Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Notices tagged with javascript

  1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Friday, 17-Nov-2023 14:22:01 EST lnxw48a1 lnxw48a1
    I've been looking a little at websites that don't try to be applications because most of my devices are too memory-constrained to run multiple tabs of #JavaScript.

    Yesterday's discovery: https://sqwok.im/
    In conversation about a year ago from nu.federati.net permalink
  2. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Thursday, 05-Oct-2023 14:20:15 EDT lnxw48a1 lnxw48a1
    These days, when I see "Bootstrap", I think of the #JavaScript and #CSS framework created by #Twitter. I usually refer to #bootstrap as "buttslap".
    In conversation about a year ago from nu.federati.net permalink
  3. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Friday, 22-Sep-2023 21:59:58 EDT lnxw48a1 lnxw48a1
    #T-Mobile Home Internet dropped to dial up speed this evening. 50kbps down. Up is better, 2.5Mbps.

    It still means very few of today's bloated, #JavaScript heavy sites will load, even if the actual content is a few thousand characters.
    In conversation about a year ago from nu.federati.net permalink
  4. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Wednesday, 20-Sep-2023 17:34:11 EDT lnxw48a1 lnxw48a1
    A security researcher questions whether standard phishing awareness training is even worth continuing. https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html [malwaretech com]

    If you browse with #JavaScript disabled, you'll want to CTRL-U to view source. The article starts at line 377 and ends at line 426 (out of 798).

    It should make one wonder what evil intentions are behind hiding the text unless #JabbaShit is enabled. This is true on any site, but a domain like "Malware Tech" should pay special attention to this idea. It's probably a decent site with no ill intentions, but what they're doing is shady and questionable at best.
    In conversation about a year ago from nu.federati.net permalink

    Attachments

    1. It might Be Time to Rethink Phishing Awareness – MalwareTech
      Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
  5. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 20-May-2023 12:03:22 EDT lnxw48a1 lnxw48a1
    Yax filing site #efile.com was serving #malware #JavaScript and #PHP files in early April. No information on how the attackers gained access. https://nu.federati.net/url/290472 [www bleepingcomputer com]
    In conversation Saturday, 20-May-2023 12:03:22 EDT from nu.federati.net permalink

    Attachments

    1. IRS-authorized eFile.com tax return software caught serving JS malware
      from BleepingComputer
      eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware.
  6. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Friday, 03-Mar-2023 22:43:33 EST lnxw48a1 lnxw48a1
    in reply to
    • lnxw48a1
    While I was on the #TrueNAS site, I decided to visit https://truenas.com/careers/ page, but it is #JavaScrippled #JavaScript_Dependent and I wasn't interested enough to turn #JavaScript on for them.
    In conversation Friday, 03-Mar-2023 22:43:33 EST from nu.federati.net permalink

    Attachments

    1. File without filename could not get a thumbnail source.
      Careers with TrueNAS | Join the Open Storage Revolution
      from TrueNAS - Welcome to the Open Storage Era
      Looking for a fresh start with a new career? Join the iXsystems and TrueNAS team and be part of the Open Storage Revolution.
  7. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Monday, 16-Jan-2023 17:32:12 EST lnxw48a1 lnxw48a1
    https://sixcolors.com/link/2023/01/the-end-of-the-twitter-client-era/ [sixcolors com]

    I remember using 3rd party clients to access #Twitter. There was the commandline #TTYtter, the #Flock browser's built-in social client, and many others.

    As Twitter added ads andspewed tons of #JavaScript, leading to a "jumping and twitching" interface that would move underneath your mouse pointer and cause mis-clicks, and as it took 5-10 minutes after logging in for the page to fully load, it was clients that made the site tolerable.

    There was the "OAuth-pocalypse", when they required all clients to use OAuth (v2?) and it intermittently failed for a few weeks.

    Then came the day when clients and other API uses "that substantially reproduce" the Twitter UI were notified that their days were numbered. I remember @evan telling them that Identica and other StatusNet instances had a similar API ... but few, if any, clients came over. Most just shut down.

