Seriously, @email@example.com ?
Not only you went and implemented this DRM crap and now you're downloading non-free binaries behind our back???
when i said about replacing js, i meant not for the masses and thinking of retro compatibility. it was just for playing around with the possibilities. i feel anything that is though for the masses and to be widely adopted, especially something complex as an entire os, never come out of the paper without the blessings of the industry giants. better do something small, play around it and let it evolve.
@mmu_man @jorin @mozilla @Shamar
An operating system don't need to be complex and large.
#9front is a serious distributed OS that is still small: it follows the "Worse is Better" design style, while Jehanne's style can be summarized a Simplex Sigillum Veri.
I used #Debian GNU/HURD for a month a couple of decades ago... it was... funny! 😉
But don't mock it too much...
there are interesting ideas there...
Maybe one day it could surprise us!
Anyway, the value of a #hack is not in its usability but in what you can learn from it.
The best hacks are failures.
No they didn't despite the exploits above.
Would you take a drug a stranger push you to? No?
So why you blindly execute programs that can be customized for you?
Because it's convenient?
Why it is?
Except that they download it and install it (in the browser cache) but such software cannot be verified for authenticity: you cannot check the SHA512 of each #JS, each #WASM, each #HTML and each #CSS you download against a standard and well known source that everybody see (like the Debian repository, for example).
You have to trust the server..
... each #CDN they trust, all #CA existing, their hosting provider, the cloud provider that their hosting provider resell and obviously each employees of all of these corporations (most of which headed in the #US).
Oh... and you have to trust who wrote the #browser and the machine (which is actually under your responsibility).
Now you surely know this, but if you connect the dots you see how a #JS could be customized by a CDN for you
to attack your network with those attacks and you will never be able to prove (and hardly to even notice) the attack because a simple #HTTP #Cache-Control header can force the browser to remove all evidences of the attack.
And still... why?
Why we allow this?
It is convenient, but why?
The answer is VERY simple, once you see it.
So browsers became surrogate of serious distributed operating system, and indeed they tend to reproduce on a scale the centralization issues that mainframe had.
They are patches over patches over patches (several times) just to avoid fixing the problem
i certainly know all that. i was just suggesting to play around new scripting engines, new concepts of browsers, even new concepts of protocols. i didn't mean to solve actual problems with browsers as we have or operating systems at large. we are talking about different things here.
For #Jehanne I'm hacking a file protocol, #FP (I don't have much fantasy 🤣 ) that is simpler but more powerful and expressive than #9P2000 (and probably broken... but you know, you can't learn anything if you are afraid to fail) and will replace #NFS, #SMB and #HTTP.
You cannot use the same protocol to serve HyperTexts and Applications: there's no way it can be safe even if it barely works (and "works" is a huge concession).
@mmu_man That's... disappointing.
Wish it were surprising.
(Checks GNU's FTP site to see what the current version of IceCat is.)
@mmu_man Yup, and for the DRM binary the Debian package maintainers have intentionally decided not to fix it: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837091
@mmu_man To make things even better, Mozilla seems to have an intentional policy of breaking any repackaging of their software to fix issues like this. They killed Gecko embedding back in 2010, and even things like configuration keys aren't stable - turning off the "install blobs and backdoor my computer" option will only work for a release or two, and then they'll stop checking for the option before downloading stuff, so changing config options in something like a Debian package isn't enough.
Instance de l'association G3L basée à Valence, Drôme, France