160 comments

[ 2.9 ms ] story [ 189 ms ] thread
Doesn't look too bad to be honest, considering when it was written. There are some oddities like the functions "returnTrue" and "returnFalse". Other than that, don't fix what ain't broken?
I wonder if stuff like this is taught in India schools? I work with multiple India devs and they do this all the time. Our code has stuff like below that drives me nuts.

public static boolean TRUE = true;

I've directly asked if they think TRUE will some day need to be set to false but they just ignore me.

> TRUE will some day need to be set to false

It will happen one day, it will go into production, and the app will work surprisingly well with some subtle glitches. After revealing all contractor devs will make poker face and things will continue as before.

One time we had a big launch of an important feature (for one noisy customer), we ended up with like 4 feature flags that we needed to flip once it was time to go live.

Anyway the big day comes, we turn it on, everything looks good, everyone is happy.

A few weeks later I noticed we forgot to turn one of the flags on. So I asked a teammate what he thought. He shrugged, we figured it would be slightly better to turn it on.

"They do this all the time"? The ignorance of generalizing a large country with a big population is astonishing. The problem is your employer paying peanuts as developer salaries. You'd get the same bad code if you paid peanuts to hire shitty developers in the US or EU.
So now you generalize that these devs are terrible? They do this one thing I don't like. That doesn't say anything about the quality of their work overall.
Yes. If you hire someone for an excessively cheap rate, it is likely that they might not perform well. For example, assume the salary of a graduate salary in bay area is $100K. You can usually hire an equally skilled graduate in India at like 1/5th price. But if you instead hire ones that are OK with 1/10 or less, you are just asking for trouble. India has a surplus of engineering graduates, even people who have no business studying engineering get an engineering degree (because let's face it, not everyone is interested in STEM) - so they perform badly as expected. But that shouldn't discount the good ones (even if 10% are good, in absolute terms that's still a big number because of the population).
Declaring functions like 'returnTrue' was a way to prevent memory leak in old IE (~IE6/IE7) (instead of creating a new inline function each time a method is called). It was especially important when a function is a closure and has a ton of variables visible in outer scope (in particular, refs to DOM nodes) and is called many times. Otherwise you end up with circular references between the objects and nothing can be garbage collected (GC implementation in old IE was very bad).
I remember replacing some functions like this in a codebase I used to work on about twenty years ago. The senior dev at the time had to add them back a day or two later whe the site totally broke for IE users after a couple of minutes.

Fun times.

I hope he added in a comment /* don't remove or refactor this, IE6 will break */
Oh god there’s so much of that I’ve written over the years. It’s still in there now. Fortunately minification eats my shame publicly.

Think the worst one was we had some code that would add a pad in somewhere after the page was rendered that would cause IE6 to redraw the page correctly.

I am impressed to see none of this

  prototype
It takes a minimal understanding of JavaScript to use prototype. Here there is few methods figthing with and mangling the DOM and strings.
Which is why I'm impressed. Enough prototype spam! Functional JS is the way to go.
Obfuscation would have saved face
This is not really embarrassing code relatively speaking.

Start replacing the global variables with ‘const one = useState(1)’, and get a few of those DOM elements into a render function, and it’ll start to look like what most front end people write now days. Split the helper/utility methods out to a helpers.js file, import in the ones you need. Swap out the Date and Number handling with native methods or decent library.

I’d call this person crazy if he abstracted into something wholesale unnecessary like a state machine or a pub/sub pattern, or factory pattern, etc.

