Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Has a line been crossed by this user

by PhilHibbs (Hermit)
on Jul 05, 2005 at 13:02 UTC ( [id://472435]=monkdiscuss: print w/replies, xml ) Need Help??

Update: This issue is now resolved, nothing to see here, move along. I am seriously considering whether or not raising this issue in the way that I did was an over-reaction.

A homenode containscontained JavaScript that automatically posts a fixed message text both to the Chatterbox and to the user himself. A number of people have objected to homenode buttons that post to the CB, but I believe that, in addition to those concerns, this is disruptive to the CB. One person posts "PhilHibbs snoops round Ctrl-zs homenode", a few CB lurkers wonders what's so interesting, and soon the conversation that is going on is scattered with a handful of the same message.

I mentioned to the user that I don't think that this is acceptable a couple of weeks ago.

Update: Apparently this is what the "Disable some JavaScript on homenodes" user setting is for, which I have now reluctantly turned on, but this shouldn't be necessary.

Replies are listed 'Best First'.
Re: Has a line been crossed by this user
by monarch (Priest) on Jul 05, 2005 at 14:17 UTC
    Sometimes computer users with a moderate amount of experience like to show off.. and they do things like create the aforementioned buttons, or zillions of lines of multicoloured sigs, or start installing their favourite desktop themes on their friends' computers without asking..

    All this behaviour is consistant with the old phrase "sometimes knowing a little is knowing too much". I remember, when at university, seeing a post on the wall about the stages of knowing LaTeX.. from newbie up to wizard. And wizards truly were wizards..

    With more training and life experience comes the maturity and understanding that one does not need to "show off" their knowledge.. when the time comes it will be revealed plain and simple.

    Another sign of maturity is understanding that not everybody wants to be bothered by one's acts of impressivism.. that multiline signature might actually be annoying to a wizard, rather than impressive to the neophytes usually encountered.

    I think that when you see things like this that annoy you.. my advice would be to count to ten, and realise that what you're observing is, for the most part, peacock feathers and an insecurity on the part of the person that is annoying you. They will, of course, see it differently.. until a wizard casts a spell on them..


      I tend to agree with [id://monarch] here. The user in question has crossed a line, but I don't think it's a 'kick him off the site' line.

      Rather, he's crossed the line of general etiquette. Perhaps your node might make him realize he is drawing as much negative attention from the monks as he is any sort of 'gee whiz' attention from jr.-level people. The fact that he yells 'I want attention!' into the CB every time someone hits his node should be enough negative attention to lead most monks to just avoid him and his node.

        A reply falls below the community's threshold of quality. You may see it by logging in.
        but I don't think it's a 'kick him off the site' line.
        Of course not, and I hope that nothing in my posts have implied that.
Re: Has a line been crossed by this user
by g0n (Priest) on Jul 05, 2005 at 18:15 UTC
    I'm in two minds about this. Anyone new to the site may not realise what paranoia mode is for, or be aware that twiddly tricks with javascript are possible on homenodes. I've only seen one or two 'so-and-monk snoops around ctrl-z's homenode' in the CB, so it obviously isn't a major problem, and I know from being embarassed by the first homenode button that I clicked (barts) that it's a reasonably good way of attracting newbies attention to the fact that this sort of thing goes on. ctrl-z's reasonably harmless code might draw attention to this kind of trick and stop people falling for password stealing, XP chopping or vote stealing scripts.

    I tend to use javascript only when necessary and don't know it very well, so I can only applaud the experimental spirit that I assume lies behind ctrl-z's script. I spent a couple of hours playing with random phrase selectors for a homenode button and found it an interesting coding problem. Perhaps it is a peacock tail type display, but isn't the monastery somewhere to have fun?

    OTOH, it is a bit anti-social to run code immediately on visiting a homenode, and I think sets a bad precedent. I often visit homenodes of people I don't know in response to their remarks in the CB, and wouldn't want the CB to be constantly disrupted by this sort of thing.

    On balance, my comment to ctrl-z would probably be "Nice trick, and I for one am suitably impressed by your inventiveness (seriously, I'm not being sarcastic). But please take it down".


    g0n, backpropagated monk

      Users' home nodes should have filtered HTML (unconditionally) so that much worse cross-site scripting attacks are not possible. I find the site allowing this to be done is a more serious problem than this mildly annoying (the CB postings from buttons have been more annoying so far, in my experience) use of it.

      The (poorly named) "really paranoid" setting in user settings filters home-node HTML much like is already done everywhere else on PerlMonks. This is the only way to eliminate the potential for cross-site scripting attacks, which can be destructive but haven't been yet.

