Really bad timing when Missouri Gov. runs around insisting that using view source is criminal.
If we’re unlucky it may end up being actually illegal. It doesn’t even require a new legislation, only a very stretched interpretation of DMCA (that this Chrome’s feature is an “effective technical measure”).
It’s a poor hacker who, stymied by the lack of VIEW SOURCE in their favorite web browser, does not reach for wget.
In any case, this particular setting only applies to managed environments, such as schools, which are perfectly within their rights to configure the tools used for learning in a way that’s amenable to them. Same applies to corporations too, of course.
Yep, that summarizes everything. We are actively trying to fight against intelligence in order to have people that can only blindly repeat stuff they have been brainwashed to repeat.
Sad.
(note: I’m teaching at university myself. Every year, I’m astonished to see how “dumb” bright students are as soon as you don’t ask them to blindly study and repeat. And how bad are graded students that are actually very smart.)
You remind me of my lecturer in analytics at university in 1990 who disgustedly told us that the 12 year old girl in the host family he stayed in Prague in the 1950s knew more math than we did.
And yet the world has not ground to a halt despite our depthless ignorance.
I doubt a kid clicking “view source” only to look at answers (that they only heard about on YouTube, so they could cheat on tests) is going to think out of the box very much…
Most of the students using chromebooks at university or school do not have own computers at home. These devices are all they’ve got to access the internet.
Every experience they’ll make during their teenage years with computers is shaped by these managed experiences.
You can get a computer vastly more powerful than the one I got when I was in uni for $50 (RPi 4) and it comes preloaded with a full Linux system and development environment. Or you can do what my nephew (14) did this summer and teach yourself Javascript online.
If a student is motivated enough, they will get their hands on a computer.
A school needs to weigh the requirements of today’s education, parent’s expectations, and the expectations of future employers against the remote chance that the weird kid in the corner stuck to their computer is gonna be the next Steve Jobs. Generally, cheating on tests is frowned upon in adult life. Sure, we’d all love it if online tests didn’t have the answers embedded in source, but given the fast-changing requirements of education coupled with the often severe lack of funds, blocking “view source” is a band-aid that’s acceptable.
I landed this fix because there was a policy that did not work properly. We could instead document that the URLBlocklist policy works for every scheme but one, or we could fix it. Fixing it makes more sense.
This policy only can be set on managed machines.
This policy, in isolation, is trivially circumvented. Managed environments block many things, including many of the proposed circumventions here.
I’ve built one of the world’s most popular tools for viewing and modifying web traffic. The narrative that this feature has broad implications for anything is absurd.
If a student is motivated enough, they will get their hands on a computer.
I don’t know, man, I feel like we should be moving in the direction of making tech being more accessible to more people, and kinda accepting that only specially motivated people will get into it seems like a step backwards.
Tech is already the most accessible it’s ever been.
Computers are dirt cheap. Programming languages are free as in beer and speech. There are tons of freely available tutorials available to anyone with an internet connection. Making even something as complex as a 3d game is achievable for a single developer. Publishing your work is dead easy.
Some people just don’t want to program however, and there’s nothing wrong with that.
This comment reflects a ton of privilege. A pi is $50, which isn’t an insubstantial amount of money for many students who need government assistance just to get lunch.
It also requires accessories and home internet to actually do anything online. Which, again, many students (at least in the U.S.) do not have. Our district had to provide mobile internet devices for a huge number of students who didn’t have home internet along with the Chromebooks that were already out of date.
Students with a Pi also need a screen they can use, mouse and keyboard.
I have to wonder how you understand the severe lack of funds at the educational level but don’t grok the lack of funds at the individual student level. No, blocking view source isn’t an acceptable band-aid.
Every kid deserves a good education. Schools should be adequately funded to ensure that. Public infrastructure should be geared to ensure that everyone has access to affordable internet connectivity.
My general point is that stuff that used to be expensive (computers and software) is no longer expensive. So there should be more fiscal margins for focused education in computing and IT - should this be of interest to the student.
Focusing on what people who got into IT 25 years ago deem as important is not an efficient way to achieve these goals.
If you bundle a Pi with peripherals, it quickly becomes more expensive than the entry level chromebooks these kids have. And guess what, even these chromebooks have to be subsidised, because many families can’t afford them otherwise.
Unless I’m profoundly misunderstanding something, the only thing this allows is blocking view-source: URLs with the local Chrome URLBlocklist setting.
What it doesn’t do is allow websites to block people from using “view source”: just the person in control of a particular Chrome installation (i.e. the school) can use it.
Is it still a good idea to do this? Probably not. But it’s a lot less dramatic as some of the comments here seem to be implying.
With Schools using Google Forms as a testing platform, students are able to use this shortcut to search through the source of the page, and determine the correct answers.