So far so good, plenty to work with here. The person was not given any bad ideas to even contemplate writing it in anything but a straightforward way.

  function cancel_request ()
  {
     window.history.back();

     return false;
  }
—-

What?

window.history.back tells the browser when you have a chance execute a back navigation, control still has to be given back to the browser to do it.
Honestly, not too bad. At least it's organized as recognizable functions. It just has a lot of useless repetitions that should've been implemented as lookup tables or format strings.

    datestr += '<option value="" selected>-mmm-</option>';
    datestr += '<option value="01">Jan</option>';
    datestr += '<option value="02">Feb</option>';
    datestr += '<option value="03">Mar</option>';
    datestr += '<option value="04">Apr</option>';
    datestr += '<option value="05">May</option>';
and

    case "alphanumhyphen": 
        if(l_str.length >0 && l_str.search("[^A-Za-z0-9\-_]") >= 0 ){
            if(p_alertFlg){
                alert( p_fldTitle +" should contain Alphabets or Numbers or - or _");
            }
            return "alphanumhyphen";
        }
        break;
    case "numeric": 
        if(l_str.length >0 && l_str.search("[^0-9]") >=0 ){
            if(p_alertFlg){
                alert( p_fldTitle +" should contain Numbers");
            }
            return "numeric";
        }
        break;
    case "decimal": 
        if(l_str.length >0 && l_str.search("[^0-9.]") >=0 ){
            if(p_alertFlg){
                alert( p_fldTitle +" should be Numeric.");
            }
            return "decimal";
        }
        break;
What is the correct term to describe this type of code?

I used to call it "Spaghetti Code". But I recently learned that it's incorrect. "Spaghetti Code" only refers to programs with messy and unclear control flows (especially unstructured programs that abuse goto), it's not the correct term for code with useless repetitions.

I suggest "micromanaging". Instead of saying "do this 100 times for these parameters", you explicitly instruct to do things one by one without noticong that there's a pattern in your instructions.
Its cautious - each engineer that edits that file is changing the minimum necessary. You can bet a bunch of them looked at some of those functions and saw how they could be made more consise or less repetitive - but if its all working why take the risk? Its just creating more work for the people downstream who have to test and sign off every change.

There's a lot to be said for boring, easy to understand code.

Strings are immutable, so each one of these concatenations creates a new string with slightly more content.

I have seen modern JavaScript that can be just as bad as this.

Not really correct for JavaScript (among others). All modern implementations optimize repeated appends in cases like this. They all have ropes, too.
Most modern JavaScript I've seen is worse than this.

At least it's not a minified blob built up from dozens of repos whose primary purpose is to make its authors look (feel) productive/prolific.

Ah, thanks. I didn't know DRY has an antonym - WET. I followed the link and saw that this behavior is also called copy-and-paste programming. I think I'll use this one from now on. Wikipedia has a funny animation for that.

https://en.wikipedia.org/wiki/File:Forgotten_edits_in_copypa...

Except DRY is not about not repeating code at all. It's about having a single source of truth. I'm not saying this is the case here, but it's a problematic misconception because it encourages pre-emptive optimization of repetitions that can be purely coincidental and not rooted in business requirements.
Write Every Time fits. I like this.
Pasta code.
Or just generally starchy code?

Now I just want to figure out all of the food analogies for bad code patterns...

Is high starch code (once its been DRYed) less susceptible to code rot and code smell? Though it may be less nutrious and so should be near the bottom of the code pyramid.
I like where this is going, so I propose gnocchi code: small blobs of pasta tightly packed together.
On the positive side, it's straightforward and is void of cleverness (yes I've been doing Go, can you tell?).

I mean if I were to change that option string generator, I could make a numeric for loop from 1 to 12, left-pad a zero for the value, and lookup the month label from a label array or create a Date object and use its formatting options to output the label. I loop over an array of objects with a value and label. With ES6 I could do that with a .map() operation.

It's inelegant but it does what it says on the tin. Can't have an off-by-one error if you don't use loops or indices.

(comment deleted)
For sure. Using code or data structure to generate code is recent (or resurrection ) phenomenon of function programming.

The function is formatted and it does what it suppose to do. It can be refactored to make it less code.

> Using code or data structure to generate code is recent (or resurrection ) phenomenon of function programming.

I'm not entirely sure how you came to that conclusion. Lookup tables and format strings have been around for... well, I'd guess almost a century.

On the other hand, look at the validation:

- Why not check the length of the string before the switch? - Why return a string which is (meant to be) identical to a variable? - Why not set the regex into a variable and then only have one if-block?

