Hacker Newsnew | comments | show | ask | jobs | submitlogin

Here's a very relevant blog post by Alex Limi of Mozilla: http://limi.net/checkboxes-that-kill/

Most sites these days that aren’t just displaying content will fail in interesting & mysterious ways if you don’t have JavaScript enabled. For the general population, Firefox will appear broken.

And yes, I know that some people have reasons (privacy, web development) to turn off JavaScript. There are many add-ons that can help with this — but it’s not something that we should ship to hundreds of millions of users.

(EDIT: this is the relevant quote, but worth reading the whole article)




I have to say that this article is actually quite terrible, as is the opinion that any option that might ever be confusing to a user is an option that shouldn't ship with the product. The thesis of the article is:

"Well, we have met the enemy, and he is us.* In the currently shipping version, Firefox ships with many options that will render the browser unusable to most people, right in the main settings ui."

The solutions offered? Kill it all with fire. I'm paraphrasing, of course.

Problem: People today change some feature then have a "broken" browser (basically, they forgot to turn it back to the default, or they didn't realize they changed it in the first place).

Solution: reset button, also notification to the user that "this page might not work correctly", some sort of an extension of how Chrome shows you that a popup and/or a cookie was blocked, based on your settings. Don't treat your users like idiots, just provide information that clears up certain odd states by explicitly informing them of something like:

"The webpage you are viewing may not work correctly because the following options differ from their default values:

1. Enable automatic loading of images. 2. Enable JavaScript.

These features of Firefox are essential for most webpages to run properly. If the webpage you are trying to access is behaving strangely or appears to be working incorrectly, <click here> to load the page with the default browser configuration."

Done, and done. No removing useful features from the browser, no treating users like morons, but now I have a new, useful, awesome, self-debugging feature which is user friendly, and doesn't require a pesky IT guru's assistance navigating the sea of 10 trillion options.

-----


This was true 10 years ago. These days, every additional setting the application has is a liability. There is a growing group of people, who are scared to have conversation with their browser and make any informed decisions. They ignore such messages. Other people will change any setting they can find and then forget about it. Then they will be surprised and angry at the application that it is not working.

My experience shows that the more options an application has, the lazier the author was. What do you do as a software developer when there are two ways how to solve a problem? Ask the user which way to use? That is the wrong approach these days. The computer should not ask the user stupid questions. "Do you want to enable JavaScript?" is a stupid question for more than 98% of browser users. Instead of asking questions, software developers should invest the work to come with answers and "read the user's mind". Successful apps can do just that.

-----


"Do you want to disable JavaScript?" is a stupid question, as you say. "Do you want your browser to tell Google, Facebook, Twitter, Omniture, DoubleClick, and six other companies you have never heard of, that you visited this site?" is not a dumb question. Given that option, 98% of users would say "hell no."

You are absolutely right that configurability is a sign of laziness, the opposite of hard work. But removing configurability is _not_ the sign of hard work. Hard work means addressing the interests of all parties, and Mozilla did not do that.

Why do those 2% of users disable JavaScript? It's in reaction to how JavaScript is used: it enables popups, enables distracting advertisements, lets all sorts of companies track me, makes sites load more slowly, etc. For this 2%, these uses are so odious as to outweigh the beneficial uses of JavaScript. So the hard work would be finding a way to distinguish between the user-friendly and user-hostile uses of JavaScript, and just disable the user-hostile ones, so that the interests of both classes of users would be satisfied.

This would not be new: Firefox's popup blocker is enabled by default, which demonstrates that JavaScript is already disabled for a particular use case, because it proved to be annoying to users. Why not take that a step further? If Mozilla wants to force JavaScript on, they should also address the reasons why that 2% of users go out of their way to disable it today. If those 2% say "I used to disable JavaScript, but now I don't have to" then Mozilla will have done their job.

-----


"Do you want to disable JavaScript?" is a stupid question, as you say. "Do you want your browser to tell Google, Facebook, Twitter, Omniture, DoubleClick, and six other companies you have never heard of, that you visited this site?" is not a dumb question. Given that option, 98% of users would say "hell no."

Assuming you're correct (which I'm not convinced you are), when you then continue, "I have a checkbox that will make it so they don't track you, but it will also break those sites. Is that ok?" They will also respond "hello no".

Firefox's popup blocker is enabled by default, which demonstrates that JavaScript is already disabled for a particular use case, because it proved to be annoying to users. Why not take that a step further?

Right, because you can easily say that a non-user-triggered window.open() is almost always unwanted. I can't think of any other cases where it's so clear-cut and related to JS, or that disabling a particular facet of JS always would be a net win.

If you're going to claim that there's something like that, provide examples. How do you know people at Mozilla haven't already thought hard about this problem and decided there isn't much more they can do? I bet they have.

