Some general discussion about newer versions of Firefox.

[technotorpedo]

^ Am glad of that ... only had a couple experiences with Chrome, the last one left a lasting impression. The strong impression that I'll never use it again. Heard people saying Google is paying just to keep Mozilla alive but don't see how that's reasonable, if they're paying then they stand to make a nice chunk of profit themselves from it. They wouldn't do such a thing out of kindness or some anti-monopoly angle. There's plenty of other browsers in the world outside of Firefox. Even at it's much dropped browser share there's still a lot of people using Firefox.

Pretty confident they're paying cause they stand to make some good money out of the arrangement. That's just my views on it, could be misguided. Don't think Mozilla has much choice regardless, Google pays well and it's by far and away the dominant search provider. Even if they went with someone else, they'd get paid less and a large chunk of users would toggle over to using Google search anyway. Not like they could tell the userbase, screw you guys, no you can't pick Google ! It's not allowed in Firefox anymore !

Ah okay, I see ... can't use Google search anymore, errrr. Mass migration of remaining users, exit stage > Chrome. Ah this stuff is way above my paygrade only wanting to see Firefox rebound and start using it's advantages. Have good reason to believe it's the best thing browser going and want Firefox to stick around. At least until I die, then oh well ... screw it, whatever happens next ya know ? Messing round ...
_________________
I <heart> gnu/Linux, Openbox and xdotool ...

[eccerr0r]

I've started to use epiphany for a bit since it comes with the gnome install. As a webkit-gtk browser it uses a different engine than firefox.

Recently I've found it quite strange: found some webpages that are slow on firefox but work fine on epiphany. Don't know why yet, though javascript is partially to blame.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?

[technotorpedo]

^ Thanks will Google it, can't seem to resist all things browserage. Though know I'm never moving away from Firefox unless there's a dang good reason. Offers too much the others just can't match. Blazes for me, is feather light, can't recall ever having it lockup or crash or was so seldom, so long ago I don't remember it. Think a lot of that type of borkage is user error, people piling on weird extensions, following crappy tweak guides, no shortage of those online and people with little to no idea what they're doing toggling buttons, spinning dials and yeah ... Tends not to turn out well for such users.

Only hoping Mozilla gets with the program and starts using FF's configurability. Thinking along the lines of automagically giving endusers a better config suited to their setup, their specs ... Connection quality etc. Think (more like know) the cookie cutter defaults are crap and with a browser that can be so adaptable, it doesn't make sense. Ah ... that's up to Mozilla to decide. Still generally tend to root for the underdog, esp since in this case, the underfox is the better browser.
_________________
I <heart> gnu/Linux, Openbox and xdotool ...

[guru meditation]

[pa4wdh]

I'm actually also thinking of blocking some IP ranges. My main problem is that it's quite hard to find out which IP ranges belong to a specific organization. I know about whois, but i never figured out how to query "give me all IP adresses belonging to ....". The only trick i know is that google published it's own ranges in DNS records.

I usually don't really care about javascript, what i do hate is when they are somehow unable to serve a javascript file themselves (like jquery, with a size in KB ranges) and load it from google (or some other 3rd party) at the price of my privacy. There simply is no excuse for doing that to your users.
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com

[Hu]

My complaint about Javascript relates to something guru hinted at: using Javascript to achieve some feature that could be done as easily, if not more easily, without it. Hover-open menus were a popular offender for many years. CSS :hover provides a better and more consistent experience than the crazy Javascript mouseenter/mouseexit hacks, yet many sites do it via Javascript anyway. Similarly, I still see forms that cannot be submitted because their "submit" button is really a normal button or a link, but which has an attached Javascript handler that will form.submit() for you - but only if you managed to load Javascript from 5 different unrelated domains first. They could have just used a type="submit" button and it would work with no script at all.

[eccerr0r]

Also the use of javascript to generate content... so instead of a webpage, it's javascript that outputs a webpage instead of just using html.... But this isn't a firefox problem, it's the disgust at the whole webpage industry...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?

[pjp]

I have 2 js complaints. Security and bloat. Security encompasses the general nature of the language as well as how it is used to track individual users. Also related is the industry's general "don't care, not our problem" attitude toward data security, not the least of which includes "hot loading" from external sites.

Bloat is fairly obvious. I'm hoping decreasing gains of physical performance starts a discussion about efficiency improvements, but I'm not expecting to see it in my lifetime. :(

Does anyone here use js regularly? With what little I've done with it, I can see the appeal of only dealing with js and not directly having to bother with CSS and HTML. I've not used any frameworks, but I can imagine those abstracting away CSS and HTML so that it seems "wrong" to mess with them directly. I don't like it as a user, but considering those who've grown up only knowing the internet as something worse than AOL (IMO), I can see why that group of developers doesn't have an appreciation for or see the value in minimizing "useless use of ... " isms. Then of course there are the managers who know how users can be exploited, requiring those isms of their staff.
_________________
Quis separabit? Quo animo?

