Interesting. Thanks for playing devil's advocate. I did find it funny you felt it necessary to link to explanation of it.

I guess the art of debate is becoming a lost art...

I had not considered "polyfills". However, if they are critical to site operation then you would have no choice but to load them on the pages that need it. I'm not saying there should be a hard 250k limit or anything, just that for normal operations you should aggressively try to limit the size.

Personally, I like to inject scripts on demand. When I would need one of those polyfill libraries I could inject the script before hand. If the user never performs an operation requiring it, it does not get loaded.

I never claim to be a front-end expert at all. In the last 2 years though I've been forced to step up and start creating more and more of the front end infrastructure due to costs (which is terrible; I'm overworked). For what I needed the minimum JQuery library has been giving me everything I need and I inject the chart and graph JS when I need it on specific pages.

How do images not from the domain (or registered CDN) failing to load make essential web applications useless? That sounds like hotlinking of images which I've always understood to be a dickhead move on the part of web designers.

That also comes back to the javascript because I cannot understand putting all of your JS on CDN's that you are not paying for. Worse, I see developers all the time hotlinking scripts from other blogs and developers. If you pay for the CDN, then use it as you see fit. If it's something your not paying for, then don't be a dickhead. Common courtesy from my point of view.

In some cases I can understand that hotlinking may be required to offer a service, or normalize images and scripts amongst all of the services clients. However, the vast majority of this activity is highly undesirable from the user's point of view. I use DoNotTrackMe and Ghostery precisely for that reason.

I'm not interested in facilitating the mass violations of privacy for marketers. They can DIAF repeatedly. I really believe that the content or script should be delivered from the domain, or CDN's that they are paying for. Other CDN's are too risky and don't offer the minimum level of reliability that I expect.

Keeping strictly to this requirement would seem to solve a lot of problems. The site owners and designers would be forced to host and review the content they are pushing out. No more pushing the blame out to a 3rd party company, and create accountability to help the users.

If they really want that beacon or tracking technology then download the script to your own servers or CDN's. While I know that many designers would just cron the damn thing to sync it, it does still create accountability.

As for the registering of the CDN, I think you misunderstood me. The site itself would register a CDN as part of the domain through instructions in the XHTML. I believe this would simplify work flow and allow you to swap out a CDN without touching a single line of code in the rest of the site.

You could register several different objects with the browser itself. Off the top of my head you could register CDN's, external widgets, beacons, trackers, etc. Even better, you could register known external objects that are community approved. Meaning, your XHTML does not have to reference the exact Google Analytics script, but to a common reference point that allows Google to normalize that code to whatever they want. No cost for registration. If it's well used enough the community itself can add it to the list of common objects to make life easier for all designers.

Having that can allow the community to manage RBL's for objectionable content. Not to mention with a single preference click you could disable all beacons and trackers. Privacy laws could be amended to state that bypassing the user preferences in the browser is illegal. Wasn't Google guilty of that anyways with something? There are really very few exceptions to disabling trackers. Netflix loading the FB Connect code to facilitate certain features is an example. Netflix could tell it was blocked and pop-up a dialog box informing that certain features will now be missing AND list them. I know some people want Social Media to be omnipresent in all the sites they visit. This does allow that, but strongly categorizes all of these activities in a way that is now transparent to all users.

A strong level of security is provided when the community finds that somebody was injecting a blocked beacon or tracker from their own domain or CDN, they get added to the RBL and disabled everywhere. That's a really strong deterrent and well operated RBL's can be fair and impartial. While I've heard nightmares regarding RBL's, the major ones I've always found to be operated well and you have ample ability to remove yourself. Plus, it would only happen if that RBL found you being a dickhead, not just faked reports from user complaints. Legitimate malware complaints and tracking from security companies could allow many large scale malware attacks to be stopped in their tracks. Certainly a more comprehensive and proactive approach.

I realize that this would upturn entire marketing industries, but quite frankly, fuck them. If the user base sends out a message loud and clear that says, "Don't Track Me", I don't see why they get to continue violating privacy. DoNotTrackMe and Ghostery are not going anywhere and are in fact growing.

Maybe so. However, it also represents scraps of paper that are held in numerous other locations, and information that has nothing to do with the crime at hand.

Nothing you said even for a microsecond excuses your desire to eliminate due process. Remember, I'm not arguing that you can't get it. Only that I want a judge to say that the getting of my data is warranted.

You have the same back asswards logic that the NSA uses to justify mass surveillance. We *could* be ohh that much safer if we just got rid of due process and violated everyone's privacy in real time forever. All of the criminal text messages would be seen instantly!! We could even create a "precog" division for rapid response and be at the drug drop *before* the criminals get there.

