@kate Looks like they're desperate for funds. It is alarming, and we should support ff somehow.
If ff fails, the web will remain chromium-only (except maybe caves of gemini). That would leave google alone to set all the rules. Somewhat doomsday scenario. So don't be too picky and keep supporting ff. If they fail in funding, we all will get ads in chromium address bar or something worse.
I wish Mozilla the best of luck in holding this back as long as possible, but unfortunately they find themselves having to make these compromises. I don't think they can do what it takes to save the web without losing what influence they still have...
@alcinnz @kate I still think their influence depends on our attitude. In this case to ads. If they are opt-in, we could just opt-in. I have no problem getting to know relevant businesses - most of info on the web is irrelevant anyway. If that could be done without tracking (e.g. subscribing to keywords) I'd probably prefer that instead of micropayments and instead google's monopoly of course.
> relevant corporations
see, I tend to see this as an oxymoron when I can imagine a world where people "promote" community/co-op/independent/etc solutions wildly to crowd big corporate advertisers out of everyone's mind space in the exact same way they currently buy ads everywhere and crowd "us" out.
I understand that wasn't the point of your message and you just meant "we should find whatever methods to fund mozilla". but.
my thoughts are like this:
if mozilla was promoting an awesome service browser users would love to use, that's one thing.
but when mozilla is featuring /Nike/ how on earth is that relevant to me. it's not.
Another thing - open source software, especially as crucial as ff, can be clearly classified as public good. It is weird how there is no political will to appreciate and fund it. At least in countries I see. Is it because there is no demand from voters? Maybe there is demand, but not yet articulated?
Most people don't know or care. I'm always surprised when people recognise ubuntu or Firefox. They know brands, not the political philosophy of FLOSS. When people do know, it's been because of social interactions with people in FLOSS. Sometimes the impression hasn't been positive for them. We have a collective responsibility for this if we want to inform people about FLOSS and how it benefits the public
@dudenas @alcinnz @kate
Speaking about public good.... This is good news.
Ha, I was just about to mention @yogthos and their toot to the EU article https://abopen.com/news/european-commission-report-declares-open-source-software-and-hardware-to-be-a-public-good/
Good news indeed, and let's hope some very positive developments flow from here.
Yeah great minds think alike, or fools 😉. Although I think the movement for a common good would be supported by citizens generally. But it does rely of grass roots as much as the media, and politicians. Social contact is the best way to counter. Folks always yearn for community.
@dudenas @alcinnz @kate @yogthos
@onepict ha ha. Yes, community is crucial, and I think we can improve much further still in representing them online, especially on the fediverse. There's big interest in the 'common good' and grassroots movements small and large are everywhere. With the right mindset you stumble upon tons of positive development. But all is very fragmented and reinventing wheels. Also 'communities of action' where actual stuff happens, are much harder to establish and foster.
@dudenas @alcinnz @kate
Now as much as I'm skeptical about change happening from the outside, the news that @webmink and Amanda Brock of Open UK will be on the Open Standards board in the UK is a good start. https://www.gov.uk/government/groups/open-standards-board. We need to work together to influence all levels of society. From local governments to parliaments. I hope this is the start of more FLOSS in our public services.
I do quite like the concept of libre myself, as free can mean different things. I'm a bit wary of the term secure as yes we do have security in the concept and many eyes can help with that. However the term can be misused as much by FLOSS projects as by proprietary player in the industry. So I'd be a bit worried when we had the next heartbleed etc. Although it is an interesting concept as a term.
@dudenas @alcinnz @kate
Or they’re looking for a free clone of some propriety software, and they aren’t willing to put up with any shortcomings, perceived or otherwise.
uspol; California and socialising FOSS
> Maybe there is demand, but not yet articulated?
I think this may be some kind of artefact of america being where a big portion of internet companies are located but also incredibly averse to advancing any bills to publicly fund anything
mozilla is out of California, and although it's a very 'blue' state it's also swarming with all the startups that swoop in to solve problems when no american in general feels like government programs could pass
> I It is weird how there is no political will to appreciate and fund it. At least in countries I see. Is it because there is no demand from voters? Maybe there is demand, but not yet articulated?
I tried to do my bit by emailing the tech spokespeople in NZ political parties a link to Nadia Eghbal's 'Roads and Bridges' report, with a bit of contextualizing comment about why it's important they read it.
