Seriously, ?
Not only you went and implemented this DRM crap and now you're downloading non-free binaries behind our back???

@mmu_man @mozilla
Hot take: Firefox may be open source but it's not free software any more than Google Chrome.

@jorin well I wouldn't put it on the same level, but it definitely has issues.

@hansbauer @jorin I wonder if NetSurf would accept support for <script type="text/lua"> :D

@hansbauer @jorin well, the script tag supports anything in theory.

i wonder how difficult it would be to port a lua engine to a web browser like netsurf.
@jorin @mozilla

@mmu_man @hansbauer @jorin @mozilla
tbh with JS to Lua transpilers kinda already existing, LuaJIT might be good enough for everyday browsing

but what if, What If!!! we just... don't put scripting into browsers.... and build better OSs instead

kinda what @Shamar is doing

@mmu_man @hansbauer @jorin @mozilla @Shamar

like, getting a new, majorly backwards incompatible technology accepted is always a big hurdle so why not fix the issue at the right level of abstraction and yeet the browser stack out the window together with bad kernels and userspaces?

i wish i could answer you. i don't know what your concept of a better os entails.
@mmu_man @jorin @mozilla @Shamar

when i said about replacing js, i meant not for the masses and thinking of retro compatibility. it was just for playing around with the possibilities. i feel anything that is though for the masses and to be widely adopted, especially something complex as an entire os, never come out of the paper without the blessings of the industry giants. better do something small, play around it and let it evolve.
@mmu_man @jorin @mozilla @Shamar

if we always think about backward compatibility, we will be made eternal. slaves of the tech giants. better do something new and better.
@mmu_man @jorin @mozilla @Shamar

@hansbauer @grainloom @mmu_man @jorin @mozilla

An operating system don't need to be complex and large.

#Jehanne strives for #simplicity and it's small:

It's also a distributed #OS that derive from #Plan9 but diverges on important aspects: it's more radical and... more broken 😇

#9front is a serious distributed OS that is still small: it follows the "Worse is Better" design style, while Jehanne's style can be summarized a Simplex Sigillum Veri.

@Shamar @hansbauer @grainloom @jorin Haiku is a little larger but still not as huge as GNU/Linux :p

@mmu_man @hansbauer @grainloom

I used #Debian GNU/HURD for a month a couple of decades ago... it was... funny! 😉

But don't mock it too much...
there are interesting ideas there...
Maybe one day it could surprise us!

Anyway, the value of a #hack is not in its usability but in what you can learn from it.

The best hacks are failures.

@Shamar @grainloom @mmu_man @hansbauer I'm a huge fan of Inferno and Haiku, personally.

A friend of mine has built some very cool stuff on 9front: .


@mmu_man @p @Shamar @hansbauer
I recommend Acme as a starting point:
(this is not on a Plan 9 system but it showcases much of the design philosophy behind it)

@grainloom @mmu_man @hansbauer

Also, if you like little editors, #Sam

Sam is not a Plan9 design showcase like #Acme because it doesn't serve a filesystem, but show more than Acme another important design goal of Plan9: keep it simple.

@mmu_man @hansbauer @grainloom @Shamar Inferno's a good way to start; it started as a Plan 9 kernel ported to userspace with a VM attached (register-based VM, JIT is supported). It can talk to most 9front services.

The 9gridchan link has a live CD that boots fine in qemu and gets you onto the grid in about 30 seconds, as well as instructions for setting up a VM on Vultr and using drawterm to talk to it.

There's also a live system, . You can test out an unfortunately limited Inferno system.

@somem @grainloom @mmu_man @hansbauer

Jehanne can export a 9P2000 filesystem that you could use from ants, but ants include some kernel hacks that have never been ported to Jehanne.

@somem @Shamar @grainloom @mmu_man @hansbauer If it can speak 9P (I haven't tried Jehanne yet, it seems like it's bearish on 9P) or it can speak to stdio, it can talk to the grid. I personally have set up a hubfs shell to talk to FreeDOS from inside acme (it *technically* worked, but wasn't super usable, for Reasons), so it's almost definitely possible to do something. mycroftiv even ported some of it to LP49.

@p @somem @Shamar @grainloom @hansbauer I've seen some work around a 9pfs in QEMU but I didn't look into it, did you check this?

@mmu_man @somem @grainloom @hansbauer

AFAIK Qemu exposes a 9pfs, but I never tried it, sorry...

@mmu_man @hansbauer @grainloom @Shamar @somem The way qemu's 9P support works is more of a driver that appears on the virtual network, I believe. Like it'll speak 9P to the guest OS, same as the SMB support. I could be wrong; I haven't used it, I usually just use the ethernet bridge.

@hansbauer @grainloom @mmu_man @jorin @mozilla

As for #JS (or #WASM) and @mozilla there is a lot to say: did they informed you of the wide class of undetectable attacks that you are vulnerable to through #Firefox?

