Most active commenters

    ←back to thread

    I can see your local web servers

    (http.jameshfisher.com)
    652 points jamesfisher | 16 comments | 28 May 19 07:57 UTC | HN request time: 0.415s | source | bottom
    1. jsgyx ◴[28 May 19 08:44 UTC] No.20028318[source]
    I use NoScript, you can't see shit.
    replies(3): >>20028357 #>>20028408 #>>20028429 #
    2. julienreszka ◴[28 May 19 08:53 UTC] No.20028357[source]
    You can't see shit neither
    replies(3): >>20028366 #>>20028456 #>>20029152 #
    3. vbsteven ◴[28 May 19 08:55 UTC] No.20028366[source]
    yes, he can, he will see the modern equivalent of "This site is best viewed in Internet Explorer". Which in 2019 becomes "Please enable Javascript to view this page"
    replies(1): >>20028471 #
    4. dwb ◴[28 May 19 09:06 UTC] No.20028408[source]
    This is not helpful, because only an extremely small proportion of Web users run NoScript, and nor should they have to.
    replies(2): >>20028470 #>>20028474 #
    5. Thorrez ◴[28 May 19 09:11 UTC] No.20028429[source]
    Here's a port scanning technique that doesn't use javascript:

    https://blog.jeremiahgrossman.com/2006/11/browser-port-scann...

    6. alfiedotwtf ◴[28 May 19 09:16 UTC] No.20028456[source]
    That was actually funny
    7. gnomewascool ◴[28 May 19 09:20 UTC] No.20028470[source]
    > This is not helpful, because only an extremely small proportion of Web users run NoScript, and nor should they have to.

    Most (non-technical) Web users also don't run their own web servers, so they aren't affected. Among technical users, the proportion with NoScript is probably not as small.

    replies(2): >>20028532 #>>20028545 #
    8. larkeith ◴[28 May 19 09:20 UTC] No.20028471{3}[source]
    Honestly, such notices are shockingly unusual - most of the time (at least for the sites I encounter) they don't bother with <noscript>, you just get a broken and/or blank page.

    I mostly use the web for reading blogs and articles, so the loss of dynamic sites isn't troublesome, but it's certainly not for most users.

    (Edit: Some numerical context I have enabled Javascript for 194 sites over the last five years, whereas I encounter several new sites daily.)

    replies(1): >>20028536 #
    9. jsgyx ◴[28 May 19 09:21 UTC] No.20028474[source]
    That's like saying that people shouldn't have to run ad blockers, that instead ad networks should behave. Sit and wait.
    10. tinus_hn ◴[28 May 19 09:36 UTC] No.20028532{3}[source]
    Most users have a modem or router that comes with a web interface, like just about everything in the internet of things.
    11. vbsteven ◴[28 May 19 09:38 UTC] No.20028536{4}[source]
    I also browse with noscript all the time and I get them quite often. Mostly on product landing pages and Show HN demos.
    replies(1): >>20031256 #
    12. deadbunny ◴[28 May 19 09:39 UTC] No.20028545{3}[source]
    Their routers do, along with an ever growing number of IoT devices people happily hook up to their WiFi without a second thought.

    Given the long and gory history of companies releasing insecure by default devices methods like this are a legitimate entry point into a network.

    13. icebraining ◴[28 May 19 11:51 UTC] No.20029152[source]
    Actually, they can: even if you enable JS, NoScript's ABE will prevent this attack: https://en.wikipedia.org/wiki/NoScript#Application_Boundarie...
    replies(1): >>20032702 #
    14. larkeith ◴[28 May 19 15:43 UTC] No.20031256{5}[source]
    Hmm, I wonder if it's confirmation bias on my end, or just a difference in what pages we each view.
    replies(1): >>20034012 #
    15. mrob ◴[28 May 19 18:04 UTC] No.20032702{3}[source]
    Not anymore. It's not included in modern versions (after the changes in Add-Ons for Firefox's Quantum update).
    16. npsimons ◴[28 May 19 20:23 UTC] No.20034012{6}[source]
    > Hmm, I wonder if it's confirmation bias on my end, or just a difference in what pages we each view.

    Yes.

    Joking aside, I will add that I've been a NoScript/FlashBlock user for quite some time (more than a decade? I honestly can't remember), and while I run into some things that are frustrating (just had to disable NoScript for a tab to order plane tickets), it is refreshingly uncommon.

    Yes, you can browse with default deny to JS and Flash.