-----


> "Do you want to disable JavaScript?" is a stupid question, as you say. "Do you want your browser to tell Google, Facebook, Twitter, Omniture, DoubleClick, and six other companies you have never heard of, that you visited this site?" is not a dumb question. Given that option, 98% of users would say "hell no." -> This overstates the case, because you'd still presumably load the 1x1 tracking png with ?resid=<X>&uid=<Y>.

> "I have a checkbox that will make it so they don't track you, but it will also break those sites. Is that ok?" They will also respond "hello no".

This overstates the case most of the time because doing this generally breaks relatively little for those domains listed, and to the extent it doesn't, making that decision on a domain-by-domain basis seems to work pretty well (ask any Noscript user)

-----


Sending browsing statistics to something like Google is already happening regardless of if you have Javascript enabled. When you are on Google search and you click on a link it's tracked that you went to that link.

But besides that and besides that your usage statistics are being logged on the server itself regardless of what you do. Expecting Mozilla or any company to figure out how to block a javascript put request sent to Facebook, but not other put requests which are there by design of the site will only result in Facebook finding a workaround.

It's unfortunate that some people use Javascript in ways that slow down their site. For example with horrendous 'sharing' widgets. You can use plugins to disable those items from loading but it wouldn't be Mozilla's place to decide that on everyone's behalf.

These days Javascript is as much a part of websites as the HTML itself.

-----


> When you are on Google search and you click on a link it's tracked that you went to that link.

Google also tracks the links I click when I am on CNN, ABC News, Fox News, MSN, LinkedIn, and the majority of sites I visit (with the important exceptions of Wikipedia and BBC News - thanks guys!). Advertisers track me when I am not even on their properties! That is what is objectionable, and what is defeated by disabling JavaScript.

> Expecting Mozilla or any company to figure out how to block a javascript put request sent to Facebook, but not other put requests which are there by design of the site will only result in Facebook finding a workaround.

Perhaps, but Mozilla should do it anyways.

Remember the ruckus over IE 10 enabling Do Not Track by default? Advertisers and ad brokers were “very concerned”[1] by even the whiff of a browser maker acting in the interest of users over advertisers. Do Not Track is only tolerable if it is off by default, wholly unenforceable, and just as buried as the “Enable JavaScript” option.

Make no mistake: advertisers believe that they have a right to know what links you click and sites you visit across the whole web, and even a right to enlist your browser to aid in informing them. And Mozilla is complicit!

(And why not? Recall who pays Mozilla’s bills.)

> These days Javascript is as much a part of websites as the HTML itself.

Yes, which means that those few who disable JavaScript pay a significant price for that decision. Nobody disables JavaScript because they hate the language. They do it to escape user-hostile JavaScript programs.

[1] http://www.businesswire.com/news/home/20120531006914/en/Digi...

-----


Disabling Javascript for privacy reasons is like blowing off your leg to prevent tennis elbow: it's overkill, and it's rather ineffective at best.

-----


It's ineffective in the sense that it doesn't stop all of the evil. It IS effective in the sense that running no javascript really limits the amount of information people can learn about your system. Like, why should a website be able to learn about the size of my screen, the complete enumeration of all of my plugins and fonts, etc?

As far as blowing off your leg, sometimes you just really hate tennis elbow, you know?

-----


Is that sarcasm? You should know, that doesn't really work here unless explicitly noted as such. See Poe's law.

-----


If you arrived faster at a citation of Poe's Law than actually reading and considering the things I said, you are doing Internet wrong.

-----


I did read them, and I did consider them. After thinking up a reply as why you think basic client display capability querying mechanisms are inappropriate, I decided you were most likely being sarcastic.

On (multiple) repeated readings, I'm not really sure you were intending to make a point one way or the other. If I attribute the second sentence of It IS effective in the sense that running no javascript really limits the amount of information people can learn about your system. Like, why should a website be able to learn about the size of my screen, the complete enumeration of all of my plugins and fonts, etc? to your voice, then it seems you are. If that's to be taken as the user's voice as rationale as to why JS doesn't need to be enabled, then it's fairly neutral.

At this point, with your reply taken into consideration, I'm confused. Feel free to elaborate.

> If ... you are doing Internet wrong

Well, my first sentence was actually asking you, since I wasn't sure.

-----


Correct. I'm being completely serious, with the exception of the remark about exploding limbs (obviously).

Broad enumeration capabilities of this sort don't make sense. You don't need me to tell you why, because the moment you considered these features not existing, you immediately thought up alternatives that didn't involve running javascript, some of which require changes in the way people think about building web-pages, some of which may require changes in various specifications.

JS has more features than it deserves for learning about and (critically) sharing information about the host platform. Yes, you can still learn some things as a website operator by watching what browsers load/don't load, and what they put in their requests.

That does not mean that disabling javascript doesn't have value w/r to privacy concerns. Compare panopticlick.eff.org w/, w/o javascript enabled.

Edit: I should hasten to add that there are other concerns beyond privacy, like accessibility and the fact that a web page has no bloody business deciding that I'm likely running an iPad and therefor I shouldn't have access to X or Y. This is dumb, and contrary to the idea of the open internet. It's the same thing that's wrong with this EME nonsense.

