back to article Pointless features add to browser bloat and insecurity

It might be time for the warlocks of the Web and brewers of JavaScript to revisit their ever-burgeoning developer wish-lists and sweep away the rubbish. Researchers from the University of Illinois have looked at how users and Website designers respond to the feature-list, and their study suggests there's a whole lot of kruft …

  1. jb99

    What we need

    What we need is a *simple* browser that does one thing, and that thing is render basic html. No scripting, no complex tag. it lets you read documents.

    1. IvoryT

      Re: What we need

      ... your comment doesn't exist.

      1. Jason Bloomberg Silver badge

        Re: What we need

        ... your comment doesn't exist

        Utter rubbish as anyone who allowed comments on their web site in the days well before these new fangled HTML features came along will testify.

    2. Anonymous Coward
      Anonymous Coward

      Re: What we need

      No scripting is a pretty horrible experience, unless you like that authentic 1990s static web page experience. The problem isn't scripting per se but the proliferation of "cool" but useless and vulnerable features, and (as has ever been, from blinking text and iframes onwards) their misuse.

      1. Roq D. Kasba

        Re: What we need

        Try Lynx, or maybe Mosaic if you want graphics.

        Alas, HTML is entirely the wrong starting point for making rich, interactive web sites, so layer upon layer of cludge (and here I mean CSS, JavaScript, and worst of all, ActiveX and Java) have been nailed on, each polluting what's left of the utopian vision of a simple markup language.

        1. Charles 9
          Facepalm

          Re: What we need

          "Alas, HTML is entirely the wrong starting point for making rich, interactive web sites,"

          So how do you propose where we begin with something that doesn't necessarily rely on a permanent connection (which in today's age will quickly chew up the port limit) and can accommodate different resolutions and all the other necessary bells and whistles?

        2. d3vy

          Re: What we need

          CSS exists to keep formatting and layout separate from HTML so actually helps to keep your markup simple.

          Activex and Java were a terrible idea though, I think we can all agree on that.

          1. Anonymous Coward
            Anonymous Coward

            Re: What we need

            I would say CSS makes things much more complicated, not simpler.

      2. m0rt

        Re: What we need

        "No scripting is a pretty horrible experience, unless you like that authentic 1990s static web page experience. "

        Interesting fact about HTML5 sites that I see these days. They take up so much more resource, so much more screen space than those 'authentic 1990s' sites. To give you a clue of how much more useless a lot of modern sites are, have a look at http://www.bbc.co.uk/news/business-36366302 and compare the layout to http://news.bbc.co.uk/1/hi/uk/3291503.stm

        The new one runs like a pig on a 2012 macbook. Don't get me started on the Guardian's site. The amount of power (actual capability as well as Watts) consumed to view less information is staggering compared to a while ago. And it isn't getting better. Sure, machines are, servers are getting a lot more efficient and 'green' but to do what in the most case? Ensure that the responsive website exists for the most case? Nuts. Pure nuts.

        1. Charlie Clark Silver badge

          Re: What we need

          Interesting fact about HTML5 sites that I see these days. They take up so much more resource, so much more screen space than those 'authentic 1990s' sites.

          Maybe, but this not down to HTML5 itself. Take the BBC website: first of all it runs a script to send you to "right" domain, so I get bbc.com shoved down my throat. Then, the news page at least spits out a mobile page pretty quickly but immediately fucks things up by adding to it (manipulation of the DOM is always a killer. The actual layout itself using media queries and Flexbox is a lot simpler which is why the browser can actually parse and start to paint faster than the old table-based layout (the newer page is 32 KB and is parsed in 600 ms, the older one 45 KB and takes a second to parse). Well, that would be the case if all the shit was removed. The BBC website would also load a lot faster without all the hooks for the irrelevant crap below the fold: BBC Magazine, BBC Trending (I do hope this is getting binned in the current review), etc. As for the images: the larger images in the content make sense on a modern machine.

          Commercial websites recently have let their agenda be driven by the advertising industry. They're realising too late that this is not what the users want (buy it's the advertisers who pay).

          So as usual, it's a bad workman who blames his tools.

          1. m0rt

            Re: What we need

            Thanks for the breakdown. That was interesting.

            HTML5 - sorry I was using that as a label, incorrectly, for modern responsive sites.

            Images - yes larger images on better resolution screens makes sense. Give you that. Though images tend to be uttlery meaningless in a lot of articles now, they are mainly there to show a more 'interesting header' when pasting the link into something else.

