JavaScript is getting more and more dominant. Hence, more people use it who have no idea what do with and do a lot of copy+past development. Therefore many websites are getting more and more annoying. Even Brendan Eich says that he is the one to blame for JavaScript. I don’t want to blame the language itself but how it is used.

First, we should remember what it was intended to do:

  • enable a certain degree of interactivity
  • augment html and css
  • (fix IE problems ;))

Now, it is even used for desktop software because everybody has a web browser (or a web browser engine to be more exact) on their computers/smartphones/tablets/watches/etc. (many other GUI toolkits such as QT, GTK, wxWidgets etc. are not perfect as well). However, for most parts of this post I’m stick with websites. The way it is used for many decentralized (aka blockchain-based, distributed ledger-based) applications is also kind of questionable. JS for all kinds of applications for IoT devices are questionable as well. To my mind, they get compiled to C and to machine code after wards. We all know what kind of problems C can cause - so why making it even worse by using JS as an higher level abstraction?

Websites Frameworks introduce a new set of security flaws. We could argue that using a well-tested framework should result in more secure websites. However, I don’t think that anybody really checks what certain packages delivered by node.js are doing or if they contain malware. Furthermore, it looks like nobody really understands what certain packages are doing and if there are overlaps with other packages/functions they use that cause multiple calculation of the same thing I’m not so sure if any browser engine detects these while compiling JS to something that they execute.

Let’s be honest: hardly anybody cares about privacy and data protection outside Europe and even within the jurisdiction of the EU GDPR compliance is often just a “paper act”. Almost every major website located in the Europe contains a lot of external JS libraries and trackers. First, I’m an AI guy. I love data but more importantly I love useful data. The collected data can’t be useful at all. Especially when we think about the end product which often is some funny dashboard that looks fancy but doesn’t provide any real information or advice. My background is statistical modelling and numerical simulations of real-world things and therefore I have a much better understanding of what could be done with such data. I have slightly different opinions on “fast” as well. Therefore, I don’t know how anybody can use any website with all scripts enabled by default.

Another thing that I notice quite often are high CPU loads caused by JS scripts that contain many errors. NoScript helps a lot to prevent improper scripts from running and therefore increase security. One thing that I noticed is that many media outlets that promote the end of the world because we people are using way too much electricity clutter their websites with all kinds of JS from » 100 different servers. Besides introducing a lot of potential security issues they increase electricity consumption quite a lot and drain mobile devices quite fast.

There are some JS applications such as Tensorflow.js or FreeFem++ that do heavy computing in a browser and that is okay because they have a useful prupose. However, it might be to move such applications to WebAssembly to speed them up and reduce electricity consumption.

Disclaimer: I did web programming before it was cool ;) - and I’m still shocked how many security errors still exist that existed 15 years ago (most of them caused by really bad programming styles).