#js

iconnect@diasp.org

https://addons.mozilla.org/en-US/firefox/addon/webapi-blocker/

#restrictfeatures #finegrained #ads #js #javascript #browsertechnology #poweruser #privacy #expertprivacy #firefox #firefoxextension #firefoxaddon #trackers #tracking #fingerprint #fingerprinting #browserfingerprint #tor

WebAPI Blocker, as the name suggests, is designed to block desired JavaScript APIs. This can help to protect your privacy and prevent chances of data breach, hacking or fraud. The extension is easy to use as it has an ON|OFF button. Once you have switched the button ON, it will start to block unwanted APIs and vice versa. Adding APIs is also not a tough task; all you have to do is to type the name of the API you want to block in the designated space and then click the add button next to it. For the convenience of users, there are some commonly used APIs pre-listed in the extension.

requires to have some knowledge related to the functions of the API. If they have mistakenly blocked an API that is important to load a website, the performance of that particular website may be impacted. It may not load completely or become unresponsive. If such an issue occurs, check the APIs you have blocked, try unblocking them, refresh the tab, and check whether the website loads correctly or not. All in all, installing WebAPI Blocker extension could be a viable way to protect your privacy; however, it is important to be aware of the functions of important APIs.

canoodle@nerdpol.ch

Rant: One day either JavaScript or AutoComplete will start ww3

which pretty much reads like:

it probably has to do with: https://wiki.mozilla.org/ServerJS/Introduction

(used in firefox and/or thunderbird?)

(checkout this search for more javascript rants X-D)

one day either JavaScript or Autocomplete will cause the 3rd world war:

now imagine Biden and Putin are texting:

Biden: Dear Putin, very sorry what happened in the past.

But no worries, we will invade you for dinner.

Putin: Invade?

Biden: Sorry autocomplete. Invite you for dinner.

#linux #gnu #gnulinux #opensource #administration #sysops #javascript #js #argh #wtf #ahoh

Originally posted at: https://dwaves.de/2022/06/25/rant-one-day-either-javascript-or-autocomplete-will-start-ww3/

canoodle@nerdpol.ch

One day either JavaScript or AutoComplete will start ww3

which pretty much reads like:

it probably has to do with: https://wiki.mozilla.org/ServerJS/Introduction

(used in firefox and/or thunderbird?)

(checkout this search for more javascript rants X-D)

one day either JavaScript or Autocomplete will cause the 3rd world war:

now imagine Biden and Putin are texting:

Biden: Dear Putin, very sorry what happened in the past.

But no worries, we will invade you for dinner.

Putin: Invade?

Biden: Sorry autocomplete. Invite you for dinner.

#linux #gnu #gnulinux #opensource #administration #sysops #javascript #js #argh #wtf #ahoh

Originally posted at: https://dwaves.de/2022/06/25/one-day-either-javascript-or-autocomplete-will-start-ww3/

canoodle@nerdpol.ch

One day either JavaScript or AutoComplete will start ww3

it probably has to do with: https://wiki.mozilla.org/ServerJS/Introduction

(used in firefox and/or thunderbird?)

one day either JavaScript or Autocomplete will cause the 3rd world war:

now imagine Biden and Putin are texting:

Biden: Dear Putin, very sorry what happened in the past.

But no worries, we will invade you for dinner.

Putin: Invade?

Biden: Sorry autocomplete. Invite you for dinner.

#linux #gnu #gnulinux #opensource #administration #sysops #javascript #js #argh #wtf #ahoh

Originally posted at: https://dwaves.de/2022/06/25/one-day-either-javascript-or-autocomplete-will-start-ww3/

canoodle@nerdpol.ch

StarFive RISC-V Dual Core SoC for 179 bucks - building a riscv pc - risc-v fedora emulator in javascript in browser

Update: 2022: RISC-V Dual Core SoC for 179 bucks!