          2. Anonymous Coward
            Anonymous Coward

            Re: What we need

            DOM manipulation isn't inherently slow, if the delta is built in memory, then atomically swapped with the live sub-tree.

            But most sites use jQuery for maximum DOM grinding.

          3. Fatman
            Joke

            Re: What we need

            <quote>Commercial websites recently have let their agenda be driven by the advertising industry. </quote>

            NOPE, TRY THIS:

            <quote>Commercial websites have always allowed their agenda to be dictated by advertisers.</quote>

            FTFY!!!

        2. heyrick Silver badge

          Re: What we need

          "No scripting is a pretty horrible experience, unless you like that authentic 1990s static web page experience. "

          Most of my site is static HTML. Things that need to change often do so using php to modify what is sent. The basic level of HTML is akin to the old 3.2 specification.

          As a result it can be viewed on practically anything, even low resource machines. It doesn't take an eternity to load and doesn't whinge if your browser is two releases out of date.

          I dunno, some people think the content is important, others are seduced by flashy flashy blinky blinky...

          1. Hollerithevo

            Re: What we need

            Hey, Rick: with you there. I popped a few media queries into my (simple) stylesheet to make my website look nice on handhelds, and left it at that. The HTML was all percentages anyway, so it resized pretty well without the additions, but it didn't take long to make the mobile version look a bit better. I did it mostly because Google favours mobile-friendly websites and I wanted to maintain my ranking. I don't see my site as giving any worse an experience than those huge-hero-images-five-zillion-miles-of-scrolling sites the web agencies churn out (because WordPress sez so).

          2. Charles 9

            Re: What we need

            "I dunno, some people think the content is important, others are seduced by flashy flashy blinky blinky..."

            Sadly, the latter outnumbers the former significantly, to the point the ad men demand the content people draw them or they won't pay.

          3. David Nash

            Re: What we need

            Mine too...and Google had the cheek to send me an email telling me it wasn't mobile-friendly and until it was they might push it down the search results.

            1. Roq D. Kasba

              @ Charles 9

              What do I suggest as an alternative to HTML full of CSS and JavaScript? I don't. I was stating a historical point of fact - HTML was never intended to carry graphics-rich interface, canvas manipulation etc. It was meant to represent the content of the page with references, not be a fruit machine. The rot started early with tags for bold and italic to again simulate some emphasis on an abstracted recreation of a printed page. In fact, we call them webpages, hints at the heritage!

              With modern site design, the page content is often far from obvious when you download the actual HTML without all the client-side manipulation with CSS and scripts and AJAX stuff. The HTML seems to be piled upon as an inconvenient way to display some words. As the human readable element of it is so insignificant (pages send all the header bar, menu options, search boxes, etc., Some even send the body content out of sequence for later DOM manipulation) then why use HTML at all?

              Things like menu header and footer blocks that don't change significantly could be some kind of semicompiled thing, without being a part of every round trip, for instance. The HTML could still be used for very effective content markup which would degrade nicely without CSS, AJAX, etc

      3. Hairy Spod

        Re: What we need

        Yes, I do want that authentic 90's or at least turn of the century broadband experience back!

        There was a time when I used to have a PC with 16mb not 16GB of RAM and a 2mb connection not a 200mb connection and in usage terms it was a hell of a lot faster than what I use today.

        They were both used to read tech, car and sports news with banner adds. I see nothing extra in a modern website that improves upon that experience.

        I also remember when netbooks were usable. If anyone knows of an idiot proof distribution that just werks and does it well on a netbook please let me know

    3. Spudley

      Re: What we need

      > What we need is a *simple* browser that does one thing,

      > and that thing is render basic html. No scripting,

      > no complex tag. it lets you read documents.

      Here you go: http://www.dillo.org/

      Good luck getting it to do anything sensible with most modern sites though.

    4. John Sanders
      Thumb Up

      Re: What we need

      Can we have decent printing and modern bookmarks too please?

      No one seems interested in those these days.

      1. Anonymous Coward
        Anonymous Coward

        Re: What we need

        Yeah, I'm so with you on this one.

        The first thing I do is print out the entire website. Only then will I read through it to see if there's anything interesting there, and if so, I hole-punch and collate it in a binder for future reference.

        But they just don't make it easy for us, do they?

  2. Mark Simon

    Not all unused features are useless …

    The problem with some of the features is that they are new and not fully implemented in the other browsers. This is true of advances in JavaScript and HTML5 which should make development much easier.

    IE is, of course, the key offender, and as long as some developers are worried about Legacy™ support, they will have to forego the new features in favour of older ones with wider support. And it’s no good mentioning that newer versions of IE or Edge support the newer features if you’re after the widest audience.

