i absolutely hate how the modern web just fails to load if one has javascript turned off. i, as a user, should be able to switch off javascript and have the site work exactly as it does with javascript turned on. it’s not a hard concept, people.

but you ask candidates to explain “graceful degradation” and they’ll sit and look at you with a blank stare.

  • memfree@piefed.socialEnglish
    0·
    4 days ago

    This is correct. Web dev is told to make sure ads load before content. They don’t want users that don’t generate profits.

    • moseschrute@lemmy.worldEnglish
      0·
      4 days ago

      So in this example, what’s the underling issue, shitty business requirements or JavaScript?

          • Venia Silente@lemmy.dbzer0.comEnglish
            0·
            3 days ago

            Just because there are other ways to serve you ads does not at all mean we should not be able to not only stop at least one, but also the one which is most dangerous since it literally allows for RCE on all clients. by design.

            • moseschrute@lemmy.worldEnglish
              0·
              2 days ago

              The browser is supposed to be a sandbox environment for RCE. That’s why the sandbox part is important. Maybe instead of removing the RCE, we can lock down the sandbox better and reduce the amount of information advertisers can collect.

              If you remove code execution in the browser, then many websites will need to ship desktop apps instead. So now you’ve bypassed the browser sandbox altogether and that application can do much more damage.

              I’m not arguing that all websites need to execute in the browser, but without code execution in the browser, you remove a whole class of apps and the web becomes much less useful.

              Edit: calling it RCE is also kinda obnoxious because at that point you might as well call everything RCE. By that definition, if I push a docker image update, do I have RCE inside any container pulling that image? If there’s a way to break out of docker or web browser sandboxing, by all means call it RCE, but this is not that.

              • Venia Silente@lemmy.dbzer0.comEnglish
                0·
                2 days ago

                Maybe instead of removing the RCE, we can lock down the sandbox better and reduce the amount of information advertisers can collect.

                By all means but then someone do it, because it’s 2025 and even Firefox sends all this information that is absolutely not needed to show a webpage. It’s at least 25 years late by this point.

                If you remove code execution in the browser, then many websites will need to ship desktop apps instead.

                Which in quite more than just some cases would be good, precisely because some things should be native programs instead of requiring that the web browser basically provides all the tasks of the OS.