No dude. The risks and dangers to our society from such invasions of privacy are so much more dangerous than whatever security you think you gained with it.

Once again, for the 2nd time in this post, if you really think you need it, just ask for a WARRANT.

A WARRANT allows you get that information you want because the logic and reasoning you have for getting it is determined to be WARRANTED.

You have not presented any logical reason whatsoever for getting rid of my due process rights.

Judges can be woken up, and if we have so much crime that we need to start hiring and paying judges to work grave yard shifts we have much bigger problems.

At that point let's just put society to rest and create Judge Dredd.

All of your examples pale in comparison to the protections afforded by judicial oversight. It's my RIGHT to have that judge woken up and asked if the logic and reasoning behind the violation of my privacy is warranted.

Interesting how that word is used. An action can be "warranted". That's what a warrant means. Somebody designated by the citizens and trained to be impartial evaluated the situation and said the invasion of my privacy was warranted and in the best interests of society.

With respect, I FUCKING WANT THAT.

Don't take away my right to have a judge involved before the cops can even attempt to violate my rights, haul my ass off to jail for forced enemas, colonoscopies, beatings, jail rapes, etc.

Let's keep due process dude. It's a really good idea.

That "bullcrud" is called Due Process and the Constitution of the United States of America.

"Nearly 100%" doesn't cut it. You're being a douchenozzle right now.

If it was your freedom at risk, why would you elect to remove the Judiciary oversight from your interaction with law enforcement?

Another question:

You may feel that way, but why would you deny me my Constitutional right to privacy in my effects and papers?

The position you hold is not reasonable, or rational, and basically amounts to "due process and oversight is so hard. I have to like convince a judge that my logic is correct".

In other words, you strongly disagree with the idea of peer review.

Those checks and balances were created by the founding fathers for a reason. Not just to fuck with law enforcement and make their lives harder.

I have not run FF for at least 2 or 3 years now. It really was hilariously slow compared to previous years when it was the only usable web browser around.

It's nice to hear that IE is getting better, but my experience day to day is that Chrome is way faster in page loads and general operation (javascript). Personally, I would go back to IE if they are that good because I don't like supporting Google. They are so anti-privacy right now it's horrible.

The biggest problem with IE from what I understand is that it costs so much to develop plugins on it. That was the complaint from Ad Blocker right?

I think it was summer of last year I was looking for plugins on IE and did not find nearly as many as available and that was allegedly the reason why.

Uh huh.

I shouldn't have to roll that change out in group policy because some idiots at Microsoft destabilize an entire fucking operating system looking for updates to a single program for upwards of an hour after start up.

That's assuming I even have group policy. The number of companies with XP using them effectively as thin clients without domain controllers is the majority, not the minority.

That preference is just a hack and a cheap work around.

Says the AC.

It's not just about screen size and resolution. If that were true we would not have any problems rendering exactly the same between Firefox, IE, and Chrome right?

But we do right? Who's the fucking idiot?

No matter the screen resolution? Are you fucking retarded?

The same site layout and style you use on a widescreen tablet is NOT going to fly on a tiny ass little smart phone screen. Unless you want everything to SCALE down, which would be stupid.

Mobile design really does require a significant departure from how your entire site is laid out and used. If you want a fucking example look at Fandango. They DON'T look anywhere near the same.

Your idea that you could code some sort of style sheet that could render on both is hilarious.

Since you are already creating entirely different style sheets and use cases for a mobile platform, why do the work TWICE?

Just stop. Look at yourself and the money and resources you are expending. Face Palm. HARD.

Write the god damn mobile app and just be done with it.

I'd like to say that I'm one of them, but I really stick to back end development, automated BI, databases, sysadmin, etc. The stuff that I do front ends for I approach the same way as the back end. Scaleability and Security. The first part solves most of the bandwidth and processing waste you see, and the latter is just the only sane way to approach anything now.

I wouldn't put a huge library only to use a small part of it. My first attempt I downloaded JQuery right away, and then, actually used it. Meaning, that all of the dialog boxes, button creation, animations, effects, whatever were pure JQuery code. Use their site theme roller and actually stick to it, and you will have a nice clean working site with minimal code.

It's funny you mention caching :)

Since I was using AJAX to get XML documents that I was using to populate rows on reports I created my own caching mechanism that would store the results in the DOM body itself with a TTL. If you went back to do the search again with the same parameters it literally just read it from the DOM body, looked at the TTL, and just put up the loading animation while doing nothing. Those executives could keep clicking the damn button all they wanted. As long as they didn't close the browser and stop the session I was caching all of my own XML response docs myself.

