Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)D

debanqued

@ debanqued @beehaw.org

Posts
17
Comments
102
Joined
4 yr. ago

  • What's stopping banks from creating FOSS (or atleast open-source) banking solutions (apps)?

    Jump

  • Absolutely, you are the company paying for all the work of the FOSS app, having to ensure it meets FCC regulations for banking. It’s a huge mess. Costs millions to do.

    FCC regs, really? That’s comms. First I’m hearing the FCC regulates banks. But surely those regs must be quite lax because banks in the US are quite sloppy. One-factor auth is good enough.. if someone gets your username & PW they can spend your money. US banks are putting their websites on Cloudflare, so all sensitive banking info and transactions is shared with a tech giant. Pretty much everything is outsourced, even simply printing statements, which puts a lot of eggs in one basket. US banks get breached regularly, like Capone who didn’t even bother to encrypt data at rest on Amazon’s server, so an Amazon contractor leaked the data.

    With such lousy regulation, would it really be hard to get approval for a FOSS app?

  • What's stopping banks from creating FOSS (or atleast open-source) banking solutions (apps)?

    Jump

  • The only false dichotomy I see here is the claim that you can have FOSS /OR/ expert oversight. There’s no reason why you cannot have both and hire expert oversight on a FOSS project (at least apart from reasons of the corp bottom line).

    You also appear to equate FOSS with “security by obscurity”, which makes no sense. FOSS is not obscure, it’s the contrary. Non-free software makes use of obscurity, but that obscurity is not used as a basis for security. So neither FOSS nor non-FOSS inherently makes use of security by obscurity.

    Financial reasons to not publicize the code are technical reasons. Finance is technical.

    This is an equivocation fallacy. The OP’s use of “technical reasons” implied technological feasibility. You’ve introduced a strangely broad version of the OP’s use of that term in order to muddy the waters.

  • Chrome & Firefox are a false duopoly. Do we need another option? Should there be a public option? Should it come from Italy?

    Jump

  • Sounds like a great idea, so long as Servo has not sold out to Google in any way. If Servo is really an independent browser govs would do right by the public to make that browser officially supported by all web services by the gov and do the necessary to ensure the Servo project is funded.

  • Chrome & Firefox are a false duopoly. Do we need another option? Should there be a public option? Should it come from Italy?

    Jump

  • Millions = mere peanuts, for developed countries. That price tag is also a good reflection of the degree of privacy people are being forced to compromise in order to finance the development and maintenance of Google Chrome. A gov has a duty not to subject its people to arbitrary privacy abuses. Yet some govs are designing web services for Google Chrome and then forcing people to access those services online by removing the offline option.

  • Chrome & Firefox are a false duopoly. Do we need another option? Should there be a public option? Should it come from Italy?

    Jump

  • My comment does not imply when the first browsers were developed. Nor is it relevant. The problematic status quo sequence:

    1. offer web-based gov services
    2. leave people to their own devices.. to fend for themselves and pawn themselves to the private sector as needed to reach public resources

    .

    The sequence should have been:

    1. ensure sovereignty-respecting public tools exist
    2. offer web-based gov services that officially support the tools distributed in step 1

    .

    The internet began as a military project (government). The graphical web later emerged in the 1990s. So all governments have had 25+ years to become sovereign and ensure that the gov itself is not subjecting people to a US surveillance capitalist.

    It was only in the past ~2—3 years that my local government closed its doors and decided to force everyone to do public administration tasks online. Indeed things are happening in a reckless sequence of events. Sovereignty from US tech giants should be sorted out before a government forces people to interact with their web-based services. So w.r.t my local gov, the status quo (first sequence) now has a third step:

    1. force people to use the web-based gov services without equipping them.

    .

    Do you see the problem? Step 3 is the most abusive, and that’s quite recent.

  • Chrome & Firefox are a false duopoly. Do we need another option? Should there be a public option? Should it come from Italy?

    Jump

  • I just had a look at Debian’s official repos. No Safari browser. Did a search… found “how to install Safari on linux… start by installing WINE…” (yikes)

    So in terms of a government offering public services that need to serve all people, Safari is not an answer unless the gov finances porting it to linux.

  • The Lack of Compensation in Open Source Software is Unsustainable

    Jump

  • We can make some headway by pushing govs to adopt OSS. The Italians have a law “public money → public code”. The whole public sector including public schools should be switching to open source. And part of that would compel contributions of some form. Whether it’s code contributions or payment for support. People should be demanding that their tax revenue is not wasted on software that does not enrich the commons. With profit-driven corporations it’s always a game where a number of variables have to be just right for the company. But the public sector is very much overlooked.

