Rubénerd!

Remember in November 2011 when I voted for a non-JavaScript Google +1 button? Let's see how we're doing with getting an answer.

Comment 34 by rlueb...@gmail.com, Aug 27 (2 days ago): This was reported September 2011 and is NOT fixed yet. Still no +1 without Javascript, only sharing. And still not a single remark from Google ... Please add this feature. Due to laws in Germany +1 is unusable this way.

I had my Google+ account suspended for using my real name in March 2012, and I don't search with Google while logged in anyway. Still, would be nice to let Googlers vote for my stuff without JavaScript.

First, make sure you're proactive about privacy and security by using NoScript and a cookie manager. Head to a Blogger powered site, like this one. Marvel at the blank page! Temporarily allow blogger.com in NoScript. Marvel at the spinning gears... that just don't stop! Spin spin spin!

It's pretty poor form for a company as large as Google to require JavaScript to even load content, but to require a cookie? Madness.

In a related note, @hanezawakirika forwarded me this epic flowchart showing when to require Flash when loading a site. Same principle applies!

The open feature request is listed as an enhancement which is a bit of a misnomer, but feel free to add your voice and vote on the Google Plus Platform list if you agree.

Throwing my support behind a non-JS solution for accessibility and speed.

A simple, elegant GET request based system would be wonderful, I already use it for Twitter and Delicious, should be trivial for Google engineers to implement.

Of course, it's intuitively obvious why an advertising company doesn't want a JavaScript alternative, but we can still dream. I'd implement it in a heartbeat here if they did.

With the launch of their Google+ social network, Google have now allowed webmasters to have the +1 buttons on their pages. Should I use them?

From http://www.google.com/webmasters/+1/button/:

Add +1 to your pages to help your site stand out. +1 buttons let people who love your content recommend it on Google search

Thinking out loud

Aside from having pages ranked with these buttons appearing on their new Google+ profiles, it's clear Google plans to use these to influence their search results. The potential ethical dilemma this introduces is for another post.

I've eschewed (gesundheit) having external, dynamically loaded JavaScript here since this site's inception because of privacy and speed concerns, but this is the first time I've had an inkling of questioning my decision.

Given these +1 buttons are appearing in all their search results, would it make much practical difference allowing you to click here too? Either way, it's an optional process you're entering into, I'd just be making it a bit easier to share on sites such as Google+.

I'm not sure. What do you think?

Would be no problem if they did this

This wouldn't the first time I've let people share my posts with another service; until the latest site redesign I had a beautifully simple, static Bookmark on del.icio.us link that worked like this:

<a href="http://del.icio.us/post?url=[PERMALINK]&title=[TITLE]">Bookmark This on Del.icio.us</a>

Then there were the ways you could allow people to subscribe to your blog in various blog platforms, such as Google Reader:

<a href="http://www.google.com/ig/add?feedurl=http://rubenerd.com/feed/">Google Reader</a>

Many of my concerns would be alleviated if Google had a similar, GET request mechanism for +1 instead of relying on JavaScript. This would be cool:

<a href="http://plus.google.com/share?url=[PERMALINK]&title=[TITLE]">+1</a>

I suppose they're doing some verification in that JavaScript to prevent click fraud, and to tie a vote to a particular Google account; but then again the del.icio.us link essentially achieved the same thing while being static, provided you were logged into your del.icio.us account.

Oh well, I suppose I'd need JavaScript after all if I wanted to implement this.

I don't read Gawker sites since they decided buying stolen property was journalism, but when I was informed of Gizmodo's latest site redesign, I was quick to check out how their latest mess compares to mine. I can't design sites either, you see. Anyway, is this a joke?!

Ruben can't design stuff

Now as you can see from my site here, I know nothing about web design myself, I just created what I thought was the simplest thing I could get away with. Still, as a user I could spend my time critiquing the slow rendering, awkwardly designed new version of Gizmodo, but there are plenty of other people doing that for me right now...

This Is the New Gizmodo ★
Terrible.

...and I don't even read Gizmodo! Instead, here's a rant about graceful degradation.

No, its just un-graceful degradation!