https://www.youtube.com/watch?v=4PoWAsBOsFs

https://www.youtube.com/watch?v=4PoWAsBOsFs

https://www.youtube.com/watch?v=4PoWAsBOsFs

https://www.youtube.com/watch?v=4PoWAsBOsFs

https://www.youtube.com/watch?v=4PoWAsBOsFs

where to buy? https://shop.allnetchina.cn/collections/starfive/products/starfive-visionfive-ai-single-board-computer

https://riscv.org/blog/2021/03/risc-v-star-rising-from-the-east-introducing-starfive/

https://rvspace.org

keep an eye on: RISC-V SoCs: https://riscv.org/exchange/

2018-04: RISC-V CPUs not affected by spectre & meltdown

“No announced RISC-V silicon is susceptible, and the popular open-source RISC-V Rocket processor is unaffected as it does not perform memory accesses speculatively.” (2018-01-05 src)

“If you’re selling an IoT sensor for 1 USD, how can you suddenly triple your costs by integrating secure technology, either forcing your market to bear the weight (if it will), or forcing your own company to vastly decrease its profit margins. None of this is sustainable in an ecosystem where the average ARM Cortex-M0+ costs under 0.60 USD per unit at volume with no trusted element.

My solution? RISC-V. With custom, open source, RISC-V processing technology, we can build secure processors with trust elements at a fraction of the cost of ARM processors. Integrating the RISC-V architecture into Lab Mouse, we can then offer a secure platform that is finally cost-effective.

So, in 2016, I researched the RISC-V architecture and joined the RISC-V consortium. I currently sit on the Debug, Security, and general ISA groups and hope to soon get back to participating more heavily. In 2017 at Hack in the Box Amsterdam, I demonstrated security flaws in the RISC-V processor architecture that are now resolved, proving that I put in the effort to research the architecture to ensure it is resilient enough for use in the Lab Mouse solution.” (src)

RISC-V hardware

would definitely recommend to support this project.: if one has little money:

https://www.crowdsupply.com/sifive/hifive1-rev-b ($60)

with massive amounts of money… https://www.crowdsupply.com/sifive/hifive-unleashed ($1000)

+ https://www.crowdsupply.com/microsemi/hifive-unleashed-expansion-board ($2000)

full blown RISC-V PC:

one can even build one’s own risc-v pc: (one can only hope that mass production will bring prices down)

https://vimeo.com/315869857

https://vimeo.com/215542017

https://abopen.com/news/building-a-risc-v-pc/

is still pretty expensive

microsemi offers a sata adapter for $2000

… but with $2000 also PRETTY EXPENSIVE.

https://www.heise.de/newsticker/meldung/FPGA-Erweiterung-fuers-RISC-V-Linux-Entwicklerboard-4042648.html

RISC-V emulator in Javascript? JSLinux

https://bellard.org/jslinux/

Run Linux or other Operating Systems in your browser!

The following emulated systems are available:

CPUOS (Distribution)User

InterfaceVFsync

accessStartup

LinkTEMU

ConfigCommentx86Linux 4.12.0 (Buildroot)ConsoleYesclick hereurlx86Linux 4.12.0 (Buildroot)X WindowYesclick hereurlRight mouse button for the menu.x86Windows 2000GraphicalNoclick hereurlDisclaimer.x86FreeDOSVGA TextNoclick hereurlriscv64Linux 4.15.0 (Buildroot)ConsoleYesclick hereurlriscv64Linux 4.15.0 (Buildroot)X WindowYesclick hereurlRight mouse button for the menu.riscv64Linux 4.15.0 (Fedora 29)ConsoleYesclick hereurlWarning: longer boot time.riscv64Linux 4.15.0 (Fedora 29)X WindowYesclick hereurlWarning: longer boot time. Right mouse button for the menu.© 2011-2018 Fabrice Bellard – NewsVM listFAQTechnical notes

as seen in:

http://bofh.nikhef.nl/events/FOSDEM/2019/AW1.126/riscvfedora.webm

http://bofh.nikhef.nl/events/FOSDEM/2019/AW1.126/riscvfedora.webm

what else is out there https://www.crowdsupply.com/search?q=HiFive

#linux #gnu #gnulinux #opensource #administration #sysops #riscv #browser #js #javascript #fedora #crazy #pc #risc #alternative #alternatives #hardware

Originally posted at: https://dwaves.de/2019/10/08/starfive-risc-v-dual-core-soc-for-179-bucks-building-a-riscv-pc-risc-v-fedora-emulator-in-javascript-in-browser/

canoodle@nerdpol.ch

GNU Linux -> Alternative Privacy enhanced Browsers :) (for Desktop and Mobile) - WARNING SDKs with surveillance build in! - check VPN app

who/what to trust in 2022?

it’s hard…

“A February 2020 research report published by the School of Computer Science and Statistics at Trinity College Dublin tested six browsers and deemed Brave to be the most private of them, in terms of phoning home: “In the first (most private) group lies Brave, in the second Chrome, Firefox and Safari, and in the third (least private) group lie Edge and Yandex.”[108] (src)

“From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied.”

