On Thu, Feb 22, 2018 at 00:22:11 -0800, Ivan Zaigralin wrote: > What I mean by drive-by-downloading, here we get philosophical. How free is > the code which is only meant to be executed once? No one audits > 99% of this > code, and it's all in constant flux. I would even argue, there's no hope it > can ever be audited. There are already (I am sure) websites that generate > brand-new code for every visit, making this assertion literal. How do you > audit all that code? With an automated tool? An algorithm can't even solve a > halting problem, let alone audit itself out of a paper bag. > > Now put yourself in the shoes of an average web user. Average here is the key > word. Their freedoms to understand and modify the JavaScript code have all > but > completely eroded. In a traditional software distribution market they can > hire > experts to explain and fix the software for them. This is utterly > unaffordable > if every click generates new software. > > And now back to drive-by-downloading, which is important because it is > perhaps > the source of the problem. All of this is happening, as we all know very > well, > because average users are willing to run software from any source, as long as > it doesn't make their computer explode right away. They don't even understand > the basic difference between downloading data versus downloading and > executing > an arbitrary algorithm. When a blog, or a news site, or a government website > won't load because you didn't let it run an arbitrary algorithm on your > computer, that's crazy, just crazy. And the norm. These users who leave all > JavaScript on, they already buried 2 of their freedoms, and the boilerplate > license on the disposable code can't change that. They need to be told to > boycott sites which require JS to function, and to demand legislation which > would require something like HTML+CSS web fronts from commercial and > government entities. It is not at all helpful, in my opinion, to > differentiate > between varieties of JavaScript sources, because none of them should be > downloaded in the first place. Most importantly, web masters who want a free > web should stop using JavaScript, and they should be transitioning right now, > and not stop until there's nothing left for LibreJS to mark as free. All > desired JavaScript functionality can be trivially recreated via a combination > of free browser plugins and calls to free and standard libraries. The drive- > by-download culture, on the other hand, will plunge us deeper into the sea of > disposable software.
I gave a talk at LibrePlanet 2016 about these issues; maybe it'd interest you or others here: https://media.libreplanet.org/u/libreplanet/collection/restore-online-freedom/ -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com
signature.asc
Description: PGP signature
-- http://gnuzilla.gnu.org
