Javascript, Flash, HTML 5, and virtually all the rest of the HTML "enhancements" are a cancer on the web.

Honestly, the only website that I can think of where using Javascript actually does something useful that I'd have a hard time doing better on a standalone app on my own machine is Google Maps, where it's nice to be able to scroll around by dragging the map with the mouse.

But even there, I'd gladly sacrifice that feature for a standalone mapping app on my own machine, so I don't have to worry about Google spying on me whenever I decide to go somewhere!

Geez. The web has become a gigantic spyware advertising network, and Javascript, Flash, and related garbage are some of the main enablers of it.

</rant>

May be that works for you. But a significant number of web developers are moving on JS frameworks for web development such Angular, Meteor, Node, etc. Most sites built on these frameworks will break is javascript is disabled. As an end user, that is the worst user experience you can ask for.

"Most sites built on these frameworks will break is javascript is disabled"

You know, there is a solution: the noscript tag. You know, the tag that lets you retain some level of functionality for people who do not have Javascript enabled.

Why should I have to expose myself to various security and privacy problems just because some web development framework cannot keep an old version working? There are a lot of reasons why someone might not have Javascript enabled, and they should not be shut off from large parts of the web. Should vision-impaired users who use TTS systems be shut off because your framework of choice thought that Javascript should be used to replace functionality that is built into the browser?

Yes, the noscript tag can be used. In fact if you see Rails' implementation of unobtrusive javascript, the application defaults to its html behaviour in case javascript is off. However, not all frameworks take this approach.

Moreover these days, developers don't develop for 100% of use cases. they start with implementation of say 80-85% of use cases. Folks not wanting to use javascript never come into that category, which means that noscript approach is almost never taken except may be in the case that the web application developed is targeted at that user category.

Lastly I would suggest this simple solution (http://someonewhocares.org/hosts/) to block all those pesky ads and pop-ups.

> Why should I have to expose myself to various security and privacy problems just because some web development framework cannot keep an old version working?

For a lot of sites and everything else coming up there is no old version. It's a Javascript app. Noscript could at best display an error, but if you're browsing around without Javascript you probably know enough that the error is on your end.

"Should vision-impaired users who use TTS systems be shut off because your framework of choice thought that Javascript should be used to replace functionality that is built into the browser?"

Unfortunately, that's about the scope of options most organizations entertain. If there's any degradation, it tends to lack grace and is on a par with a screenreader.

While I "like" javascript (OK, I like dynamic sites), if my machine seems slow, a cursory look at my running process will show a chrome or safari process that is inevitably getting dry humped by a page using js for a carousel or something equally banal.

So you're not OK with giving a site a fairly narrow range of sandboxed permissions, but you are OK with installing an opaque binary that can read, modify, transmit, and destroy nearly every piece of your data on your computer.

Who said anything about it having to be a binary?

You have heard of open source software that doesn't need a browser to run, haven't you?

Sure. Do you personally read through every line of source? Maybe you trust the repository managers to do so, and limit yourself to only very-popular projects - do you completely trust the trust-chain that lets them submit new code? Maybe you do - remember when RubyGems.org was hacked? Or when [many sites] lost their private crypto keys? What's to stop the same thing from happening, and pushing a critical update with an exploit? Maybe you reduce the frequency you check for updates to mitigate this kind of vulnerability - oops, now you're more vulnerable to new exploits.

If you're not watching every step, every time, you're gambling the same way you're gambling with malicious code in a browser (though I'll admit it's lower frequency). Your privacy/security is in the hands of whoever is part of the chain you trust, and their security practices, completely aside from new exploits that could affect you directly. Open Source, binary, it's all the same in the end unless you're perfect in your observational skills. Sandboxing limits that trust. I'll even grant that it's technically possible to do the same thing with processes in Unix, which you could be doing - but it's hard, error-prone, and essentially nobody does it except the stragglers who haven't switched to virtualization (which is essentially sandboxing).