    Another problem is that some popular libraries, such as, say, jQuery, may not take advantages of newer features, and their immense popularity with developers may reflect this.

    1. AndyS

      Re: Not all unused features are useless …

      That's true at one end of the spectrum, but isn't the problem the article is addressing. Note the talk of features which are actively blocked by users; many of those "features" have been around for many years. They aren't widely used because they either offer no real user benefit (I don't want an individual app adjusting screen brightness on any device. The idea of an individual website doing it is appalling), or because they are used as weapons against the user (pop ups, pop overs, pop unders - these have very few good uses).

    2. Sgt_Oddball

      Re: Not all unused features are useless …

      It's also a case of having wonderful features not consistently applied across browsers (case in point, you can directly edit html in a canvas now with a number of editing features available in the browser. Unless you want to resize the text. The it's either pick a number 1-7 that doesn't make a difference or use larger/smaller font command in Firefox and Firefox only...) for a while I thought we'd moves past this sort of crap with the death of ie8 but no, it turns out a number actually useful features don't work cross browser in a consistent and reliable manner because nobody can decide to implement standards in a standard fashion (still...).

      That said, I'm all for little used features that are of little or no relevance being canned though that might take a while...

  3. redpawn

    Swiss Army Knife

    I want the really big one with over a 100 tools and I don't care that its too big for my pocket or my hand. Give me more, More, MORE!

    More is always better.

    1. jason 7

      Re: Swiss Army Knife

      Nah...the Swiss Army Hiker is as much as most of us here would need.

      https://www.amazon.co.uk/Victorinox-1461300-Army-Knife-Hiker/dp/B0001P151M/ref=sr_1_1?ie=UTF8&qid=1464082227&sr=8-1&keywords=swiss+army+hiker

      Even then I don't use the saw or the 'odd thing with the hole in it'.

      1. Charles 9

        Re: Swiss Army Knife

        That "odd thing with the hole in it" is a punch: specifically a leather punch IIRC. The eye in it (and the groove) I believe is so it can double as a needle for mending or darning.

  4. Anonymous Coward
    Happy

    <blink>Hello world</blink>

    1. d3vy

      I see your blink and raise you

      <marquee><blink>SUCK IT</blink></marquee>

      1. Swarthy
        Unhappy

        @d3vy

        Sorry for the downvote - it was instinctive. Too much trauma caused by Geocities.

  5. Alister
    Coat

    Re the title image:

    "We're going to need a bigger bloat!"

    1. Steve Aubrey

      (I couldn't help myself)

      You mean Bloaty McBloatface??

  6. herman Silver badge

    Wut? No Blink tag?

  7. Charlie Clark Silver badge

    Dubious

    I'm dubious about some of the numbers here.

    SVG, for example, has a problem however you look at it: on one hand more than 15 per cent of the sites use it, on the other hand, nearly 87 per cent of blockers block it, but it's had 14 security warnings

    SVG is simply an XML dialect for images so can't really be vulnerable. Implementations can. But it is a very useful for the web: it can replace heaps of co-opted technologies such as Flash, sprites and icon fonts in a more accessible and bandwidth-friendly web. SVG and Canvas (both are used for things like interactive charts) are more likely to be targeted because of possible hardware acceleration.

    What does 87 % of blockers mean? I run a pretty tight ship and have blocked ads for years and have never seen SVG blocked.

    1. Anonymous Coward
      Anonymous Coward

      Re: Dubious

      Well apparently 2% blocked the DOM, now that's a really extreme approach to ad blocking!

    2. Anonymous Coward
      Alert

      Re: Dubious

      What does 87 % of blockers mean? I run a pretty tight ship and have blocked ads for years and have never seen SVG blocked.

      The paper says "Finally, we use the term block rate to denote how frequently a browser feature would have been used if not for the presence of an advertisement- or tracking-blocking extension."

      I think that means that SVGs are mostly used by advertisements or tracking pixels etc. rather than real content.

      1. TeeCee Gold badge

        Re: Dubious

        Probably correct. Flash's original purpose was to shove more garish and attention-grabbing ads in your face, presumably SVG is designed to serve the same purpose.

        1. davenewman

          Re: Dubious

          Flash's original purpose was to write interactive games and cartoons that could be played with online. All the video stuff came much later.

        2. find users who cut cat tail

          Re: Dubious

          Do not presume.

          SVG means Scalable Vector Graphics was designed for that and is pretty good for this purpose. I have most of my drawings (i.e. vector graphics) in SVG. Well, the Inkscape dialect in fact, but that is another matter...

