mechanism to update EdgeHTML and wrappers around EdgeHTML. It can run Firefox or Chrome but doesn't have its own means to update Firefox or Chrome. It instead relies on means provided by each browser publisher.
There is ZERO reason for ANY part of a browser to strart up or run with root privs.
[How else are you] going to have the browser update itself without root permissions[?]
application should run with user privileges, and only an admin can install an update to a binary provided with the system.
Then what process, if not part of the browser, downloads and installs said updates? Is it desirable to leave a security vulnerability unpatched for days or weeks until the admin returns to the machine to apply an update?
There is ZERO reason for ANY part of a browser to strart up or run with root privs.
Would it be preferable to for a PC with five user accounts to have five copies of the browser executable installed, one for each user account? Because that's the only way you're going to have the browser update itself without root permissions on an operating system whose primary application repository forbids third-party browser engines.
As of right now, the used are FOSS, SFLC, SFC, and USPTO. The summary spells out "Software Freedom Law Center", "Software Freedom Conservancy", and FOSS paraphrased as "Free Software/Open Source". This leaves USPTO, which context implies is an organization with power to cancel a trademark. In fact, trademark is the T in United States Patent and Trademark Office.
With half credit for the imperfect expansion of FOSS, it's batting.625.
If it is a Google Nexus device and you want to run stock you can get updates... forever so far!
Forever? The Nexus 7 (2012) tablet got updates through Android 5 "Lollipop". And then they stopped because Lollipop caused multi-second lag in many cases when apps were blocking on accessing its slow SSD.
To which "dikes" do you refer? The literal meaning, "a long wall or embankment built to prevent flooding from the sea," doesn't appear to apply. If you mean in a more figurative sense of something that prevents the signal from reaching the tower, watch the TV get stuck on an activation screen if it has not connected in the past 30 days.
Anyway that feature was introduced in Nougat, so why would you worry about not having Oreo again?
Because tablets are still being sold with Marshmallow or earlier. Someone who receives one as a birthday or Christmas gift has no opportunity to specify a particular model.
In general, when a downloadable application needs to access a service that requires an API key, how is the application's developer supposed to make the operations controlled by the key available to the application without making the key available to rogue developers who could use the API key to impersonate the application? This is the case for the "consumer secret" in a Twitter app.
Some servers send a small starter page and load more as you scroll
Anti-script hardliners would prefer to follow "Next Page" and "Previous Page" links.
Some countries even have metered residential connections, which is fairly terrible but still something that those users have to deal with.
Hardliner: "Do I have advertisers or payment processors in those countries yet? Do I have translators to translate our articles into the native languages of those countries? No? Then I needn't take special measures to serve users in those countries. Besides, if they're on a metered plan, they can just not follow 'Next Page.'"
Do you want to lose an entire email or document because you refreshed your browser, accidentally clicked a link, or had a browser crash?
Hardliner: "I won't. My mail is in a native mail user agent, and my documents are in a native text editor or word processor."
What about losing a large form submission due to a misclick?
Websites with large form submissions already provide a save button. Slashdot labels its button "Preview". This way, the values already entered are stored in the next version of the document.
So the page can refresh itself for live updating content.
Likely reply of anti-JS hardliners: "I don't want live updating content in the web browser. I'll press Ctrl+R to poll for new content when I want new content, thank you very much. If I wanted live updating content, I would download, compile, and install a native application that provides live updating content, such as an IRC client."
Without script, ... every action ... a full page reload.
And thats a show-stoper ... how exactly ?
I can think of three reasons:
Perceived latency Consider a machine on which a native IRC client is not currently installed, such as one to which you cannot forward port 113 for identd. For this, you would need to use a web-based front-end to IRC. Without client-side script, how would this web-based front-end check for new messages? Would the user have to mash F5 every few seconds in case another user sent a message to the channel? And even if it did, how would it add the new messages to the scrolling list of messages sent to the channel without having to resend old messages? Bandwidth inefficiency Say you have a discussion page where randomly chosen users who have not posted comments to a particular discussion can collaborate on choosing a score for how constructive each comment appears to be. Then the user can choose a score threshold above which comments appear in full and below which comments appear abbreviated, with only the subject, author, and first few words. If the user chooses to expand a particular abbreviated comment, and client-side script is on, client-side script fetches the full text to replace the first few words. Without script, the would have to save the state of which comments the user has chosen to expand and reload the entire HTML document, including the full text of all comments that are expanded on account of score or that the user has chosen to expand. This set of comments already expanded would also have to be included in the link or form for every single comment that isn't already expanded. Having to reload all the comments for each expansion would quickly run up the user's data bill. No way to input a drag Forms allow capturing clicks using the ismap attribute of an <img> element. A collaborative real-time whiteboard application without client-side script cannot let the cursor draw a curve by moving the mouse while its button is down.. Instead, the user would have to click each point along a polyline, with a full reload of the HTML and image every time.If the webpage designer is even just halfway* competent only the HTML text will be downloaded
Even if doesn't have to redownload images or stylesheets, a web application free of client-side script has to redownload the entire HTML, not only the HTML for the parts that the user's interaction has changed. In addition, the new document would load scrolled either to the top of the document or to the top of the section identified by a fragment identifier, not to the exact point to which the user had already scrolled.
You don't want to know how many websites place their style-sheets in-line
They do this to reduce perceived latency. On a satellite or cellular network, each HTTP request may add a second to round-trip time. Thus placing style declarations required for the first screen inline can be a good thing because it reduces the number of round-trips needed to display the beginning of the document. I believe the pattern nowadays is called inline style above the fold.
almost everything I do on the Mac I can do in Ubuntu Studio or the various other creative distros.