-----


Ah, I took your position as being able to determine screen size (or have it determined automatically through CSS or some other hands-off mechanism) itself was also unneeded, not just that JS should not have this capability.

I can get behind most of what you say - as long as we are talking about simple, presentation based websites.

Where I think there's a breakdown in this view is when you consider complex web applications, including games. At that point, I believe some level of inspection capabilities are required, if we desire to have complex web apps delivered through the internet. I'm by no means sold that on-demand web delivered code is necessarily a good thing though. There's far too large a surface area to adequately secure while still making it useful, IMHO.

-----


Ghostery is a much better option for blocking trackers without breaking websites. If you're really paranoid, RequestPolicy lets you specify a whitelist of OK domains, and disable everything else. Both of those still allow javascript and do a 8better* job protecting your privacy, from tracking pixels etc.

-----


"These days, every additional setting the application has is a liability."

If we follow this thinking too far, we end up with a closed console like device, or Gnome 4 as parodied last April [1].

Surely there is a case for progressive revealing/enabling of advanced functions?

In the UK, the Blackberry phones are very popular with teenagers because of BBM. This desire to access BBM even extends to students carrying two phones, one an old blackberry handset on wifi and the other an iPhone or whatever. You will find small groups in corners at lunchtime exploring the features of the handsets. Experts will coach those who know less. If I could get that level of peer tutoring going in Maths, I'd have my OBE in the bag quite soon! Users can increase their knowledge provided the unfolding of extra features is managed.

[1] http://distrowatch.com/weekly.php?issue=20120402

-----


I don't think Gnome is a relevant example. They don't support adding functionality back that they've taken out, whereas Firefox users are encouraged to add all the functions they want via extensions.

The downside of progressive functions in the base install is that the core Firefox team would have to support all the functions.

-----


Removing options is NOT the way to go. If anything, there should be more options, until computers understand natural language.

To be most intuitive to use, computers should converse like a human. Humans have LOTS of options, and everyone understands that. E.g. if I ask a human to make a sandwich, I can specify all the ingredients I want, how and when I want it, and so on.

The ideal computer, too, would adjust its software to my preference. E.g. if I can, using natural language, explain the computer that I want JavaScript disabled, it can figure out what that means and what in the source code or flags of Firefox it has to change for me to have that disabled. Or if I tell it I want a big refresh button in the center of the screen, it can improvise and render one for me.

Far future of course, but that is the most intuitive end goal of computers: you ask them what you want in natural language, they understand and provide it.

For now, because the above does not yet work, please provide options. Fortunately Firefox provides many options for those who need them: about:config. I find it really awesome if you can adjust an application to your needs at such fine grained level.

-----


I think your sandwich analogy is spot on in the sense that I can also just ask a human "please make me a sandwich" without specifying anything, and (most) humans could proceed to do so without more details. There should be more options, and a good "default" mode for people who don't want to fiddle with them. To my knowledge this is why most wizards have basic configuration options and a "advanced" button to click for the detailed configuration, and I don't see why Firefox can't just have the same thing.

-----


The wizards can use about:config or download the addons that do this already.

Adding more in the way you prescribe isn't just adding more, but officially supporting more at the code level and user level.

-----


<i> can also just ask a human "please make me a sandwich" without specifying anything, and (most) humans could proceed to do so without more details</i>

Depends who you ask. My mate and a few close friends would know to make me a sandwich without bread, but hardly anyone else would get that right.

-----


I would give you a plate with ham, cheese, salad, egg, tomato and mayonnaise. Does that sound about right?

-----


> There is a growing group of people, who are scared to have conversation with their browser and make any informed decisions.

Why would scared people even open the settings dialog?

-----


Because some help desk told them to. The other day chase manhattan was down with a full on 500 server fucked up. Their twitter account responded to me telling me to clear my cache and delete my cookies. Classic.

A naive user would then open settings in an emotional and annoyed state and would turn off anything that caused an emotional response of fear. JavaScript, Ive heard of that and I don't like it so kill it stupid thing computers are so frustrating they never work. Click

And now your browser is broken.

-----


Sorry to be blunt, but it's clear you have never had to design or support a user-facing product. Anyone who has done either of these things will disagree with your base assumptions, ie. that users care about understanding their software, that they read warning texts, and that they don't mindlessly flip switches when trying to achieve unrelated goals.

-----


Those are terrible solutions, though. If a user has turned off JavaScript, there are basically two possibilities: if they turned it off accidentally, your solution will (in the best case scenario, where they understand the popup and realise they should click the reset button) temporarily break their browser and then fix it again; better then breaking it permanently, but not as good as not breaking it in the first place. On the other hand, if they turned JavaScript off intentionally, your solution will continually bother them asking them whether they want to turn JavaScript back on again. So your proposed solution actually works for no users at all.

-----


Why not just put it in the about:config page for FF? Casual users are unlikely to accidentially access this page as there is no GUI navigation to it.