    I recently looked at a Danish university and was disgusted with what I saw. They used MS Office and Google docs, and students were pushed to use those tools. They used Matlab not GNU Octave, because that’s what they saw industry using. Schools should be leading industry, not following it.

  • The Lack of Compensation in Open Source Software is Unsustainable

    Jump

  • Think about it from a manager’s position. If they pay something for nothing extra (donate), they won’t last long at the company. They are attracted to 2 benefits:

    • shedding liability for problems by outsourcing
    • special pampered treatment (again via outsourcing)

    Corps love commercial software because managers whose neck is on the line can point the finger away from themselves if something goes wrong with it (or so they think… which is what matters in the end anyway). They tend to consider FOSS when there is a fall guy. So e.g. they hire RedHat. But as I think the article mentions, that money doesn’t trickle down from there.

    We used a FOSS compiler through a separate contract. The company paid a high price for pampering by the compiler supplier. And the support was magnificent. We got the “pro” version (which for the most part was just a newer release than the version in the commons & perhaps a few extras that were just more of a luxury). But it was really about the support. Anyone on the team could file a ticket with the compiler supplier. Not just for bugs and enhancements, but if something was unclear, or if we needed to know how to do something. They always responded well, gave tips, advice, and workarounds, and if there was a bug they fixed it and we got the fix quickly. They never dropped the ball. Our bugs and enhancement requests would then make it into the core product that benefited the commons. It was a good arrangement.

    Then you consider our most heavily used FOSS tool apart from the compiler: emacs. We had an internal team who compiled it and injected our internal mods to customize it for the org. Not sure if any of our customizations would have value outside the org or if that team did PRs.

    In short, it’s not enough to just maintain the code and hope for donations. You need to offer a support package that gives 1st class treatment to corps who would pay a premium for it. I’m not sure if the emacs project offers anything comparable to the compiler we used, but I could see the folks I worked for signing up for something like that.

  • Chrome & Firefox are a false duopoly. Do we need another option? Should there be a public option? Should it come from Italy?

    Jump

  • I think I used to know that. Thanks for the reminder.

    Regarding your 2nd paragraph, that’s indeed what Cloudflare has started offering. Your browser is moved to the cloud and you effectively run a dumb terminal and get remote desktop of sorts. I think it’s pitched as a security benefit. Cloudflare has a tendency to always assume everyone fully trusts them with everything. Indeed the technology is great for snoops who want to see everything you see and do.

  • Chrome & Firefox are a false duopoly. Do we need another option? Should there be a public option? Should it come from Italy?

    Jump

  • Like the default search engine is not an example of Google’s control, it’s Mozilla’s revenue model.

    It’s both, of course. Mozilla’s revenue enables Google control. If Mozilla changes the default search to one that is not in Google’s interest, they will lose their revenue.

    The remainder sounds like personal gripes that you’re misconstruing as evidence of nefarious intent.

    It’s both. I’m a user so I notice when Mozilla makes an anti-user move. Businesses serve their customers. Mozilla’s customer is Google, not me. So Mozilla serves Google, not the users. W.r.t evidence, I gave no evidence. I did not say “this is evidence”. If you want to challenge a claim because you can’t find the evidence on your own, you can ask for the evidence.

    And as I said, I did not keep track of all Mozilla’s anti-user shenanigans over the years. So you’re not looking at a complete list of issues. It’s disingenuous to treat it as if it were.

    There’s also plenty of evidence to the contrary, total cookie protection to name but one.

    I did not mention anything about cookies, so which of my points do you think cookie protection counters what I’ve said?

    Additionally, beurocratic processes produce terrible software.

    Nonsense.

    First of all, capitalism produces terrible software when you’re the product rather than the customer. It’s often shit even when you are a paying customer. The best quality software is produced outside of capitalistic structures.

    I’ve worked on both gov and commercial environments. The gov process was superior for quality. On a commercial gig I was actually told not to fix bugs as they were spotted because it was important for the customer to discover the bug & report it so the supplier could charge them extra for the bug fix. The whole commercial work environment was rife with chasing profit (of course) which means cutting corners to cut expenses. If a developer produces something high quality in a fortune 500 company, they get back-roomed for “gold plating” (which means they’ve invested more in quality than necessary for the consumers). That doesn’t happen on gov projects.

    It’s also wrong to attribute bureaucratic processes strictly to government projects. You may have a shit-ton of bureaucracy in the governance outside of the project which leads to: “build a Mars rover”. How bureaucratic the processes are within the organization is independent of whether it’s a commercial project or not. Fortune 500 corps are inefficient due to their bureaucratic structures. I could not reuse code from one project to another within the same company because there were rules about one project benefiting from another internal pot of money. So a piece of code had to be rewritten from scratch on the other project which means more bugs than you would have if the audited code could have been reused.

    Finally, browsers are incredibly complex

    Precisely why lack of competition is problematic.

