Thread: OT Windows 10
View Single Post
  #189   Report Post  
Posted to alt.home.repair
Mayayana Mayayana is offline
external usenet poster
  
Posts: 1,033
Default OT Windows 10
| You mean you use something like Wix? you're
| right, there's no webpage there. It's essentially
| script-based software, served to a URL request.
| Unfortunately, that also makes security almost
| impossible.
|
| This is not ours and Seattle is using Bing rather thanESRI. but this is
| the general idea:
|
| http://web6.seattle.gov/mnm/incidentresponse.aspx
|
|
| We don't do public facing web apps so security is not an issue.
|

That's not Wix. I don't have a Wix link offhand, but
it's actually even further removed from being a webpage
than what you linked. A typical Wix page is nearly all
script. The script embeds obfuscated strings that
detail specs for the webpage. The webpage content
is loaded from the Wix server. So without script there's
actually no webpage there. And with script you have to
trust that whatever eventually loads will be safe. Looking
at the pre-script source code is of no value.

But the security problem is similar with the page you
linked. First, it's completely broken without script. (I
see the left-side menu but no content at all.) Second,
the script is coming from a number of locations. On
many sites those scripts will also come from advertisers
and trackers. That means not only trusting script but also
trusting the script of a half dozen remote URLs, and
then trusting the script from the dozen URLs they link to.
It's an orgy of software being loaded willy nilly into the
browser, just to display a webpage. Meanwhile, one of
the biggest threats these days is malware installed
through script used in ads bought through big ad servers
anonymously. Browsing simply cannot be made safe with
script enabled, yet the script mania fad is breaking the
Internet for anyone who disables it. All unnecessarily.

So the very idea of using big libraries to create pages
that break without script ends up forcing people to be
unsafe online. It used to be a matter of common sense
and common courtesy not to use script unless absolutely
necessary. Dynamic functionality by anyone other than
amateurs was done with server-side PHP or ASP. Now
it's all being done clientside, often with a dozen or more
javascript files, and a total page load of over 1 MB in
some cases. I don't mind enabling script at a site like
Netflix. They do a good job with it and it really does
add a lot of useful functionality. But very few sites are
like that. Most have no business using any script at all.

Increasingly it's also being used to force ads and
tracking. For instance, some of the Microsoft pages
are now blank gray without script. When the page
loads, script removes the gray block. The page is
fine if I read it without style, because it never needed
script in the first place! But Microsoft doesn't want
you to be able to read their pages unless you let
them rummage around on your system, so the
deliberately block your access if you disable script.
And it's not just MS. That trick is becoming common.


Reply With QuoteReply With Quote