Though most casual users I know avoid GUI configuration all the same, so I don't really see the issue here.

-----


It is, but the bug report in the OP is raging against it being there.

-----


UI discussion aside, changing the option on upgrade seems a little... impolite, to say the least.

-----


That's the point that seems to be missed in the discussion: sure, let Mozilla shuffle options where they want, hopefully with some thought; but don't change the user's configuration. If you feel that it's absolutely necessary to do so, then pop up a big banner saying "We want to change your settings. May we?" To do otherwise is bordering-on-crapware-tactics rude.

-----


> Don't treat your users like idiots, just provide information that clears up certain odd states by explicitly informing them of something like

you assume that users actually read dialogs presented by the software. This is unfortunately not a correct assumption.

-----


> Problem: People today change some feature then have a "broken" browser They forgot what is changed, how to return back, no reset is not a solution. Solution: Educate users, provide "Undo" and "Redo" buttons, highlight changed controls

-----


I am not planning on implementing that, but let's pretend I want to. When would that dialog come up?

Attempt #1: show that dialog as soon as a page tries to load some JavaScript. Result (I'm guessing): dialog shows up on 99.9% of all web pages one visits (even for the nerdiest of nerds)

Attempt #2: silently download the JavaScript to figure out whether it is 'benign' or 'evil'. Result: users complain that they pay for downloading stuff they do not want.

Attempt #3: make that dialog less intrusive; do not require acknowledgment. Result: users get trained to overlook it; users who accidentally enable the mode will never figure out what happened to their browser.

Attempt #4: a whitelist of allowed scripts. Problem: users will disagree about what should make it into the whitelist.

Attempt #5: the JSBlock extension. This may have merit. So, if you want this feature, download it, or write it if it doesn't exist yet. If the API does not allow writing it, bicker Mozilla.

-----


Understand that no dialog is necessary for such an idea to be implemented at all.

Observe:

  <noscript>
    The webpage you are viewing may 
    not work correctly because the following 
    options differ from their default values:

    1. Enable automatic loading of images. 
    2. Enable JavaScript.

    These features of Firefox are essential 
    for most webpages to run properly. If the 
    webpage you are trying to access is behaving 
    strangely or appears to be working incorrectly, 
    <a href="">click here</a> to load the page 
    with the default browser configuration.
  </noscript>

-----


1. who would insert that fragment in a page (and where, but let's ignore that)? I don't think you can expect sites to do it to make their site work with users who have JavaScript disabled (target audience is too small), so the browser must do it. How is the browser going to figure out whether to insert it?

Also: how is that not a dialog? It presents a message to the user, and waits for a reply.

I still think 'no JavaScript' is a niche feature that is best delegated to an extension that sports a whitelist or a blacklist of scripts to allow/forbid. A variation on Adblock would work fine (maybe, Adblock already can be used to blacklist JavaScript. If so, it is a matter of tweaking its UI)

-----


> Don't treat your users like idiots That is exactly what Mozilla is doing , pushing down Javascript on everybody's throat. And marketing teams and advertisers are loving it. So much for their "dont track" stunt.

-----


Is there any empirical evidence that suggests that people accidentally disabling JavaScript and then being confused as to why websites don't look right is a significant problem?

The author of that article says: "Is it really worth having a preference panel that benefits fewer than 2% of users overall? — obvious spoiler alert: The answer is no."

The answer is yes. If 2% of users have a purpose for it, perhaps it wouldn't have been high up on the priority list to implement as a new feature, but it's already there, and removing it requires extra work. Is it really worth removing features from an application to deal with some hypothetical problem that's been posited under the assumption that most users are idiots?

If there really is a problem, it may be worthwhile to move it to an "advanced settings" panel, but removing it entirely is a terrible idea.

It's worth noting that Chrome - a browser that's far less configurable and customizable than Firefox, overall - not only offers the ability to disable JavaScript globally, but has it as an option in the domain-specific permissions menu.

-----


I don't know of any empirical evidence, but the story normally goes: There is a new Java exploit, and recommendations to remove/disable Java hit the wild. Then while people try to find out how to disable "Java" Find "Disable Javascript" and assume it's related. Perhaps this would be solved by renaming it "Disable Ecmascript" however.

I really have no idea how common this is, but have seen it once, from a user that's technically savy enough to be diging in options and worried about security, but not savy enough to know the difference between Java and Javascript.

-----


Well, an extra phrase might be added in the menu where 'Disable Javascript' appears - '(Note: Javascript is not same as Java)'. If users don't know the difference between Diesel and Gasoline, better option is to educate them in context (e.g. handle of fuel pump) rather than closing down all Diesel pumps.

-----


If people don't know the difference between diesel and gasoline, is a note that says "Note: Diesel is not the same as Gasoline" going to help? Doubt it.

The assertion is that 'configuration creep' is overwhelming for the unsophisticated user in the first place, adding even more notes and explanations to all the configuration options is not going to help.