  • Chrome & Firefox are a false duopoly. Do we need another option? Should there be a public option? Should it come from Italy?

    Jump

  • If a gov were to take that kit and create a public option which is then compatible with all web services deployed by that gov, I would applaud that for sure. Would be much better than govs being subservient to tech imposed by tech giants, constraining citizens to the will of a US corporation, and allowing the private sector control so Google can cancel things not profitable for Google (like JPEG XL). The public sector should serve the public people, not the private sector corps of other countries.

  • Chrome & Firefox are a false duopoly. Do we need another option? Should there be a public option? Should it come from Italy?

    Jump

  • I’ve not been tracking them because I tend to only collect dirt on the greatest of evils. What comes to mind:

    • default search engine: Google (this is what that Google money is for officially)
    • Mozilla gave the boot to a lot of plugins and imposed some kind of control-freakish trust mechanism. Plugins/extensions were evicted from the plugin repository and they made it hard for plugin creators to distribute their plugins. I lost several very useful plugins when Mozilla took this controlling protectionist stance.
    • MAFF ditched. Mozilla abandoned a good format for archiving websites. I had a lot of content saved in *.maff files which Mozilla dropped direct support for and at the same time they blocked MAFF plugins.
    • Without Firefox, Google would be easily targeted with anti-trust actions. Google props up Mozilla just enough to be able to claim they have “competition”. Google can be most dominant when it has a crippled competitor under its influence.
    • Google killed the free world JPEG XL format. When a browser as dominant as Chrome withholds support JPEG XL, there is then no reason for web devs to use that format. Google did this because JPEG XL competes with a proprietary Google format. Firefox does not support it out of the box either, likely because of Google’s influence. Firefox users can enable it by going through some config hoops, so if Chrome alone did not kill it, that certainly would.

    I vaguely recall a slew of Mozilla actions that were anti-thetical to privacy and user interests which caused me to move them from “a decent browser” to a “lesser of evils”. Hopefully others have better records of Mozilla’s history.

    update May 2024

    • Mozilla uses data abuser Cloudflare for their exclusive access-restricted blog
    • Mozilla has decided to add more tracking to their browser to collect people’s search activity.

  • Free software in education will take a step back -- republicans are going after school board positions nationwide in the US

    Jump

  • #Apnews is Tor-hostile. I do not support excluding people so I shared a link that is open to the public and inclusive.

    If AP News would have also blocked archive.org (thus public libraries) then I would not have shared the link at out of respect for #netneutrality (access equality).

  • When the FSF Free Software Directory directs people to freedom-lacking places

    Jump

  • Indeed there is a big difference between warranted sharing and unwarranted sharing. The Snowden leaks are not about warranted sharing. There is no controversy over warranted sharing. You only muddy the waters to bring that up. It’s wholly irrelevant unless you are still actually claiming that the only sharing going on is warranted, which again is severely out of touch. You’ve not been paying attention to the Schneiere blogs. You should read them before discussing this topic. There are dozens of ways the unwarranted sharing occurs between intel agencies and tech giants, from simply buying the data commercially to backroom deals to inteligence insiders to outright malicious hacking exfiltration (which sometimes includes paying or pursuading the tech giant to simply neglect to fix a bug that the exfiltration relies on) to intelligence agencies handing a box over to the tech giant saying “here, just plug this box in on your LAN and pretend it’s not there - ask no questions”. All of those methods have been detected and exposed. It’s all there; inform yourself; I’m not going to do your homework for you. The HOW is irrelevant to the mere point that the data sharing happens without a warrant.

    Look through the repository you linked, it’s in there.

    I cited a specific article, not a repository.

  • When the FSF Free Software Directory directs people to freedom-lacking places

    Jump

  • I just encountered a website that uses alt="" on buttons. That means the text description of the button is unreadable in GUI browsers. Mouseovers were coded so you can only get the description in GUI browsers like Firefox by hovering the mouse over the icon. Lynx renders the mouseover text in place of the button. So a screen reader would work on Lynx but not on Firefox for that website.

  • When the FSF Free Software Directory directs people to freedom-lacking places

    Jump

  • For example would you visit a website if it was hosted on Windows server?

    It depends on how it is hosted. Is Tor blocked, thus forcing me to reveal metadata that identifies me to MS in order to reach the resource? If yes, then no, I would walk. Is it enshitified with popups & CAPTCHAs? If yes, then no. It comes down to what information must I share with who and what hoops do I have to go through.

    If the website is sufficiently usable without unreasonable data compromise, then the mere fact that MS is in the supply chain would not stop me using it. This is only due to global lack of social advancement. That is, when we are up to our necks in garbage, who we choose to support (and to what extent) is relative. If Cloudflare did not exist and the communities being marginalized by CF were liberated, then there would be a theoretical point where a 100% boycott on all things Microsoft would be sensible. ATM, we’re not even close to that degree of progress where picking that battle would be wise.