While I know that my stuff wasn't as secure as other professionals could do it, I know that it wasn't terrible either. All input was validated and sanitized, and I did best practices for XSS/CSRF.

Starting out as a programmer the only way you could see web browsers in the beginning was like the special ed classes had leaked out and were running amuck in the industry.

Things are already hard enough.

You want to tilt at windmills regarding the DOM and javascript. You can't do the operations people want today with plain xhtml and style sheets. Not to mention, I would need to do device detection to decide on WHAT style sheet to deliver.

You're idea is to deliver what amounts to a PDF and absolve yourself of all responsibility for the rendering. Great. Unrealistic, but great.

Don't group me with those "people". I'm not making stupid hacks and I'm just as tired as you are about all the bullshit just to get something done. Javascript is the only way to do it, and you are conflating the problems of style sheets and rending with JS. No, not always. In fact, not even that often if you are doing JS correctly.

I'm not interested in making JS do everything on the page. A simple event to change the background color to create a menu is not something that should ever break the rendering of the page. By the same token, an AJAX call tied to a click event is not going to break the rendering either. It can even HELP. You don't have to download an entirely new page. Just modify the DOM with the result that came back.

The mobile app is the only sane response I have at the moment to the nightmare that is trying to get CSS rendering correctly on mobile devices, as well as every other freaking device they buy.

I don't want them visiting my website with a mobile browser since the chances of bullshit problems with rendering or malware is just too damn high.

A mobile app solves all the problems you speak about. I can finally, and reliably, control the user experience on their device.

You're right about the marketing vermin, but I'm NOT a marketing vermin. I just want users to be able to perform those operations they want without dealing with the hell that is mobile web browsing.

Be honest. Do you really want mobile web browsing when it sucks, the programs themselves are not standard, and the user experience is so different?

Having a native app written to do exactly what you want would always seem to be the preferred method. At least with the case of PhoneGap I get an IOS and Android App with one single platform.

I think that's easier than coding a separate mobile site for the platform. ....

AND... if you are really so damn good that you can do all of what you are saying with just a document and a style sheet.. then teach us master. Show us the way through the valley of darkness to the fields of wheat and honey.

Cuz I'm tired. I just want shit that works man.

Noooo, the toxicity comes from using a platform that was designed only to publish static documents with a simple markup language to do rather complicated dynamic operations requiring the browser to act more like an operating system managing objects, making additional requests based on client side activity, etc.

This what YOU WANT. You can't tell me you don't want those features without also telling me that you want to be Amish.

Running arbitrary code is exactly what is required to satisfy web browsing needs of people today.

They're absolutely essential, and done right, not even close to being a pain in the ass. If you have a "form" on a page and want to be able to work with it, without having the entire page reload, your ONLY option is JS. There are NO OTHER OPTIONS.

I'm flabbergasted that you even think for one moment that a site not working without javascript is broken. With respect, you're the one broken.

You simply cannot do 99% of what people expect in a "Web 2.0" experience with working with the DOM locally, and that absolutely requires JS. Unless... you really want JAVA and FLASH?

There is no such thing as "optional" enhancements anymore. Responding to events and using a JS framework greatly accelerates development times and actually allows for rendering on different browsers to be largely the same.

My pages are written far easier and are less cluttered with a simple class having a click event that runs an AJAX call to get your more information about that object.

You're wishing to go back to a pure static page environment, or worse, a dynamic one where to do the SIMPLEST activity requires a GET or POST to a separate page requiring server side code to operate, create a dynamic page just for you, and then return it.

Really? All of that work, those server resources, just because you didn't want one little AJAX call running on the page submitting your post?

Hardly seems reasonable.

Then let's not forget. With your idea, no major web development would have ever been done period. The only way to do anything again would be native code, thereby shutting out quite a bit of valuable innovation in the markets by startups that could have never afforded the resources for large coding shops that could keep track of code for multiple platforms.

Having experienced native code companies and SAAS companies... please don't relegate the rest of us to that hell. The native code companies are cratering because they can't begin to hope to keep up with the SAAS companies using open source frameworks and rapid cross platform development to push out fixes and features in weeks instead of 3 years.

As for that CDN observation, I never said it was perfect. Only that if you wanted web browsers to operate the way they do now with no 3rd party client side library and frameworks you would need to provide all of those capabilities straight in the browser. Registering a CDN in the browser as servicing a particular domain at least allows the browser the ability to filer those requests and choose whether to do it at all. Site coding is easier because the browser understands to redirect the requests for those files to the registered CDN instead of the website. If the CDN fails, you have graceful failure back to the site's servers. Unless it is 100% hosted on a CDN like Amazon EC2 can.

Bypassing the CDN filtering doesn't make sense either as it would be the CDN itself that gets listed on the RBL, or the subset of it belonging to that customer. Putting their scripts there is the entire point of the CDN so that doesn't make sense either. Why would I host my own scripts AND pay the CDN? No, the idea of the CDN is to 100% host my site on it. Not ala carte. When that malware script gets put on the RBL, hundreds of thousands of people can be subsequently protected. Your idea of the static 1990's page completely prevents that capability. Every subsequent user of the site has the same exact risk.

Putting the advertisers on networks of CDNs that proactively participate in the RBL program does go a long way to mitigating large malware attacks. It would have helped with Yahoo earlier this month. That spying that you are talking about can be done with CDN's right this minute so I don't see how that is relevant to an idea I came up with in 30s.

Web browsers are not used for static document delivery and rendering anymore. They just are not used that way anymore.

I understand your bitching, but the option is most assuredly NOT going backwards, but going forwards and creating a new cross platform design that precisely allows for arbitrary code to be executed in a heavily sandboxed environment. That would be what a web site should be. It's the only way to deliver the services people expect in 2014.

If we at least approach it that way from the start, creating an entirely new framework, with security being the #1 motive, than we have a chance at least. Otherwise, we are just left with more of the same, which quite frankly gets really fucking old quick.

I use IE all the time to download Chrome on new systems....

Though, lately I've been doing more and more front end work. It's where I'm finding money. That unfortunately requires me to use IE most of the day to make sure what I'm working is rendering across browsers correctly.

Otherwise I use Chrome. Opera is just not my cup of tea, Firefox sucks balls now (seriously. they couldn't have fucked up more if they tried), Safari isn't all that good, and that leaves IE or Chrome. Gee... I wonder....

There is an argument that a small site with low visitor counts can get away with a 1 meg download that is cached afterwards anyways. That being said, I think anyone that claims they are anything greater than a novice must use scaleable web design practices. Meaning, that you have to justify every single 1k of data being returned by the web server.

The problem you reference are what I call the web hobbyists. Web developers are plagued with the hobbyists to the extent that people by default think they are fucking morons.

I'm being nice, but there are so many people out there selling their development services that don't even understand PHP or JS and can only follow instructions on some page to get a Wordpress plugin to work. These are the people operating at such a high level of abstraction that they have no idea how a web browser actually works at all. I'm no expert and even I understand headers and the general theory behind rendering and running client side code.

Trial and error by shoving JS on a page and hoping for the best is quite normal unfortunately.

I actually had somebody give me a page back that they had worked on, (which looked very good), and required some JS to dynamically do something (don't remember). They literally copied and pasted the JS from some blog page and gave it to me as a finished product. Never bothered changing the ID, let alone creating a class, and let the code run trying to attach events to non-existing page elements. The library was not even included.

That person probably represents the norm for the armchair web hobbyist that would be unemployed if it was not for Wordpress.

I think it largely has to do with ignorance.

The poster holds a rather unsophisticated view that allows them to see the police's reasonable and justified need for access to that information as something correct and desirable.

The 4th doesn't mean anything to the poster since they don't understand the basics taught to people in Civic's class. That being, the ostensibly simple concept of having a member of the Judiciary act as a check and balance against the needs of the Executive.

Nobody is saying that the police should not have access to that data. They absolutely should and I can totally understand that it would be very useful to solving crimes. What the proponents completely miss is the understanding of what a warrant is .

That's the real problem. How many people understand what the heck a warrant even is anymore?

Seriously? How on earth does anything you just said magically erase the US Constitution?

That smartphone represents, just as you said, access to huge amounts of information about the suspect. As well as information about innocent third parties that quite possibly had nothing to do with the crime.

You're supporting the idea of fishing expeditions into a person's digital space.

Arrest does not imply guilt. A member of the Judiciary should always be consulted regarding, and allowed to limit, the scope of any search of a person's effects and papers.

So, NO. There is not always enough evidence to justify the full and complete invasion of privacy of a citizen that is innocent until being proved guilty. If there really is a justifiable reason to invade that privacy than the police can convince a judge to do it.

Don't be a douchenozzle that enables their asshattery please.

There is never an acceptable reason to violate due process and PERFORM ANY ACTION WITHOUT A WARRANT .

Warrant, warrant, warrant, W A R R A N T!

It's a well conceived check and balance against tyranny ever present in a law enforcement organization. Don't give up something so valuable to the citizens over such stupid reasons.