Seriously, @mozilla ?
Not only you went and implemented this DRM crap and now you're downloading non-free binaries behind our back???

bugs.debian.org/cgi-bin/bugrep

@mmu_man @mozilla
Hot take: Firefox may be open source but it's not free software any more than Google Chrome.

@jorin
* new kind of browsers needed *
time to replace js with lua
@mmu_man @mozilla

@hansbauer @jorin @mozilla I wonder if NetSurf would accept support for <script type="text/lua"> :D

@mmu_man @hansbauer @jorin @mozilla
tbh with JS to Lua transpilers kinda already existing, LuaJIT might be good enough for everyday browsing

but what if, What If!!! we just... don't put scripting into browsers.... and build better OSs instead

kinda what @Shamar is doing

@mmu_man @hansbauer @jorin @mozilla @Shamar

like, getting a new, majorly backwards incompatible technology accepted is always a big hurdle so why not fix the issue at the right level of abstraction and yeet the browser stack out the window together with bad kernels and userspaces?

@grainloom
if we always think about backward compatibility, we will be made eternal. slaves of the tech giants. better do something new and better.
@mmu_man @jorin @mozilla @Shamar

@hansbauer @grainloom @mmu_man @jorin @mozilla

An operating system don't need to be complex and large.

#Jehanne strives for #simplicity and it's small: jehanne.io

It's also a distributed #OS that derive from #Plan9 but diverges on important aspects: it's more radical and... more broken πŸ˜‡

#9front is a serious distributed OS that is still small: it follows the "Worse is Better" design style, while Jehanne's style can be summarized a Simplex Sigillum Veri.

jehanne.io/2018/11/15/simplici

@hansbauer @grainloom @mmu_man @jorin @mozilla

As for #JS (or #WASM) and @mozilla there is a lot to say: did they informed you of the wide class of undetectable attacks that you are vulnerable to through #Firefox?

dev.to/shamar/the-meltdown-of-
rain-1.github.io/in-browser-lo
bugzilla.mozilla.org/show_bug.

No they didn't despite the exploits above.

Would you take a drug a stranger push you to? No?

So why you blindly execute programs that can be customized for you?

Because it's convenient?

Why it is?

1/

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

#Javascript is convenient to user because they don't need to download and install software.
Except that they download it and install it (in the browser cache) but such software cannot be verified for authenticity: you cannot check the SHA512 of each #JS, each #WASM, each #HTML and each #CSS you download against a standard and well known source that everybody see (like the Debian repository, for example).

You have to trust the server..
2/

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

... each #CDN they trust, all #CA existing, their hosting provider, the cloud provider that their hosting provider resell and obviously each employees of all of these corporations (most of which headed in the #US).
Oh... and you have to trust who wrote the #browser and the machine (which is actually under your responsibility).

Now you surely know this, but if you connect the dots you see how a #JS could be customized by a CDN for you

3/

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

to attack your network with those attacks and you will never be able to prove (and hardly to even notice) the attack because a simple #HTTP #Cache-Control header can force the browser to remove all evidences of the attack.

So basically all those people can enter in the private network of a bank or of an hospital through users using the #Firefox browser, but for #Mozilla "this is the #Web functioning as designed".

And still... why?

4/

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

Why we allow this?

It is convenient, but why?

The answer is VERY simple, once you see it.

#Mainstream operating systems are too #primitive to serve the distributed computation we need.

So browsers became surrogate of serious distributed operating system, and indeed they tend to reproduce on a scale the centralization issues that mainframe had.

They are patches over patches over patches (several times) just to avoid fixing the problem

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

Jehanne is an attempt to fix this problem: a distributed operating system devoted to simplicity and hackability.

@hansbauer @mmu_man @jorin @mozilla @mozilla

(sorry for the toot flood... but @grainloom summoned my fury... so it's his fault... πŸ˜‡ )

Follow

@Shamar
@mmu_man @grainloom
no problem. thank you for all the information.

Sign in to participate in the conversation
Fosstodon

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.