HN Theater @HNTheaterMonth

One by one, the Chrome engineers continue to chip away at the techniques in The Annoying Site https://theannoyingsite.com (warning: open in a secondary browser).

Talk video here: https://www.youtube.com/watch?v=QFZ-pwErSl4

Source code here: https://theannoyingsite.com/index.js

Well done!

⬐ userbinator

The Annoying Site doesn't do anything if viewed without JavaScript --- showing that JS is responsible for the majority of annoyances. Unfortunately a lot of users are reluctant to use whitelist-based JS enabling, but IMHO it is extremely effective and well suited to those who mainly use the Internet as a hyperlinked document library.

(I discovered the effects of turning off JS a long time ago, and have been whitelisting since. It makes using the Internet much less irritating.)

⬐ hopler

Link for the readers with deja Vu about this comment:

https://news.ycombinator.com/item?id=18715008

⬐ ronilan

Feross has done a great job with the annoying site, providing a blueprint to work from (or against).

⬐ mschuster91

     One by one, the Chrome engineers continue to chip away at the techniques in The Annoying Site https://theannoyingsite.com (warning: open in a secondary browser).

Darn, this thing is nasty. And I'm surprised that all the huge sites in https://theannoyingsite.com/index.js L107 ff have XSRF/replay protection in their logout URLs...

⬐ stevewodil

Why did I click that? Lesson learned wow.

⬐ jraph

Previous thread: https://news.ycombinator.com/item?id=18715008

⬐ scarejunba

Fascinating. Chrome on an iPad killed all the annoyances a few milliseconds after they started and redirected to a harmless page with a picture of a cat (like the original but without anything interactive).

⬐ None

None

⬐ dtx1

the only way i got out was to

> killall firefox

that's pretty impressive

⬐ dingo_bat

I just had to close two windows and it just closed off. Firefox on Windows 10.

⬐ orbifold

That sums up pretty nicely, why I don't use Firefox. On Safari it only managed to spam my history and download cat images periodically, but I could easily close the window and it didn't spawn any additional windows.

⬐ semi-extrinsic

Hmm, on Firefox mobile I opened in private tab, and then just clicked "close tab" after it started playing the annoying voice and that stuff.

⬐ quietbritishjim

To repeat my comment from last time this came up: in Firefox, this site is almost entirely neutered (but still a bit annoying) if you turn on the option that forces all popups into tabs rather than new windows. It's especially easy to shut if you open the site in its own window in the first place or use tree style tabs (so you can easily close the tab and all its descendants). I find this behaviour nicer anyway, even for non-malicious popups. I believe there is no such capability in Chrome.

To change the setting: in about:config change browser.link.open_newwindow.restriction to 0. Source: https://support.mozilla.org/en-US/questions/1066799

⬐ ytqaz

The difference is that in Firefox you have to go to the arcane about:config page while Chrome will roll this out by default for all users.

⬐ amelius

The real difference is that Chrome actually breaks sites that legitimately use this behavior (hypothetically).

⬐ otterley

Can you give an example of a legitimate use case?

⬐ sbr464

I like the change, trying to dig, maybe:

A kiosk at a gov/hospital that needs a browser open on a default page?

Their are probably better sys admin/mgmt tools available though.

⬐ None

None

⬐ andrei_says_

Accidentally leaving a form in progress?

I believe closing gmail browser window while composing a message would show a popup.

I use it in an app where editing an item locks it for everyone else and to unlock it, one needs to save or cancel the edit. So closing the browser tab while editing shows a warning.

Edit: I was corrected by the comment below. Had in mind a different function.

⬐ strictnein

That's not the window.open() call, which doesn't stop the browser window from closing. It's (I believe) a window.confirm call: https://developer.mozilla.org/en-US/docs/Web/API/Window/conf...

⬐ SmellyGeekBoy

Configuring things is arcane now? When did users become so helpless?

⬐ TomMarius

If I tell my grandmother to open about:config she probably will write me off her will

⬐ michaelmrose

Everyones hypothetical grandma is a shitty proxy for all users.