Both send persistent identifiers that can be used to link requests (and associated IP address/location) to backend servers.”

Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers.”

“As far as we can tell this behaviour cannot be disabled by users.”

“In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.”

(src: arstechnica.com)

alternative Browsers for Mobile OS: Android

https://privacytests.org/android.html

https://privacytests.org/ios.html

alternative Browsers for Desktop OS:

update 2022-04

https://librewolf.net/

https://librewolf.net/

https://librewolf.net/docs/faq/

just for completion:

https://www.torproject.org/download/

https://www.torproject.org/download/

https://brave.com/

(currently best Browser in terms of privacy according to https://privacytests.org <- check em out they got a ton of alternative browsers also mobile)

(based on Google’s https://www.chromium.org/)

how to install for various GNU Linux distributions: https://brave.com/linux/

update 2020-10

(untested)

https://www.falkon.org/

“Vivaldi is a freeware, cross-platform web browser developed by Vivaldi Technologies, a company founded by Opera Software co-founder and former CEO Jon Stephenson von Tetzchner and Tatsuki Tomita” <- if that is a good thing… probably not.

Given the Kremlin’s naming convention “Wagner” (the Russian mercenary group killing around the globe like Ukraine but also Africa).

Antonio Vivaldi would be (almost obviously) just another classic music composer in their naming scheme (correct if wrong!?).

“The browser was officially launched on April 12, 2016.[8][9] The browser is aimed at staunch technologists, heavy Internet users, and previous Opera web browser users disgruntled by Opera’s transition from the Presto layout engine to the Blink layout engine, which removed many popular features.[8][10] Vivaldi aims to revive the old, popular features of Opera 12.[11] The browser has gained popularity since the launch of its first technical preview.[12][13] The browser has 1 million users as of January 2017.[14]

the bigger problem with Opera might be this: the Russian Yandex SDK:

  • “A development kit for applications offered for free by Yandex, the Russian tech giant, collects information, which is then stored on Russian servers.”
  • “The proximity between the company and the Kremlin raises questions about the end use of this data.”
  • “Your personal data probably ends up on Russian servers.”
  • “On Tuesday, March 29, the British daily Financial Times revealed that tens of thousands of applications have been developed using software that retrieves users’ information.”
  • “The computer tool is provided by Yandex, a Russian search engine, Google’s main competitor in this country.”
  • “The recovered data is then stored in servers in Russia and Finland.”
  • “In the clutches of the Kremlin AppMetrica’s “open access” makes it one of the most used tools on the market: 36% of applications on Google Play go through this SDK and 11% on the App Store according to Appfigures.”
  • “Among the services offered are video games, messaging apps and virtual private networks (VPNs), designed to browse the web without being tracked.”
  • 7x VPN apps are offered specifically for the Ukrainian public, according to financial times.”
  • “In total, it would be applications installed hundreds of millions of times that would be affected.”
  • auto translated from (src: numerama.com)

(… Google & Apple would NEVER do such things…. NEVER (right? X-D))

# -> what are those files doing INSIDE tor-browser bundle folder #wtf?
./tor-browser_en-US/Browser/.config/vivaldi
./tor-browser_en-US/Browser/.cache/vivaldi
./tor-browser_en-US/Browser/.local/share/.vivaldi_reporting_data

/home/user/.cache/vivaldi
/home/user/.config/vivaldi
/home/user/.local/share/.vivaldi_reporting_data

{"description":"This file contains data used for counting users.
If you are worried about privacy implications,
please see https://help.vivaldi.com/article/how-we-count-our-users/",
"installation_time":"XXXXXXXXXXXXXXXXXX","next_daily_ping":"XXXXXXXXXXXXXXXXX",
"next_monthly_ping":"XXXXXXXXXXXXXXXXXX","next_semestrial_ping":"XXXXXXXXXXXXXXXXX",
"next_trimestrial_ping":"XXXXXXXXXXXXXXXXX",
"next_weekly_ping":"XXXXXXXXXXXXXXXXX",
"next_yearly_ping":"XXXXXXXXXXXXXXXXX",
"pings_since_last_month":0,"unique_user_id":"XXXXXXXXXXXXXXXXX"}