"Don't repeat yourself" is a very good rule for many very good reasons, but a big one is that you don't have to change 10* different places to change 1 thing, which gets rid of a whole class of extremely common bugs. Also, it makes it much more obvious what the code is doing, since your brain only needs to parse 10 different one-line assignments instead of 10 different six-line blocks.

* Replace "10" with whatever the actual number is.

I think the scientific term is "boring, maintainable code that junior overengineers won't touch with a stick"
This is your idea of maintainable? Yikes. Tell me, how many places in the referenced snippet would need to be changed to, say, allow commas to be present in numbers?
Yep. All the duplication is local and it's just a few lines.

Duplication is never pretty, but when it's as local as here, it's pretty much harmless. Duplication that's not obviously duplication, that's a problem. This is not that.

To answer your question, in 3 places, a few lines apart from one another.

Now what happens when there are 10 of these blocks? Embedded within or called by 10 other blocks that also have duplication?

Duplication displays exponential growth.

i have this kind of code only difference is it is autogenerated using code templates, changes to templates are done by developers already experienced in the code and bug fixes in actual code are done by junior developers may be this is not handwritten.
If you think this is old, you should see the mainframes running our bank systems...
Banamex still runs Unisys on VMs in the cloud.
For people who don't know, this bank (HDFC) was dinged and penalized by the central governing bank (Reserve Bank of India) because of the frequent outages of their banking systems.

They restricted the bank from issuing new credit cards for a year which is a big penalty all things considered. Also, they were given a deadline to get their tech stable and they actually brought in an IT provider for the bank to fix things which was bit high handed. But the bank was very big in the country and a failure can have cascading affects which was the reason said by the central governing bank.

I believe it was the first of the kind in the country to penalize a bank because their tech was unstable.

>They restricted the bank from issuing new credit cards for a year which is a big penalty all things considered.

This is hilarious because they are actively offering credit card upgrades all around right now.

Not really, they are trying to sidegrades or downgrades.

For eg, Regalia first -> millenia; which is a flat out downgrade!

Some yes, a lot of Regalia people are being given Infinia. Like me, when I barely use it (-8
They can’t bring in new customers but replacements, upgrades and downgrades for existing customers are allowed.
If you can't maintain your revenue by signing up new customers to replace those you lose, you have to keep those you already have, and better yet, achieve some growth by upselling them.
Was the outages in the bank related to this javascript file? I just trying to understand what is the relation.
No relation, but HDFC tech has been a lot in the news and under the flashlight.
This JavaScript file is just the tip of the iceberg. Imagine what the rest of their code is like.
Note : This comment is unrelated to the link posted.

While HDFC's IT systems remain a bit problematic (though not as bad as YES Bank) the bank itself is pretty good. There is a saying in Mumbai that if HDFC is funding your mortgage you dont really have to do due diligence about legality of the property. (It is common in India for a builder to sell the same property to two different people, sell properties with lien and so on).

It remains one of the healthiest banks in India, displaying good growth and trust from consumers.

HDFC deserves all the opprobrium it gets, but the fact that the RBI dinged HDFC and not SBI amazes me. Back when I had an account, SBI’s website would go down frequently, including for maintenance in the middle of the day.

Also, the lack of good UX in Indian banks’ online banking is truly astonishing. Particularly HDFC, which presumably is rich enough to effort decent UX people.

In Central Bank of India, to change your netbanking password, once you click change password, a physical mail will be sent and you have to go and collect from the branch manager and he would start a talk with you for 20mins asking all your details and sort of things before giving you the letter. All this just to change NetBanking password , after doing it and getting it locked again due website slowness, I never used their NetBanking itself.
I love this

   function returnFalse ()       {return false}
and the fact that their home cooked date_val() function does not use their home cooked isLeapYear() and daysInMonth() functions, but uses its own, pretty much unreadable, leap year determination algorithm.

   var l_k=parseInt(l_y%100)
   var l_m=parseInt(l_y/100)
   if (l_d == 29 && ((l_y/4)!=parseInt(l_y/4)))
   {
    l_err=1 ;
    l_errstring = "Date is invalid.";
   }

   if(l_k ==0){
    if (l_d == 29 && ((l_m/4)!=parseInt(l_m/4)))
    {
     l_err=1 ;
     l_errstring = "Date is invalid.";
    }
   }
Yeah they would be much better off importing a few npm packages for that, and setting up some CI to build this with webpack and deploy to serverless /s

Nothing wrong with the code per se - a little formatting and nicer variable names would make it entirely readable. Having the entire logic inline might be intentional so you can cross-check (legal) requirements and avoid transitive dependencies - the handling of dates specified might not necessarily match what’s “technically correct” at all times. Anyone writing Go will be familiar with this style.

