You should sit down before reading this.
Despite what seemed like a heartening tide against services like Disqus, they're enjoying a baffling resurgence. I asked myself, why would people voluntarily make their sites slower, more convoluted for security conscious people to use, as well as less accessible, searchable, cohesive, secure and predictable? I did a bit of digging, and discovered something shocking.
Crab people. They taste like crab, talk like people, and they live underground.
Crab people are installing third party comment systems on as many blogs as they can by convincing people they're shiny and awesome. Once installed on a critical mass, they'll be able to control the blogs remotely using an undisclosed back door in the proprietary code and take back the world the Humans so cruelly stole from them.
Crab people! Crab people! Taste like crab! Comment like people!
Macslocum over at O'Reilly Answers is asking people to submit their favourite browser plugins and extensions. No prizes for guessing which one I chose!
First Macslocum's recommendations:
Firebug (Firefox) -- I can't believe this thing is free. It's hands-down the best HTML/CSS testing tool I've ever used. It's also incredibly handy when I can't remember my own CSS naming conventions.
ClickToFlash (Safari) -- This automatically disables any Flash-based elements. But unlike strict ad blockers, ClickToFlash gives you the option of activating Flash on a piece-by-piece basis. So if you want to watch a movie on a web page but you don't want to see the Flash ads, just click the movie element and that Flash-based part of the page will load.
How about you? Which plugins/extensions do you use?
For what it's worth, I also highly recommend ClickToFlash to all my Mac friends using Safari, it improves performance and reliability so much it's as if you've just shoved an extra few gigs of memory into your system for free.
As I've enumerated here many times, I can't use a browser without NoScript anymore, I feel as though I'm in a car without seat bealts, a war zone without a bulletproof vest or a conference without pants when I don't have it. How people think they can be responsible internet users without such software in 2010 baffles me more than... attending a conference without pants. I suppose some people wear business skirts, just not me, surprising though that may sound. Chuck Peddle wears pants, I can tell you that much. And he invented the 6502 for heaven's sake!
If you haven't seen my other posts on this subject, I also talk about my other favourite Firefox plugins in these posts: More Firefox extensions and Firefox extensions. I put way too much effort into those pages! Of all the extensions, most are security related.
As I said with the Ghostery Firefox extension back in May (Ghostery Mozilla Firefox extension review), it bowls me over when I go to some sites to see just how much sneaky crap is going on behind the scenes, and how most people simply have no idea. With NoScript, I'm starting to see the same thing, and it's rapidly getting much worse.
Now having a trillion different things trying to run on a page perhaps is to be expected with so many external Web 2.0 services jostling for our attention all over the place now, and the number of scripts attempting to run doesn't necessarily translate to less security and privacy, but I am becoming increasable wary of the direction things seem to be heading.
More scripts are a problem. Each script introduces a new potential vector for attack, meaning the more we have the greater the surface area of the target we're wearing on our backs as we browse. Unfortunately as this progresses tools such as NoScript could potentially become less effective for the same reason the Windows Vista UAC system ultimately failed; as we start to drown in the sheer number of scripts, picking out legitimate scripts from sneaky ones is also only going to get harder which means many people will simply give up and allow all scripts again, defeating the purpose. As more pages start to depend on scripts to operate, so too will people's frustration.
I just shudder to think all that nonsense would be running unfettered in my browser if I didn't have an extension like NoScript for Firefox, and it makes me shudder even more that the vast majority of internet users don't use such a utility.
It also makes me wonder just how many of these scripts are really necessary at all and whether they're also systematic of a broken web architecture that's failed to keep up with what we've ended up using it for. As with Flash, will HTML5 help to alleviate some of the need for client side scripting?
Another great reason for using NoScript in Firefox if you didn't think it was useful before is that it blocks embedded media such as Flash unless you specifically choose to unblock it on individual pages (which for me is almost never!). With HTML5 elements like
<audio> now being supported in Firefox 3.5 I was worried I'd be losing this control and that there would be an unguarded vector for attack... not to mention being annoyed and irritated by pages that start playing jingles and animated advertisements!
Suppose Firefox employed an external library to play media which turned out to be vulnerable; it's happened in the past. Any malicious hacker could embed a specially crafted video or audio file into a page and your browser would start playing it automatically when you visited the page. By the time you realised what was going on, it'd be too late.
In any event, it's one less thing to make me nervous and to worry about, which for someone always buzzing with social anxiety and caffeine is a good thing :).
Disqus is an external blog commenting system that seems to be all the rage thesedays, so much so that even veteran blogger Dave Winer has just started using it on Scripting News. While the concept seems like a great idea, the implementation leaves a lot to be desired.
This is why, dear readers, for your benefit and mine (our collective sanity as it were!) I will not be putting Disqus on my own blog here. I suspect it's a fad anyway, and will start disappearing in a few years when the Next Big Thing comes along. Disqus is to comments what Adobe Flash is to web pages, a little extra convenience for the target audience at a grave expense.
That's not to say the existence of services like Disqus is a complete disaster. What developers at WordPress, Movable Type and so on should be taking away from this is that some people aren't happy with existing commenting systems in their blogs, and that they'll implement self destructive plugins like this to get the features they want! I hope this means we see more innovation in the comments space.
UPDATE, 2009: Some good news, it seems the tide is beginning to turn on Disqus and other such dynamically loading comment systems. Matt Mullenwag, the head developer of WordPress, has publicly stated they're a bad idea in a post bluntly titled 6 Ways To Kill Your Community.
I hope this represents a wider trend (from the looks of it, it has) and will encourage others to leave the service for alternatives... though as I stated in the original post, for people who have got hooked to the service this might be impossible or extremely difficult.