A reasonable argument iff you use no external libraries, or personally audit every one of them completely (including all updates). Otherwise maybe I trust you, oh random person on the internet, but should I also trust the 49 authors of the 37 libraries you're including from 4 different CDNs? (Bonus points if you run ads and let under-vetted 3rd parties inject whatever they want into the page)
Interestingly I've had this debate with at least one person on hacker news who was complaining about how people were stealing from his website by running ad blockers, and how he'd tried to fight them but it had left his website looking broken for anyone who was running an ad blocker, so he'd had to roll it all back. Why would he do that?
The answers actually pretty simple. People who are interested enough in technology to read hacker news are both disproportionately likely to discover a new product trying to build an audience, and disproportionately likely to influence their friends either for or against that product. They're trusted by their non-technological peers.
So why support script-blocking hacker-news users? Because if your website doesn't work for them, they're gonna tell all their friends that your product doesn't work properly. When I got my first job, I was told that on average satisfied customers tell 2 friends they were satisfied, and dissatisfied customers tell 12 friends they were dissatisfied. I don't know how accurate those stats are, but I do know people complain more than they praise.
I certainly go out of my way to warn friends and family away from products that I feel are committing technical faux pas. How else will they know they're using websites made by people of limited technical capability, with all the risks that implies, if I don't tell them?
You don't have to use his app, and he doesn't have to support users like you.
It's a two-way thing: many developers don't want to support people that switch off JavaScript, and these consumers are apparently happy that they can't access the majority of the internet (or so they say).
I think that's a slight misrepresentation; developers don't want to invest the (significant) effort to run without JS, and some end-users are unwilling to take the risks with allowing arbitrary code execution in their browser. But I doubt that developers (generally) don't want to support noscript; if it were 0 effort than I expect it would be common. And such users aren't happy that they can't access a lot of sites, they just find the tradeoffs unacceptable.
That said, aside differing biases I'm not convinced that we actually disagree.
Some "interactive" websites have to use javascript, it's true, but it always seems tragic when a site that doesn't really need to requires it anyway. Isn't there something appealing about a platform where millions of strangers can converse and publish information without needing to fully trust one another?
Do you vendor your javascript libraries and host them from your own domain, or do you just hotlink them from random CDN's all around the internet like everyone else?
One could use Subresource Integrity (https://hacks.mozilla.org/2015/09/subresource-integrity-in-f...) to mitigate the most obvious threats from CDNs. Granted, that does have some maintenance work, but if you're already managing dependency versions (and you really should) then it's minimal extra work.
Correct me if I'm wrong, but all the scripts the website owner hotloads have to also use subresource integrity for the scripts they are hotloading, or subresource integrity gains nothing beyond the first level of script loading?
I rarely feel that website owners out out to get me, my distrust comes from scripts that load scripts that load scripts. Lets not piss about, I know most people who have written websites that are loading jquery from a remote CDN haven't bothered to inspect it to see what it's loading. By contrast, a website that has vendored all it's script dependencies has looked at the entire dependency tree at least /once/. That shows a baseline level of competence that I'm willing to extend trust on top of.