[eccerr0r]

I don't count "tracking" as "security" - Javascript is just a language, being Turing complete unlike HTML which also is a language. With its capability of being Turing complete it can do basically anything on your computer. So you could make it do what you don't want it to do, but the simple thing is just not running their software like what most Linux users do with Windows .exe files: don't run it. If that software is the only way to access the data, well, it sucks to be you basically. Ultimately this is not a "security" problem ultimately because it is running in a virtual machine. Provided the VM is secure (which bugs are constantly being found) there should be a decent buffer between that and your hardware. However it's a privacy risk when people play games with multiple servers needing to service a specific page.

And I would not call javascript "bloat" ... it's just another language. If anyone thinks javascript as "bloat" might well also consider python or perl or bash as "bloat" as they are all simply language interpreters. It's the actual code that's being run that's bloated or not, not the language. Keep in mind bytecode was tried in the past: remember all the straight java apps (as well as flash) that used to be used to run code on browsers? Granted I think developers rather send you compiled code instead of javascript, but you can see that people started using javascript obfuscation to counter that.

Backing up: why Javascript is being used in the first place? Simple answer: it's (A) Turing Complete unlike straight HTML, and (B) it's cross platform, which is the main reason for even using such a Turing complete language. Web developers want a language to do custom stuff with web pages, and the "graphics toolkit" is HTML.

And there's another aspect that people tend to neglect in javascript: javascript on "modern" browsers are all JIT compiled. So the resultant code is actually faster than if it's on-the fly interpreted, at cost of actually writing the JIT compiler... It's gotten really complex to try to run javascript as fast as possible. So where's the problem? Again it's crappy and evil webdesigners making crappy and evil javascript programs.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?

[pjp]

Obviously I do, but I also added the qualifiers the language as well as how it is used and the industry's general "don't care, not our problem" attitude toward data security. I can live with the language's flaws. Those can be mitigated to some degree as with any other language. But how the language is used creates a data security problem. The browser is the demarcation point for that security aspect. That it allows the data to be passed to an external entity is the problem.

"Don't run it" isn't, in my opinion, a particularly defensible argument today. There are a lot of facets of modern life that require using it, and there aren't always alternatives. Or maybe the person who insists on filling out a physical job application is going to be picked for their "out of the box" thinking. Or perhaps the person with multiple low-wage jobs has to risk losing one to interact with various bureaucratic processes, etc. I allow less and less javascript to run. I was looking at a link someone sent me. While the page wasn't blank (logos, general navigation, etc.) there was zero visible content. Which is only slightly better than the pages that are completely blank.

Downloading a lot of libraries is bloat. It isn't the languages fault directly, but that is part of how it is used. There's the "argument" about developers learning to use C safely "and just not making those mistakes" too. For the record, I do consider a lot of dynamic languages to be bloat"y". I hate that my core system requires perl and python. I think there's something that requires ruby too. I'm not sure if rust is needed for anything other than Firefox at this point. I'd say a POSIX shell isn't itself bloat as it was a core way designed to interact with a system. I'd love to have a usable system without a shell installed. At least for a transitional period, any shell replacement would probably need a "legacy" shell-like interface.
_________________
Quis separabit? Quo animo?

[eccerr0r]

Well what does one do if they want to have a language that can basically do just about anything from sorting data to drawing graphs on the fly? Then there's the people who wrote entire emulators in javascript, is the problem what can and can't be run within javascript that's the problem? Also able to open and close sockets, access SQL databases, etc., etc. to help collate data and control devices through a web interface?

I've recently start using NoScript. The number of pages that are usable without javascript is rapidly dwindling as they try to do more and more dynamic content in webpages and they know that people are blocking javascript to stop them from doing nefarious scripting so they simply don't let you have the content either. At this point there's nothing one can do but suck it up...

I'm still not clear what's meant by "bloaty" - libraries are once again dependent on the program that uses them. Unfortunately a lot of the way an interpreted language is sped up is to use precompiled libraries hence the prevalence of them everywhere. The core language interpreter is often small but the features the language offers from built in hash tables to arbitrary typing increase the size of the language. Ultimately it was the software writer that chose the languages. Should Gentoo have been written in perl instead so that it at least removes one (interpreted) language (namely, python)? What's with rust, as it's not a dynamic language, it's a statically compiled language must like C, albeit with methods to assist against mistakes. The main problem I personally have with multiple languages is that the languages duplicate a lot of features, perhaps that's what you're getting at. But this is not really bloat for the language, but rather the problem that multiple languages must be used to build a system. Should Gentoo or any operating system uses only one true language?

Now as for not having a command line shell, that's kind of silly. Alas it too has grown in size to speed up, I'm sure I will hit a lot of bashisms if someone asked me to write a pure bourne shell script... and using the bashisms will tend to result in a faster script, despite the larger bash binary over straight bourne shell. Is bash bloaty because of these speedups over straight POSIX bourne shell?
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?