Except Xcode, if by chance your employer or client makes it your job to port a native app to iOS.
As long as there's RT kernel support
Do you prefer Russia Today's realtime kernel or Rotten Tomatoes' realtime kernel?
This is an iMac, not a laptop. No battery other than the NVRAM backup.
Which is a drawback for those who prefer an internal UPS in a desktop PC, such as because they live in an area with dirty power.
Thinkpad P-series. Run Ubuntu, virtualize anything unavailable on Ubuntu.
You can't (legally) virtualize Xcode on anything but a Mac.
GNUstep was supposed to be source-compatible with the OpenStep API and its successor Cocoa, but it wasn't funded enough.
Thick Thigh Tranny Bitches.com
Thick thighs, automotive gearboxes, and female dogs? That's an odd combination of topics for a website.
Give me a spec for what such a tool should do, and I might see if someone can build one and release it as free software. Does this feature set sound right for a minimum viable product?
Without script, you're limited to the checkbox hack, navigation to other documents, and form submission as the only means of interaction, and every action other than the checkbox hack results in a full page reload. Some web applications aren't very usable under these constraints. On these apps, disabling JavaScript is good for showing "please download our native app or enable JavaScript" notices.
And even in earlier versions, such as the Firefox 52 that people are using in order to give Mozilla a few more months to make necessary APIs available to WebExtensions, the user can turn on Tracking Protection system-wide by entering about:config and turning on privacy.trackingprotection.enabled. The drawback is that several sites, such as TV Tropes, intentionally conflate tracking protection with an ad blocker and block page views until the user activates the "Disable protection for this site" control.
Obviously any autocomplete funcitonality, or the like, is going to require keystrokes sent to the server. A post will not suffice.
Cue the anti-script militants who prefer to download, compile, and install a native app when things like autocomplete are necessary.
If patching systems is taking weeks instead of a few days, you have a manpower problem, not a permissions problem. Any CIO worth a shit
...isn't necessarily going to have the money to hire someone to update the PCs on his home LAN while he is on vacation.
For work, I agree with your assessment. But at home, I've seen cases where the administrator is present only once every couple weeks.
Are you seriously suggesting a program should run with root privs just for the sake of ease of updating??
The application's main process should not. Only its updater process should. But on Windows, unless an application is obtained through Windows Store, the updater process has to ship as part of the application's installer.
APT doesn't run natively on Windows. It runs in WSL, sure, but browsers are X apps, and WSL isn't intended to host X apps yet. For this reason, each browser on Windows must include its own update mechanism.
In general it just isn't a requirement, especially with fast application switching having been a thing since the early days of tablets.
How does one efficiently take notes on a document he's reading if he cannot see both the document and the area in which to enter notes?
The slow SSD was fixed in 5.1 according to your link.
My experience owning a Nexus 7 (2012) that had been updated to 5.1 contradicts the link's claim that the slow SSD was fixed in 5.1. The SSD in 5.1 was still far slower than the SSD in 4.4.
Apparently, depending one what apps were installed before the update, some people were still having performance problems, but that went away if they did factory reset, so it probably was just the apps doing it.
How often does a Nexus 7 (2012) need to be factory reset in order to prevent apps from causing this problem?
My PC has several user accounts. Obviously, none of them can update the browser. Only root updates the browser
How long does it typically take from the day the browser publisher publishes an update addressing a security vulnerability to the day root arrives, such as from vacation, and installs said update?
Ops - you're talking about some system that forbids third party browsers.
I was referring to Windows. Windows has Windows Store, a mechanism to update EdgeHTML and wrappers around EdgeHTML. It can run Firefox or Chrome but doesn't have its own means to update Firefox or Chrome. It instead relies on means provided by each browser publisher.
There is ZERO reason for ANY part of a browser to strart up or run with root privs.
[How else are you] going to have the browser update itself without root permissions[?]
application should run with user privileges, and only an admin can install an update to a binary provided with the system.
Then what process, if not part of the browser, downloads and installs said updates? Is it desirable to leave a security vulnerability unpatched for days or weeks until the admin returns to the machine to apply an update?
There is ZERO reason for ANY part of a browser to strart up or run with root privs.
Would it be preferable to for a PC with five user accounts to have five copies of the browser executable installed, one for each user account? Because that's the only way you're going to have the browser update itself without root permissions on an operating system whose primary application repository forbids third-party browser engines.
As of right now, the used are FOSS, SFLC, SFC, and USPTO. The summary spells out "Software Freedom Law Center", "Software Freedom Conservancy", and FOSS paraphrased as "Free Software/Open Source". This leaves USPTO, which context implies is an organization with power to cancel a trademark. In fact, trademark is the T in United States Patent and Trademark Office.
With half credit for the imperfect expansion of FOSS, it's batting .625.
If it is a Google Nexus device and you want to run stock you can get updates... forever so far!
Forever? The Nexus 7 (2012) tablet got updates through Android 5 "Lollipop". And then they stopped because Lollipop caused multi-second lag in many cases when apps were blocking on accessing its slow SSD.
To which "dikes" do you refer? The literal meaning, "a long wall or embankment built to prevent flooding from the sea," doesn't appear to apply. If you mean in a more figurative sense of something that prevents the signal from reaching the tower, watch the TV get stuck on an activation screen if it has not connected in the past 30 days.
Anyway that feature was introduced in Nougat, so why would you worry about not having Oreo again?
Because tablets are still being sold with Marshmallow or earlier. Someone who receives one as a birthday or Christmas gift has no opportunity to specify a particular model.