On the topic of banks and software, I can't understand for the life of me why almost all of the banks in Canada and US have comical level of security. Most don't offer 2FA (of all the banks on Canada, the only one with 2FA is TD if I recall). Those who do only have 2FA through SMS so good luck travelling out of country. Many still have pin-only passwords with 4-8 digits limit...
Good old fashioned legacy systems. Decades and decades of consultants throwing garbage at more garbage. Endless uplift projects and corporate reshuffles slicing tech stacks in two, and sewing them back up.

Banks are utterly famous for this stuff, and I think the new trend at least here in Australia is to start spin off 'neobanks' that begin with a fresh slate, but are still owned by their parent bank.

Probably they not legally mandated to offer it and are not liable for hacked accounts.

A few years back a German/EU law required banks to introduce real 2fa for customer logins and payments. The deadline had to be extended several times and still some banks and merchants missed it.

> On the topic of banks and software, I can't understand for the life of me why almost all of the banks in Canada and US have comical level of security.

Multiple reasons:

1) They're banks. Banks are run by the worst type of MBA beancounters you can imagine - all that counts is profits (and the more the better, which is why way too many banks dabble in investment banking aka legalized gambling), and IT doesn't bring in profits, so generally bank IT is only doing the utterly minimal effort that is required to stay in compliance with regulatory demands. As you can imagine, they're pretty much overwhelmed when they get requirements that require overhauls - e.g. the EU mandating overnight SEPA transfers or real-time identity confirmation (PSD2).

2) The tech stacks are comically old and complex (which is the reason for pin-only passwords). The decades-old mainframe stack with hundreds of custom built applications interfacing to it means that even something as innocent as alphanumeric passwords may be all but impossible to do. And don't get me started on Unicode, you're lucky if the base minimum that all connected applications understand is something like ISO-8859.

3) Related to this: as the software is so old, it literally embodies decades of knowledge of all possible kind of "edge cases" and hidden assumptions. Like... developers assume that a dead person stays dead, which is a sane thing to believe since zombies aren't real, but then you have someone declared dead by court reappear alive, and suddenly the workflow breaks down. Or that someone who registered as male can't change their legal gender, or that there are only two genders (which is quite fucking over many many MANY industries who implemented gender as a boolean, e.g. is_female), or that a marriage exclusively consists of husband and wife (changing that one is costing the public sector an awful lot of work, even many years after same-sex marriage got legalized in Germany).

4) Security audits in big companies (not just banks) are just checklists for insurance vendors, no matter if they actually make sense or not. All that matters for the C-level execs is "assuming someone hacks us, will insurance find a way to deny payments?" and not "is this actually secure?".

5) Regulatory agencies are so risk averse it hurts. What they don't know for years is haram - Kubernetes? Cloud hosting? Even proposing that will get you as a developer a shoot-down order from legal, since the regulatory agencies won't certify it.

Source: done a couple jobs involving either interfacing or directly working with medical and banking services.

Thank you for the detailed answer! It's too bad that unless there's government regulations banks will not have 2FA in the foreseeable future. Such a shame.
Please mainframes are not old, most of the mainframe machines used by all top 50 banks are latest. Programs running in mainframes may be old as they are backward compatible. Policy is don't change it unless it breaks. So devs in mainframe get to work on new projects or optimise existing code. Front-end(offhost) Keeps changing regularly....
When I travel out of country I stick my SIM card in some old rooted android phone and configure it to forward sms messages to my email, only because of banking 2fs sms messages
That's actually a really nice idea. Do you have a specific app that you use for that?
One of my credit card/bank accounts - I forget which - didn't allow the use of non-alphabetic characters when I was setting-up the password.
I think perhaps US being an exception, receiving SMSs is free even when you are roaming.

