Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Stats The Internet

2021 'Web Almanac' Research Finds Lots of CSS, JavaScript, jQuery - and Not Much WebAssembly (httparchive.org) 67

"HTTP Archive is a community-run project that has been tracking how the web is built since 2010," explains its web site. "Using WebPageTest and Lighthouse under the hood, metadata about nearly 8.2 million websites are tested monthly and included in a public BigQuery database for analysis."

And now 113 people "have volunteered countless hours in the planning, research, writing and production phases of the 2021 Web Almanac," processing 39.5 terabytes of data from 8.2 million web sites (using July's data set).

Berlin-based web developer Stefan Judis calls it "a comprehensive report on the state of the web, backed by real data and trusted web experts...comprised of 24 chapters spanning aspects of page content, user experience, publishing, and distribution." But he's also tweeting out what he sees as some of its most interesting statistics. — The median webpage loads 70kb CSS...and the "top scoring site loaded over 60mb of CSS...

- There's also a new high score for the number of loaded external stylesheets: 2368...!

- We all ship a lot of JavaScript. It's 420kb+ per page at the 50th percentile. This is transferred bytes, so the amount of JavaScript is way higher after decompressing...

- [From a graph of JavaScript library/framework adoption]: 84% use jQuery and 8% are built with React...

- There's almost no adoption of WebAssembly. ["We got 3854 confirmed WebAssembly requests on desktop and 3173 on mobile. Those Wasm modules are used across 2724 domains on desktop and 2300 domains on mobile, which represents 0.06% and 0.04% of all domains on desktop and mobile correspondingly."]

- 16% of sites don't ship a robots.txt...

- In 2021 641 million emails, 428 million passwords and 149 million phone numbers were involved in data breaches.

And apparently while just 7% of the top 1,000 sites use a content-management system, 42% of all sampled sites are using one. (And 33.6% of those appear to be using WordPress.)
This discussion has been archived. No new comments can be posted.

2021 'Web Almanac' Research Finds Lots of CSS, JavaScript, jQuery - and Not Much WebAssembly

Comments Filter:
  • by Gravis Zero ( 934156 ) on Sunday December 05, 2021 @04:59PM (#62050197)

    "top scoring site loaded over 60mb of CSS...

    CSS is nice and all but if you are exceeding 100KB then you need to work on cutting it down. If you are exceeding 1MB then you have a serious problem you need to fix immediately. If you have over 10MB of CSS then someone should fire you immediately, delete everything you have worked on, incarcerate your office space and computer then call an exorcist to force the demon out of you.

    • you can embed images in css, which is useful if you embed the css in the html, it can make one downloadable file, or including things like font awesome which is 70k for just the free icons.

      • by Z00L00K ( 682162 )

        And font awesome isn't. Most of those fonts really sucks for me.

        I can understand that using an icon or two in the CSS might be neat in some cases, but as I see it a lot of HTML and CSS is now generated by bloat-generators with no concern about the end user. It just "has to look good", not work.

    • Comment removed based on user account deletion
      • Project managers are running software teams these days (especially at companies like Facebook and Google). They have milestones to make, and features to build. They are unable to see whether the software itself is good or not.

        Some companies have team managers that don't code. At these companies, there is no one who is in charge who actually cares about the code quality. If a software developer actually does care, he is sometimes punished for it.

        Few companies have programmers who understand how to keep code

        • by Z00L00K ( 682162 )

          Until a major security breach happens and nobody knows how to fix it because that person either left, retired or passed away with no documentation or code quality measures taken. That can result in two alternatives - either the company straightens up their crap or they go the way of the dodo.

          • I'd like to agree with you but somehow Equifax survived their hack (their stock is higher than ever). We'll see if anything happens to SolarWinds, but I imagine they'll still be around because they have a good sales team.

    • If you have over 10MB of CSS then someone should fire you immediately

      No problem. You can get a new job with HealthCare.gov.

    • Bootstrap 4 alone is 147K and that is using the minimified version. That said, yes if people go over 1Mb they are doing something fishy.
    • by AmiMoJo ( 196126 )

      If your website consists of large amounts of CSS and JS then there is a good chance it's not accessible either. People with screen readers and high contrast/large font displays are probably going to struggle with it.

  • by quonset ( 4839537 ) on Sunday December 05, 2021 @05:03PM (#62050211)

    My electrical company has, for its logon page, over 20 scripts running. That is just to get into their site to pay my bill. For a logon page.

    The vast majority of web pages are shit. From saying because your browser is more than five minutes old you can't access the page, to the overbearing use of scripts, to giant walls of text with no useful information of what a product or service does, to sites which are seemingly changed every other day, the modern web is a landmine-filled beach of crapulence.

    Give me raw HTML any day over this shit. The only reason we have CSS and the like is for web "designers" to justify their existence.

