On 2018年02月22日 03:22, Ivan Zaigralin wrote:
> What I mean by drive-by-downloading, here we get philosophical. How free is 
> the code which is only meant to be executed once? No one audits > 99% of this 
> code, and it's all in constant flux. I would even argue, there's no hope it 
> can ever be audited. There are already (I am sure) websites that generate 
> brand-new code for every visit, making this assertion literal. How do you 
> audit all that code? With an automated tool? An algorithm can't even solve a 
> halting problem, let alone audit itself out of a paper bag.
> Now put yourself in the shoes of an average web user. Average here is the key 
> word. Their freedoms to understand and modify the JavaScript code have all 
> but 
> completely eroded. In a traditional software distribution market they can 
> hire 
> experts to explain and fix the software for them. This is utterly 
> unaffordable 
> if every click generates new software.
> And now back to drive-by-downloading, which is important because it is 
> perhaps 
> the source of the problem. All of this is happening, as we all know very 
> well, 
> because average users are willing to run software from any source, as long as 
> it doesn't make their computer explode right away. They don't even understand 
> the basic difference between downloading data versus downloading and 
> executing 
> an arbitrary algorithm. When a blog, or a news site, or a government website 
> won't load because you didn't let it run an arbitrary algorithm on your 
> computer, that's crazy, just crazy. And the norm. These users who leave all 
> JavaScript on, they already buried 2 of their freedoms, and the boilerplate 
> license on the disposable code can't change that. They need to be told to 
> boycott sites which require JS to function, and to demand legislation which 
> would require something like HTML+CSS web fronts from commercial and 
> government entities. It is not at all helpful, in my opinion, to 
> differentiate 
> between varieties of JavaScript sources, because none of them should be 
> downloaded in the first place. Most importantly, web masters who want a free 
> web should stop using JavaScript, and they should be transitioning right now, 
> and not stop until there's nothing left for LibreJS to mark as free. All 
> desired JavaScript functionality can be trivially recreated via a combination 
> of free browser plugins and calls to free and standard libraries. The drive-
> by-download culture, on the other hand, will plunge us deeper into the sea of 
> disposable software.

I agree with this 100%. I've written about it here; I suggest for anyone
who hasn't already to give it a read:


Julie Marchant

Attachment: signature.asc
Description: OpenPGP digital signature


Reply via email to