[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Helping new contributors
|
From: |
Jean Louis |
|
Subject: |
Re: Helping new contributors |
|
Date: |
Wed, 14 Apr 2021 18:08:43 +0300 |
|
User-agent: |
Mutt/2.0.6 (2021-03-06) |
* quiliro@riseup.net <quiliro@riseup.net> [2021-04-14 16:46]:
>
> >> Discourse = freedom respecting software under a free software license.
> >> It runs on someone else's server. (as it is for communities) It uses
> >> javascript in your browser.
> >> why people use it = People like Discourse communities because the
> >> software has made it easy to find new posts, get rid of spam before it
> >> starts, and keep the spirit of the community going.
> >
> > You have not analysed it well. Discourse is full free software that
> > everybody may run on their own: https://github.com/discourse/discourse
>
> In fact, it being free software, presents another problem, the
> javascript trap https://www.gnu.org/philosophy/javascript-trap.en.html
> . Although ECMAscript is not the only language that runs on a browser,
> it is the most used to run the server owner's software on the client's
> machine. I think it is abusive for someone else to run software on
> my machine without me expressly installing it. Running software on a
> machine makes that software command that machine. Nobody should be
> allowed to to command some elses's machine. It is like trusting someone
> else to drive your car. It is seldom done and under very specific
> circumstances.
Discourse is free software. That means, if you wish to interact with
Discourse server, you are allowing Javascript to be installed and run,
you have freedom to modify it, distribute it, install yourself,
inspect it.
If you do not wish to interact with Discourse, do not access it.
Discourse IS free sofware.
That is definitely good to defend from execution of various
programs. If it is safe or not is not so much important, but the
principle is important, why allow millions of actions to be executed
eventually on your data without knowing what it is. True consent was
never there.
Free software should be human right.
Software does what? It computes something, but would it be related
exclusively to mathematics, I would not say much. As soon as software
starts interacting with let us say camera, voice, email, messages, any
data of a person, than that software is handling basically
administration.
Now, if we imagine, would you just randomly take somebody from street,
bring into your home to handle your papers? I bet it would not be so
randomly but it could be based on some good recommendation.
Software decision is also often based on recommendation or
popularity. Then person decides to install software and blindly tells
it "do that with my data"; even with good intentions and free
software, one cannot just trust it blindly.
But it is equivalent to set of instructions by administrator on what
to do inside of house of the user. And user does not know exactly what
is in that set of instructions.
Example is spreadsheets, they have serious problems and calculations
of a single spreadsheet could appear differently under different
software. Users will not complain much because they are not aware. But
by installing one software one trusts blindly it will do what is
expected, but it may not do, and some date may be wrongly formatted
and data changed, lost, millions of dollars lost, that is what is
happening.
Many will say, "ah, this is just software, what can happen" -- and
because they do not handle any sensitive data, nothing so much can
happen to them. What does it matter if some private files, images,
etc. is leaked, nobody is interested.
But problem is there, impacts all of the planet.
Free software does matter also when it is executed on a platform that
is non-free -- as mostly THOSE platforms are those who abuse privacy
and thus data of people.
We can find plethora of database leaks freely accessible:
https://raidforums.com/ just click on leaks, and you find databases of
all Mexicans, all Turkish people, ID cards, tax numbers, valid credit
cards, and so on. This is happening because vendors' server side
software is non-free, nobody can inspect it, bugs are hard to detect,
people intrude, crack, and win the jackpot, steal the data. But it may
also happen because some program is executed in browser.
Firefox extensions are unsafe. Would they be safe, why is there the
question that asks users to report extension as unsafe?! They are
unsafe, and while unlikely, people can do something with users' data.
Browsers are not the only problem, there are package manager that load
proprietary software into computer, such as those pip, npm and
similar, where their repositories will not check or verify for the
license.
Free software is in general insecure, but more secure and safe than
proprietary as at least we can say we have a chance to inspect it.
When I wish to browse some URL from within Emacs in safe manner, I am
executing browser from different user name, this way browser cannot
access my data in my real username.
(defun browse-safe-url (url &optional arg)
"Browse URL with safety"
(let ((username "joe")) ;; different username than my own
;; Insecurity settings for personal DISPLAY only
(shell-command "xhost +")
;; Browse URL with different username
(async-start-process "sudo" "sudo" nil "su" "-c" "--" username "-c"
(format "exec iceweasel \"%s\"" url))))
--
Jean
Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns
Sign an open letter in support of Richard M. Stallman
https://stallmansupport.org/
https://rms-support-letter.github.io/