⬐ None

None

⬐ TomMarius

I taught retired people how to use computers for 5 years, I met and saw around 100 retirees interacting with a computer and talked with them about it. It's a very good proxy. You could see it immediately - they can handle good UX with good defaults, but a computer literally scares them and definitely NOT just lightly, I had people that nearly started crying when they thought they broke it - and the failure was that wallpaper was black but they expected a picture; I saw people literally screaming because a popup window or a dialog opened and they (in case of error) thought the computer is broken forever - I wish you saw their surprise when I clicked OK. Teaching them what is a button took at least 3 lessons - and that was in Windows 2000 to Windows XP times when a button actually looked like a button.

They are seriously afraid to even use it normally. Expecting them to change configuration is utter bullshit.

⬐ michaelmrose

For any given product there is an expected demographic and a reasonable projected demographic going forward.

Older people are not a special case of a class of people incapable of becoming proficient with technology.

Current older people are in the position of having grown up before computers.

For any given tech product the computer incapable are probably not your biggest segment and that segment will shrink over time.

All of our 80 year old grandparents who mostly don't use technology now will use even less in whatever afterlife awaits and pretty soon we will have 50 year olds who encountered computers in their teens and grew comfortable with them.

⬐ TomMarius

Actually we have a rapidly increasing number of teens that have no idea how to use a computer due to smartphones and it's normal in Asia (especially Japan) to not even own a computer as a household. I've seen teens who don't know what a folder is.

⬐ hopler

My grandmother is pretty good with navigating text; constantly changing animated UIs are what confuse her.

⬐ sideshowb

Configuring things is a repeated cost we needn't pay if the defaults were good in the first place

⬐ userbinator

Not everyone wants the same configuration, which is the whole reason for its existence in the first place.

⬐ TomMarius

That doesn't change anything about what GP said though.

⬐ hutzlibu

When suddenly everybody went to the internet and not just experts.

Seriously, people can configure things. But on their level. So a ordinary person is able to configure popups yes no and might understand the consequences - but if this setting is next to experimental new webgl module which might crash your browswr - and hundreds of other very technical ones, then clearly no. And firefox about config is lile that.

⬐ Franciscouzo

Eternal September?

⬐ ninkendo

What does being helpless have to do with anything?

If a behavior makes sense and no one would reasonably not want it (like blocking popups during page unload), why does it need to be an option? Why isn't it just "the way the browser works"? What other "unbreak my browser" options are buried under there?

⬐ michaelmrose

Nobody has actually mentioned a way to block pop-ups on unload with about:config in the first place. Not having ever seen a popup on unload it may actually already work like this.

The option discussed was forcing new windows into tabs.

⬐ skymt

Yes, a giant table filled with hundreds of rows like "network.auth.subresource-img-cross-origin-http-auth-allow default boolean false" is in fact arcane.

⬐ userbinator

I've always thought it weird that Firefox's about:config UI is not much better than editing a flat configuration file. Clearly there wasn't much effort put into it. Even IE's configuration is far better organised than that, grouping everything into hierarchical categories.

⬐ mintplant

Uhh, Firefox does have the a proper GUI settings area. about:config is for experiments, internal flags automatically set according to the user's system configuration, or niche features not useful to most users (and so not promoted to a spot on one of the graphical panels).

With the "user.js" feature [0], you can actually control them from a flat configuration file.

[0] http://kb.mozillazine.org/User.js_file

⬐ quietbritishjim

I don't think that is a difference: for the feature my comment was about (popups in tabs), the chances of Firefox and Chrome rolling this out to all users by default (not in a config, arcane or otherwise) seems roughly equal to me. That is: neither currently shows any indication, and I can't imagine why!

I case I was unclear, the setting I'm talking about is totally different from the bug report linked by OP. For that: I have never seen a popup appear when closing a tab in Firefox so I suspect it was already fixed long before Chrome (and I haven't changed anything related to that in about: config)! But I haven't been about to find any definitive source about it.

One by one, the Chrome engineers continue to chip away at the techniques in The Annoying Site https://theannoyingsite.com (warning: open in a secondary browser).

Talk video here: https://www.youtube.com/watch?v=QFZ-pwErSl4 Source code here: https://theannoyingsite.com/index.js

Well done.

⬐ Spivak

What is allowing site JS to physically move the browser window on my screen and how do I burn this feature with fire?