          As anything, it can be misused and SVG 1.1 contains interactive stuff I am not fond of, but if people stopped using JPEGs for line drawings and replaced them with SVGs the web would be a bit better place.

    3. JLV

      Re: Dubious

      Agree.

      I really like the idea of figuring out what is actually being used. Hopefully with an eye to deprecating some of the stuff that isn't.

      However, when you flag Canvas and SVG as no-gooders, that leaves open what the suggested replacement is. I have little nostalgia for mid-90s websites and even less for sites using Flash. For better or worse, browser-based approaches have become a primary delivery mechanism for software services. Not least because much of our software now expects to have connectivity and would not operate well in pure standalone mode.

      Leaving aside considerations about the cloud being a good or bad thing, if you need a network aware app that also provides rich interactivity, that leaves you with a few options. Locally-installed software, apps a la iOS/Android. Or a browser-based app with JS and SVG/Canvas support.

      Personally, for all its weaknesses, I find browser-delivered apps with a suitably hardened browser and a sparse NoScript JS whitelist rather less dangerous than installing a lot of programs or apps locally. I actually trust open source repositories for Linux/OSX utilities/programming tools a fair bit, but not much else. Not app stores. And certainly not stuff floating around on the web waiting to be downloaded and installed.

      The less stuff I install locally, the happier I am.

      i.e. OK to jettison the unused cruft, but suggest rather than just criticize for the more useful bits. Doesn't make this study wrong per se, but it's only part of the picture. And website bloat/slowness is an coding issue, mostly not the fault of the tools themselves (Flash excepted).

      p.s. maybe the SVG spec itself requires winnowing. I recall MS self-serving justification for not having SVG support in IE (prior to IE9) being that the spec was bloated with stuff like file uploading facilities, best left to HTML. Maybe they were correct in that instance.

      1. Charles 9

        Re: Dubious

        "Leaving aside considerations about the cloud being a good or bad thing, if you need a network aware app that also provides rich interactivity, that leaves you with a few options. Locally-installed software, apps a la iOS/Android. Or a browser-based app with JS and SVG/Canvas support."

        Who not just make a protocol specifically for the purpose? Or why not use something specifically built for interactivity like VNC? Then again, these require persistent connection and the current Internet spec only allows for ~65,000 ports in use at a time, a fair chunk of which are already reserved.

        The thing is, as others have noted, HTTP was intended to be a non-interactive protocol to start with. Why did it get usurped into a two-way protocol?

        1. JLV

          Re: Dubious

          SVG is a markup spec, not a protocol. Canvas is an API to render graphics in a browser. Not sure what the protocol is doing here.

          </pedant>

          Compared to Flash bug counts to date, I'd say neither is doing too too badly.

          I am all for finer grained controls about what runs in your browser. If you don't need/want SVG then it should be easy to turn it off. But don't think no one wants/has a valid reason for interactive web apps on the basis that you don't. Besides, it wouldn't be possible to turn the clock back to our "glorious 90s websites". Bit like comparing raw update speed of a VT100 data entry terminal system to a GUI-ified one. It's just not what 90% of users want.

  8. Anonymous Coward
    Anonymous Coward

    Just looking at public "commercial" web site won't tell all the truth.

    Some features may be more used by internal web applications performing more complex and interactive tasks.

    A browser able to disable some features when accessing external ("untrusted") sites, while enabling them for internal applications, would be welcome.

    1. AndyS

      Re: Just looking at public "commercial" web site won't tell all the truth.

      That just sounds like another layer of Microsoft-style crud to me. More modes, more tags in page headers, less compatibility...

      1. Anonymous Coward
        Anonymous Coward

        Re: Just looking at public "commercial" web site won't tell all the truth.

        Actually, it's what tools like NoScript and other blocking plugins do already.

        It would be just a way of "firewalling" unwanted features. Pages would need no change, the browser will simply disallow unwanted features. I may want SVG to be available for the internal applications that show me monitoring graphs, but not for external sites (until maybe whitelisted).

        The issue is most browsers are now a by-side product of the advertising and data slurping industry - and they will never be designed to block dangerous/useless stuff by default.

    2. dajames

      Re: Just looking at public "commercial" web site won't tell all the truth.

      A browser able to disable some features when accessing external ("untrusted") sites, while enabling them for internal applications, would be welcome.

      It's a server problem.

      HTTP supports an "ACCEPT" header which, in theory, allows a browser to tell the server what sort of content that browser will accept in a page. Web servers should be required to (as in an RFC "MUST") honour it.