You're being paranoid. With perfectly justifiable reasons - everything you listed is possible, plausible, and related things have actually happened. But you're not applying the paranoia evenly.

You are funny. IF you enter the destination in Google Maps, then of course Google knows your destination. JavaScript on or off... if you really want privacy you'll have to host it on your own or use offline navigation tools

I think you're missing my point.

I said: "I'd gladly sacrifice that feature for a standalone mapping app on my own machine, so I don't have to worry about Google spying on me whenever I decide to go somewhere!"

What I was trying to say was that I would prefer a standalone mapping application (ie. one that ran on my own machine and did not contact Google or any other site to work).

It just so happens that since I do not have such a standalone mapping application, I do resort to using Google Maps. And when I do, they do happen to have an actual useful use for Javascript, which is to allow the user to scroll the map with the mouse. But I'd gladly sacrifice that feature for a standalone (ie. not browser-based) mapping application that does not phone home to some spyware company like Google in order to work.

yes I've missed the point. but your description wasn't clear enough. It could have also meant standalone in the sense of a native app without the normal javascript spy ad ons..

> It just so happens that since I do not have such a standalone mapping application

feel free to try my open source graphhopper project btw ;)

TL;DR: Get off my lawn.

HN demonstrates good use of JS: AJAX voting. Forcing you to navigate to another page in order to vote is slow, annoying, and disruptive. Plenty of sites make good use of JS. For those who don't use NoScript.

Since I've switched mostly to a browser that doesn't support Javascript, I've stopped voting on HN.

Not voting is also a good way to avoid being tracked and pigeonholed.

It's true that if everybody did that, this site would be a lot less useful. However, I'm not convinced that some sort of anonymous yet secure and transparent voting system can't be implemented.

But, while voting requires enabling technolgy that will help others track and pigeonhole me, as well as make my system less secure, I'm going to avoid it.

Fortunately, HN is still readable without Javascript (even though it annoyingly doesn't indent threaded comments properly without it -- something that Slashdot manages to do just fine without requiring JS).

The Internet is a technology helping others track and pigeonhole you. Will you stop using it? And telephone? And everything? Seriously, everything can be "corrupted" to be used against you...

Youtube needs either Flash or HTML5, do you think it's worthless?

Youtube's use of Flash and HTML 5 is 100%, completely worthless!

There are a million youtube downloading apps out there that don't require me to even use a web browser to download videos from youtube. And, after they're downloaded (or even during the download), I can use any number of (non-browser-based) video players to watch them.

Youtube could make it even easier to download their videos by simply providing a direct link to the video in mp4 format. No Javascript, Flash, or HTML 5 required!

<object/> works well for playing video without any JavaScript.

<object/> is W3C gunk, with its crazy and pointless clsids. <embed> works fine, as it has for 14 years.

BTW: Did you already see this here ;)

https://news.ycombinator.com/item?id=5968237

Try an extension? Power users aren't the target market for this decision, and that's why add-ons exist.

I fully agree with you, but that's why I use an addon that lets me allow JavaScript per-domain instead of having to allow every shitty social button to use the main functionality of the site, and it can even remember my preference.

Why would you use the global JavaScript disabler when there are much better options?

Honestly stop whinning so much. Javascript is just as important a part of the web as CSS. Would you complain if sites broke because you switched of CSS? Likely not.

And you stop abusing Javascript when it is not necessary because you want to show off.

When CSS is switched off content is still readable.

And dont worry , people will turn off javascript more and more like they turned off flash because of all the stupid stunts developpers pull.

I also surf without the Javascript enabled. It's much safer and faster that way. I suggest everybody to try that for a longer period of time before opining.

Most of the pages I visit function without Javascript. The most of sites where it doesn't that I know of are *.blogspot sites managed by Google.

Why wouldn't you use the NoScript extension? Not only does it give you fine grain control over JS but it adds additional security monitoring, such as click jacking.