    Hilariously, there was a trivially reproducible social ranking thing that was cited as an example of the kind of API uses Twitter considered interesting and allowable.

    There were other, lesser bumps in the road, but as Twitter had already strangled most of its client ecosystem, I did not pay attention.
    In conversation Monday, 16-Jan-2023 17:32:12 EST from nu.federati.net permalink

    Attachments

    1. File without filename could not get a thumbnail source.
      The end of the Twitter client era
      By Jason Snell from Six Colors
      The end of the Twitter client era
  8. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 25-Dec-2022 13:55:31 EST lnxw48a1 lnxw48a1
    in reply to
    • Ji Fu
    @fu I have definitely noticed that when I use the phone's hotspot, the Friendica UI on Libranet doesn't work correctly and takes forever to load anything. I would say the real issues are (1) too much #JavaScript instead of native HTML + CSS (2) infinite scroll instead of pagination. The combination makes every page load into a [b]REALLY[/b] big download.
    In conversation Sunday, 25-Dec-2022 13:55:31 EST from nu.federati.net permalink
  9. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 24-Dec-2022 12:53:30 EST lnxw48a1 lnxw48a1
    Doing #JavaScript when you're tired is like trying to do an incantation in a foreign language, where if you pronounce it wrong, you call up a cannibal to eat you.

    (This was from an earlier conversation. I'm not messing with JS right now.)
    In conversation Saturday, 24-Dec-2022 12:53:30 EST from nu.federati.net permalink
  10. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 04-Dec-2022 11:22:39 EST lnxw48a1 lnxw48a1
    in reply to
    • lnxw48a1
    Tagging this thread with #Fediverse #Security ... whomever made the script obviously read some protocol docs and some source code. With just a little #JavaScript, they were able to knock some #Misskey and #Mastodon instances to their knees.

    This isn't the first, and it won't be the last. Remember when someone posted a humongous image and locked up any #GNUSocial instance that tried to download the image? Remember when someone's instance was replaced by some sort of cryptocurrency site and PuSH es from your site to theirs would crash your site because of their site's response? (I'll bet I still have that domain blocked at the firewall.)

    We have to stop being naive about the intentions of those in the current migration. The overwhelming majority will have benign, if not good, intentions. But a select few will have bad intentions. Among those intentions is to colonize the Fediverse with #Twitter's culture, to come here and impose that culture of anger and disrespect upon the inhabitants here ... which already happened once with the first wave of people joining #Mastodon instance, except it was Twitter and #Tumblr at that time.
    In conversation Sunday, 04-Dec-2022 11:22:39 EST from nu.federati.net permalink
  11. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 30-Jul-2022 12:55:44 EDT lnxw48a1 lnxw48a1
    Back in the 1990s, my youngest uncle kept telling me to learn #COBOL instead of #Java (though at the time, I was taking courses with Microsoft #BASIC ... and later took both COBOL and Java, along with #Pascal, #Visual_Basic, #JavaScript, #Perl, #PHP, and more).

    At the time, he was making $100,000+ and taking time off whenever he wanted. I think he made a lot more during the fixes that prevented #Y2K from becoming the expected meltdown, but he then ran into headwinds because foreign programmers were being imported to do the work for a lot less than what he was accustomed to earning, so he retired.

    I thought about this back when the lockdowns geared up and state governors were crying about lacking the COBOL programmers to fix their unemployment insurance systems.
    In conversation Saturday, 30-Jul-2022 12:55:44 EDT from nu.federati.net permalink
  12. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Monday, 23-May-2022 22:10:34 EDT lnxw48a1 lnxw48a1
    • Baseball
    I bought tickets to a !baseball game. The process is unpleasant. If I wasn't already committed to go, I would not have gone through it.