Use case: Admin wants to prevent and stop students from using View-Source as a way to cheat during exams, state testing and quizzes
Clearly, modifying the browser is the only possible technical approach that can stop people from finding test answers in the page sources of Google Forms. Google is otherwise completely powerless to prevent test answers from appearing in the form’s HTML.
That’s an interesting thread. I’m surprised to see so few people saying “instead how about you fix these stupid websites to not embed this stuff in the page source.”
View Source is one of the emblematic features of the open Web. Countless people got started with HTML (or picked up new tricks) by viewing the source of websites.
I ran into this a while ago, doing some compulsory training for an employer.
After digging around, it seems the quiz sections were transpiled from Flash into JavaScript, leading to trivially exposed answers in the source code. Because the Flash app itself was entirely client-side, and wasn’t validating the answers against a server.
I’ll re-post my comment from the discussion on HN and Twitter here:
Many of the best people in IT are there today, because they got curious about how stuff worked, experimented with it, broke the rules, and learned from that. This curiosity needs to be encouraged, not stopped.
The young generation in IT already has issues because many of them don’t understand files, and many of them can’t even use a computer anymore.
They grow up with tech all around them, but because all of it is closed and proprietary and restricted, they never even try to look behind the curtain.
If we call ourselves software engineers, then we also need to take on the ethical responsibility of our actions just like engineers do.
Not that unsurprising of a development – along the same trajectory as the ‘evil bit’, ‘do not track’ and so on.
An observation or two:
First is that the recent ‘irrational’ view on well, view source, feels very similar to how the disassembler and similar reversing tools has been treated, legally in some countries, as ‘intrusions’ on the intellectual property of some entity. The next ‘step’ then is patching / changing DOM and hooks to circumvent client-side protections of what reasonably should be server side resources. How Blizzard successfully pursued ‘derivative work’ copyright claims over memory maps for dynamic patching World of Warcraft client Blizzard v. Glider comes to mind.
Second is that the browser in its back and forth between the two responsibilities of a ‘document viewer’ and ‘network application substrate’ seem to mean that some people who thinking of it in the first form consider it entirely legitimate to ‘view source’ – it is a document. At the same time, the ‘web as app’, crowd then leans towards that ‘view source’ is more of the disassembler/reversing/cheating variety.
A technical speculation though is that for some ‘chrome –kiosk’ mode applications, the set of browser components available via ‘view source’ might just open up the same can of sandbox escape worms as the old ‘help -> print -> …’ goodie bag on old Windows systems..
Really bad timing when Missouri Gov. runs around insisting that using view source is criminal.
If we’re unlucky it may end up being actually illegal. It doesn’t even require a new legislation, only a very stretched interpretation of DMCA (that this Chrome’s feature is an “effective technical measure”).
It’s a poor hacker who, stymied by the lack of VIEW SOURCE in their favorite web browser, does not reach for
wget.In any case, this particular setting only applies to managed environments, such as schools, which are perfectly within their rights to configure the tools used for learning in a way that’s amenable to them. Same applies to corporations too, of course.
I’m wondering in what scenario students would learn more from not having access to view-source.
Well in this specific case, they’re expected to study to pass the test, not right-click and see the answers.
Yep, that summarizes everything. We are actively trying to fight against intelligence in order to have people that can only blindly repeat stuff they have been brainwashed to repeat.
Sad.
(note: I’m teaching at university myself. Every year, I’m astonished to see how “dumb” bright students are as soon as you don’t ask them to blindly study and repeat. And how bad are graded students that are actually very smart.)
You remind me of my lecturer in analytics at university in 1990 who disgustedly told us that the 12 year old girl in the host family he stayed in Prague in the 1950s knew more math than we did.
And yet the world has not ground to a halt despite our depthless ignorance.
I doubt a kid clicking “view source” only to look at answers (that they only heard about on YouTube, so they could cheat on tests) is going to think out of the box very much…
Most of the students using chromebooks at university or school do not have own computers at home. These devices are all they’ve got to access the internet.
Every experience they’ll make during their teenage years with computers is shaped by these managed experiences.
are there seriously users for chromebooks outside the USA ?
You can get a computer vastly more powerful than the one I got when I was in uni for $50 (RPi 4) and it comes preloaded with a full Linux system and development environment. Or you can do what my nephew (14) did this summer and teach yourself Javascript online.
If a student is motivated enough, they will get their hands on a computer.
A school needs to weigh the requirements of today’s education, parent’s expectations, and the expectations of future employers against the remote chance that the weird kid in the corner stuck to their computer is gonna be the next Steve Jobs. Generally, cheating on tests is frowned upon in adult life. Sure, we’d all love it if online tests didn’t have the answers embedded in source, but given the fast-changing requirements of education coupled with the often severe lack of funds, blocking “view source” is a band-aid that’s acceptable.