      Servers should not be allowed to serve Flash (say) to any browser that didn't explicitly accept it, but should be required to deliver equivalent content (as near as possible) using whatever that browser did accept.

      The browser could then be configured with a list of "trusted" domains from which it would accept specific formats of richer content, and could refuse to accept anything but text/html (without scripting) and image/png from anywhere else.

      We'd need a bit of enforcement ... if anyone set up a site that wanted to serve Flash and just returned an HTML page saying "This site requires Flash" would have to have a pretty good reason for doing so or be liable to some punishment too horrible to countenance -- including but not limited to the confiscation of the domain name.

      The end result would be a much less rich browsing experience, overall, but one that would be inherently easier to secure, and much less greedy on bandwidth. A net win, methinks.

      1. d3vy

        Re: Just looking at public "commercial" web site won't tell all the truth.

        "We'd need a bit of enforcement ... if anyone set up a site that wanted to serve Flash and just returned an HTML page saying "This site requires Flash" would have to have a pretty good reason for doing so or be liable to some punishment too horrible to countenance -- including but not limited to the confiscation of the domain name."

        That's one of the daftest things I've ever heard.

    3. Numpty Muppet

      Re: Just looking at public "commercial" web site won't tell all the truth.

      Dead right. Canvas a case in point - take that away & the world of Radiology would be back to IE-only.

  9. A Known Coward

    It's flawed research ...

    They suggest that the 'top' sites don't use these features because they aren't required, but the truth is that they don't use these features because they are still trying to support ancient browsers which predate these specifications coming about.

    So as a result they propose some of the most useful developments which came about to make browsing faster, more secure and reduce battery drains. Developments which are meant to rid us of the likes of ActiveX, Flash and their ilk? Development which are meant to reduce page bloat.

    SVG images are much smaller and much higher quality, you only need to serve a single version not a range of different sizes.

    Canvas provides an alternative to Flash (which is way more insecure).

    Websockets allow for 'push' to the browser, eliminating the need for polling - reducing bandwidth consumption on mobile devices.

    Granted some of the listed features are probably unnecessary but certainly not all of them.

    1. TeeCee Gold badge

      Re: It's flawed research ...

      .....some of the listed features are probably unnecessary but certainly not all of them.

      Well the obvious yardstick here is that if whatever you're doing can be done in a legacy browser without it then, by definition, it's unnecessary. Only if you have to back down and ditch important functionality to handle legacy support is necessity of the newer method indicated.

      It may well be "nice to have" or "easier", but that's a long way from "necessary".

      1. janimal

        Re: It's flawed research ...

        @TeeCee

        The examples he quoted are all efficiency based improvements that greatly reduce the bandwidth and cpu cycles required to serve a website. As well as helping to make the data device agnostic.

        These specific features really are necessary technologies for both improving the experience and capabilities as well as reducing the bandwidth / storage / energy of digital communications.

        The issue is that it takes time for the feature to get implemented consistently across browsers, therefore it takes time before developers feel comfortable making use of it on a regular basis.

        Advertisers have always been willing to go bleeding edge and I'm sure they jumped at the chance to use SVG & Canvas immediately.

        I have just created my first set of svg graphics for a client site & as a developer I can say they are bloody awesome. They resize to the viewport and are easy to edit - you can also edit them using javascript.

        Because they are text rendered by the browser they are highly compressible. SVG's will make up a huge proporiton of web graphics in a few years time.

  10. BurnT'offering

    Would it be feasible to make a modular browser?

    And stream code libraries on demand to enable rare feature sets when they are encountered?

    1. Charlie Clark Silver badge

      Re: Would it be feasible to make a modular browser?

      Well, that's sort of how JQuery is supposed to work. But anything that uses remote code is inherently less secure than local code.

      But proxy solutions like Opera Mini / Opera Turbo show how much work can be saved using this approach: web pages are parsed and largely rendered on the server so that all the browser has to do is display the stuff. As for secure: depends on the security of the proxies.

    2. Charles 9

      Re: Would it be feasible to make a modular browser?

      "And stream code libraries on demand to enable rare feature sets when they are encountered?"

      Code may be platform-dependent and could be hijacked by a Man in the Middle.

  11. jason 7

    We could do with some of this trimming...

    ...with operating systems too. 80% of the 'added stuff' I never use.

  12. td0s

    Wow, so many luddite attitudes on a IT forum. How do you think technology evolves? Everything must work everywhere first time all of the time or what's the point? The web is possibly the best thing to happen in computing certainly in my lifetime and all we can do is hark back to the good old days. These features are what will become normal and improve the experience in the long term - if we don't try new to do new interesting things we might as well stop making faster processors, or better ram, or breathing.