    • I feel the exact same way

      We should have drawn the line at HTML & CSS.
    • Most web development is done by grabbing scripts and components built by third parties, and slopping them all together on web pages. That's why the numbers get so huge. These components are designed to be generic so they always do more than what any individual needs them to do, and they all bring their own CSS and Javascript with very little re-use (since many of these were built by separate people, there is no reason why there would be much re-use). And that is without all the tracking and what-not that

    • by AmiMoJo ( 196126 )

      My bank has a lot of heavy scripts running too. Some of them seem to be trying to foil keyloggers.

      Fortunately if you just disable Javascript for their entire domain and block all third party stuff, the site works just fine.

    • by Tablizer ( 95088 )

      It usually happens because some PHB wants a fancy feature. You may tell them, "The more JavaScript the more potential problems", but they either don't believe you, thinking you are trying to get out of work, or don't care about the long-term because they hope to get promoted.

  • by phantomfive ( 622387 ) on Sunday December 05, 2021 @05:05PM (#62050217) Journal

    It's important to distinguish between web apps and web pages. If you're building photoshop in the web, you'll want a completely different toolset than if you're building an informational page. The later most likely needs zero Javascript.

  • This might be the first time the PDF is easier to read than the web version. Scrolling is messed up, theres no top-level nav (once you're in a section, it's difficult to navigate out of it), the graphs all lazy load and it takes forever... The UX section doesn't seem to mention these traps.

  • There's also a new high score for the number of loaded external stylesheets: 2368...!

    All style... sheets, no substance.

  • There's almost no adoption of WebAssembly.

    I have WebAssembly disabled in Firefox anyway.

  • The survey does not tell how many sites that used WebAssembly for malicious purposes, such as for mining cryptocurrency.
    Two years ago, that was about half of all sites that used WASM, according to a survery.

    Myself, I therefore have WebAssembly disabled in my web browsers.

    However, I do think that WebAssembly could have a bright future on the server. And perhaps even on the desktop.

    • They can just as easily use Javascript for malicious mining. Webassembly is for making things such as Mastodon for instance run and load faster. There are legitimate uses

    • Same. Have disabled a bunch of technologies on my browser - WebAssembly, WebGL, WebRTC, etc No need to open up more entry points. Sure, JS can also be exploited and used to mine bitcoin, but that is already a mature technology. Additionally, the speed of the JS rendering engine being quite slow, makes it pretty self-evident
    • Re: (Score:2, Interesting)

      by upuv ( 1201447 )

      Good riddance,

      Web Assembly was a bad idea from the start. Having to maintain binary code on multiple architectures some that have not even been released yet for many years to come, also across multiple OS's. Web Assembly was never and will never be a player.

      To top it off it's a security minefield of potentially nasty consequences. A security scenario so bad that almost all of my clients will disable it by default. To top it off it has fallen into the land of very poor support from browser vendors. So the

      • by Anonymous Coward

        For those that think there are legitimate uses [to webassembly]. I would direct those users over to Electron framework. Build a standalone multiple platform app that can be easily webhooked. Here you have much more control and still have all the power of the web.

        Electron framework? The "giant pile of stupidly slow javascript" electron framework? That electron framework?

        That doesn't seem a reasonable substitute. Neither for building standalone applications with nor for the idea that webassembly was supposed to embody. If electron is a viable substitute for webassembly, then that spells total and complete viability failure for webassembly.

      • by phantomfive ( 622387 ) on Sunday December 05, 2021 @06:59PM (#62050473) Journal

        Having to maintain binary code on multiple architectures some that have not even been released yet for many years to come, also across multiple OS's.

        This is literally no different than maintaining packed Javascript on multiple platforms. I don't think you know what WebAssembly is.

      • by AReilly ( 9339 ) on Sunday December 05, 2021 @09:38PM (#62050821)

        More curious than enthusiastic about WASM myself, as an engineer all opportunities for efficiency seem like good ideas. However since there doesn't seem to be any way to AOT-compile existing JavaScript applications into corresponding WASM ones, it's hardly surprising that uptake is slow.

        Having said that, none of the complaints in the parent post appear to be based in reality:

        "maintain binary code on multiple architecutres": nope. WASM is a cross-platform abstract bytecode, not vastly dissimilar from JVM bytecode, but lacking the underlying memory management, object model and access to any APIs (see above about hard-to-use). So no, you aren't maintaining binaries for multiple architectures, any more than you do that for JavaScript itself.

        "nasty security consequences": no more so than JavaScript, and arguably less, given the aforementioned lack of access to any APIs. So probably more secure than JavaScript. Of course, it isn't JavaScript, so any "protection" based on content-scraping is probably toast, but since cryptographic permutation and obfuscation is also a thing, it's toast anyway.