    1. Visit MLB.com on the (older) tablet and click on the team, then on tickets.
    2. Oops! Their 3rd party processor does not like your #VPN. You're going to have to enter sensitive financial data across #hotel_Wi-Fi. I know that we're using HTTPS, so there's already encryption from me to mpv\.tickets\.com. Okay, I'll risk it.
    3. Okay, pick a game that you want to buy tickets for. Wait up to 4 minutes for the #JavaScript to load and the page to stop jumping around. Now slide the price slider, so you can look at tickets at prices you are willing to pay. Wait for the JS again.
    4. Now you're supposed to choose your seat by which section it is in, so you try to expand the map to see where each section is. The map seems unresponsive, but after 3-4 minutes, it will suddenly start moving. Okay click the back button and do it again.
    5. Click 'buy now'. Wait 3-4 minutes and the 'create an mlb.com account' page opens. Account creation is followed by adding a credit card (or Google Pay) to your account.
    6. You only had 9 minutes to complete the purchase before the tickets go back in the pool. Let's use the laptop instead. And the hotel log in page takes almost 15 minutes to go through tonight. (Once you get in, you've got 10Mbps up and the same amount down.)
    7. Log in to mlb\.com, go back to the ticket buying site. This time, you're able to complete the purchase in a few minutes. Thanks to excessive #JabbaShit, the page is still twitchy. But you got it done anyway.
    8. When you get to the field, you'll need to use the MLB app on your phone in order to present a bar code for entry. No Google account? You can't install the app.
    In conversation Monday, 23-May-2022 22:10:34 EDT from nu.federati.net permalink
  13. Joshua Judson Rosen (rozzin@status.hackerposse.com)'s status on Sunday, 22-May-2022 17:17:39 EDT Joshua Judson Rosen Joshua Judson Rosen
    • Hacks
    This may just be the best-written article ever: "In Defence of the Single Page Application" #javascript #webdesign !hack
    In conversation Sunday, 22-May-2022 17:17:39 EDT from status.hackerposse.com at 42°45'55"N 71°28'3"W permalink
  14. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Friday, 20-May-2022 17:21:04 EDT lnxw48a1 lnxw48a1
    I used to use a certain newspaper's site to do pay searches. If you worked for the US government, that site had your official pay scale (lagging about 18 months). Despite $EMPLOYER's effort to keep us from knowing who makes how much, I knew.

    That info is now behind a paywall (and not a standard JS-based paywall that can be evaded by turning off #JavaScript).
    In conversation Friday, 20-May-2022 17:21:04 EDT from nu.federati.net permalink
  15. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Wednesday, 16-Feb-2022 20:09:25 EST lnxw48a1 lnxw48a1
    in reply to
    • lnxw48a1
    Case in point, in any of the #Chromium based browsers, you can turn #JavaScript totally on or totally off. There is no option to turn it off for 3rd party domains.

    So many sites are #JavaScrippled these days that turning JS all the way off (without a one-click way to turn it on for one site) is too frustrating for anyone to do.

    I did see in #Edge today that I can add sites individually to either a separate Yes to JS or No to JS list. I don't recall seeing it until recently. But that's cumbersome.
    In conversation Wednesday, 16-Feb-2022 20:09:25 EST from nu.federati.net permalink
  16. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Tuesday, 01-Feb-2022 23:39:01 EST lnxw48a1 lnxw48a1
    Apparently, Linus Sebastian (of "Linus Tech Tips") said that ad-blocking is basically piracy. But given the intrusive, invasive, interruptive nature of many ads and the extreme data-collection that accompanies them, ad-blocking is the only sensible and sane choice. It is okay to choose a small number of trusted sites and unblock for them--if you choose to do so--but in general, ads should be blocked.

    The #JavaScript used to serve ads has been hijacked on occasion to install malware, in addition to its role in the data collection and spying that advertising networks do.