    1. jason 7

      That's not really the point chap. The usage patterns of a lot of people are becoming increasingly narrow. Having masses of unwanted/unused code just adds complexity and increased security risks. Often the chink in many systems has been some unused, little forgotten bit of code that everyone has ignored. I hate knowing that a large percentage of the software and code on my PC just isn't needed or used. Plus if it's not installed, I don't need to waste time and bandwidth on updates for it.

      The unused stuff may be beneficial to some but as no one is shouting for it...

      If it's not needed then get rid of it. Either that or in future, browsers and operating systems need to only add features if they are actually asked for. If the request never comes up, it never gets installed.

      We should be aiming at making hardware and software more lean, tailored, efficient and secure not bloated, mostly dormant and one size fits all.

      1. Charles 9

        "We should be aiming at making hardware and software more lean, tailored, efficient and secure not bloated, mostly dormant and one size fits all."

        Not gonna happen. Tailoring shrinks your audience which shrinks your revenues which shrinks your viability. Plus tailoring means lots of versions which means lots of versions to track (and each combination is a different version due to many exploits being the result of gestalts of different pieces that only occur when they're together). So it's basically all or nothing, unless you're proposing we abandon the Internet.

        1. jason 7

          Yayyy flabby and lazy is the future!

          Shame imagination and drive for something better is dwindling away in IT.

          All those versions you say are a problem...and yet you probably recommend Linux?

          All I'm asking for really is a custom install that lets me install what I NEED. The rest can sit in a secure locker ready in case I ever do require it. Until then its safely dormant.

          1. Charles 9

            Until the LACK of a module loaded opens a security hole (which is a problem in and of itself). Or they find another exploit that enables them to ENABLE the module they want willy-nilly. The only way to block THAT is for the module to not exist AT ALL. And even then, they'll probably just drop them using whatever secure channels they've been able to usurp. For some adversaries, money and technology are no objects.

            And yes, flabby and lazy is the way to go, because you learn the "one thing" you're expected to do...is EVERYTHING.

            As for Linux, NO until they can get their gaming act together better. Tried it. Ended up with headaches.

    2. Doctor Evil

      You're all familiar with the concept of extensibility in the context of a browser, right? So why not make all those features optional add-ons (or extensions, or plug-ins, if you will)? In many (most?) cases, it could be done.

      Then those users who want the features can have them and those users who don't want them aren't encumbered. Yes, the extra overhead involved in loading and running add-ons is a bit of a burden -- but it's compensated for by the ability to customize your browsing experience.

      Then browser enhancements could then be restricted to really useful / necessary developments related to speed and security -- things like sandboxing individual tabs.

      I kinda wish Mozilla had stuck to this philosophy, which is what I think they started out with.

      1. Bakana

        Extensability

        Agree.

        But, add in the ability to decide after the fact that you no longer Want that extension after all.

        Or to Remove an extension that is revealed to have security issues until those issues are Fixed and proven safe again.

      2. Charles 9

        "I kinda wish Mozilla had stuck to this philosophy, which is what I think they started out with."

        Stupid struck. As in stupid users who demand their content yet aren't smart enough to find the needed extensions, leaving them with a dilemma: accommodate them and bloat your code or see your customer base defect to the competition. When the customers demand bloat, damn the consequences, what do you do?

        1. fidodogbreath

          stupid users who demand their content yet aren't smart enough to find the needed extensions

          The same users who download and open attachments from unknown sources? Who blindly click "OK" on anything that pops up? Who blithely fill in their personal info on phishing websites, because a spam said they had to "confrim there acount detials?"

          You'd expect those users to find and install browser extensions for specific web features?

          1. Charles 9

            No, I expect them to be led by the hand into a trap. As a comedian once said, "You can't fix Stupid," yet Stupid happens to comprise a significant portion of your customer base. So you're surrounded by hopeless idiots in search of unicorns, and you're pretty much stuck in a "The Customer is Always Right" situation as your job depends on it.

            I just had a thought. What if someone coded a browser Dilbert-style, ignoring the stupid who demand this and that bloat and instead of telling them honesty what is happening simply lying to them every time they try to do something stupid. Say they want to go to a site that wants Flash to start an exploit, the browser can say, "I'm sorry, but the site you're trying to reach doesn't speak Internet correctly and cannot be reached. Recommend looking somewhere else. And yes, there IS another place to find it; this is the Internet, after all." IOW, you can't fix Stupid, so the best thing you can do is deflect it like you would with a PHB.