Many android phones have dual physical SIM cards, so when I travel, I still keep my bank-registered number on roaming.

But I totally agree with your point - of all places, Banks are probably WORST with 2FA. No U2F or even TOTP. There was one bank where I live that offered thise battery powered RSA physical tokens, but they are way worse in practicality.

Most crypto websites I’ve used have way better security than my banks. Can get into the bank with a password, crypto requires 2fa, email confirmation, captchas, all kinds of checks.
Flexcube is the same software package that caused Citi to accidentally send $900 million.

https://arstechnica.com/tech-policy/2021/02/citibank-just-go...

i-Flex, the maker of Flexcube, was my first company out of college. I stuck around only for a month or so, but in that time we had a brief training on the software. The interface was a smorgasbord of buttons and inputs, and I couldn't make head or tail of anything on it. Good to see that things haven't changed in over a decade since then.
They're pretty optimistic about how long this script will be in use:

``` if (l_y < 1900 || l_y > 9999) { l_err = 1 ; l_errstring = "Year is invalid."; } ```

My frontend date code just passes a millisecond timestamp to the JS Date object constructor to do validation, so technically any code I've written could be actively deployed until the maximum valid JS Date, which is in the year 275,760. (https://262.ecma-international.org/5.1/#sec-15.9.1.1)

Something has gone seriously wrong with human society if that ever actually happens.

"The Ken" had an good article on the state of Indian bank's IT systems - https://the-ken.com/story/sorry-for-the-inconvenience-why-yo... (behind paywall but a good read).

These are the "star" private banks, let's not get into the state of public banks.

Honestly SBI architecture feels so much better than HDFC though.. Even though SBI is state run and HDFC is public
And unlike python, it stills works fine.
Hdfc & SBI being my major banks since last one-two decades, SBI's online banking is way better than HDFC's although former is a government bank.
The code quality is one thing but its longevity doesn’t seem to me like a problem in itself.
I am obsessive about backwards compatibility, and I test back to Netscape 2.0 (the first JS platform). The magic of JS feature check abilities is that you can totally cover every browser.

There's a little bit of testing you have to do, because early browser wars resulted in intentionally added incompatibility gotchas, but it's not that bad.

The Web is an amazing and unique platform unlike almost any other available to us. We're so lucky to have it.

But why?

I recently ran Netscape 4 for the giggles and +90% of the web no longer functions as I could not load the pages due to the protocols no longer being supported.

You may be testing against JS features but in reality those browsers cannot function on the open internet as their protocol and security stacks aren't supported.

A simple check of caniuse.com is sufficient, but if you're worried here's which browsers are in use https://caniuse.com/usage-table . Netscape no longer even registers.

Because I can.

Because I like them.

Because I believe in Any Browser.

Because of retro-computing.

Because with every known scenario I cover, several more unanticipated ones are also covered.

Also, yes, I can imagine being limited to a particular older version of a browser, NN 2.0 included.

Because it's fun as heck.

Because I'm fucking tired of browser monoculture and I want the Web to be compatible again. If I, one determined developer, can make it work in Mosaic, IE3, Netscape, Opera 3 and 12, Lynx, Links, Dillo, Netsurf, w3m, PaleMoon, Waterfox, Google Translate, and yeah, with some grinding, Chrome, with and without JS, hopefully some devs out there feel embarrassed for their code and try a little harder...

Why would anyone ever be embarrassed that their code from 2021 is not working on IE3 or Netscape?
why would a watchmaker be embarrassed for not polishing the inside of a case that only the watchmaker can see?
It is false analogy.
Can you explain what is false about it?
Because the standards you’re building against are arbitrary and just made up by other people. I can make a browser that crashes when it encounters a <div> tag. It’s a shitty browser. Will you feel bad when your stuff won’t work on it?
You're describing something purposely made non-functional, while I am building against software widely distributed and still occasionally encountered in the real world, hardly arbitrary.
Do you test for compatibility with the Wii and Nintendo DS browsers?
I have not yet, but I would like to. If you can help, I would appreciate it.

Due to the wide variety of scenarios and configurations I already have tested with, I think it would be more likely than not that I'd be able to complete my base features test script with few issues.

Your question is a perfect example of why I go so far with testing.

Ok. I tried to make fun of you but you’re still friendly so I’m curious.

Do you mind if I ask what kind of stuff you’re maintaining where you see any traffic from these old browsers? Do you think it would ever be possible to transpile a site into some shared common set of syntax/features/whatever instead of making browser specific corrections? And what do you think about features like WebGL which are impossible to replicate on older browsers in a performant way?

Thank you!