        "poor support from browser vendors": there are only a couple of javascript engines in the world (V8, SpiderMonkey and JavaScriptCore, now that Edge also uses V8). WASM uses the javascript compiler to do the final-step code generation and optimization, and none of those three are slacking off, and JavaScript isn't going away. Ergo, WASM is well supported (if not necessarily enthusiastically) by browser vendors.

        The "not able to find experts" is very probably real though. Not necessarily a ding against WASM itself, more an observation of the state of the learning curve.

        • by tlhIngan ( 30335 ) <slashdot&worf,net> on Monday December 06, 2021 @06:10AM (#62051439)

          WebAssembly is really just a form of pre-parsed JavaScript, it runs within the permissions of Javascript.

          The main purpose of it is to provide an alternative to plugins. Remember having to install plugins? You know, you probably had Flash at one point, then Silverlight, then Java and dozens more. The whole point is to avoid all that - the plugin is written in C or other language, then compiled down to WebAssembly.

          Already it's how things like Unity (how it really all started) can now exist as a server side script without users having to actually install a plugin then revisit your site.

          The Internet Archive uses WebAssembly to good effect - the emulators and such they use are common emulators compiled down using WebAssembly. The MS-DOS archive uses DOSBox ported to WebAssembly. There are even sites that let you play using MUNT, the MT-32 emulator, again compiled using WebAssembly.

          As for Electron, that's a totally different thing. That lets you run node.js applications locally. Node.js is basically a a javascript development environment - it can be run server side for server side applications, or client side for client side applications. Basically it's just offering Javascript as another development language.

      • Web Assembly was a bad idea from the start. Having to maintain binary code on multiple architectures some that have not even been released yet for many years to come, also across multiple OS's.

        That is not what we assembly is. It is platform neutral like JavaScript.

  • Webassembly is a thing where ideally you would compile it before you upload it to the server. The tools to compile javascript etc into webassembly are not clear or easy to use at this point. Also for a while, the webassembly implementations seemed rather incomplete with basic features such as access to browser APIs seemingly unavailable or difficult to use with confusing as hell documentation.

    Basically its a good idea since if you can precompile it will make the stuff run faster and allow for a range of oth

    • by acroyear ( 5882 )

      Related to compiling, there's the matter of debugging. typescript and jsx to javascript (and even clean javascript to mangled) manages to keep the original code available to the debugging environment via the web console?

      Does such a thing exist for webassembly? how would the browser know how to step through a method written in, say, rust or go if it was then compiled down to webassembly, even with webassembly's native support in the browser.

      • > Does such a thing exist for webassembly? how would the browser know how to step through a method written in, say, rust or go if it was then compiled down to webassembly, even with webassembly's native support in the browser. It does, see https://developer.chrome.com/b... [chrome.com]. Basically same debugging as on other platforms (but perhaps even easier to set up, since DevTools are already there).
    • by godrik ( 1287354 )

      Came to say pretty much that.
      We've tried to use webassembly and the support and toolchain are pretty bad at this point. It ma become very useful. But at this point, not where it needs to be to get good adoption.

  • by BytePusher ( 209961 ) on Sunday December 05, 2021 @06:28PM (#62050425) Homepage
    Yeah, the WebAssembly development environment/tooling are currently in sad shape and the people developing them are sensitive and pedantic. Make getting off the ground easy and adoption will grow.
  • webasm is amazing for specific use cases. I wouldn't write a whole website in it - what for? I'm still more than happy it exists and hope we can keep it around.

    You see, LOC or # of sites or other trivial metrics don't say so much. It's like the one time that IIS suddenly became "popular" by statistics because one web-hoster had switched a few ten-thousand single-page domains to it.

  • Whatever its merits, calling it webASSEMBLY is little more than opportunist marketing (Assembly, must be really fast! etc) as its far closer to a C style language and bears zero resemblence to any assembler I've ever seen.

  • The definitive work on the state of the web was created six years ago: https://idlewords.com/talks/website_obesity.htm [idlewords.com]
  • An interesting concept, but since they declared the WASM runtime to have pretty much no access to anything then it's utility is limited. You have to use Javascript to play intermediary between WASM code and anything else (network, DOM, storage, etc). You get to deal with Javascript+something else so it doesn't enable 'something else' to supersede Javascript. So you need to deal with more complexity and it has to be worth it, and relatively few in-browser applications have that strong a need for open-ended

  • having Web Assembly enabled just makes you a target for pirate eCoin miners. Unless you really need speed, such as a video game, the risk ain't worth it. Might as well have it off by default and only activate it for gaming sites.

  • WebAssembly is practically in its infancy. On top of that, it is a solution looking for a problem. It's still a powerful solution though! Give it another 5 years and I bet we'll see some truly innovative, high-quality products being produced with WebAssembly. Just don't expect wide-spread adoption across most websites - most businesses are still happy to do customized WordPress. After all, it's easy on the budget and the client feels more comfortable retaining ownership

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Working...