-----


I doubt anyone makes the diesel-gasoline mistake more than once. Browsing to a broken or insecure site (never mind that the brokenness or insecurity is due to javascript being off and on respectively), however, is done all the time.

-----


>If people don't know the difference between diesel and gasoline, is a note that says "Note: Diesel is not the same as Gasoline" going to help? Doubt it.

Really? I would think that sign would help everyone who knew how to read, bothered to read, and wanted their car to run. A sign with a simple message like that was enough to fix one national timeclock system that I worked on. "Do not do X before 12:00 Noon unless Y." in English, Spanish, and Polish.

For the people who still messed it up that we found by using heuristics on all of the punch data, we sent reports to their managers that said that they had probably done something wrong. After 3 or 4 cycles of this, the failure rate went from 15-20% to 1-2%.

Unsophisticated users remain unsophisticated users if you systematically remove configuration until the application only does one thing one way, badly.

-----


If they don't know the difference between diesel and gasoline, how do they know if the one they want is "diesel" or "gasoline"?

But, yes, clearly, the goal is removing configuration until the app does one thing well, not badly.

-----


Only if you want 9000 apps, because then it becomes a question of which of those super narrowly focused apps will work to do what you want to do. An email client that only emails your mother is a good emailing your mother client, but a bad email client. If they take away configuration for people with stepmothers or two mothers, because it's only a 5% use case, it's even a bad emailing your mother client.

If you know your car runs on gasoline, and you don't know the difference between gasoline and diesel, then you see a sign that says "diesel is not gasoline," you know that diesel is not what you're looking for - even though you still don't know the difference.

-----


It's a shame that they didn't push "ecmascript" as the name ~15 years ago back when it was new. Now we're stuck with problems like this...

-----


It wasn't an accident—they wanted to appear similar to Java (https://en.wikipedia.org/wiki/JavaScript#Birth_at_Netscape):

> The final choice of name caused confusion, giving the impression that the language was a spin-off of the Java programming language, and the choice has been characterized by many as a marketing ploy by Netscape to give JavaScript the cachet of what was then the hot new web programming language.

-----


Or make the option to disable Java accessible from there.

-----


You want to add an option to disable a particular browser plugin in the core browser options? That doesn't seem like a good idea.

-----


> If there really is a problem, it may be worthwhile to move it to an "advanced settings" panel, but removing it entirely is a terrible idea.

Is this not the equivalent of 'about:config'? In reality it is the advanced settings panel, just without the pretty dialog to go with it.

-----


But about:config voids my warranty.

-----


Then ask for a refund.

-----


Is there any empirical evidence that the use of AdBlock + Ghostery or WOT or whatever privacy addons you're already using are any less secure than disabling JavaScript outright?

Disabling JavaScript has a few MAJOR disadvantages to proper web usage:

1. As the blog post has said, many web sites will fail in mysterious and unexpected ways. Some web apps may be rendered completely useless. In fact, you might as well just say goodbye to the modern web if you're gonna totally disable JS.

2. Since it's a "blanket fix", disabling JavaScript is a silly way to protect yourself from data miners. Instead, why not use an extension that has been proven to work, is actually available cross-browser, and gives you MUCH finer-grained control over what is displayed?

3. Since JavaScript is not the only thing that could potentially fuck up your web experience, disabling JavaScript doesn't even fix every problem related to privacy! You'd really have to disable JS, disable all plugins (Flash, Silverlight, Java, etc.), and pretty much block yourself out from a lot of the modern web just to be truly secure. At that point, you're really isolating yourself from a lot of the web's rich media, and doing so in spite of the plethora of tools available to combat the stealth data mining practices that these companies use.

Use AdBlock. Use Web Of Trust (WOT). Use Ghostery. At least know when sites are tracking you, and disable those tracking bugs when you see them. You don't need to turn off JavaScript and isolate yourself from an entire ecosystem of awesome, just to maintain control over what data you're sending out about yourself. The idea of turning off JavaScript has always been a silly concept to me, and I felt was simply there to please the more paranoid of us. But there has to be a time to face reality: It just doesn't work.

-----


Ghostery has recently been found to be selling user data. ISTR there was a similar incident with AdBlock? I don't want to have to trust some random extension author to have got these things right.

-----


I hadn't heard about Ghostery selling data. I read about the story at Mashable [1].

[1] http://mashable.com/2013/06/17/ad-blocker-helps-ad-industry/

-----


AdBlock Plus started allowing some advertising they deemed "non-intrusive". This was a default setting and easily toggled in the settings, but there was still a big backlash.

-----


I run with Javascript off, via no-script. Most of the stuff that requires Javascript is tracking based and/or from third party domains.

tbh a global Javascript toggle is a bit useless. You really need the fine grain per-domain settings of No-script to navigate the modern web.

-----


"Advanced settings" dialogs tend to indicate poorly-thought-out interface design.

Rather than demonstrating careful attention to what features are useful and important enough to ship, they become dumping grounds for "something someone asked for once".

