* [email protected] <[email protected]> [2021-04-14 16:46]: > > >> Discourse = freedom respecting software under a free software license. > >> It runs on someone else's server. (as it is for communities) It uses > >> javascript in your browser. > >> why people use it = People like Discourse communities because the > >> software has made it easy to find new posts, get rid of spam before it > >> starts, and keep the spirit of the community going. > > > > You have not analysed it well. Discourse is full free software that > > everybody may run on their own: https://github.com/discourse/discourse > > In fact, it being free software, presents another problem, the > javascript trap https://www.gnu.org/philosophy/javascript-trap.en.html > . Although ECMAscript is not the only language that runs on a browser, > it is the most used to run the server owner's software on the client's > machine. I think it is abusive for someone else to run software on > my machine without me expressly installing it. Running software on a > machine makes that software command that machine. Nobody should be > allowed to to command some elses's machine. It is like trusting someone > else to drive your car. It is seldom done and under very specific > circumstances.
Discourse is free software. That means, if you wish to interact with Discourse server, you are allowing Javascript to be installed and run, you have freedom to modify it, distribute it, install yourself, inspect it. If you do not wish to interact with Discourse, do not access it. Discourse IS free sofware. That is definitely good to defend from execution of various programs. If it is safe or not is not so much important, but the principle is important, why allow millions of actions to be executed eventually on your data without knowing what it is. True consent was never there. Free software should be human right. Software does what? It computes something, but would it be related exclusively to mathematics, I would not say much. As soon as software starts interacting with let us say camera, voice, email, messages, any data of a person, than that software is handling basically administration. Now, if we imagine, would you just randomly take somebody from street, bring into your home to handle your papers? I bet it would not be so randomly but it could be based on some good recommendation. Software decision is also often based on recommendation or popularity. Then person decides to install software and blindly tells it "do that with my data"; even with good intentions and free software, one cannot just trust it blindly. But it is equivalent to set of instructions by administrator on what to do inside of house of the user. And user does not know exactly what is in that set of instructions. Example is spreadsheets, they have serious problems and calculations of a single spreadsheet could appear differently under different software. Users will not complain much because they are not aware. But by installing one software one trusts blindly it will do what is expected, but it may not do, and some date may be wrongly formatted and data changed, lost, millions of dollars lost, that is what is happening. Many will say, "ah, this is just software, what can happen" -- and because they do not handle any sensitive data, nothing so much can happen to them. What does it matter if some private files, images, etc. is leaked, nobody is interested. But problem is there, impacts all of the planet. Free software does matter also when it is executed on a platform that is non-free -- as mostly THOSE platforms are those who abuse privacy and thus data of people. We can find plethora of database leaks freely accessible: https://raidforums.com/ just click on leaks, and you find databases of all Mexicans, all Turkish people, ID cards, tax numbers, valid credit cards, and so on. This is happening because vendors' server side software is non-free, nobody can inspect it, bugs are hard to detect, people intrude, crack, and win the jackpot, steal the data. But it may also happen because some program is executed in browser. Firefox extensions are unsafe. Would they be safe, why is there the question that asks users to report extension as unsafe?! They are unsafe, and while unlikely, people can do something with users' data. Browsers are not the only problem, there are package manager that load proprietary software into computer, such as those pip, npm and similar, where their repositories will not check or verify for the license. Free software is in general insecure, but more secure and safe than proprietary as at least we can say we have a chance to inspect it. When I wish to browse some URL from within Emacs in safe manner, I am executing browser from different user name, this way browser cannot access my data in my real username. (defun browse-safe-url (url &optional arg) "Browse URL with safety" (let ((username "joe")) ;; different username than my own ;; Insecurity settings for personal DISPLAY only (shell-command "xhost +") ;; Browse URL with different username (async-start-process "sudo" "sudo" nil "su" "-c" "--" username "-c" (format "exec iceweasel \"%s\"" url)))) -- Jean Take action in Free Software Foundation campaigns: https://www.fsf.org/campaigns Sign an open letter in support of Richard M. Stallman https://stallmansupport.org/ https://rms-support-letter.github.io/ _______________________________________________ libreplanet-discuss mailing list [email protected] https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
