Seriously, @mozilla ?
Not only you went and implemented this DRM crap and now you're downloading non-free binaries behind our back???

bugs.debian.org/cgi-bin/bugrep

@mmu_man @mozilla
Hot take: Firefox may be open source but it's not free software any more than Google Chrome.

@jorin
* new kind of browsers needed *
time to replace js with lua
@mmu_man @mozilla

@hansbauer @jorin @mozilla I wonder if NetSurf would accept support for <script type="text/lua"> :D

@mmu_man @hansbauer @jorin @mozilla
tbh with JS to Lua transpilers kinda already existing, LuaJIT might be good enough for everyday browsing

but what if, What If!!! we just... don't put scripting into browsers.... and build better OSs instead

kinda what @Shamar is doing

@mmu_man @hansbauer @jorin @mozilla @Shamar

like, getting a new, majorly backwards incompatible technology accepted is always a big hurdle so why not fix the issue at the right level of abstraction and yeet the browser stack out the window together with bad kernels and userspaces?

Follow

@grainloom
if we always think about backward compatibility, we will be made eternal. slaves of the tech giants. better do something new and better.
@mmu_man @jorin @mozilla @Shamar

@hansbauer @grainloom @mmu_man @jorin @mozilla

An operating system don't need to be complex and large.

#Jehanne strives for #simplicity and it's small: jehanne.io

It's also a distributed #OS that derive from #Plan9 but diverges on important aspects: it's more radical and... more broken 😇

#9front is a serious distributed OS that is still small: it follows the "Worse is Better" design style, while Jehanne's style can be summarized a Simplex Sigillum Veri.

jehanne.io/2018/11/15/simplici

@Shamar @hansbauer @grainloom @jorin @mozilla Haiku is a little larger but still not as huge as GNU/Linux :p

@mmu_man @hansbauer @grainloom

I used #Debian GNU/HURD for a month a couple of decades ago... it was... funny! 😉

But don't mock it too much...
there are interesting ideas there...
Maybe one day it could surprise us!

Anyway, the value of a #hack is not in its usability but in what you can learn from it.

The best hacks are failures.

@Shamar @grainloom @mmu_man @hansbauer I'm a huge fan of Inferno and Haiku, personally.

A friend of mine has built some very cool stuff on 9front: http://ants.9gridchan.org/ .

:9front:

@mmu_man @p @Shamar @hansbauer
I recommend Acme as a starting point:
research.swtch.com/acme
(this is not on a Plan 9 system but it showcases much of the design philosophy behind it)

@grainloom @mmu_man @p@freespeechextremist.com @hansbauer

Also, if you like little editors, #Sam github.com/deadpixi/sam

Sam is not a Plan9 design showcase like #Acme because it doesn't serve a filesystem, but show more than Acme another important design goal of Plan9: keep it simple.

@mmu_man @hansbauer @grainloom @Shamar Inferno's a good way to start; it started as a Plan 9 kernel ported to userspace with a VM attached (register-based VM, JIT is supported). It can talk to most 9front services.

The 9gridchan link has a live CD that boots fine in qemu and gets you onto the grid in about 30 seconds, as well as instructions for setting up a VM on Vultr and using drawterm to talk to it.

There's also a live system, http://tryinferno.reverso.be/ . You can test out an unfortunately limited Inferno system.

@somem @p@freespeechextremist.com @grainloom @mmu_man @hansbauer

No.
Jehanne can export a 9P2000 filesystem that you could use from ants, but ants include some kernel hacks that have never been ported to Jehanne.

@somem @Shamar @grainloom @mmu_man @hansbauer If it can speak 9P (I haven't tried Jehanne yet, it seems like it's bearish on 9P) or it can speak to stdio, it can talk to the grid. I personally have set up a hubfs shell to talk to FreeDOS from inside acme (it *technically* worked, but wasn't super usable, for Reasons), so it's almost definitely possible to do something. mycroftiv even ported some of it to LP49.

@p @somem @Shamar @grainloom @hansbauer I've seen some work around a 9pfs in QEMU but I didn't look into it, did you check this?

@mmu_man @p@freespeechextremist.com @somem @grainloom @hansbauer

AFAIK Qemu exposes a 9pfs, but I never tried it, sorry...