>Do you mind if I ask what kind of stuff you’re maintaining where you see any traffic from these old browsers?

I'm maintaining mostly text-based resources, some of them about technology and interesting to nerds and retro enthusiasts, otheres just general purpose, which I want to make accessible to as many as possible.

For example, when I conducted my first user studies with actual users of screen readers, NO ISSUES were encountered, even though I had not yet made any special adjustments for them.

>Do you think it would ever be possible to transpile a site into some shared common set of syntax/features/whatever instead of making browser specific corrections?

Yes, absolutely. JavaScript makes it very easy by being able to feature-check most things. Also, NoJS is something I already start out with, so it's not difficult to just skip past things like createElement if not supported.

Three biggest challenges I've encountered is no > character (Mosaic treats it as end of HTML comment), no ===, and no anonymous functions.

>And what do you think about features like WebGL which are impossible to replicate on older browsers in a performant way?

I haven't done WebGL, but one feature I have which requires relatively modern JS (think Presto and IE9) is in a separate feature-checked module, older browsers not currently supported.

Again, my goal is for basic feature support, in some cases requiring a skilled operator. For example, this particular feature (client-side cryptographic signatures) can be replicated with an external application.

You need not look far for a great example of progressive enhancement and the benefits it brings. HN has a couple of JS-only niceties, without which the site is still perfectly usable.

Here's a summary of my journey: I started out just writing clean and simple HTML with NoJS support. I wanted to be usable over a slow connection and for Tor users. I had a few older browsers I liked which I also wanted to support. Also, text-mode like Lynx, for the hackers.

I happened upon a great digital art exhibit at the MFA in Boston, and one of the rooms had several beige boxes with Windows 95 and Netscape 3.04Gold set up to exhibit older Web art in a time-accurate setting.

It was then that I realized how much I liked that particular browser, how much I enjoyed using it, and also how capable it was. So I tried to adjust for it, and by then I had tested under so many others, it wasn't even much work. After that came others, like Mosaic and OffByOne and even more obscure stuff, barely a blip on the radar in its day. It became a fun hobby, and something to be proud of.

A couple years ago, NYC had useful Web access kiosks which were than locked up over public outrage about outdoors people using them for porn. However, they allowed Google Translate, and I was able to both read and post to my site via that.

I had not foreseen the use case, but because I had tested for so many others, it worked. All around, I refer to this as the bending over backwards development model. Like the city bus, I work hard to accomodate everyone, and don't turn anyone away if I can help it. Except spammers, fuck them.

Talking console browsers:

https://shkspr.mobi/blog/2021/01/the-unreasonable-effectiven...

> A few years ago I was doing policy research in a housing benefits office in London

> ...a young woman sits on a hard plastic chair ...Clutched in her hands is a games console – a PlayStation Portable.

> ...She’s connected to the complementary WiFi and is browsing the GOV.UK pages on Housing Benefit

> The PSP’s web browser is – charitably – pathetic. It is slow, frequently runs out of memory, and can only open 3 tabs at a time.

> But the GOV.UK pages are written in simple HTML. They are designed to be lightweight and will work even on rubbish browsers. They have to. This is for everyone.

> The PSP’s web browser is – charitably – pathetic. It is slow, frequently runs out of memory, and can only open 3 tabs at a time.

I'm 99% certain that the latter part of that is false. Personally the PSP's browser was about on par with, eh, IE7 or so, the last time I used it (circa 2013).

I love me some IE7, but that also sounds about right for IE7 performance on the average crappy website.
Well... yeah, it wasn't very good. I realize now "latter part" wasn't clear - I meant just the bit about 3 tabs.

But heck... it even had Flash.

Its not really. This person obviously takes great pride in making their websites uber compatible.

It takes great skill and effort to do this. Sure its a little batshit, but I applaud the level of perseverance that goes into it. I might have a different view if I was trying to ship something to a specific market segment in a hurry. However I'm not, and it pleases me immensely to see people do such silly[1] (and I mean this with the greatest of respect) things.

[1] For reference, adding chamfers and geneva stripes under things like the main barrel, is utterly silly. However, should I be paying >£50k for a watch, I full expect that _every_ inch of that watch is going to be a masterpiece of finishing (reference: https://www.crownwatchblog.com/how-it-works/finishing-school...)

Well, maybe not IE3, but I think it is embarrassing to deny access to, e.g. a five-year-old device with no upgrade path.

Many devs are out of touch with the world where people can't afford a new one.

I don't buy the security argument either, it's often just information access which is limited.

>I recently ran Netscape 4 for the giggles and +90% of the web no longer functions as I could not load the pages due to the protocols no longer being supported.

