There's a not-insignificant number of Firefox users that block JavaScript, for example, unless explicitly allowed for a site.
Absolutely. The problem I have with JavaScript is that it's used to deliver a large amount of internet advertising. I've been using NoScript for years, and between that and a hosts file that's approaching a megabyte of blocked addresses, it's extremely rare for me to see any advertising spam at all on the internet. There are only 22 sites on my NoScript white list.
It may be very important from some perspectives. From others it's irrelevant. Let's see:
It's [JS] a fine language (though I don't much care for its weak typing)
That in itself is a huge topic for debate. Let's just say that for me I think the weak typing is one of JS's strongest points. It's saves so much time for the developer and allows you to do things that are very hard otherwise. I also firmly believe all that strong typing in, say, C++, is mostly a waste of time. Just because the compiler says everything "lines up" OK and it can build a program does not mean your program is correct. You still have to test it. Notice how users of C++ end up creating things like "variant types" so they can hold all kinds of different types in an object? Why not just use a dynamically typed language and save yourself all that hard work?
*browsers* is what is lacking.
Quite so. But that is the same as saying: If you want to use my program you need Windows. Or you need a Mac. Or you need Linux or Android or iPad....Or it's like saying: If you want to use my program you need VB or .Net or Java....
Contrast that to: If you want to use my program you only need a recent standards compliant browser. That covers a lot more ground in one fell swoop.
...even when you remove all but the last 5-7 or so years worth -- a reasonable timeframe for the general population worldwide
From my perspective this is not reasonable at all. In a world where everything moves so fast that is like supporting MSDOS or VMS. Especially crazy when users can get today's browser today at no cost and almost zero effort.
There's a not-insignificant number of Firefox users that block JavaScript,...some corporate firewalls restrict it...
True. And I don't particularly blame them. However that is no different than a user deciding they will never run whatever native executable I offer them. Or a corporation deciding it's employees are not allowed to run my exes on their work machines.
It comes down to this: When someone says "JavaScript" most are planning on using it in a client-side browser.
This is no longer true. Server side JS has a huge following since the arrival of Node.js. (And the other frame work whose name I forget). Don't forget JS in the Qt system and many other places.
You have to count on a certain number of them unable to access your site as you intended.
True. However I'm not talking about "accessing my web site". I'm saying "here is this neat app you can run if you like". The road blocks to doing that, lock down, firewalls etc are the same as if I offered them a native executable.
Neither is a great situation, especially when you're putting out examples for free, and aren't being paid.
I'm only a beginner at this, so far all the feed back was positive. If the thing won't run on IE6 the user soon knows what they have to do. Much better than putting out binaries for a ton of different machines/architectures.
For all of these cross-platform solutions it pays to know what you're getting into before heading there. What looks easy at first sometimes isn't.
How true that is. Let's see where this all leads. Of course it's pretty much impossible to "know what you're getting into before heading there". There are tons of solutions and frameworks and God knows what. Life is too short to sensibly evaluate them all. We can only go with our instincts, ask our friends, see what others have done and what issues they had.
Having been burned by many proprietary languages, operating systems, even CPU architectures. These now extinct, unsupported, systems in the past cause me to have the following criteria:
1) Open source - preferably Free Software (Capital "F" and "S").
2) Cross platform.
3) Multiple suppliers.
4) Standards compliant.
Man, I do go on, don't ?
Bottom line again is a difference of perspective. Not building web sites and attracting eyeballs and page hits but providing code that people can use...if they want.
I do sympathise. With all the Smile going on on the net blocking JS may well be a very good idea.
My point, as expounded above is this:
If I spend ages crafting a neat and useful program in C++ and offer you the binary executable are you going to run it?
How is that different than if I craft it in JavaScript and say "Here it is in your browser"?
I might argue you are safer to use the browser version that runs in the sand box of the browser rather than the exe that can let rip with your machine?
Absolutely. The problem I have with JavaScript is that it's used to deliver a large amount of internet advertising. I've been using NoScript for years, and between that and a hosts file that's approaching a megabyte of blocked addresses, it's extremely rare for me to see any advertising spam at all on the internet. There are only 22 sites on my NoScript white list.
Javascript is always enabled on my PC.
I haven't seen a popup add in years because my browser blocks them unless I allow them. Those stupid flash advertisements can be blocked and allowed on demand as well.