      There are a couple of imperfections in the current implementation of home-node HTML filtering that will eventually be addressed (and will then also prevent a few javascript exploits that are still possible outside of home nodes).

      This filtering just needs to become mandatory. Supporting cross-site scripting attacks just doesn't make sense to me. I'm thankful that demerphq put up home node HTML filtering and I now mostly feel safe visiting home nodes.

      Then we won't have to "deal with" the possibility that one person might register at PerlMonks who is both anti-social and knows a tiny bit of JavaScript, no matter how remote some would like to think this possibility should be. (Not that I have any proof that one or more people haven't already been silently collecting PerlMonks passwords waiting for the right moment to exploit them for some mayhem.)

      - tye        

Re: Has a line been crossed by this user
by Roy Johnson (Monsignor) on Jul 05, 2005 at 16:11 UTC
    The "Disable some JavaScript on homenodes" setting is sufficient; you don't need to "be really paranoid".

    Caution: Contents may have been coded under pressure.
Re: Has a line been crossed by this user
by grinder (Bishop) on Jul 05, 2005 at 14:29 UTC

    Wow! You still have Javascript enabled?

    I switched that off years ago in my browser. The legitimate uses it once had have by and large been replaced by the correct use of CSS. It's true that as a result I sometimes encounter a site that doesn't work correctly, but that's ok, because in the words of Jamie Zawinski... "that's just fine -- because sites that do this invariably ALSO DON'T HAVE ANY CONTENT ON THEM".

    Just don't go around pressing buttons on homenodes, it's as simple as that. If you can't resist that, at least read the source beforehand, to know what you're getting yourself into.

    As late as a few years ago, a senior monk had a Javascript that would send your PM password if you clicked the right button. It may still be there. Cave canem and all that.

    Javascript buttons are part of the Perlmonks Experience™, the place wouldn't be the same without them.

    update: I didn't realise it was automatic, rather than having to click on a button. Indeed, that's different, but not different enough IMHO, to make a difference.

    Just surf with Javascript disabled. Everywhere, all the time. It's basic 'net hygiene. Modern browsers make it really simple to switch on and off, no grovelling in preferences required. The user should be applauded for making people think about this.

    Second update: by "Javascript disabled everywhere", I should explain out that I mean "Javascript disabled by default". Firefox, to speak of the browser I use, has an extension called Noscript, which allows you to choose whether or not you want to execute the Javascript they want you to execute. So for the sites that need it, all is well.

    What is truly amazing when you use this extension, is the number of sites that do use Javascript, more or less for gratuitous purposes. If you don't know why a site needs to use Javascript, don't let them. It's like running with taint checks.

    grinder trips over a pipe, gets up and trips again.

      grinder, I +'ed your reply, but respectfully disagree. I know it's very popular around the monastery to trash javascript, but as a web developer and surfer, I find it extremely helpful, and so far harmless (hmmmmm, the topic of this thread notwithstanding). Personally, I only build tableless, CSS2 and XHTML sites, but there are things that javascript does that are cumbersome, at best, using other methods. And thanks to Internet Exploder, it's impossible to have CSS menus without a javascript hack. CSS is great, but it's not a conditional language.

      I don't use JS for validating forms or encrypting passwords (Perl does that for me), but use JS in those places where HTML and Perl can't do it as efficiently. And if someone wants to do damage, they don't need JS do it.

      "The important work of moving the world forward does not wait to be done by perfect men." George Eliot
        Wow! You still have Javascript enabled?

      Umm .. yes, I do. There are useful things that JavaScript can do. A while back, someone's home node (don't know if it's the one being discussed) forced my browser to close because I had JavaScript enabled .. oh, I think it was Petruchio's .. that didn't make me a happy camper.

      The bottom line is that I use it for the web application I wrote and still maintain at my place at work, Google (maps, gmail) uses it, and for the most part it's very handy.

      Alex / talexb / Toronto

      "Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds

      It isn't a button. It's automatic. I use Google Maps a lot of the time, and it's a real pain to keep switching it just to avoid being bullied by pillocks like Ctrl-z.
Re: Has a line been crossed by this user
by Ctrl-z (Friar) on Jul 05, 2005 at 19:45 UTC

    A couple of points in my defence, if I may:

    I would consider myself a reasonably conscientious member of this community. I try to contribute where I think I have something original to say, and otherwise keep to myself and my super searches. I dont expect anything in return, but I certainly do not expect to be witch-hunted over something that is obviously a joke.