Netscape 4 - some minor version - had a bug where if you had a paragraph inside of a list item inside of a div inside of a div it crashed the browser. (I may be misremembering the bug but it was something ridiculous like this)

it was hard to debug for markup that was generated via XSL-T.

So anyway even if the protocols still worked, I don't think you can really expect it to work too much.

I didn't say I use them as a daily driver. I expect to be able to use all the base features.
Netscape 4 is one of my all-time favorite browsers. I stuck with it for many years, because it was blazing fast on my older hardware, and cached well, unlike IE.

Like you, I sometimes take it out for a spin "for the giggles". It's comforting and it works well with my own sites.

I don't worry much about mitm for my purposes, and HTTP still works great, a testament to its design.

I don't get it. Are we going to use 20 year old computers in the future? Is Netscape 2.0 the only browser we will only have?

Even if we want to support 100% of users and don't think about economics I really doubt there's going to be someone with Netscape 2.0 visiting your website nowadays.

Well, I use it, so your doubt is obviously disproven.

The future is unknown, but I want to be as ready as I can be.

See my other comment for more thoughts.

>Well, I use it, so your doubt is obviously disproven.

Do you really? And if so, who cares? (I mean "who as in which webmaster would even care?" not as in, "are there any niche enthusiasts that do?").

When the parent says "is anybody", they mean "are any significant numbers". So, yeah, maybe there is 1. Or 10. Or 100 if we're generous. I doubt there are 1000 (and the website stats can easily verify it), and they surely aren't any number big enough to care about.

But even more importantly, there's no technical, ethical or other rule to say "you need to cater to the person using Netscape 2 in 2021" anymore than there's one saying "You need to sell music in wax cylinders, lest someone who still uses such a player comes to your shop".

If it was an accessibility or poverty argument sure. But it's surely not poverty the reason why someone keeps using Netscape 2.0 in 2021.

My other comment addresses your questions. Did you find it?

To summarize, if I can accomodate that one user, whatever their reasons or situation, which I do not pretend to know, instead of turning them away, then I will invest my time and effort in that.

And where Netscape 2.0 can go, so can probably another browser and configuration I,m not even aware of or anticipating.

> Are we going to use 20 year old computers in the future?

I hope so. If it weren't for the ever-increasing bloat, on both webpages and webpage-as-an-app's, it wouldn't be a problem. What can you do today with your computer that you couldn't have done 20 years ago? ("Looks better" doesn't count)

With Moore's law, you'd have 2^10 more computing power after 20 years. So you would definitely not have used a computer from 1985 in 2005.

However nowadays, I imagine we're getting maybe 2^3 every 20 years, by the way things are looking. And the baseline is much more capable.

So I wouldn't be too shocked if a desktop from 2021 is still usable in 2041. I was occasionally using a desktop from 2009 until 2019, and it was ok for web browsing, movie watching, editing some documents, etc.

Is this a joke? Do you actually test your work on a Netscape 2 browser? But why?

There is no way anyone is viewing your page in anything older than IE 10. If you're in some niche market or region maybe IE 8.

Not a joke.

I believe in Any Browser.

My other reply explains my reasoning.

My niche sites see all kinds of browsers, btw.

Currently developed browsers also include Links, Lynx, Dillo, Netsurf, and w3m.

That's awesome you spend effort to use JS in as many browsers as possible. Most sites that must work in all browsers usually avoid JS altogether.

Have you thought about creating a library for this? It could be used for progressive enhancement on sites that would normally have no JS.

I've gradually grown it into a hybrid frsmework which can be either static HTML, dynamically updated, or a middle ground (via access.log)

All the JS modules are also optional, and can be turned off with one setting.

It is not production ready yet, but demos and code can be accessed via my profile.

Given how old it is, it is pretty good. Maybe better than 80% of what else is out there.

Luckily today we have build tools to prevent us showing our dirty laundry in public.

Wow i love the retro view functions, string concat templating and use of document write!
Do you read the report from Microsoft? India is most vulnerable to cyberattack.
Why is that relevant here?
Interesting timing, given that I'm currently running through hoops with a simple address change with their bank. Their web & mobile apps suck bigtime, and it looks like they aren't even making an effort to make online transactions easier.
It's true for many bank systems I guess.

I have been under serious troubles in past because a Bank randomly blocked my ATM card & UPI.

Keeping file version history inside the file makes me feel queasy.
Indian here. My boss told me he had to apply for exclusive permission to modify a certain file from a boss. Code reviews were in pen and paper.
Interesting to note that one of the consultants [1] who worked on this codebase 20 years back is now an architect in the same company.