    But as for the moral argument he's reaching for:
    * the site is paid by the ad vendor
    * the ad vendor is paid by the advertiser
    * therefore, the site visitor has no obligation to allow or view ads on the site. If that affects the site's revenue so deeply that it is no longer worthwhile to run the site & produce the content that the site displays, then someone should be looking at alternate revenue sources (e.g., offer t-shirts and mugs with the site's name and logo
    * the site visitor and site owner / administrator have no agreement express or implied which requires the allowance and viewing of advertisements
    In conversation Tuesday, 01-Feb-2022 23:39:01 EST from nu.federati.net permalink
  17. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Monday, 24-Jan-2022 17:53:00 EST lnxw48a1 lnxw48a1
    in reply to
    • lnxw48a1
    There’s no question that PoW mining uses a lot of power. But so does Facebook and so does gratuitous #JavaScript on web pages. No one is suggesting that we forbid or boycott Facebook or JavaScrippled web pages over their expected climate impacts.
    In conversation Monday, 24-Jan-2022 17:53:00 EST from nu.federati.net permalink
  18. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Tuesday, 21-Dec-2021 12:26:12 EST lnxw48a1 lnxw48a1
    https://www.radioshack.com/

    Link seen because @moon@shitposter.club repeated someone's post.

    I refused to turn on #JavaScript, so I can't see most of the content, but I think this is a really bad idea. I'm not anti-cryptocurrency (as I think of it as one possible way to prevent bankers' tyranny over us), but whatever one thinks about RadioShack / Radio Shack, I don't think attaching a different product or service to the name makes any sense.

    Too many people still remember going into thir stores and buying computers and somewhat outdated stereo systems, so the new owner's product or service _is_ going to clash in their minds.
    In conversation Tuesday, 21-Dec-2021 12:26:12 EST from nu.federati.net permalink
  19. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 05-Dec-2021 15:16:02 EST lnxw48a1 lnxw48a1
    • Smalltalk, Self, IO, etc
    after a nuclear war, the remaining people will probably not be able to spin up a modern operating system on their improvised chips. How do you build a simple, reliable, legacy-free OS from scratch? What ideas 💡 and techniques should be passed down to those people?

    If we think hard enough about this, I think we’ll agree that closed-source systems are basically designed to be almost impossible for people outside the sponsoring organization to reproduce (for an example, consider [ReactOS](https://reactos.org/), which launched as [a project to produce a system compatible with Windows 95](https://reactos.org/wiki/FreeWin95) and [then changed to focus on Windows NT](https://reactos.org/wiki/ReactOS/History), and after more than 25 years, is still not capable of being a daily use system.

    But we may also determine that most open-source systems are likewise not designed in such a way that reconstruction is viable. The Linux kernel is *huge* these days.

    Additionally, in my opinion, they’d probably want to use programming languages designed for readability, ease of learning, and error-reduction first (that is, more like #COBOL than #C, more like #Java than #CPlusPlus, more like !Smalltalk and #Lisp / #Scheme than #Perl / #Raku and #JavaScript) and then performance and low-level access.

    I think it is a mistake to assume that one could start with a modern version of #gcc or #llvm or #msvc … because it is not a given that the software itself and someone who knew how to use it (and update, modify, and adapt it) would still exist.
    In conversation Sunday, 05-Dec-2021 15:16:02 EST from nu.federati.net permalink
  20. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Monday, 06-Sep-2021 20:28:49 EDT lnxw48a1 lnxw48a1
    https://thehackernews.com/2021/09/protonmail-shares-activists-ip-address.html

    I did not anticipate this, because I figured they’d have learned from Lavabit and designed their systems such that there was no way for them to have any metadata (user’s IP address, user’s ‘user agent’, timestamps of users’ correspondence, pretty much everything except what is required to send and receive messages). Any information your system has, however briefly, can be the subject of a government order.

    My issue over the years has been that both Protonmail and Tutunota send you the JavaScript used to “end-to-end encrypt” your message. At any time, they could be ordered to modify that JS to cache the encryption keys for later reuse by government agencies.

    Tags: #Protonmail, #surveillance, #government_over_reach, #metadata, #encryption, #JavaScript
    In conversation Monday, 06-Sep-2021 20:28:49 EDT from nu.federati.net permalink

    Attachments

    1. ProtonMail Shares Activist's IP Address With Authorities Despite Its "No Log" Claims
      from The Hacker News
      Despite its "no logs" policy, ProtonMail discloses an activist's IP address to authorities.
  • Before
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.