@mmu_man @hansbauer @grainloom @Shamar @somem The way qemu's 9P support works is more of a driver that appears on the virtual network, I believe. Like it'll speak 9P to the guest OS, same as the SMB support. I could be wrong; I haven't used it, I usually just use the ethernet bridge.

@Shamar
@grainloom @mmu_man
i will certainly take a look. it seems really interesting.

@hansbauer @grainloom @mmu_man @jorin @mozilla

As for #JS (or #WASM) and @mozilla there is a lot to say: did they informed you of the wide class of undetectable attacks that you are vulnerable to through #Firefox?

dev.to/shamar/the-meltdown-of-
rain-1.github.io/in-browser-lo
bugzilla.mozilla.org/show_bug.

No they didn't despite the exploits above.

Would you take a drug a stranger push you to? No?

So why you blindly execute programs that can be customized for you?

Because it's convenient?

Why it is?

1/

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

#Javascript is convenient to user because they don't need to download and install software.
Except that they download it and install it (in the browser cache) but such software cannot be verified for authenticity: you cannot check the SHA512 of each #JS, each #WASM, each #HTML and each #CSS you download against a standard and well known source that everybody see (like the Debian repository, for example).

You have to trust the server..
2/

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

... each #CDN they trust, all #CA existing, their hosting provider, the cloud provider that their hosting provider resell and obviously each employees of all of these corporations (most of which headed in the #US).
Oh... and you have to trust who wrote the #browser and the machine (which is actually under your responsibility).

Now you surely know this, but if you connect the dots you see how a #JS could be customized by a CDN for you

3/

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

to attack your network with those attacks and you will never be able to prove (and hardly to even notice) the attack because a simple #HTTP #Cache-Control header can force the browser to remove all evidences of the attack.

So basically all those people can enter in the private network of a bank or of an hospital through users using the #Firefox browser, but for #Mozilla "this is the #Web functioning as designed".

And still... why?

4/

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

Why we allow this?

It is convenient, but why?

The answer is VERY simple, once you see it.

#Mainstream operating systems are too #primitive to serve the distributed computation we need.

So browsers became surrogate of serious distributed operating system, and indeed they tend to reproduce on a scale the centralization issues that mainframe had.

They are patches over patches over patches (several times) just to avoid fixing the problem

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

Jehanne is an attempt to fix this problem: a distributed operating system devoted to simplicity and hackability.

@hansbauer @mmu_man @jorin @mozilla @mozilla

(sorry for the toot flood... but @grainloom summoned my fury... so it's his fault... 😇 )

@Shamar
@grainloom @mmu_man
i certainly know all that. i was just suggesting to play around new scripting engines, new concepts of browsers, even new concepts of protocols. i didn't mean to solve actual problems with browsers as we have or operating systems at large. we are talking about different things here.

@hansbauer @grainloom @mmu_man

@alcinnz is hacking #Memex in this space: a #browser that doesn't need #JavaScript to distribute #HyperTexts, but use a more powerful markup language and more powerful style sheets.

For #Jehanne I'm hacking a file protocol, #FP (I don't have much fantasy 🤣 ) that is simpler but more powerful and expressive than #9P2000 (and probably broken... but you know, you can't learn anything if you are afraid to fail) and will replace #NFS, #SMB and #HTTP.

@Shamar
@grainloom @mmu_man @alcinnz
wow.. wish you luck in the efforts. i will keep an eye on both.

@grainloom @alcinnz @hansbauer
No @somem, we are not AGAINST #JS, we just look beyond #JavaScript.

We just wakeup a day cured from #GroupThink and saw JavaScript for what it is: a 10 days attempt to turn Netscape into an application platform before the arrive of #Java that, as the wrong language at the right place and the right time, exploited #primitive operating systems to become a burden on all of us.

JavaScript is to #distributed computing what #Hieroglyphs are to writing.

Let's move on!

@hansbauer @grainloom @mmu_man @alcinnz

#Mozilla is working on #Rust and #WebAssembly with the hope to sell a #JavaScript replacement to the world looking for #Web #sanity... and to be honest I thought it was a good things until roughly 10 months ago... but the problem is that Rust or #JS... the whole architecture of the Web is broken.
You cannot use the same protocol to serve HyperTexts and Applications: there's no way it can be safe even if it barely works (and "works" is a huge concession).

Sign in to participate in the conversation
Fosstodon

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.