    Yes, you voiced your opinion a couple of weeks ago. Then you voiced it again several times in the CB - suggesting, as I recall, the javascript was clearly a sign of my duplicitous intent (see footnote).

    The biggest complaint verbalized was jZed suggesting it was "quite rude". Perhaps. But that is not severe enough for you?

    Has a line been crossed by this user?

    Clearly I have crossed one of your lines. What is your actual complaint - disruption to the CB? I think its safe to say that the majority of the CBs contents is smalltalk, and I hardly think the traffic to my homenode generates any sort of disruption worthy of this knee-jerking session.

    Now allow me to describe the line you have crossed. You have chosen to make a public example of me, to satisfy some pompous outrage over a trivial matter. You have, on more than one occasion, shit-stirred to aid your feeble little campaign and look - can the responses be any more lackluster?

    I still feel confident that my original intentions are not any more objectional than others' in the same vain, and unless specifically asked by a site administrator - the homenode will stay as is. I have no idea what your intentions are, but from now on, I would appreciate if you do not involve me in your pedantry. You are not being "bullied" and I suggest you suck it up (hell, maybe laugh) and never return to my homenode if it disturbs you so much.

    PS: monarch - bite me

    This is not a javascript issue. The same effect can be achieved using vanilla HTML:

    <iframe src="?op=message&message=%2Fme+snoops+round+%5BCtrl-z%5Ds+ +homenode&message_send=talk">
    The javascript exists to ensure that myself, anonymous-monks and robots do not cause unnecessary crud in the CB - ironic, no?

    time was, I could move my arms like a bird and...
      my original intentions are not any more objectional than others' in the same vain
      I cannot recall ever seeing a more appropriate typo.

      Caution: Contents may have been coded under pressure.
      You have chosen to make a public example of me,
      I think you asked for it. I am actually considerably less upset about this than a lot of others, judging by their comments in the CB. Maybe it was arrogant of me to take it upon myself to voice theirour concerns, and I will take that into consideration in the future.

      The fact that you could have made it worse than it already is is not relevant - I have always interpreted homenode buttons as some kind of crusade against JavaScript and IE users, maybe I'm wrong in your case. I find JavaScript very useful, and the only site that has casued me problems with it is PerlMonks.

      I'm not sure what you mean by "duplicitous intent", but I did comment (if I recall correctly) that the fact that the code specifically avoids doing anything if it's you that is browsing with JavaScript turned on was an example double-standards. U:Maybe I used the wrong word.

      Update:And if you don't think that the Chatterbox is worthwhile, then just turn it off.

        I think you asked for it.

        To be fair, most of the recent traffic to my homenode was generated by you. It was not my intention to cause such controversy, and I dont think I would have on my own. Needless to say any humourous/educational aspect seems well and truly lost...the script is gone.

        I appreciate the sober response - I too am not here for a "slagging match". Live and learn.

        time was, I could move my arms like a bird and...
        I find JavaScript very useful, and the only site that has casued me problems with it is PerlMonks.

        You apparently have not been around the web very long, then. Back in the bad old days before capability policies (which, incidentally, some quite popular browsers have not yet bothered to implement), the stupid JS stunts a few people around here pull on their homenodes would have seemed as nothing; back then, Javascript used to be able to easily crash your browser and/or your operating system, and with a bit more effort it could be made to do much worse things than that. I surfed with Javascript disabled for years.

        These days I generally surf with Javascript enabled, but limited by capability policies, but I still occasionally find myself having to turn it off to escape the rude effects of one site or another, and it is noteworthy that Perlmonks to date has not been one of the sites that has necessitated this; stupid stunts like automatically posting a message in the chatterbox are pointless and arguably rude, but they don't cause any tangible harm.

        I don't normally surf with Javascript disabled, but that's mostly because I prefer not to go through life paranoid. I don't lock my house at night either. So far I haven't been seriously hurt by either policy, but it is certainly possible that at some point I *could* be. Taking that risk is a decision that I make after weighing the relative merits of safety and convenience against probabilities.

        I tend to agree with tye that Perlmonks should be responsible and filter scripts out of all user-submitted content that isn't checked by hand by the site admins. But that will only protect you from being harmed by Javascript code here on Perlmonks; if you surf the rest of the web, with Javascript enabled, it won't protect you.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: monkdiscuss [id://472435]
Approved by ktross
Front-paged by kutsu
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (3)
As of 2024-04-15 00:14 GMT
Find Nodes?
    Voting Booth?

    No recent polls found