So far just the idea has been floated, but apparently the need for it will become real. I would be very interested in this, also as an antidote to those who claim that open source is automagically commons, because most of the open sources have not been created by commoners. (see https://en.wikipedia.org/wiki/Elinor_Ostrom )
Slightly OT.. I saw that Drew Devault started working on visurf, based on NetSurf and intends to create a HTML + CSS framework specifically targeted to smaller browsers as 1st-class citizens.
The key point here is ”if you can verify the source”. This is in practice impossible, and JS is executed as the page loads. We can’t expect people to inspect the source code of every page before rendering.
I don’t see why JS is needed to implement small sites. I only use it for https://warmedal.se/~wobbly/ and even then only for a nicer UX. It could as well have been an ordinary web form.
@tinyrabbit @humanetech @gert @strypey @dudenas @alcinnz @kate @onepict It is not impossible, it’s just not possible within the confines of current browsers. Entirely possible via an extension or third-party app, etc.
We need it for Small Web (https://small-tech.org/research-and-development) because there’s no other way for you to own your own keys or ensure that your content is end-to-end encrypted.
Hm, It may make sense as a longshot. But almost nobody can perform security audit on their own. That means, you need to trust someone's agency. As I think of it, a perfect model would be the one, where I could choose my agent I trust to verify content for me.
On client side, probably most antivirus software claim to audit web content.. But I admit, I usually consider them more annoying than most viruses.
@dudenas @tinyrabbit @humanetech @gert @strypey @alcinnz @kate @onepict Well, there’s verification and there’s verification. I’m not talking about source code audit but at least verifying that the signature of the file matches what the organisation you trusts says it should be. Beyond that, yes, a bigger issue is having trusted agents that actually perform things like source code audits.
So which companies should I trust? How do I decide? What about vanilla JS in <script> tags? Small unknown libs?
I don’t trust React, Angular or a dozen others equally bloated libs no matter which CDN offer them. I don’t think we can build a trust system that can provide any security or trust in a meaningful definition of those words.
I really don’t see how the client has any meaningful control over a client side script other than deciding whether it should be executed or not.
I'm sorry, but this is pretty naive.
As I said, JS is executed in the browser before I've decided whether I trust it or not. Let's say I have a plugin where I allowlist sources. How do you suggest I keep that updated with all the hundreds of frameworks that pop up every day? And how do I deal with vanilla JS? Trust or not?
It makes more sense to block JS and only enable it on *sites* I trust. Not JS sources I trust.
We need JS code signatures and signature verification (I believe that's what @aral was talking about).
But any JS library will allow devs to do whatever JS is capable of doing, which is a lot. There's no guarantee that evilcorp.com uses the latest version of React in an ethical and -- to me -- secure way even if the source and signature check out.
Sorry, we may be talking about different things. Let's say I trust goodsite.org to run JS, and they import Angular. Then of course I want to be certain that the file imported is the actual Angular source that they intend to run, and not something malicious inserted in a supply chain attack.
I just realised that's probably what you mean, in which case we're in full agreement 😆
@Iutech @tinyrabbit @aral @dudenas @humanetech @gert @strypey @alcinnz @kate @onepict I think the ship has sailed with respect to trusted code. The only solution is to not trust any code, and just isolate everything. It's the kind of pragmatic approach taken by Qubes OS.
Even if there was a practical way to only run trusted code, that code could still have bugs which leads to security issues. Letting the code run in isolated containers neatly deals with this issue, at the expense of making intra-container communication more cumbersome (as any Qubes user will know)
@humanetech Relatedly I'm actively preparing to start implementing my own visual web browser (first targetting TVs & eReaders). I've already got auditory working very nicely!
I like targetting unusual human interface devices, provides me interesting constraints to keep me disciplined...
Super great to hear! I greatly admire your efforts.
Besides constraining you to appropriate scope, I think these are wonderful places to start as on these more locked-in devices our agency is taken away in ways that are harder to overcome.
I pray every day to 6,000 gods that my dumb TV does not break down, and I have to go in search of another 2nd-hand model that is not an ad-infested surveillance capitalism nightmare.
Eghbal's report uses physical infrastructure as a metaphor for digital infrastructure, as a way to work around the limited tech knowledge of political and financial decision-makers. I haven't read the whole thing yet but I read enough to think the strategy is worth a try.
masto instance for the tildeverse