• 0 Posts
  • 1.14K Comments
Joined 10 months ago
cake
Cake day: July 15th, 2024

help-circle
  • Let’s look at a scenario where there’s an exploit that requires a change to an API.

    To the plugin API, you mean? Yes, that’s the borderline case of added complexity of having modularity.

    But in that case it’ll work similarly to browser APIs fo JS being fixed. In one case browser devs break plugins, in another they break JS libraries.

    Some plugin vendors will be slower than others, so the whole thing will see massive delays and end users are more likely to stick to insecure browser versions.

    How is this different from JS libs? Except for power imbalance.

    Just - if we are coming to Chrome devs being able to impose their will on anyone, let’s be honest about it. It has some advantages, yes. Just like Microsoft being able to impose Windows as the operating system for desktop users. Downsides too.

    Plugin vendors are going to demand the same API surface as current web standards and perhaps more, so you’re not saving anything by using plugins, and you’re dramatically increasing the complexity of rolling out a fix.

    Well, I described before why it doesn’t seem so for me.

    What I meant is that the page outside of a plugin should be static. Probably even deprecate JS at all. So - having static pages with some content in them executed in a sandbox by a plugin. Have dynamic content in containers inside static content, from user’s perspective. Like it was with Flash applications except NPAPI plugins weren’t isolated in a satisfactory manner.

    I like some things of what we have now. Just - drop things alternative browsers can’t track, and have in the browser a little standardized VM, inside which plugins (or anything) are executed. Break the vertical integration. It’s not a technical problem as much as social.

    With the web being a “platform for applications” now, as opposed to year 1995, that even makes more sense.

    I think the current web is a decent compromise. If you want your logic in something other than JavaScript, you have WebAssembly, but you don’t get access to nearly as many APIs and need to go through JavaScript. You can build your own abstraction in JavaScript however to hide that complexity from your users. The browser vendor retains the ability to fix things quickly, and devs get flexibility.

    We should have the ability to replace the browser vendor.

    Yes, WebAssembly is good, it would be even better were it the only layer for executable code in a webpage.


  • The modularization was a security nightmare. These plugins needed elevated privileges, a d they all needed to handle security themselves, and as I hope you are aware, Flash was atrocious with security.

    Those - yes. But generally something running on a page receiving keystrokes when selected and drawing in a square and interpreting something can be done securely.

    And modern browsers have done a pretty good job securing the javascript sandbox.

    One can have such a sandbox for some generic bytecode separated from everything else on the page. Would be “socially” same as then, technically better.



  • Not exactly what I said. I think these two were bad, but the idea of plugins was good.

    Especially the uncertainty of whether a user has a plugin for the specific kind of content.

    One could use different plugins, say, that plugin to show flash videos in mplayer under Unices.

    It’s worse when everyone uses Chrome or something with modern CSS, HTML5 etc support.

    The modularization was good. The idea that executable content can be different depending on plugins and is separated from the browser. I think we need that back.

    And in some sense it not being very safe was good too. Everyone knew you can’t trust your PC when it’s connected to the Interwebs, evil haxxors will pwn you, bad viruses will gangsettle it, everything confidential you had there will turn up for all to see. And one’s safety is not the real level of protection, but how it relates to perceived level of protection. That was better back then, people had realistic expectations. Now you still can be owned, even if that’s much harder, but people don’t understand in which situations the risk is more, in which less, and often have false feeling of safety.

    One thing that was definitely better is - those plugins being disabled by default, and there being a gray square on the page with an “allow content” or something button. And the Web being usable in Lynx.



  • those could easily be authenticated with a key provided at signup both to make filtering and easier and to be able to revoke authentication

    That’s what Tox links had for spam protection, an identifier of user plus an identifier of a permission. Agree on this.

    More structured … I’m not sure, maybe a few types (not like MIME content type, but more technical, type not of content, but of message itself) of messages would be good - a letter, a notice, a contact request, a hypertext page, maybe even some common state CRUD (ok, this seems outside of email, I just aesthetically love the idea of something like an email collaborative filesystem with version control, and user friendly at the same time), a permission request/update/something (for some third resource).

    Where a letter and a hypertext page would be almost open content as it is now, and a notice would have notice type and source, similarly with contact request (permission to write to us, like in normal Jabber clients, also solves those unannounced emails problem, sort of), and permission requests.

    If so, then the password reset and such fit in well enough. Spam problem would be no more, at the same time all these service messages could be allowed, and having only ID and basic operational information wouldn’t be used for spam.


  • You would be delusional to think a web browser should be worth as much as an IMAP client.

    This is a problem with web browsers and that set of protocols, not with my comparison.

    You still ultimately run networked sandboxed applications in a web browser and view hypertext, it’s an unholy hybrid between two things that should be separated.

    And it was so 20 years ago.

    For the former Java applets and Flash were used a lot, as everyone remembers. The idea of a plugin was good. The reality was kinda not so much because of security and Flash being proprietary, but still better than today. For the latter no, you don’t need something radically more complex than an IMAP client.

    I think Sun and Netscape etc made a mistake with JavaScript. Should have made plugins the main way to script pages.


  • Speaking of such things, an email client or an email server are never as monopolistic as Chrome.

    So maybe email is a good candidate for something that should be torn down and built anew right after the Web.

    Also email doesn’t have to be destroyed entirely, it’s very modular.

    Where they had UUCP paths, and now have addresses in some services, just need to have John Doe <3cec7f8c438fa578dbd3a1557b822df469490a12>, with 3cec7f8c438fa578dbd3a1557b822df469490a12 being a hash of “johndoe” here and a hash of his pubkey in reality, and his pubkey can be retrieved from some public directory.

    And have the letter signed by it (and encrypted possibly, though this of course would hurt server-side solutions of spam problem).

    Frankly they can have a common replacement, in my humble opinion. When separating identities from servers, one can do the same with websites. How is a newsgroup fundamentally different from a replicated website collaboratively edited? If a letter can have a universal identifier, what prevents one to put a hyperlink to it? If we need scripts, what prevents us from having them in a letter’s content? If we need to reach a server by hostname and IP, what prevents us from doing just that from a letter, just the letter being the primary point of entry?

    I just think that the old “vector hypertext Fidonet” joke is not so dumb, if you think what it could literally mean.







  • Typical.

    Especially when that ad was released, nobody considered piracy a crime seriously then.

    Those making the ad could probably be thinking like: something business-made, with workhours put into it, shouldn’t be pirated, that’s theft, but something made by enthusiasts can, it’s taking what doesn’t have an owner, just toys in the Internet, and also GPL is dishonest for having rules, it’s cheating and poison, it’s ownerless too, only companies doing business should be able to sue for IP violations.



  • You can, you also can have very seamless and unnoticeable surveillance over those few who would put effort into protecting their privacy.

    There’s a rule of the thumb here: if someone with power doesn’t yet do what’s clearly unacceptable and outrageous, but does painful things which are not but on the fringe, this means you just don’t know what they are really doing. It’s the same with Russia, its state security services were never hindered by any laws, but less visibility of that helps reduce public pressure.

    When someone even approaches backdoors, surveillance, nothing to hide nothing to fear, we know better, we can’t have direct democracy here, we have institutions and rules, all that, - even in words, - then you should start killing them. Immediately.

    It only seems to have many years to have totalitarianism and mafia rule all together. In reality this happens in a few weeks. You had transparency and rules and responsible citizens and democracy, a week passes, and you have undocumented prisons where people die without being convicted, surveillance of anyone even to walk near something of interest, “politicians” all knowing each other for decades, no real grassroot movements at all, even fake grassroot movements’ leaders being murdered in plain sight and never properly investigated. All this happens momentarily. The slow transition is only in appearance and only to reduce effort spent on damage control.



  • It’s a more general thought. Our actions do not have immediate visible consequences. Thus we can break everything and think we are winning.

    Also on the subject of Nazis it does possess some value, they loved analogies between relevant modern techologies of their time and sociopolitical events. Where the word “anschluss” comes from, by the way. It literally translates like “connecting”, as with electricity. Well, electricity wasn’t new, but radio was, Nazis used radio a lot and referred to use of radio to show how modern and revolutionary they are.

    Important because it applies to leftists often, if you say “leftists made Trump” or “leftists made MAGA” or “leftists broke American democracy” or something like that, it’ll sound clearly wrong, but it won’t be. USSR was a clear case of using what others made and thinking that it’s their own achievement by its administrators, most of its history, while first they were using the tremendous results of Stolypin reforms and then NEP (Lenin was a bit smarter than his buddies), and then selling fossil resources to support visibility of a working economy, but that’s kinda off topic.

    I’m not talking about x86 architecture, I’m talking about everyone using Java and Sun idea of the web, just slowly worsened and degenerate, first of all. Or Windows NT, it was fine in year 1999, but being stuck there for 20 years is just wrong.

    So, back to our day and how it’s useful, systems should have smaller latency for evolution to work well. Like those temples in Japan, which are constantly being rebuilt in all of their parts. You should be able to tear down a republic and build a new one in a couple of years.

    Getting back to Nazis - if the system they captured had smaller latency, they wouldn’t have managed to even annex Austria.



  • An Alarming Number of Anyone Believes Fortune Cookies

    Just … accept it, superstition is in human nature. When you take religion away from them, they need something, it’ll either be racism/fascism, or expanding conscience via drugs, or belief in UFOs, or communism at least, but they need something.

    The last good one was the digital revolution, globalization, world wide web, all that, no more wars (except for some brown terrorists, but the rest is fine), everyone is free and civilized now (except for those with P*tin as president and other such types, but it’s just an imperfect democracy don’t you worry), SG-1 series.

    Anything changing our lives should have an intentionally designed religious component, or humans will improvise that where they shouldn’t.