    I’ve known people who were absolutely like this, who wouldn’t use a site/service/etc. because it wasn’t on a 100% FOSS stack. It’s tiresome.

    It’s tiresome that exclusivity & enshitification persists on such a huge scale which encumbers people on a daily basis because there are so many pushovers feeding & pushing shitty websites. The digital rights movements are starving for more people with integrity.

    I’m all for open source, open standards, being able to modify and share the tools you use, etc. But people like that are extremists who seem to go out of their way to undermine their own credibility and message.

    It’s the hypocrisy of not practicing what you preach that undermines one’s own credibility and the digital rights mission. Quite perverse to claim the contrary— that adherence to one’s own ideology in practice would “undermine their own credibility and message.” It’s tiresome to see digital rights activists needlessly using contradictory tech that’s antithetical to the purpose they claim to support.

  • When the FSF Free Software Directory directs people to freedom-lacking places

    Jump

  • Many, many sites and services block Tor

    30% at most. Cloudflare compromises ~20—30% of the web and non-CF tor blocking is almost insignificant (likely in the 5—10% of non-CF sites range).

    and for good reason

    Most of the above-mentioned CF portion blocks Tor out of naïvety. They’re just blindly running with the shitty CF defaults not knowing they can whitelist Tor. Most don’t even know they’re blocking Tor & many don’t even know what Tor is.

    But the legit users pale in comparison.

    Nonsense. Most Tor users are legit. You’ve apparently been reading Cloudflare’s propaganda where they claim irrationally Tor users are mostly bad actors. It’s a false claim.

    If you run a financial institution, for example, or anything that houses sensitive personal information, are you willing to allow an entire threat model to attack, just to let the handful of legit users from that model? No. You wouldn’t.

    I insist on using Tor to access my bank account. Banks admit in their ToS that they use customer’s IP address for the express purpose of tracking & logging their realtime location. Some banks are more competent than others. If a bank’s security relies on arbitrary pre-emptive blocking based IP reputation, their security is not up to scratch.

    Likewise, there are FOSS projects that also demonstrate ability to serve Tor users. This will stand out when anti-feature tags are applied.

  • When the FSF Free Software Directory directs people to freedom-lacking places

    Jump

  • Being able to see bug reports is not required to use the software.

    That doesn’t quite answer the question. Nor is it strictly true. Bug tracker info is rich in workarounds for problems that hinder the use of the software.

    You’ve made the decision to block Cloudflare,

    Cloudflare’s decision, not mine. Cloudflare along with projects that use it made the (often unwitting) decision to block me, among other excluded people. Could I have executed Cloudflare’s non-free javascript to use the website, which is pushed contrary to FSF criteria C0? Perhaps, I didn’t try. Though I’ve run their garbage in the past and found that it rarely works anyway because the CAPTCHA servers themselves tend to be tor-hostile.

    It’s worth noting that when execution of JavaScript of any kind is imposed in order to obtain information, it’s not a document; it’s an application.

    Expecting free software developers to ensure that every single part of the experience is seamless for users who decide to block certain services is not reasonable.

    Expecting FSF to facilitate exclusion of free software documentation and resources (the status quo) is not reasonable.

    What is reasonable is FSF supporting their own principles:

    • All important site functionality that's enabled for use with that package works correctly (though it need not look as nice) in free browsers, including IceCat, without running any nonfree software sent by the site. (C0)
    • Does not discriminate against classes of users, or against any country. (C2)
    • Permits access via Tor (we consider this an important site function). (C3)

    The Library Bill of Rights (LBR) is also quite reasonable:

    • V. A person’s right to use a library should not be denied or abridged because of origin, age, background, or views.
    • VI. Libraries which make exhibit spaces and meeting rooms available to the public they serve should make such facilities available on an equitable basis, regardless of the beliefs or affiliations of individuals or groups requesting their use.
    • VII. All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.

    The Universal Declaration of Human Rights is also reasonable:

    • art.21 ¶2. Everyone has the right of equal access to public service in his country.
    • art.27 ¶1. Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.

    These are good ideas. These fundamental principles & rights are a minimum low bar to set that cannot be construed as “not reasonable.”

    If Cloudflare links in the #FSF #FSD are replaced with archive.org mirrors, that automatically invokes the Library Bill of Rights (as InternetArchive is an ALA member). The LBR is also consistent with FSF’s principles.

  • When the FSF Free Software Directory directs people to freedom-lacking places

    Jump

  • Should users be able to see bug reports?

    Just tried to see the bug reports for a gitlab·com project. This is what I get: