 |
 |
Ross Singer <[log in to unmask]> > On Jan 7, 2013, at 7:25 AM, MJ Ray <[log in to unmask]> wrote: > > It should at least mention that (fortunately, my organisation lets me > > enable javascript for specific sites) and ideally it should be allowed > > to vote without it, because some libraries are really locked down. > > I am skeptical of this claim. > > In 2013, if organizations are disabling javascript, tremendous parts > of the web are broken for them. Why? In 2013, there are still libraries without internet access for security reasons. Of course, when it gets that drastic, it's beyond help for vote.code4lib, but there are also many libraries using heavily filtered connections. That includes shared-whitelist-based permission systems, so they may allow (say) LinkedIn to work, but I doubt they will have heard of code4lib, let alone added it to their institutional whitelist. I suspect I might have seen/heard of a disproportionate number of locked-down sites, as FOSS LMS like Koha can run stand-alone, without phoning home or license management authorisations, and its internals can be reviewed. I used to try ranting against them, but really, the number of browser exploits that didn't work if javascript was disabled makes it a tough call. And on phones, it often becomes a whole-system exploit, like in http://www.phonedog.com/2010/11/29/android-browser-falls-victim-to-javascript-based-exploit/ http://crackberry.com/rim-advises-disablng-javascript-your-blackberry-browser-after-exploit-discovered and others. https://www.symantec.com/security_response/writeup.jsp?docid=2008-011517-3725-99&tabid=2 says, "Users may also consider using tools that block JavaScript from sites not on a whitelist" and I feel that's the best approach now, if you can. NoScript.net for Firefox-based browsers, perhaps. Finally, a lot of bigger websites do actually have versions which don't require javascript, such as Twitter and Facebook - and they provide them despite the drawbacks of not being able to invade their users' privacy like they can with script. Actually, one small problem in asking people to switch to FOSS alternatives like StatusNet and Diaspora is that they don't have non-js versions yet. > That said, the diebold-o-tron is FLOSS > (http://code.google.com/p/conferencekeeper/source/checkout - > currently running from the 'diebold' branch), so patches welcome if > you have the inclination to submit a non-js dependent version. I've made a note of it and added it to our community TODO, but I've not used Ruby on Rails for years so I may be some time. How often are votes / when's the next likely vote? Regards, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/