Timeline for foss list by gnusocialjp
gnusocialjp-
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 07-Mar-2025 12:01:36 JST 
翠星石
@LorenzoAncora @tennoseremel @lxo Please put down the proprietary flavor aid.
>images, CSS, documents, most web resources have processing flaws which allow for unsandboxed code execution.
Yes, in certain cases such parsing libraries can have vulnerabilities, but those vulnerabilities are soon fixed and most exploits usually require JavaScript to successfully pull off, as a sequence of operations a user won't follow are required (while if you have arbitrary remote JavaScript execution, you can easily trigger such steps unnoticed).
I believe such librarians are now sandboxed and you can sandbox such libraries much better than you can sandbox a JavaScript JIT (which requires allowing for runtime machine code generation and then executing that machine code (write & execute), unlike a image processing library that can be fully execute-only).
>iFrame policies can often be bypassed using srcdoc, postMessage and clickjacking exploits.
srcdoc is not an exploit - it's a way to choose what page is displayed in the iframe.
Without the vulnerability of JavaScript, everything you do in an iframe only goes to the sourced webpage.
postMessage and clickjacking exploits have a hard requirement on JavaScript, as postMessage is a JavaScript function and any HTML link shown is the one you're going to visit.
>With AI, JavaScript will be indispensable to discern humans
Artificial Stupidity software is now far better at solving captchas and thoughtlessly executing JavaScript, thus I don't see how people can be reliably distinguished with JS.
>respect GDPR & NATO policies on privacy and ecology
If you don't spy on the user and don't burn copious amounts of electricity, you won't need to worry about your compliance with polices.
You can easily achieve both by not using JavaScript.
HTML webpages are fit for all things a webpage is fit for. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 07-Mar-2025 11:21:39 JST
翠星石
@Yoruka Facebook hasn't ever pirated a single book, as they don't have boats.
Facebook did in fact torrent a huge collection of books for the purposes of intentionally infringing copyright and used them to train a LLM and they leeched too (to avoid seeder anti-leech defences, they set the upload speed quite low and let some seeding happen, but only the smallest amount possible and stopped the torrent as soon as downloading was done). -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 07-Mar-2025 11:16:38 JST
翠星石
@Vo @georgia >Presumably a rat reported someone daring to wonder to the extent of spying with surveillance cameras and if it's even possible to even walk though the area in freedom.
>Presumably such persons house was invaded and the police found some handworking tools and a chemical that technically could be further processed into a bomb.
>We've foiled a bomber 1!!1!1!!111!!
>Or the whole plot was a complete fabrication. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 07-Mar-2025 11:10:10 JST
翠星石
@georgia All of below should be obvious, but I'm posting it as people genuinely don't know.
- There is no boat involved in such unauthorized or prohibited copying, therefore it is not piracy by definition.
- Much of unauthorized copying is done in a gratis manner, with the only criminals being funded being the media corporations who are paid to receive the first copy.
- As for prohibited copying only accessible via a subscription to a prohibited streaming site, such parties are only interested in not having to work as a wagie and really aren't into terrorism and real crimes. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 07-Mar-2025 11:02:42 JST
翠星石
@vertka You aren't sane if you refer to the systemd/Linux OS as "loonux". -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 22:33:15 JST
翠星石
@edwin085 The true lazy people get everything done, as they can't be assed to keep doing the same thing over an over again and instead implement free software that does it automatically. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 22:32:08 JST
翠星石
@georgia Are you inviting people to come consume the soup? -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 22:31:36 JST
翠星石
@sun Yes, every time I write what proprietary software developers get up to (including Linux developers), people refuse to believe it and come up with some excuse. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 22:30:13 JST
翠星石
@taylan Yes, the Spamhaus censors go and censor entire mailservers randomly if they feel like there's too much spam coming from them, soley to blackmail the server host to get them to do their bidding.
While it is true that most spam comes from gmail, outlook and yahoo, spam really isn't that hard to detect with Spamassassin. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 22:27:16 JST
翠星石
@lynne The strawberries, almonds and white chocolate are dried and therefore the shelf life will be acceptable. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 22:26:16 JST
翠星石
@dianathy Every single transaction is public, although the wallet addresses themselves don't necessarily dox you unless you go correlate them with yourself by handing over your details to some exchange or SaaSS wallet.
If you want a privacy cryptocurrency, you want Monero. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 22:07:52 JST
翠星石
So that's why H.264 compresses Chinese cartoons so well - it has been finetuned for that purpose.
Now only if it wasn't proprietary...
Embed this notice
-
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 20:31:52 JST
翠星石
@lightweight I haven't seen any competent free software developer use VSCode myself.
Typically such sort of developer doesn't even bother to validly license their software, thus even if it's in source form, it's proprietary.
Embed this notice
Embed this notice
-
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 20:20:27 JST
翠星石
@tatsumoto For some reason I get https://media.freesoftwareextremist.com/media/c6/bf/d1/c6bfd170ccb28a2372fa9b69ebd3da3f14edd2bdb806947357dae25336407a32.file in tor browser.
Images and videos do show in post format, but those are quite small and typically I open such in another tab so I can see them, but rather than showing such, I just get the save-as dialogue with a .file extension.
Oddly if I hit save as, it adds the correct extension. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 20:14:38 JST
翠星石
@cassidyclown Hundreds of years ago such carpentry skills were developed in response to not having enough nails available.
Even pretty flimsy wooden houses do resist earthquakes quite well, but flimsy wood builds are temporary structures, as a big earthquake or a typhoon will bring them down. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 20:06:56 JST
翠星石
@tatsumoto Please put a MIME-compliant extension name on the files you upload.
The extension for that video is .file rather than .mp4, meaning browsers will only offer to download the video and not play it. -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Thursday, 06-Mar-2025 20:04:55 JST
翠星石
@LorenzoAncora @tennoseremel @lxo >iFrames are discouraged by most web dev guidelines, as they can embed malicious remote content,
So iframes without JavaScript is bad, but a page full of malicious proprietary JavaScript without iframes is good? Huh.
Have you considered that JavaScript is always the "malicious remote content"?
>allowing criminals to inject malware, steal information, or conduct fraud
Exploitation, information exfiltration etc require JavaScript to pull off - meanwhile you cannot do any of that with just HTML.
>whereas client-side JavaScript is sandboxed within the isolated context of the webpage
Have you considered that there's always a sandbox bypass?
>with same-origin policy restrictions.
Last time I checked those can be applied to iframes just as well.
>Client-side processing grants improved responsiveness, better privacy and faster loadings, also reducing the carbon footprint by avoiding unnecessary web requests.
In reality, I find that cgit is far more responsive and loads faster and has better privacy than JavaScript-based git hosts, which are much slower and really hit the CPU hard - increasing electrical consumption substantially.
If you want to reduce CO₂ emissions, one effective move would be to eliminate JavaScript.
![Nekobit [new here]](https://gnusocial.jp/avatar/9651-24-20220911100138.webp){kind=small}
All GNU social JP content and data are available under the 