```

25//2001 Gopi Yedla Changed code for new FD opening

```

Service company that wrote the code has changed it's name from i-flex to Oracle Financials.[2]

Imagine finding the code you wrote today in a random internet discussion in 2040.

[1] https://www.linkedin.com/in/gopiyedla/

[2] https://www.firstpost.com/business/biztech/i-flex-solutions-...

i-Flex (now Oracle Financials as you have pointed out) is not a service company - Flexcube is their own product.
Is this the same flexcube that caused citibank to hotwire 500 million dollars of premature debt? I remember a story here not long ago.
Yup, it's the same.
2001 ? That's positively recent and modern compared to Lockheed-Martin and their "our target platform is IE7 on XP, let's use a random JS script for DHTML menus we swiped off Geocities page in 1998 for Netscape 4 and IE4".

... to be honest I think that while it was one of the worst dependencies, it was still ages beyond the code they wrote themselves ¯\_(ツ)_/¯

Until 2 years ago, the US armed forces were using 8-inch floppy disks in nuclear silos.

Not 3 1/2", not 5 1/4"... 8 inches.

https://www.cnet.com/news/us-military-retires-floppy-disks-u...

The difference was that those 8" floppies were part of a well-tested system that was delivered when they were pretty current mature tech.

Lockheed-Martin happily sold what I described as fresh development in 2012. EDIT: And unlike the system with 8" floppies, it never worked and resulted in 5 years of extra sunk costs til the whole critical system got yeeted and things were started from scratch.

The problem is that those 8" floppies are not manufactured anymore. And floppies are not meant to be durable and reliable in the long term.
That's why they finally migrated away from them. But you can be certain that they had stocks of floppies and possibly floppy emulators for dealing with that issue while it was in operation, plus setting up a small scale production for 8" floppies is less problematic than many would assume.

In comparison, the new and wonderful system from Lockheed that I mentioned? It pretty sure never ran in "production environment" properly, and I shudder to think how much it and its knock-on effects cost.

I can't open it. Did we DDOS them?
Throw the first stone. 20 years ago I wrote code like this, probably some is still in use.
Not guilty. I pay attention to work only on projects and in companies which will be discontinued or non-existent within 3-5 years.