    3. Steve Davies 3 Silver badge

      Just Nuke the Ad Slingers

      and the world will be a better place.

      Then the Lawyers.

      1. Charles 9

        Re: Just Nuke the Ad Slingers

        Don't think it'll work. Ad slingers and lawyers are like cockroaches. Odds are they'd survive a nuke...

  13. Anonymous Coward
    Anonymous Coward

    but but but

    the bloat = progress, right? :(

  14. myhandler

    What's driving most of this is the move to make websites look and behave like apps.

    No, I don't think that's always a good thing but it's what the public and the marketeers think makes a site cool and modern.

    OTOH some of it does improve usability.

    Blocking Ajax requests seems counter productive for one.

  15. Will Godfrey Silver badge
    Mushroom

    What really gets me fuming

    is engineering websites, where I know exactly what I want to look at, and want to do so quickly, only to have to wade through page after page of heavy duty advertising, only to find the actual content link is broken - while I've got a customer who's downtime is losing them thousands of pounds a minute.

    1. Charles 9

      Re: What really gets me fuming

      Well, you have to decide what's worth your money? Wade through ads or pay through the nose since it seems so critical to your client's business. Since they seem to have you, as they say, by the wossnames.

  16. Bakana

    Don't Block it, Dump it.

    What many users might prefer is a way to not "Block" unwanted features but a way to set up a profile that tells the browser to just Dump the code that will never be executed because that "Feature" is Never going to be used.

    Allow the "Blocker" to simply Remove (or never download in the first place) the code that the User objects to.

    1. Charles 9

      Re: Don't Block it, Dump it.

      "Allow the "Blocker" to simply Remove (or never download in the first place) the code that the User objects to."

      How are you going to know what the code is you need to dump unless you download the code to inspect it in the first place? And due to perverse motivation, you can't expect the server to do this for you.

  17. More Jam

    no password needed

    This comment exists, and I posted it using w3m.

  18. Anonymous Coward
    Anonymous Coward

    El reg is becoming an old folks home...

    For the people who yearn for a text only internet...

    Web Audio and Web RTC are very useful but as yet not really discovered.

    There are large java / HTML5 apps like BigBlueButton that rely on this for non-flash video and audio streams.

    Jeez, you can't go a day on el reg without the comments de-crying flash and then any replacement gets shot down.

    Stick to your nokia 6110s and keep that cat 5 away from your steam powered difference engine!!!

  19. Aslan

    Wow? I don't understand the hate for so many wonderful things.

    HTML: Canvas, admittedly I usually see this used in the wrong places, to try and track me, to try and mess with me, but there's some beautiful and amazing image editors that use it. Most sites don't need it, but the ones that do, must have it.

    SVG - Low bandwidth images, that properly scale to any size

    WebGL - I own over a dozen commercial games I can run exclusively in a webbrowser, not to mention the usefulness for data visulazation

    HTML: Web Workers - the interface separated from the data crunching portion of a website, snappy interfaces that take advantage of multiple cores to enable responsive web apps that can do heavy data processing.

    HTML 5 - Many, many wonderful things

    Web Audio API - Voice chat I believe

    Gamepad - it works with some of the WebGL stuff, most websites aren't for playing games, some are.

    Web notifications - Doesn't Google Hangouts use Web notifications?

    Vibration API - I've only encountered this once, with a disruptive ad, but it seems quite simple and useful for approved sites.

    The ones I've listed are the ones I'm casually or more aware of. Certainly a number of these features have been abused for ad slinging / privacy abusing reasons, and that's why users are blocking them in many cases, the users do not approve of or accept 'privacy' policies on sites saying we can do anything at anytime to anyone. No one wants to read a dozen page privacy policy that it would take a lawyer to know what it meant anyway, before accessing the site. As such it's simply prudent to block features with prejudice, only enabling them when they are specifically useful.

    There's simply nothing out there like canvas, you'd have to run a local app or a Java app as an alternative.

    Just because I block a bunch of this stuff due to the hostile web environment in general and ad specifically doesn't mean I want to see it go away. I'm very glad to have it and I think just about all of it has it's place.

    By all means if a browser with these features is too dangerous for a particular industry then by all means implement a browser without them, but leave feature rich browsers Chrome, Firefox, Safari, Edge as they are and free to innovate.

    1. jason 7

      Re: Wow? I don't understand the hate for so many wonderful things.

      Sorry chap but going forward, security and locked down experience is going to be the way forward.

      It's going to be carnage over the next 5 years.