Quoting from the author of the fix (HN link):
I don’t know, man, I feel like we should be moving in the direction of making tech being more accessible to more people, and kinda accepting that only specially motivated people will get into it seems like a step backwards.
Tech is already the most accessible it’s ever been.
Computers are dirt cheap. Programming languages are free as in beer and speech. There are tons of freely available tutorials available to anyone with an internet connection. Making even something as complex as a 3d game is achievable for a single developer. Publishing your work is dead easy.
Some people just don’t want to program however, and there’s nothing wrong with that.
Infant mortality is also the lowest it’s ever been in a lot of places, if not in the whole world. Should stop caring about dead children?
This comment reflects a ton of privilege. A pi is $50, which isn’t an insubstantial amount of money for many students who need government assistance just to get lunch.
It also requires accessories and home internet to actually do anything online. Which, again, many students (at least in the U.S.) do not have. Our district had to provide mobile internet devices for a huge number of students who didn’t have home internet along with the Chromebooks that were already out of date.
Students with a Pi also need a screen they can use, mouse and keyboard.
I have to wonder how you understand the severe lack of funds at the educational level but don’t grok the lack of funds at the individual student level. No, blocking view source isn’t an acceptable band-aid.
Every kid deserves a good education. Schools should be adequately funded to ensure that. Public infrastructure should be geared to ensure that everyone has access to affordable internet connectivity.
My general point is that stuff that used to be expensive (computers and software) is no longer expensive. So there should be more fiscal margins for focused education in computing and IT - should this be of interest to the student.
Focusing on what people who got into IT 25 years ago deem as important is not an efficient way to achieve these goals.
If you bundle a Pi with peripherals, it quickly becomes more expensive than the entry level chromebooks these kids have. And guess what, even these chromebooks have to be subsidised, because many families can’t afford them otherwise.
wget and curl will soon be illegal too of course, if you will even be allowed to know the URIs.
I think a lot of nerds would welcome this, it would finally transform their humdrum lives into a struggle for The Resistance.
“View the Source, Luke!”
you can finally call yourself a hacker while the response of wget crosses your terminal
Unless I’m profoundly misunderstanding something, the only thing this allows is blocking
view-source:URLs with the local Chrome URLBlocklist setting.What it doesn’t do is allow websites to block people from using “view source”: just the person in control of a particular Chrome installation (i.e. the school) can use it.
Is it still a good idea to do this? Probably not. But it’s a lot less dramatic as some of the comments here seem to be implying.
The original bug report as to why:
Clearly, modifying the browser is the only possible technical approach that can stop people from finding test answers in the page sources of Google Forms. Google is otherwise completely powerless to prevent test answers from appearing in the form’s HTML.
That’s an interesting thread. I’m surprised to see so few people saying “instead how about you fix these stupid websites to not embed this stuff in the page source.”
View Source is one of the emblematic features of the open Web. Countless people got started with HTML (or picked up new tricks) by viewing the source of websites.
No surprise that Chrome* is open to blocking it, then.
Wait, are they serious?! Why on Earth would the answers even be in the HTML? That literally doesn’t make sense…
I ran into this a while ago, doing some compulsory training for an employer.
After digging around, it seems the quiz sections were transpiled from Flash into JavaScript, leading to trivially exposed answers in the source code. Because the Flash app itself was entirely client-side, and wasn’t validating the answers against a server.
I’ll re-post my comment from the discussion on HN and Twitter here:
Not that unsurprising of a development – along the same trajectory as the ‘evil bit’, ‘do not track’ and so on.
An observation or two: First is that the recent ‘irrational’ view on well, view source, feels very similar to how the disassembler and similar reversing tools has been treated, legally in some countries, as ‘intrusions’ on the intellectual property of some entity. The next ‘step’ then is patching / changing DOM and hooks to circumvent client-side protections of what reasonably should be server side resources. How Blizzard successfully pursued ‘derivative work’ copyright claims over memory maps for dynamic patching World of Warcraft client Blizzard v. Glider comes to mind.
Second is that the browser in its back and forth between the two responsibilities of a ‘document viewer’ and ‘network application substrate’ seem to mean that some people who thinking of it in the first form consider it entirely legitimate to ‘view source’ – it is a document. At the same time, the ‘web as app’, crowd then leans towards that ‘view source’ is more of the disassembler/reversing/cheating variety.
A technical speculation though is that for some ‘chrome –kiosk’ mode applications, the set of browser components available via ‘view source’ might just open up the same can of sandbox escape worms as the old ‘help -> print -> …’ goodie bag on old Windows systems..
I would not be where I am today if AMosaic on the Amiga hadn’t had a “View Source” menu option.
(I still remember not understanding why links were an “A” tag. At first I assumed that “LI” was for links and not list items.)