[Hu]

Turing complete languages are fine. The problem is, as always, that people misuse them. As you note, far too many sites that should work perfectly with NoScript set to its most paranoid are instead completely broken if it is enabled at all. Many more sites could be at least partially usable with JavaScript disabled (albeit at reduced functionality). Instead, those too are completely broken. These days, you're lucky if the author remembers to put in the disclaimer "We're not competent to write this without megabytes of JavaScript. Please enable JavaScript to see our site."

As for bloat, I think the problem with JavaScript is that its standard library (as shipped in the browser and guaranteed to be available) is not bloated. Look at what a "standard" Python install offers you. Even discarding some of the more obscure libraries, I see over 200 lines in the Python library index page. Compare that to what a "standard" JavaScript (particularly one from a few years back) offers you. JavaScript's guaranteed available functionality is so limited that it became standard practice to assume the interpreter could do almost nothing, and to pull in third party libraries for every task. Even support for a safe key->value map was only added within the last few years, despite the core JavaScript language going back to the days of Netscape. As best I can tell, there is still no proper support for integers. Instead, numbers are floating point and are truncated when that is necessary. If I recall correctly, this has been an ongoing performance annoyance for the browser developers, since they must store all numbers as floating point just in case the script requires that for correctness.

[eccerr0r]

That probably is one real problem with javascript - the specification that all numbers are assumed float. And that's probably what the JIT compiler tries to take into account as well as modern...SSE2...processors might take into account - it probably figures out or at least uses faster SSE2 instructions to deal with the floats.

TBH what people are doing today with javascript is NOT what the javascript specification envisioned it being used for. This is not the fault of the language, this is the language trying to accommodate the people trying to write emulators...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?

[pjp]

[eccerr0r]

I sort of consider it a blessing that the javascript specification held steady and didn't end up with old javascript that no longer works: take the case of python with the python2 to 3 fiasco which I still spite. It was unfortunate for the migration to JIT that required newer hardware to run the interpreter itself however (and hope that duktape will fill in the gaps). But nevermind that, with people having fast internet connections, the javascript transfers quite quickly and nobody ever knows that much code gets sent over anyway, it's dwarfed by the video people constantly transfer, unwillingly or not.

So the "problem" with javascript is that web designers don't know how to trim code ("bloat") and do stuff *you* don't want them to do ("security"). Neither of these are inherently problem with the language itself. So just like firearms it's not inherently a problem but rather the wielder. In this case the web developer is the wielder of the weapon and endusers are at the business end.

Ultimately there needs to be some language, and every language has a different purpose whether it be a shell interpreter to adding dynamic webpage content. Yes it's annoying people have to have their own language to solve their specific issue be it speed, ease of writing/portability, or protection from mistakes, but what people actually do with the language it is a different problem.

But always bad to write bad code.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?

[pa4wdh]

In my opinion bloat not absolute but relative to the use case. Maybe "installed but not used code" is the phrase that describes it correctly for me. For example: These forums use php, so the fact that php is installed is not bloat (of course you could discuss the use flags here but that's not my point). If you have a website with just static content, installing php would be bloat because it's not needed.

In a mild attempt to go on-topic again, i do have a question about firefox:
I frequently use the/ key to search in webpages. It's nice and easy and similar to less, vi and friends. Nowadays many websites have a search option and some of them "steal" the / character and direct me towards their search input box. This annoys me a lot, since i just wanted to search the webpage i was looking at. Besides that, there's also the privacy aspect: I expect to do a local search with my browser, and because of this behaviour my search term is often sent to website for auto-completion.
Is there any way to prevent that from happening?
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com

[Hu]

Keystroke hijacking like that is usually implemented via Javascript. Blocking Javascript on the offending website would work, though that is quite heavy-handed, and as ranted above, may well break more than it should.

You could also try using Ctrl+F to open the search. This is a free-text search, and in my experience, is not normally hijacked. I don't know if it is immune to hijacking because it is a browser keyboard binding, or if sites that hijack the search key just don't think about that one.

[pa4wdh]

Thanks for the tip, ctrl+f indeed does the trick. Evil github is one of the offenders and ctrl+f still works.

I understand it's implemented using javascript, but switching off javascript is usually not an option. I hoped for a setting that just protects / from being hijacked .
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com

[Hu]

I understand. If I knew one, I would offer it to you. Perhaps there is a secret about:config setting for it, but if so, I do not know its name.

[Dorsai!]

[eccerr0r]

Time to get up in arms when ctrl+u gets remapped...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?

[devsk]

How are people dealing with fission enabled by default in latest FF? It seems like a nice security feature that processes for different websites are isolated from one another and can't access each other's memory but I am finding it very annoying because

1. it creates a large number of processes on my setup where I have 4 windows with several tabs open
2. eventually, it slows down loading of new tabs. Simple websites slow down to a crawl and I have to restart FF, which I hate to do despite session restore.

I don't mind large number of processes but slowing down the loading of websites is not acceptable. What is that slows it down with more uptime?