⬐ JohnFen

"how do I burn this feature with fire?"

What I do (for different reasons, but would still be effective) is to not allow Javascript to execute. Sites that are so poorly designed that they cannot operate without Javascript enabled are sites I simply don't use.

⬐ koboll

Window.moveBy()

https://developer.mozilla.org/en-US/docs/Web/API/Window/move...

⬐ quietbritishjim

This only works in popup windows. According to the guy who made this website [1] this is to stop cross-origin communication, which is quite interesting. But it also has the effect that if you force popup windows to appear in tabs rather than windows then you do indeed burn the feature with fire. And IMO it's worth doing anyway, because no one has the right to open a browser window on my computer except me. It's possible in FireFox by changing browser.link.open_newwindow.restriction to 0 in about:config [2].

[1] https://youtu.be/QFZ-pwErSl4?t=558

[2] https://support.mozilla.org/en-US/questions/1066799

⬐ giancarlostoro

FireFox used to have an option to disallow pop ups to move themselves... I can't find that setting anymore, and I think Chrome used to as well, it still might. It's one of the first things I disable on my browsers due to some prank sites using this tactic for maximum trolling.

⬐ bzbarsky

The "dom.disable_window_move_resize" preference is still there. There doesn't seem to be UI for it, but it can certainly be set in about:config.

⬐ badestrand

I wonder what could possibly be a use case why they would allow it and even built an API/interface for that.

⬐ amaccuish

I shouldn't have done that. Though my downloads are now filled with cats which is nice :)

⬐ maccard

Jeez. probably could have done with a "don't open this in work" warning too...

⬐ tzfld

>https://theannoyingsite.com

This is worse than I thought.

⬐ kilroy123

Dear god. I didn't even know some of these things were possible to do via JS.

⬐ brownbat

There was a cat and mouse game with adblockers and websockets a couple years ago, but I'm not sure how things work now.

Is anyone keeping an annotated list of annoyingsite techniques, to see what's still broken?

I'd love to gaze at the medusa, but indirectly if at all possible.

⬐ 0xcafecafe

Opened it in chrome (my primary browser) in a new tab. It wasn't that bad to kill all the pop-ups from the task bar in windows. Took about a few minutes (<5). Rest of my open tabs remained unaffected.

⬐ woliveirajr

Does anybody follows those "warning" advices?

⬐ singularity2001

Wow, Firefox failed the chaos monkeyt test miserably! Felt like IE in 2001!

Don't open this site with 'reopen tabs after crash' option activated!! How can they even popup so much and how can the print dialog disable closing buttons??

Looking at the video, Chrome and Safari are in no way better off. Still, I thought popups were fixed 2008.

⬐ quietbritishjim

By the "choas monkey test" do you mean the annoying site in the parent comment? I'm using FireFox and it didn't do much for me. As I mentioned in another comment, I have set popups to appear in tabs, and that seems to mostly neuter the site.

It still managed to go full screen and play audio in the form of Nyein cat and some text to speech, which admittedly was annoying. But I managed to close the site and any "popup" tabs it made with two actions: Alt+F4 (I'm on Windows) followed by clicking "leave page". I had opened the site in its own window so my existing tabs were unaffected, but I wouldn't have been much worse off if I hadn't.

I believe Safari has an option to send all popups to tabs rather than new windows, so it is probably affected to a similar (low) level as FireFox. But I don't believe that Chrome has this option.

⬐ Bantros

Fuck me, that is annoying!

⬐ hjek

Don't know whether to laugh or cry at this. Flashback of Windows 95-era viruses but created in a modern web browser. The GNU LibreJS project should link to this video. It shows clearly, perhaps too clearly, what is wrong with running untrusted code in the browser.

To those who can't be bothered to watch the whole talk and don't mind force-quitting their browser, skip right to the action at https://theannoyingsite.com

I had no idea things like these were still possible in the browser. Very inspiring, in a wrong way. Thanks for sharing this.

⬐ bnb

You should try to see if the website works in Windows 95 with the WASM Windows 95 implementation in Electron:

https://github.com/felixrieseberg/windows95

⬐ feross

Creator of the site here :) Thanks for the nice comment. "Very inspiring, in a wrong way" is what I aspire to with my hacks.