-----


So well thought out interface design is ignoring subsets of users and unifying everyone to one common set of behavior.

Imagine if Excel employed this philosophy. It wouldn't be useful to anyone.

-----


That depends how large the subset is. If it's 2% or lower, then yes. Hell, I might even go as high as 10% depending on what the particular bit of behaviour is.

-----


Do you think 2% of Excel users (or 10%) use Pivot tables? Do you think Excel would be the massively powerful tool it is today without that?

Same for scatter plot, import csv files delimited with % marks, and the ipmt() function?

-----


A fair point but misleading - they're not a simple checkbox which can break your everyday experience. In fact, none of them are UI relevant at all, really.

-----


I wasn't aware I could set a field to SUM(..) etc from the gui... Most of the features in Excel are a bit under the covers.. and far more so than about:config... maybe the "advanced settings" tab should be a button that just takes you to about:config with a warning?

-----


Err... I just opened up Excel (2002 since that is all I have at work), selected a cell, clicked on the SUM button (sure it uses the mathematical symbol for sum but if you hover over it, it says SUM), and then was able to click and drag (or CRTL + click for nonconsecutive cells) to select cells for the sum. This is all via the GUI. I'm not sure how this is hidden. Heck, I did this in a Japanese version of Office which I can't read.

Is this different in Office 2010 or any of the newer versions of Office? I mostly use LibreOffice and even there it has the same "all GUI" functionality.

-----


Honestly, didn't know, I rarely use excel, but do know a lot of people who do a ton of VBA code to connect to database resources to create interactive spreadsheets.. and a lot of that is far from common, button-click functionality.

And in any case, for those that want it, it's in about:config ... I doubt anyone who should be disabling JS would be looking around for it in a config frame, and not do a quick google search. I've generally adjusted most of my settings via about:config, mostly cache related for me, but if I'm playing with js settings etc.. it's easier to keep a tab open with about:config than a modal.

-----


While you may know a lot of people who do VBA code in Excel, that is actually far from the norm for the average corporate user. From my non-CS friends who have worked in both large and small companies, I have heard tons of horror stories of the insane spreadsheets that low-to-average users make using just the GUI functionality. Huge spreadsheets with formulas spanning tons of sheets to simulate what could be done in a simple function. These spreadsheets get huge over time as coworkers slowly add/update functionality over time. All using the GUI which makes it a cluster fuck (my friends' words) to understand.

And all of this actually is equivalent to the "uncommon" VBA coding that you hear of. I wouldn't be surprised if all of the VBA code / spreadsheets you hear about evolved from one of these massive GUI created spreadsheets. Why? Anecdote time:

Those VBA sheets tend to come into existence when a non-programmer decides to learn about macros, updates one of these sheets to be simpler (less data entry), and it actually works. One of my friends was one such employee and she ended up converting a few of the inefficient spreadsheets into a single faster (though still slow) one. Due to cutting down the amount of manual data entry and processing time, it made what used to take a few days of work into a single day of work (mostly to have the sheet run calculations). If this creation gets useful enough, it can take a life of its own in the company and eventually some manager might make it the responsibility of an "IT" guy to update the code. Usually because the original employee got promoted (or left for a better job) due to killing their performance reviews. My friend was one such employee who left and actually did this at more than 1 company leading to a pretty damn well paying job at a young age. Last she heard, her original spreadsheet was still being used and semi-maintained by IT. And this it how I believe a lot of those VBA coding projects come into existence.

How this all connects back to FF and the javascript option, I have no idea. What I do know is that non-technical users can be pretty goddamn creative when it comes to finding ways to simulate uncommon functionality when needed. All via the GUI.

-----


My dad takes great pride in complex VBA code. Unfortunately, this can backfire. A few years ago he was brought in to help manage a particular support system for a large telecoms company here in the UK, which involved a lot of Excel donkey work. He understandably figured out a way to automate about 50% of the work of the entire system.

This meant that he freed up plenty of time for the entire team he was on. Unfortunately, this meant that they now had surplus staff, and as the newest arrival, he was the first to let go.

Yeah, incredibly backwards internal politics, but I swear it's true.

-----


100% believe you because this was one of the concerns my friend had about sharing her work. Only management didn't go the firing route. They ended up giving the employees even more work because of their newly found free time.

-----


I've been one of those VBA/Excel automators, and almost every project you get done causes layoffs. They're crappy jobs, usually, but it doesn't feel very good. Vive la productivity gains?

-----


What makes you say "Advanced settings" dialogs mean poorly thought out UI? I think it's a very good way to tell novice users, "don't open this panel if you don't know what you are doing". And if they still do it and something wrong happens, they'd immediately know the reason.

-----


User has trouble with software. User says that software is "too hard to use". A usability/interaction team are tasked with making the software "easier to use" and set off to find "confusing and infrequently used" features they can kill off.

Obviously anything on the 'Advanced...' dialog makes an easy target.