I didn't mean I wouldn't use your program. It takes only 2 clicks to allow a script to run. I was more or less just commenting on the miserable state of the internet.
I never see a pop up unless it's a useful part of whatever site I'm interacting with. Parallax forum attachment dialogue, or Dropbox up/download. Whatever.
Advertising almost never bothers me unless it's a commercial stuffed into the beginning of a YouTube video. If it's some tech review site or whatever plastered in adds with a two paragraph story I just leave.
From where I see it the internet is a place full of smart, intelligent people communing together
One thing I don't understand. Given that web browsers are supposed to be secure and all that.
If I go to site "A", whom I might expect to trust a bit, to see what they have to say. How is it that they can have links to javascript on sites "B", "C", "D"... that my browser cheerfully downloads and runs. Links to adds, links to analytics and other tracking stuff. All kind of Smile.
How come my browser when told to go to talk to "A" goes talks to all kind of people I never asked for? Computers and programs should do what I ask not what the site owner asks.
It's a bit like calling someone and having the phone automatically call ten other people I have never heard of to listen in. Crazy or what?
How come Firefox or Chrome or anybody does not turn that off?
Of course it may not even be the site operator directing my browser all around the place. Given the ease with which web sites are hacked it could well be a link put in place by someone neither of us knows.
One thing I don't understand. Given that web browsers are supposed to be secure and all that.
If I go to site "A", whom I might expect to trust a bit, to see what they have to say. How is it that they can have links to javascript on sites "B", "C", "D"... that my browser cheerfully downloads and runs. Links to adds, links to analytics and other tracking stuff. All kind of Smile.
How come my browser when told to go to talk to "A" goes talks to all kind of people I never asked for? Computers and programs should do what I ask not what the site owner asks.
It's a bit like calling someone and having the phone automatically call ten other people I have never heard of to listen in. Crazy or what?
How come Firefox or Chrome or anybody does not turn that off?
Of course it may not even be the site operator directing my browser all around the place. Given the ease with which web sites are hacked it could well be a link put in place by someone neither of us knows.
That will probably get blamed on javascript too! Javascript libraries and content delivery networks - why host libraries on your own server when you can have a content delivery server host them and with just a URL in your hosted javascript, you can have the CDN server cover that portion of the bandwidth for your site?
I agree, if I choose to take any risks involved in dealing with site A, fine but I shouldn't be subjected to risk from other sites I have no idea I'm interacting with.
I run ADBLOCK Plus and ghostery on my Firefoxes and get very little unwanted content. If I do, I leave.
If I go to site "A", whom I might expect to trust a bit, to see what they have to say. How is it that they can have links to javascript on sites "B", "C", "D"... that my browser cheerfully downloads and runs. Links to adds, links to analytics and other tracking stuff. All kind of Smile.
This why I use NoScript.
I never see any facebook or twitter logos either
I got a quote from a company for installing solar panels on my house.
They decided that since I was kind enough to take the quote (which didn't make any sense to me or them for that matter), that they would be kind enough to put me on the great solar panel industry marketing list. I receive at least 2 solar company calls every weekday. No money changed hands. I've been considering "options".
But WARNING ! Looking at that code will but you off JS and the web platform forever! It really has not been written to be read. At least not by a beginner. Sorry msrobots but you must admit that is true.
Yes I do. This thing is clobbered together after running a demanding full time job. It is surely not written as educational source for a beginner, it is pieced together out of various internet snipped examples BY a beginner.
That is what I like about JavaScript. It is quiet easy to learn, you find tons of resources in the Internet. And it is quite powerful overall.
Sure, when I have some prove of concept for loading a propeller I will tidy it up and may even separate css and js in external files. Until then its just a experimental code.
But the Editor & spin/pasm compiler as is now is multiplatform and requires no installation on the client. It is just text. It is MIT licensed. And all the source is included. So it is open source and free software.
And I do not use any librarys like jquery or whatever . ALL source is included in those 3 text files. What do you want more?
Hey, I was not getting at you re: the code layout. We all do that. For the reasons you mentioned. Actually I'm impressed with what you have done there, especially without using any libraries. I have learned a lot from it.
Or if you want to be really "web" centric what about running a web server on you local PC that the browser connects to? A simple web server in JavaScript is all of ten lines of code. It can then access all your local files and serial ports and whatever you want to do.
Hi Heater,
Can you explain more about this JavaScript webserver idea? I'm not getting it. Isn't JS executed in/by a web browser? Are you creating a server inside a browser? A snake eating its own tail?
Hi Heater,
Can you explain more about this JavaScript webserver idea? I'm not getting it. Isn't JS executed in/by a web browser? Are you creating a server inside a browser? A snake eating its own tail?
Signed,
Confused
Check out node.js - javascript that runs on the server side. Totally cool! That's what Heater was referring to.
Can you explain more about this JavaScript webserver idea?
I can try. It's easy really.
The first point is that no, it is not "executed in/by a web browser?".
JavaScript a fully functional language in it's own right, like Python or Perl or VB or Java.
In the browser JS is run by some JS interpreter engine. Who is to say you cannot run such an interpreter engine outside of a browser?
As it happens the Chrome browser uses the V8 interpreter from Google.
Well, you can run JS from the command line using the same V8 interpreter wrapped up in node.js. http://nodejs.org/
Node.js does not just provide a means to run JavaScript. It also provides a ton of other functionality. Like being able to read and write files, which JS in the browser cannot do. Like being a socket server or client. Like being an HTTP server.
On top of that the node.js community has built modules for doing almost anything imaginable. From MySql connections onward.
So, to the question in hand. How to make a web server in JavaScript. The simplest example looks like this:
Put that in a file, "server.js" and run t like so:
$ node server.js.
Now you can point your browser at "localhost:8888" and you will see "Hello World"
Easy hey?
The server I am using for the openspin in the browser experiments has to be able to upload files as well. It look like this:
// Import required modules and wire them up
var express = require('express');
var app = express();
var server = require('http').createServer(app)
var io = require('socket.io').listen(server);
var fs = require('fs');
// Regular expression to match file names like "/fileName_1-2.spin"
var REG_EXP_SPIN_FILE = /^\/[a-z,A-Z,0-9,\-,_]+[.]spin$/
var REG_EXP_BINARY_FILE = /^\/[a-z,A-Z,0-9,\-,_]+[.]binary$/
// Log http requests
app.use(express.logger());
// We want to parse bodies when uploading files.
app.use(express.bodyParser());
app.get("/project/:file", function(req, res) {
// Fun fact: this has security issues
// Open a read stream from the target file
var fileName = './project/' + req.params.file;
var readStream = fs.createReadStream(fileName);
// Pipe data from file into response
readStream.pipe(res);
// After all the data is saved, respond with a 200
readStream.on('end', function () {
//res.writeHead(200);
//res.end();
});
// Handle any errors on the stream
readStream.on('error', function (err) {
console.log(err);
res.send(404);
});
});
app.get("/library/:file", function(req, res) {
// Fun fact: this has security issues
// Open a read stream from the target file
var fileName = './library/' + req.params.file;
var readStream = fs.createReadStream(fileName);
// Pipe data from file into response
readStream.pipe(res);
// After all the data is saved, respond with a 200
readStream.on('end', function () {
//res.writeHead(200);
//res.end();
});
// Handle any errors on the stream
readStream.on('error', function (err) {
console.log(err);
res.send(404);
});
});
// Serve static files from "public" directory
app.use(express.static(__dirname + '/public'));
app.use(express.static(__dirname + '/js'));
// Serve an index page
app.get('/', function (req, res) {
res.sendfile(__dirname + '/public/index.html');
});
/**
* HTTP PUT /{fNNilename}.spin
* Param: Name of file to save. (No :xxx params)
* Body: Contents of file to save.
* Returns: 200 HTTP code
* Error: 404 HTTP code if the task doesn't exists
*/
app.put("/project/:file", function (req, res) {
var fileName = './project/' + req.params.file;
// Open a stream into the target file
var writeStream = fs.createWriteStream(fileName);
// Pipe data from request into file
req.pipe(writeStream);
// After all the data is saved, respond with a 200
req.on('end', function () {
res.writeHead(200);
res.end();
});
// Handle any errors on the stream
writeStream.on('error', function (err) {
console.log(err);
res.send(403);
});
});
// Any other request gets this
app.use(function(req, res){
console.log(req.url);
console.log("WTF");
res.send(404);
});
// Start listening
server.listen(3000);
console.log('Listening on port 3000');
And did I mention, it does all of this almost as fast as using C++ compiled to native code!
I'm sorry that Spikes thing is a crock. Perhaps even a scam.
From their web site:
The AirGap web security solution solves this problem with a patented, highly secure, virtualized browser isolated outside the firewall. All web content is accessed by end users through a lightweight, high performance viewer on the user desktop (and soon mobile devices). This “air gapped” separation between the user and the browser ensures that the enterprise network will never be infected by browser-borne malware.
There are so many problems with that I don't know where to start:
1) "Patented", no doubt closed source solution. That means I have no way to know how insecure it might be.
2) "Highly secure" yeah right, what's that?
3) "Browser outside the fire wall." Eeek, how insane is that? Now when I do my online banking all my secret stuff passes into their "virualized browser" over which I have no control. Why should I trut it? And it's floating around outside my nice safe firewalled area. Nuts.
4) "Air-gaped" My a**.
On the face of it it protects an enterprise by ensuring the workers are not using a browser inside the corporate network. That might be fine if your workers don't actually have to do any work with a browser. As soon as they do all that user input, server response, file upload/down load is going though a browser floating around outside a fire wall. Which no doubt still has all the same vulnerabilities as any normal browser inside the fire wall.
By the way, if I wanted to that I could do it easily by running a browser inside a virtual machine on my desktop. Say, VmWare or VirtualBox.
Or I could physically put the thing outside and use VNC to view it remotely.
Comments
Absolutely. The problem I have with JavaScript is that it's used to deliver a large amount of internet advertising. I've been using NoScript for years, and between that and a hosts file that's approaching a megabyte of blocked addresses, it's extremely rare for me to see any advertising spam at all on the internet. There are only 22 sites on my NoScript white list.
Everything you say is true.
It may be very important from some perspectives. From others it's irrelevant. Let's see: That in itself is a huge topic for debate. Let's just say that for me I think the weak typing is one of JS's strongest points. It's saves so much time for the developer and allows you to do things that are very hard otherwise. I also firmly believe all that strong typing in, say, C++, is mostly a waste of time. Just because the compiler says everything "lines up" OK and it can build a program does not mean your program is correct. You still have to test it. Notice how users of C++ end up creating things like "variant types" so they can hold all kinds of different types in an object? Why not just use a dynamically typed language and save yourself all that hard work? Quite so. But that is the same as saying: If you want to use my program you need Windows. Or you need a Mac. Or you need Linux or Android or iPad....Or it's like saying: If you want to use my program you need VB or .Net or Java....
Contrast that to: If you want to use my program you only need a recent standards compliant browser. That covers a lot more ground in one fell swoop. From my perspective this is not reasonable at all. In a world where everything moves so fast that is like supporting MSDOS or VMS. Especially crazy when users can get today's browser today at no cost and almost zero effort. True. And I don't particularly blame them. However that is no different than a user deciding they will never run whatever native executable I offer them. Or a corporation deciding it's employees are not allowed to run my exes on their work machines. This is no longer true. Server side JS has a huge following since the arrival of Node.js. (And the other frame work whose name I forget). Don't forget JS in the Qt system and many other places. True. However I'm not talking about "accessing my web site". I'm saying "here is this neat app you can run if you like". The road blocks to doing that, lock down, firewalls etc are the same as if I offered them a native executable. I'm only a beginner at this, so far all the feed back was positive. If the thing won't run on IE6 the user soon knows what they have to do. Much better than putting out binaries for a ton of different machines/architectures. How true that is. Let's see where this all leads. Of course it's pretty much impossible to "know what you're getting into before heading there". There are tons of solutions and frameworks and God knows what. Life is too short to sensibly evaluate them all. We can only go with our instincts, ask our friends, see what others have done and what issues they had.
Having been burned by many proprietary languages, operating systems, even CPU architectures. These now extinct, unsupported, systems in the past cause me to have the following criteria:
1) Open source - preferably Free Software (Capital "F" and "S").
2) Cross platform.
3) Multiple suppliers.
4) Standards compliant.
Man, I do go on, don't ?
Bottom line again is a difference of perspective. Not building web sites and attracting eyeballs and page hits but providing code that people can use...if they want.
I do sympathise. With all the Smile going on on the net blocking JS may well be a very good idea.
My point, as expounded above is this:
If I spend ages crafting a neat and useful program in C++ and offer you the binary executable are you going to run it?
How is that different than if I craft it in JavaScript and say "Here it is in your browser"?
I might argue you are safer to use the browser version that runs in the sand box of the browser rather than the exe that can let rip with your machine?
Who do you trust?
