

Microsoft on GitHub - tilt
http://microsoft.github.io/

======
sudhirj
The page is broken on HTTPS: it tries to load [http://angular-
ui.github.io/bootstrap/ui-bootstrap-tpls-0.2....](http://angular-
ui.github.io/bootstrap/ui-bootstrap-tpls-0.2.0.js) (does Github even allow
hotlinking these days?) and Chrome doesn't let it.

~~~
junto
They should be using protocol-less URLs and then this wouldn't happen:

[http://benpowell.org/https-and-http-the-protocol-less-or-
pro...](http://benpowell.org/https-and-http-the-protocol-less-or-protocol-
relative-urls/)

------
asolove
This is really awesome to see. One unimportant nitpick: a lot of your recent
Microsoft websites specify only the "Segoe" font, which means they render in
Times for those of us on non- or old versions of Windows. Maybe load Open Sans
or use a websafe sans-serif for us?

~~~
jnem
Yesterday I would have said they don't care about other platforms and
compatibility issues. Today I'm not so sure. Anyway, looks like at least the
GitHub has alternative font values:

    
    
        wf_segoe-ui_normal,"Segoe UI",Segoe,"Segoe WP",Tahoma,Verdana,Arial,sans-serif

------
robinhoodexe
Looks sort of unfinished on my end.

[https://i.imgur.com/CFN8bsq.png](https://i.imgur.com/CFN8bsq.png)

~~~
andrewryno
You may need to tell your browser to load scripts over HTTP.

~~~
mentat
Which is a really bad idea.

~~~
ngcazz
I see you're still using Netscape Navigator Gold...

~~~
valarauca1
Not true.

Sending javascript over HTTP does technically allow for MitM attacks. Not to
mention we know how great even Chrome's loudly bragged about sandbox is (it
isn't is my point).

If you are loading the patch in https, all connections should be in https.

~~~
ngcazz
You're right and I missed the point!

------
nnx
It's more like a code dump for now (one "initial commit" commited by dotnet-
bot - [https://github.com/dotnet-bot](https://github.com/dotnet-bot))

I wonder if they're gonna let their employees push atomic commits to this
repository, or if it will be more like one big monolithic commit dump from
time to time.

------
nanoscopic
So "tile thought" is now applied to all things Microsoft? I personally prefer
lists with expandable details ( an accordion menu ) Also would like to point
out that the page is entirely useless without scripts enabled. I use NoScript
by default and the page does not degrade smoothly at all.

~~~
wldcordeiro
Does it degrade smoothly if you disable CSS? At this point Javascript is a
vital part of the web experience and it seems pointless to say that a site
doesn't degrade smoothly with it disabled.

~~~
nanoscopic
Depending on the number and variety of sites that you visit, enabling
javascript universally is hazardous. You can easily observe this to be true by
clicking 30-50 links randomly as fast as you can in your browser. You will
find that inevitably your system will become infected with malware in the
process of doing this, regardless of protection.

Generally for accessibility purposes websites should be designed so that basic
text and links appear and are functional with JS disabled, and even CSS
disabled. If the website is some sort of dynamic application with moving
widgets than I can understand that JS might be needed, but not for a basic
list of project Microsoft has put on Github.

Even if JS is used for templates, it is preferable to use semantic HTML that
can be enhanced rather than using a template for the entire page and show
"{tags}" all over the page when JS is disabled.

TLDR: A page with a basic list of projects shouldn't need JS. Web
applications: yes, basic lists: no.

~~~
adam12
> clicking 30-50 links randomly as fast as you can in your browser

This will not give you malware. It might temporarily bog down your system
though.

~~~
nanoscopic
This is not a naive statement by me caused by assumptions. I actually did
exactly this with a patched modern browser and good antivirus and my system
became infected in the process.

Mind you I indiscriminately clicked on known "bad" advertisements in the
process of doing this. Don't believe me? Try it for yourself. It is actually
very easy to get malware if you click around foolishly.

Also, I have written multiple web crawlers, and have collected a large variety
of JS based malware that can and does break modern browser security just in
the process of fetching domain homepages. ( JS code embedded directly in
index.html on domains )

~~~
MichaelGG
If you're correct, you've uncovered some 0days in the wild. Go figure out
which site, capture what happens, and turn it in to the respective browser
developers for a nice bug bounty.

Or, you know, maybe they aren't wasting a 0day on "obviously bad
advertisements".

~~~
nanoscopic
That's actually a really good idea. Thanks. :)

------
dutzi_
It's heartwarming to see that Microsoft is using AngularJS

------
whalesalad
They really need to start serving Segoe UI to non-Windows users.

------
talles
I wonder about the future of CodePlex...

~~~
airtonix
Codeplex needs to die... It was shit when it came into existence, it's still
shit now.