-----


Humm .... I don't believe that just the presence of an "Advanced" button somewhere in the settings makes a software hard to use. May be FF usability experts do. :)

-----


There's very few applications I'd consider useful to me if stripped of the options that "most users" would never want to touch.

-----


I'm pretty sure that Disable Javascript is not something asked ONCE.

-----


At the moment of this writing, the NoScript extension is the 6th most popular extension.

https://addons.mozilla.org/en-US/firefox/extensions/?sort=us...

-----


> they become dumping grounds for "something someone asked for once".

Right. That's what they should be.

Software exists to provide utility for users, not to instantiate designers' aesthetic visions.

-----


"If there really is a problem, it may be worthwhile to move it to an "advanced settings" panel, but removing it entirely is a terrible idea."

I'd like to see the evidence as well. Perhaps there are dozens of bug reports coming in every week that can be traced back to disabled javascript.

They did leave it as an option in about:config though so at least it can still be disabled via javascript.enabled=false

-----


Implementation isn't the only cost of features. You need to test them so they don't break. Features can be a burden for the codebase and removal can lead to many edge cases becoming unnecessary. A magnitude of features can overwhelm users, especially occasional users. They steal attention from other features that you may find more important.

And the most important point here: This feature really is broken as of today. Nobody can persuade me that they use it on their main browsers. I don't believe them.

-----


There are some web sites that use a Javascript to prevent one from right clicking on images to save them; disabling Javascript is a workaround for that. I wouldn't be surprised if that is in common use.

-----


But you don't need to disable JS altogether to prevent that, only disable replacing context menus. Unfortunately for that argument, updating to FF23 removes all of the 'advanced' JS options, not just the checkbox to disable it altogether.

-----


But then deactivating javascript for the whole browser isn't the right solution, because it breaks everything. You simply use NoScript.

-----


Certain shopping sites disable right-click to prevent you from comparing prices.

Certain lyrics sites disable right-click to prevent "theft".

Certain sites disable right-click for aesthetics or to prevent me from seeing the page source.

This news just makes me glad I'm on chrome.

-----


The option has not been removed entirely, it is in the advanced settings, which are called about:config.

-----


> Is there any empirical evidence that suggests that people accidentally disabling JavaScript and then being confused as to why websites don't look right is a significant problem?

Of course not. Mozilla's agenda is determined by its main sponsor, Google, which has a vital interest for JS to be enabled. Any spin on this being somehow "for the user" is bullshit.

-----


Apparently, the agenda of Google's own browser team isn't determined by Google, since they haven't removed this option.

-----


Try disabling cookies. This exactly describes the effect, except that it's not mysterious once you're used to it. If something doesn't work, I open it in Chrome (where I have cookies enabled), and it works.

In many cases, I suppose the developer doesn't know about the cookie dependency (because of a framework or some other dependency). In other cases, I guess they don't care. Rarely does the page actually tell you that cookies are required.

-----


Frankly, I don't notify users in any way of a dependency on cookies or JavaScript. If you go disabling features fundamental to the functionality of the web, I expect that you know what you're doing and don't, in fact, expect most of the web to work. The web apps I build simply aren't going to function if you disable JavaScript or cookies.

-----


That is a terribly user-unfriendly design decision because it does not distinguish between failure modes. Maybe your site is broken because I am running noscript or maybe it broken because it is mis-configured or recently hacked or my ISP's proxy is black-holing things or a dozen other things that could go wrong.

The point is that it is relatively trivial for the developer to add automated checks for per-requisites and display warnings for the ones that are missing. It is a lot harder for each user to manually run down through the list of all the things that could go wrong.

If they are missing, tell me your site needs javascript or cookies to operate and I might enable them for your site and give it another shot. But if I just get a catastrophic failure without explanation then I'll probably hit "back" and pick another similar site out of the google search results that brought me there.

Just don't make the warnings into roadblocks. Inform the user and let them decide to proceed or not.

-----


[body] [noscript]This site requires cookies and javascript to function properly[/noscript] ... [/body]

Problem solved.

-----


Not for cookies it ain't.

-----


You do your test for cookies in JS, and display the message about cookies alone if that test fails.

-----


Thanks to recent legislation in Poland webpages should inform user if they are using cookies. Result? Web littered with annoying popups that everybody closes without reading.

-----


This is an EU wide data protection law, though each country implements it slightly differently

-----


I think that's the case for all websites with a presence in or targeting eu countries.

-----


Yes, that is correct. It is an EU law. It is an absolutely horrible, ill thought out law, but it is a law, so we all have to comply :-(

-----


Actually, it's possible to implement in it an unobtrusive way that makes users feel more comfortable. The huge popups usually comes from the same websites that do popover ads (that commonly end up invisible and blocking scrolling with adblock) and auto-play videos.

Most of the time it's a small bar on the top or bottom of the screen. Stop whining.

-----


Dumb lawers litter my web. Whining is the only thing I can do. Besides, even small bar often becomes huge bar on mobile.