Javascript is always enabled on my PC.
I haven't seen a popup add in years because my browser blocks them unless I allow them. Those stupid flash advertisements can be blocked and allowed on demand as well.
I don't take any steps block or hinder anything.
I never see a pop up unless it's a useful part of whatever site I'm interacting with. Parallax forum attachment dialogue, or Dropbox up/download. Whatever.
Advertising almost never bothers me unless it's a commercial stuffed into the beginning of a YouTube video. If it's some tech review site or whatever plastered in adds with a two paragraph story I just leave.
From where I see it the internet is a place full of smart, intelligent people communing together
Yes, it is, but it is also full of a lot of junk.
If I go to site "A", whom I might expect to trust a bit, to see what they have to say. How is it that they can have links to javascript on sites "B", "C", "D"... that my browser cheerfully downloads and runs. Links to adds, links to analytics and other tracking stuff. All kind of Smile.
How come my browser when told to go to talk to "A" goes talks to all kind of people I never asked for? Computers and programs should do what I ask not what the site owner asks.
It's a bit like calling someone and having the phone automatically call ten other people I have never heard of to listen in. Crazy or what?
How come Firefox or Chrome or anybody does not turn that off?
Of course it may not even be the site operator directing my browser all around the place. Given the ease with which web sites are hacked it could well be a link put in place by someone neither of us knows.
That will probably get blamed on javascript too! Javascript libraries and content delivery networks - why host libraries on your own server when you can have a content delivery server host them and with just a URL in your hosted javascript, you can have the CDN server cover that portion of the bandwidth for your site?
I agree, if I choose to take any risks involved in dealing with site A, fine but I shouldn't be subjected to risk from other sites I have no idea I'm interacting with.
I run ADBLOCK Plus and ghostery on my Firefoxes and get very little unwanted content. If I do, I leave.
This why I use NoScript.
I never see any facebook or twitter logos either
They decided that since I was kind enough to take the quote (which didn't make any sense to me or them for that matter), that they would be kind enough to put me on the great solar panel industry marketing list. I receive at least 2 solar company calls every weekday. No money changed hands. I've been considering "options".
1 - Adblock Plus
2 - Video DownloadHelper
3 - Firebug
4 - NoScript Security suite
@mindrobots
I'm going to check out Ghostery, looks useful.
On this computer I only visit a limited number of websites, on my other computer I use the Tor browser.
Yes I do. This thing is clobbered together after running a demanding full time job. It is surely not written as educational source for a beginner, it is pieced together out of various internet snipped examples BY a beginner.
That is what I like about JavaScript. It is quiet easy to learn, you find tons of resources in the Internet. And it is quite powerful overall.
Sure, when I have some prove of concept for loading a propeller I will tidy it up and may even separate css and js in external files. Until then its just a experimental code.
But the Editor & spin/pasm compiler as is now is multiplatform and requires no installation on the client. It is just text. It is MIT licensed. And all the source is included. So it is open source and free software.
And I do not use any librarys like jquery or whatever . ALL source is included in those 3 text files. What do you want more?
Enjoy!
Mike
Hey, I was not getting at you re: the code layout. We all do that. For the reasons you mentioned. Actually I'm impressed with what you have done there, especially without using any libraries. I have learned a lot from it.
Can you explain more about this JavaScript webserver idea? I'm not getting it. Isn't JS executed in/by a web browser? Are you creating a server inside a browser? A snake eating its own tail?
Signed,
Confused
Check out node.js - javascript that runs on the server side. Totally cool! That's what Heater was referring to.
The first point is that no, it is not "executed in/by a web browser?".
JavaScript a fully functional language in it's own right, like Python or Perl or VB or Java.
In the browser JS is run by some JS interpreter engine. Who is to say you cannot run such an interpreter engine outside of a browser?
As it happens the Chrome browser uses the V8 interpreter from Google.
Well, you can run JS from the command line using the same V8 interpreter wrapped up in node.js. http://nodejs.org/
Node.js does not just provide a means to run JavaScript. It also provides a ton of other functionality. Like being able to read and write files, which JS in the browser cannot do. Like being a socket server or client. Like being an HTTP server.
On top of that the node.js community has built modules for doing almost anything imaginable. From MySql connections onward.