      All that garnish is just going to get tossed aside. But you carry on listening to John Lennon's Imagine all you like.

      1. Aslan

        Re: Wow? I don't understand the hate for so many wonderful things.

        I do listen to Imagine as all ought to, and to this day I keep my hair cut in a similar style to 1964's John Lennon. No jokes, no trolling here, really. Imagine is a wonderful vision if you skip the first verse. The vision of the future though that I hope to see come about, though I've no expectation of it, is of us all to be Watched Over By Machines Of Loving Grace.

        The sandboxes of Chrome plus it's frequent updates are no cure all, but they do make things more manageable with the web as it is than a traditionally versioned browser such as historical versions of IE.

  20. sdaugherty

    Study fails to consider one thing... Flash

    A lot of the technologies that are being cited as "useless" in the study as part of efforts to be able to deliver a plugin-free experience - that is, to end reliance on things like Flash.

    Along the way, this turned into a bloated mess, but some of these lesser-used technologies are essential if we want to truly be rid of the need for browser plugins.

    Some of them aren't more widely used because they are definitely very niche. -but they are starting to see use - WebRTC is being used to bring videoconferencing like Skype into the browser, the various specs related to video are being used to deliver Flash-free video and are used on video streaming sites already, WebGL and the gamepad API are there to unseat Flash's stranglehold on gaming, and so on.

    On the other hand, quite are few of these I recognize as being central to Mozilla's now-defunt FirefoxOS platform - bits and pieces that were implemented to make web pages behave like native apps which were rarely used and possibly not even widely enabled outside of FirefoxOS apps.

    There's definitely room to trim some fat regardless. Of the features mentioned, a lot of them are excessively complicated, many of them are redundant, and many more of them need to be locked down under permission so that they don't get adopted widely by advertisers and malware. HTML5 video, for example, would be a better experience for users if it were behind a permission, so that videos never just start playing. There's only a handful of sites where I actually WANT videos to play on, places like YouTube.

    Going forward what I'd like to see is the bare minimum of what's required to allow web applications to do things that currently require plugins, the simplest, smallest, cleanest,most easily audited implementation possible, and everything "niche" that an *average* website wouldn't use, locked down behind granular permissions, as Geolocation, Notifications,, Webcam/Microphone use, mouse capture, and other things already are.

    I'd also like to see as much effort going into fixing the web advertising as has gone into these seldom-used features. Not killing it, fixing it, as that publishers get paid, users are not tortured, , privacy is respected, advertising ceases to be a malware vector, sites are not slowed to a crawl, and we no longer need an ad-blocker just to have a usable browser. I'd like to see a serious effort to impose a code of conduct and technical guidelines on advertisers, and war waged on those that don't fall into line. Something along the lines off this - audio/video ads only allowed to be delivered with audio/video content, otherwise static header and sidebar ad only, all ads to be surrounded by an advertisement border or watermark, etc. We've got to reach an end to the advertiser arms race, and, ans sites that break those and use abusive practices rules should start finding themselves in the malware blacklists.

    1. Charles 9

      Re: Study fails to consider one thing... Flash

      "I'd also like to see as much effort going into fixing the web advertising as has gone into these seldom-used features. Not killing it, fixing it, as that publishers get paid, users are not tortured, , privacy is respected, advertising ceases to be a malware vector, sites are not slowed to a crawl, and we no longer need an ad-blocker just to have a usable browser. I'd like to see a serious effort to impose a code of conduct and technical guidelines on advertisers, and war waged on those that don't fall into line. Something along the lines off this - audio/video ads only allowed to be delivered with audio/video content, otherwise static header and sidebar ad only, all ads to be surrounded by an advertisement border or watermark, etc. We've got to reach an end to the advertiser arms race, and, ans sites that break those and use abusive practices rules should start finding themselves in the malware blacklists."

      You can't fix it. The ad arms race has been going on for OVER A CENTURY now. Heck, the scourge of ads has been in literature since at least World War II (read First Lensman, for example: written during World War II). Advertisers are like roaches; they'll survive nukes. And net-goers are too conditioned to freebies to go back to the old CompuServe walled garden business. Bad guys will ALWAYS be able to infect ad networks simply because they now have the resources to perfectly mimic legitimate businesses, operate out of countries that won't extradite but disguise their origins, and can change identities like a chameleon changes colors. With this kind of "anything goes" environment, how can you expect to keep things clean? Especially when ad agencies are getting big enough to essentially hold small sites hostage? I'm sorry, but all this sounds to me like wishing for unicorns...

  21. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like