-----


Again, blame the web designers who don't even do enough diligence how others do the same. And demands of proper, obvious labeling is one of the better tools to stop companies from putting useless crap everywhere.

-----


I don't see this. Web is filled with advertising, new laptops are filled with crapware. Labeling didn't do nothing to stop these things. What we get from lawers on the web are idiotic terms and conditions, "I agree" buttons under the wall of text, copyright craziness with idiotic cease and desist, persecution of people publishing secrets or just snooping around. I think if lawyers kept there noses out of the web it would be much safer place.

-----


I agree with you about the design issue. I've had to create one myself (http://tenjin.ie) -- although I think the laws in Ireland are slightly different than elsewhere in the EU.

Regardless of the laws, though, when a site fails to function, it should tell you when cookies are the reason. It's not hard to do.

-----


Ah, is that why I've been seeing more and more of those notices lately?

-----


The other thing Alex posted is firefox really gives you no indication of why the internet looks weird and is breaking left and right. So you can disable js or images or ssl and unless you're lucky enough to know a programmer or IT person really have no guide to undoing whatever happened.

-----


If "the internet" is suddenly breaking left and right after you've disabled certain features wouldn't you try re-enabling the features?

-----


You give people way too much credit. Keep in mind most people still blatantly deny changing anything when something goes wrong for whatever reason. "I didn't even do anything, it just broke."

-----


I remember a user flat out lying about what an error box said over the phone. I asked her to read it out, she gave be what was in her head, not on the screen. I asked her to read it word-by-word, she did the same. I asked her to read it out letter-by-letter ("I've never seen that error there before, I want to get it exactly right so I can ask the programmers...") and then she actually looked at what it said.

-----


Oh the dread that phone support brings back to me... The number of "tricks" we had to use to get users to tell us what they actually saw, and do what we actually told them, rather then what they thought they were looking at or thought they should do...

Anyone interested in psychology should do phone support for a few weeks...

-----


Can you share any specific incidents? This seems like it would make a very popular HN story.

-----


On the flip side, I remember playing "Windows XP: The Roleplaying Game" with AT&T support, when they wouldn't give some very simple network config information without me checking a bunch of things on Windows with IE first.

-----


I still don't understand why people do this. They get so frustrated (or defensive or something else) that they refuse to tell you what is on the screen and/or make something up.

My guess is that they dismiss error boxes too quickly, or work ahead of you and are afraid that you'll figure it out if they tell you what their error box actually says, and they'll get an F on the test and will have to go to summer school.

-----


That's a defence mechanism against support people that aren't there to help, but just to make them give up before they are allowed to talk with someone that can actualy help.

The problem is that once trained, people start doing it instinctively, even with the people that can actualy help.

-----


I am pretty sure putting "disable js" option into advanced tab would be enough.

There are plenty options that can bug your browser or leave you unable to surf, why remove this particular one?

-----


From what I understand, the ultimate goal is to remove them all (i.e. exile them to about:config, add-ons and the like).

-----


You're presuming people know what they're doing. If someone clicks a bunch of boxes and things break, they might not know what boxes they checked/unchecked, they might not know how to get back to that window again (which menu item was it again? ).

If you think users aren't that stupid, you're wrong, they are that stupid. If you think people should not use the Internet if they don't understand that much, then you're suggesting kicking a large chunk of the population off the Internet. If you work in IT, kicking a lot of people off the Internet is a surefire way to reduce your industry's size.

-----


Not if you disabled it while fiddling with a bunch of firefox options late at night, and then didn't notice anything broken until the next morning.

Not if someone borrowing your computer for 5 minutes disables it.

-----


Surely the best solution to "Firefox isn't very helpful about indicating when you've made a possibly breaking change" is "Firefox should indicate when you've done so", not "Firefox shouldn't let you"?

-----


replying to myself: one more way apple simply makes better software: safari offers a simple reset option that seems to reset all browser settings. Now, this doesn't help in the case of a user not understanding what went wrong, but I can tell someone over the phone "click on safari -> reset safari" far more easily than walking someone through deleting a firefox profile while saving bookmarks or reinstalling firefox and creating a new profile. I don't like safari as a browser, but it's to apple's credit that they offer this simple option so I tell my mother / mother-in-law to just click reset if the internet is weird.

-----


A novice was trying to fix a broken Lisp machine by turning the power off and on. Knight, seeing what the student was doing spoke sternly – “You can not fix a machine by just power-cycling it with no understanding of what is going wrong.”

Knight turned the machine off and on.

The machine worked. [http://planetvermont.com/v9n2/machine.html]

-----


In firefox, go to "about:support", "reset firefox." Probably not exactly the same (and it's not exposed as easily) but it's there.

-----


'about:support' is also accessible via Help->Troubleshooting Information.

-----


thank you

-----


Internet Explorer also has these reset buttons

-----




Applications are open for YC Summer 2015

Guidelines | FAQ | Support | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: