On 2018年02月22日 03:22, Ivan Zaigralin wrote: > What I mean by drive-by-downloading, here we get philosophical. How free is > the code which is only meant to be executed once? No one audits > 99% of this > code, and it's all in constant flux. I would even argue, there's no hope it > can ever be audited. There are already (I am sure) websites that generate > brand-new code for every visit, making this assertion literal. How do you > audit all that code? With an automated tool? An algorithm can't even solve a > halting problem, let alone audit itself out of a paper bag. > > Now put yourself in the shoes of an average web user. Average here is the key > word. Their freedoms to understand and modify the JavaScript code have all > but > completely eroded. In a traditional software distribution market they can > hire > experts to explain and fix the software for them. This is utterly > unaffordable > if every click generates new software. > > And now back to drive-by-downloading, which is important because it is > perhaps > the source of the problem. All of this is happening, as we all know very > well, > because average users are willing to run software from any source, as long as > it doesn't make their computer explode right away. They don't even understand > the basic difference between downloading data versus downloading and > executing > an arbitrary algorithm. When a blog, or a news site, or a government website > won't load because you didn't let it run an arbitrary algorithm on your > computer, that's crazy, just crazy. And the norm. These users who leave all > JavaScript on, they already buried 2 of their freedoms, and the boilerplate > license on the disposable code can't change that. They need to be told to > boycott sites which require JS to function, and to demand legislation which > would require something like HTML+CSS web fronts from commercial and > government entities. It is not at all helpful, in my opinion, to > differentiate > between varieties of JavaScript sources, because none of them should be > downloaded in the first place. Most importantly, web masters who want a free > web should stop using JavaScript, and they should be transitioning right now, > and not stop until there's nothing left for LibreJS to mark as free. All > desired JavaScript functionality can be trivially recreated via a combination > of free browser plugins and calls to free and standard libraries. The drive- > by-download culture, on the other hand, will plunge us deeper into the sea of > disposable software.
I agree with this 100%. I've written about it here; I suggest for anyone who hasn't already to give it a read: https://onpon4.github.io/articles/kill-js.html -- Julie Marchant https://onpon4.github.io
signature.asc
Description: OpenPGP digital signature
-- http://gnuzilla.gnu.org