So, to the question in hand. How to make a web server in JavaScript. The simplest example looks like this:
var http = require("http"); http.createServer(function(request, response) { response.writeHead(200, {"Content-Type": "text/plain"}); response.write("Hello World"); response.end(); }).listen(8888);Put that in a file, "server.js" and run t like so: Now you can point your browser at "localhost:8888" and you will see "Hello World"
Easy hey?
The server I am using for the openspin in the browser experiments has to be able to upload files as well. It look like this:
// Import required modules and wire them up var express = require('express'); var app = express(); var server = require('http').createServer(app) var io = require('socket.io').listen(server); var fs = require('fs'); // Regular expression to match file names like "/fileName_1-2.spin" var REG_EXP_SPIN_FILE = /^\/[a-z,A-Z,0-9,\-,_]+[.]spin$/ var REG_EXP_BINARY_FILE = /^\/[a-z,A-Z,0-9,\-,_]+[.]binary$/ // Log http requests app.use(express.logger()); // We want to parse bodies when uploading files. app.use(express.bodyParser()); app.get("/project/:file", function(req, res) { // Fun fact: this has security issues // Open a read stream from the target file var fileName = './project/' + req.params.file; var readStream = fs.createReadStream(fileName); // Pipe data from file into response readStream.pipe(res); // After all the data is saved, respond with a 200 readStream.on('end', function () { //res.writeHead(200); //res.end(); }); // Handle any errors on the stream readStream.on('error', function (err) { console.log(err); res.send(404); }); }); app.get("/library/:file", function(req, res) { // Fun fact: this has security issues // Open a read stream from the target file var fileName = './library/' + req.params.file; var readStream = fs.createReadStream(fileName); // Pipe data from file into response readStream.pipe(res); // After all the data is saved, respond with a 200 readStream.on('end', function () { //res.writeHead(200); //res.end(); }); // Handle any errors on the stream readStream.on('error', function (err) { console.log(err); res.send(404); }); }); // Serve static files from "public" directory app.use(express.static(__dirname + '/public')); app.use(express.static(__dirname + '/js')); // Serve an index page app.get('/', function (req, res) { res.sendfile(__dirname + '/public/index.html'); }); /** * HTTP PUT /{fNNilename}.spin * Param: Name of file to save. (No :xxx params) * Body: Contents of file to save. * Returns: 200 HTTP code * Error: 404 HTTP code if the task doesn't exists */ app.put("/project/:file", function (req, res) { var fileName = './project/' + req.params.file; // Open a stream into the target file var writeStream = fs.createWriteStream(fileName); // Pipe data from request into file req.pipe(writeStream); // After all the data is saved, respond with a 200 req.on('end', function () { res.writeHead(200); res.end(); }); // Handle any errors on the stream writeStream.on('error', function (err) { console.log(err); res.send(403); }); }); // Any other request gets this app.use(function(req, res){ console.log(req.url); console.log("WTF"); res.send(404); }); // Start listening server.listen(3000); console.log('Listening on port 3000');And did I mention, it does all of this almost as fast as using C++ compiled to native code!Secure your browser(run javascript securely): :cool:
https://spikes.com/index.html#contact
m
I'm sorry that Spikes thing is a crock. Perhaps even a scam.
From their web site:
The AirGap web security solution solves this problem with a patented, highly secure, virtualized browser isolated outside the firewall. All web content is accessed by end users through a lightweight, high performance viewer on the user desktop (and soon mobile devices). This “air gapped” separation between the user and the browser ensures that the enterprise network will never be infected by browser-borne malware.
There are so many problems with that I don't know where to start:
1) "Patented", no doubt closed source solution. That means I have no way to know how insecure it might be.
2) "Highly secure" yeah right, what's that?
3) "Browser outside the fire wall." Eeek, how insane is that? Now when I do my online banking all my secret stuff passes into their "virualized browser" over which I have no control. Why should I trut it? And it's floating around outside my nice safe firewalled area. Nuts.
4) "Air-gaped" My a**.
On the face of it it protects an enterprise by ensuring the workers are not using a browser inside the corporate network. That might be fine if your workers don't actually have to do any work with a browser. As soon as they do all that user input, server response, file upload/down load is going though a browser floating around outside a fire wall. Which no doubt still has all the same vulnerabilities as any normal browser inside the fire wall.
By the way, if I wanted to that I could do it easily by running a browser inside a virtual machine on my desktop. Say, VmWare or VirtualBox.
Or I could physically put the thing outside and use VNC to view it remotely.
Spike is a crock. No, it is a scam.