8.0 KiB
title: What is considered a broken website? author: 寮 date: 2022-07-27 06:30:00 tags:technology,internet,webdev threadid: ALtd9DNFCEuGMCkyhM
Before I begin, I have a quick announcement.
I really enjoy writing blog posts as of late, so I decided to set a fixed release schedule for my blog posts going forward.
That's every Wednesday (水) and Friday (金) in the morning (Japan Standard Time).
I originally wanted to do this every day, but I figured I'd be running out of stuff to write about really quick that way, but that's still 104 posts a year if you look at it!
And no, I'm not doing this for money, considering that despite having a Monero wallet available where you can donate to, I made exactly 0.0000000 XMR so far.
So I'm technically thanklessly writing everything out of my own pocket.
The following decides whether your websoyte is broken:
- You require JS in order to load (unless you're something like Goolag Maps or something like that).
- You blanket ban Tor and/or VPN users.
- You overdependent on CDNs to the point that crucial features won't work if you use uMatrix.
- You load fonts from Goolag.
- You have a splash/loading screen.
- You use reCAPTCHA to maybe stop bots (for a few days until they get around that).
- You require users to use specific browsers, specific browser versions, specific operating systems, and/or specific operating system versions.
- You demand users to install a smartphone app or use a smartphone for specific tasks.
- You use 2FA/MFA for logins.
- You hide your communication behind Discucked, Matrix, Slack, or some other chat soyware.
So how to solve that?
Stop requiring JS as a dependency
Stop using JS unless you REALLY need to, and even then make sure your website is at least fully readable when JS is turned off.
The web was never made to depend on JavaScript, it was only ever made to depend on HTML.
"But it's current year, webdevs don't modify the DOM anymore."
Oh yes we do, every single day!
Modifying the DOM IS the most basic and most necessary web development skill!!
If you can't modify the DOM, then maybe you're not fit to make websites.
Don't blanket ban Tor and/or VPN users
Seriously you're only going to lose customers, time, and money over that!
Even the mainstream normies have figured out VPNs, and they're actually using it, what a shock right?
Tor isn't as widely used, mainly because of its bad image, but the more governments, major corporations, and the MAFIAA are going to jointly censor the entire internet and turn it into a mass surveillance dystopian space, the more normies will resort to Tor regardless of image.
Don't use CDNs, host locally instead
Host all ASSets locally instead of relying on CDNs.
Loading from CDNs will NOT improve performance, it only makes things worse.
Plus most uMatrix users won't mind locally hosted ASSets, the real problems arrise from 3rd party soyces.
Some arguments are that browsers will cache requests and thus will save bandwidth.
This was true 2 decades ago, but browsers in current year cache per domain, so even if the entire world would load the exact same library from the exact same CDN on 20 different websoytes, the browser will separately cache that exact same library 20 times.
Another argument I keep hearing is that it loads faster if you're far away from the server.
Well, the websoyte is already hosted in far away lands anyway, so what's even the point?
It makes much more sense for me browsing from Japan to load the HTML, CSS, 5 images, and 1 jQuery file all from 1 random server in Germany than it is to load HTML and CSS from that same server in Germany, then 5 images from a server in Taiwan, then 20 completely unnecessary JS files from Russia, Brazil, Italy, Vietnam, Ausjailia, and Ukraine in random order.
At the end of the day, all you're doing is making your websoyte load slower, break your own websoyte to privacy minded people, widen the attack vectors for your websoyte, and enable exploiters to insert malware into the library without your knowledge or consent.
But at least using CDNs is cool, so that's the only thing that counts, at least according to your university teacher.
Host fonts locally, or use the default font
Download the fonts you want, and host them locally.
Or don't load in fonts, nobody gives a fuck about weird looking fonts, people only care about the readable font, which is the browser's default font!
Delete bloat so you don't need a loading screen
I perfectly understand a splash and/or loading screen in video games, as it takes quite a long time to load in 3D models, 8 billion by 8 billion pixel textures, raw WAV files, and so on.
Guess what?
A website is NOT a video game!
If you need a splash and/or loading screen to hide the fact your websoyte is broken before you finally let me in, then your websoyte is plain broken, even after everything has been loaded!
Simply remove all the bloat, and there'll magically be no longer a need for a splash/loading screen.
Accept the fact you can't stop bots, and become user friendly again
Don't use reCAPTCHA.
If you really need it, there's also hCAPTCHA, or the classic ones.
There's no use to be as hostile as possible towards actual humans just to stop a bot or 2 for a few days.
KISS! (Keep It Simple, Stupid)
Make your website accessible on most or all browsers and all operating systems.
Sure, it's hard to keep up with all of them, but that's why standards exist.
Thanks to standards, you don't need to worry about all the different browsers and OS's, though it's still good practise to test in as many of them as possible.
Keep the web browser-based
Websites should always be accessible from PC browsers without any extra hurdles.
Seriously, stop discriminating against users of real computers by enforcing the use of the NWO device that is the smartphone!
Encourage users to use a strong password
Again, don't force people to use smartphones, even for logins!
MFA has nothing to do with security, and everything to do with tracking you by linking your PC's browser to your smartphone, and track you using your smartphone instead of PC browser.
I'm still OK with Authenticator-style OTP ones, because at least it's just a 6 digit code, and you can still do it on your PC, which mitigates the privacy issues.
But if you make it so that it ONLY works on specific Authenticator crapps (some disservices started doing so!), then you're pure evil.
A little technological secret I want to share with you that apparently very few people know, but will make you no longer want to use MFA: password managers exist!
GNU Pass is by far the best password manager.
Password managers should ALWAYS be PGP encrypted and local (so no internet connection needed!).
It's very important, because password managers that store passwords "in the cloud" (which are all the services you need to avoid at all cost) always end up getting hacked sooner or later, local ones only will if you're a complete retard.
Keep communications open, preferably in self-hosted forums
Don't hide your community behind a walled garden, open communication using forums remain superior for all sorts of reasons.
I'll make a post about that next time.
The only chat software that's good is XMPP, but since normies generally don't understand it somehow, that too should not be used as part of your community.
I have warned forum owners about the use of Discucked back in 2015 and 2016, and only 2 owners actually listened (both being modding communities for DS games).
One of them made strict rules against sharing Discucked invite links, but then her forum memebers threw her under the bus by setting up a Discucked chatroom behind her back, which then destroyed her forum so much that the forum no longer exists (dopemine is really THIS harmful!).
The other one wasn't as strict, but his forum too is losing ground to Discucked, and is even considering now to quit his forum in favor for Discucked.
All the rest of them who didn't listen gladly gave up their sovereign space on the internet and accepted the digital handcuffs in a digital prison, because the latter is more "convenient" than the former...