No they didn't despite the exploits above.

Would you take a drug a stranger push you to? No?

So why you blindly execute programs that can be customized for you?

Because it's convenient?

Why it is?


@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

#Javascript is convenient to user because they don't need to download and install software.
Except that they download it and install it (in the browser cache) but such software cannot be verified for authenticity: you cannot check the SHA512 of each #JS, each #WASM, each #HTML and each #CSS you download against a standard and well known source that everybody see (like the Debian repository, for example).

You have to trust the server..

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

... each #CDN they trust, all #CA existing, their hosting provider, the cloud provider that their hosting provider resell and obviously each employees of all of these corporations (most of which headed in the #US).
Oh... and you have to trust who wrote the #browser and the machine (which is actually under your responsibility).

Now you surely know this, but if you connect the dots you see how a #JS could be customized by a CDN for you


@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

to attack your network with those attacks and you will never be able to prove (and hardly to even notice) the attack because a simple #HTTP #Cache-Control header can force the browser to remove all evidences of the attack.

So basically all those people can enter in the private network of a bank or of an hospital through users using the #Firefox browser, but for #Mozilla "this is the #Web functioning as designed".

And still... why?


@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

Why we allow this?

It is convenient, but why?

The answer is VERY simple, once you see it.

#Mainstream operating systems are too #primitive to serve the distributed computation we need.

So browsers became surrogate of serious distributed operating system, and indeed they tend to reproduce on a scale the centralization issues that mainframe had.

They are patches over patches over patches (several times) just to avoid fixing the problem

@hansbauer @grainloom @mmu_man @jorin @mozilla @mozilla

Jehanne is an attempt to fix this problem: a distributed operating system devoted to simplicity and hackability.

@grainloom @mmu_man
i certainly know all that. i was just suggesting to play around new scripting engines, new concepts of browsers, even new concepts of protocols. i didn't mean to solve actual problems with browsers as we have or operating systems at large. we are talking about different things here.

@hansbauer @grainloom @mmu_man

@alcinnz is hacking #Memex in this space: a #browser that doesn't need #JavaScript to distribute #HyperTexts, but use a more powerful markup language and more powerful style sheets.

For #Jehanne I'm hacking a file protocol, #FP (I don't have much fantasy 🤣 ) that is simpler but more powerful and expressive than #9P2000 (and probably broken... but you know, you can't learn anything if you are afraid to fail) and will replace #NFS, #SMB and #HTTP.

@hansbauer @grainloom @mmu_man @alcinnz

#Mozilla is working on #Rust and #WebAssembly with the hope to sell a #JavaScript replacement to the world looking for #Web #sanity... and to be honest I thought it was a good things until roughly 10 months ago... but the problem is that Rust or #JS... the whole architecture of the Web is broken.
You cannot use the same protocol to serve HyperTexts and Applications: there's no way it can be safe even if it barely works (and "works" is a huge concession).

@p @hansbauer @mozilla @mmu_man @jorin
please don't let the webdevs do to lua what they did to javascript
@e @hansbauer @mozilla @mmu_man @jorin Lua is too pure and great to ever be corrupted, even by left-pad people.

(But I really do wish they had added the bitwise operators sooner.)
@p @hansbauer @mozilla @mmu_man @jorin don't tempt them; they'll take it as a challenge, and before you know it every lua project will include lQuery with sixty plugins that depend on it, and they'll have monkey wrenched 89 different paradigms on to it.
@e @hansbauer @mozilla @mmu_man @jorin I think the way Lua works, the language itself would actively resist that.
@p @hansbauer @mozilla @mmu_man @jorin It's not a matter of technology, it's a matter of people. The technology will *always* bend to people. Throw millions of high-demand, low-skilled developers at Lua for 20-some years, and it will be a disaster zone too.
@e @hansbauer @mozilla @mmu_man @jorin I'm not convinced. C isn't a disaster zone; it seems to have weathered the storm of being nearly the only useful language for about a decade.

@mmu_man That's... disappointing.

Wish it were surprising.

(Checks GNU's FTP site to see what the current version of IceCat is.)

@mmu_man Yup, and for the DRM binary the Debian package maintainers have intentionally decided not to fix it:

@mmu_man To make things even better, Mozilla seems to have an intentional policy of breaking any repackaging of their software to fix issues like this. They killed Gecko embedding back in 2010, and even things like configuration keys aren't stable - turning off the "install blobs and backdoor my computer" option will only work for a release or two, and then they'll stop checking for the option before downloading stuff, so changing config options in something like a Debian package isn't enough.

@mmu_man @mozilla You know, the small oddities about Vivaldi are bothering me less and less these days...

Inscrivez-vous pour prendre part à la conversation
Mastodon G3L

Instance de l'association G3L basée à Valence, Drôme, France