Its a very simple concept, when you develop a site (or even software) you provide for an alternative version[1] when dynamic content, cross site requests, cookies and other media are either not accepted by a security concious user, or for when the client software doesn't provide the capability to render or use them.

[1] If you're really talented you don't even provide an alternative version, you simply design it in such a way that clients can render at least some of it when they can't render it all, and still make it usable and visually appealing. If you've got a designer who can do that, pay them well and do everything you can to keep them!

It doesn't just make your site more accessible for people using screen readers, text browsers and the like, but makes sites easier to crawl by search engines and those daddy long legs spiders that sometimes make their way into my computer room that I'm okay with because they eat insects and they've never scared me. But I digress.

Aww, but it's too much work!

Gawker media sites have long used JavaScript to load in fundamental parts of their sites such as comments which obviously isn't good for usability or security, but this time if you don't have cross site requests enabled by default it doesn't load anything other that what I can only imagine was an early prototype for the site. A VERY early prototype, there's no content whatsoever, and the navigation bar contains only two entries, neither of which link to anything!

There may be legitimate reasons for them to be loading in content from five million places and nothing from their host domain (load balancing, performance), but the fact that their site exists in such a way that under certain circumstances[2] it doesn't display anything should be a concern, perhaps even moreso than the fact that they're current design when being rendered properly isn't terribly attractive at best, and is painfully slow at worst.

[2] Well, I mean Rubenerd AND Gizmodo don't render anything when your computer is turned off (another potential certain circumstance), but I can hardly be blamed for that ;).

And in case you think I'm being unreasonable, Gizmodo's arch rival Engadget loads most of their content just fine even with all my archaic, paranoia-induced Firefox extensions, and in a site design I'd argue is infinitely more usable. It is possible folks!

Perhaps it simply attests to the kind of people that read Gizmodo.

Why?

A few people on Twitter this evening reported that YouTube had been [maliciously] hacked. I clicked the first featured video on the YouTube homepage and was given a blank page that abruptly ended after a few comments containing attempted script code. Seems like a code injection attack exploiting incorrectly sanitised comments.

I run NoScript, so perhaps that's why I didn't see anything. If that's true, its for unexpected situations like this that I insist on running Firefox and with such an extension!

UPDATE: People are now saying it was /b/, the same mob that tried to send Justin Bieber to North Korea. They should have just left it at the latter; it was kinda funny.

If you're a Windows user, it's safe to start using Firefox again. Firefox has been updated to 3.6.2 which fixes that nasty exploit CERN discussed and recommended people switch browsers for on the Windows platform.

Oh no, he's going to say it... wait for it..

As if we all needed another reason for using NoScript.

Aaaaah he said it! Ugh, I need a lie down

It's no silver bullet magic potion solution that shields your computer with 1337 ninja oompa loompas, but for zero day exploits of this nature it at least gives you some protection before a security hole is fixed -- or even discovered. Every application has bugs, and we can never assume other people aren't taking advantage of them without our vendor's knowledge.

You're all bored to tears hearing me say this, but I'm still baffled by the relative lack of dynamic content whitelisting in browsers. If this security hole had been found in another browser, or Firefox without a plugin akin to NoScript, it could have potentially caused even more damage.

Kudos to Google for including JavaScript and cookie whitelisting as a build in feature in the latest build of Chrome.

Hehe Safari 4.0.4... I suppose if it doesn't download properly you get a 404 error? HA!

Moving on, I just finished downloading the new Safari 4.0.4 release. Reviewed in one sentence: its one slick, fast browser. As I said on MacRumors though (and was promptly ignored) there's still one huge reason why I can't use it.

Each new release of Safari makes it even harder to be a Firefox user, and 4.0.4 is no exception I'll tell you that. Its beautiful and fast even on my 32bit Core Duo MBP.

The only thing holding me back still is a lack of a NoScript alternative for Safari. Having got used to blocking JavaScript and selectively enabling it only on sites I trust in Firefox for so long makes me nervous about using anything else.

Unless there is a Safari extension/plugin that does offer that functionality that I'm not aware of, granted it's been a while since I've really checked.

I suppose vendor lock-in comes in many forms.