Arora

it’s always a good idea to try out alternatives. 🙂 Welcome to Arora: (under Debian-Gnome3)

arora alternative webKit based browser (similar to firefox)_1

is a lightweight, cross-platform, free and open-source web browser

Arora is available for Linux, OS X, Windows, FreeBSD, OS/2, Haiku,[6] and any other operating system supported by the Qt toolkit. Arora’s name is a palindrome.

The browser’s features include tabbed browsing, bookmarks, browsing history, smart location bar, OpenSearch, session management, privacy mode, a download manager, WebInspector, and AdBlock.[7]

For several months, Meyer discontinued development of Arora due to uncertainty about the strictures of non-compete clauses by his employer; finally in July 2011, he announced that he would no longer contribute to the project.[8] Another software developer, Bastien Pederencino forked Arora’s source code, and published a variant called zBrowser – renamed Zeromus Browser in February 2013. In May 2013, Pederencino published another variant called BlueLightCat. In February 2014, some new patches were released on Arora’s github project page, with some Linux distributions incorporating the changes in their individual versions of Arora packages in their repositories.[9]

Source: https://en.wikipedia.org/wiki/Arora_(web_browser)

install

under Debian it’s easy as the usual:

<span style="color: #00ffff;">apt-get update</span>; # update apt package definitions
<span style="color: #00ffff;">apt-get install arora</span>; # install arora browser

Nice features:

  • fast, sleak, efficient, webkit without Google influenced Firefox (they get millions for making Google the default search engine…)
  • JavaScript and Images can be easily disabled
  • AdBlock INCLUDED 🙂
  • Nice Page-loading %percentage% view
  • Excellent https://startpage.com/ / https://ixquick.com/ integration 🙂
  • You can use all the Firefox-Hotkeys like Alt+D to select the Adress-Bar

I really love that loading %percentage display, that also shows you how big and bulky a website is: (maybe disable grafics or js) arora alternative webKit based browser (similar to firefox)_5 size of website

Nicely: Easy to disable image loading (speed up things) and javascript (security problem)

arora alternative webKit based browser (similar to firefox)_3

It has Adblock INCLUDED! 🙂 No extension needed! GOOD JOB!

arora alternative webKit based browser (similar to firefox)_2

Midori

Check out the FAQ.

Midori is a cross-platform GTK browser based on Webkit. It tracks the latest Webkit very closely, so you always have a fresh version. Midori is very lightweight and fast, but still has a lot of features. Midori is amazingly quick and can be useful for sites like Facebook which tend to slow down Firefox. Users concerned about privacy will be interested to know that Midori features Duck Duck Go as the default search engine, offers built-in ad blocking and good cookie control. An old version (0.4.3) is currently included with Ubuntu 13.10, so it is recommended that you install from the Midori PPA.

SETUP:

tested on debian:

<span style="color: #00ffff;">apt-get update; apt-get install midori</span>; # let's test this ;)

QupZilla

QupZilla is a fast Qt and Webkit based browser that is available for multiple operating systems. It features a reasonably simple interface that will seem familiar to new users. The browser is packed with options, but really offers nothing new or unique when compared to Firefox or Chromium. The QupZilla team has put together a really solid browser, but without offering something unique, I find myself asking “what’s the point?” [Install Now](apt://qupzilla)

IceCat

icecat_browser_logo_gnuzilla_fsf

GNU IceCat, formerly known as GNU IceWeasel,[3] is a free software rebranding of the Mozilla Firefox web browser distributed by the GNU Project. It is compatible with Linux, Windows, Android and macOS.[4]

IceCat is released as a part of GNUzilla, GNU’s rebranding of a code base that used to be the Mozilla Application Suite. As an internet suite, GNUzilla also includes a mail & newsgroup program and an HTML composer.

Mozilla produces free and open-source software, but the binaries include trademarked artwork. The GNU Project attempts to keep IceCat in synchronization with upstream development of Firefox (long-term support versions) while removing all trademarked artwork and non-free add-ons. It also maintains a large list of free software plugins. In addition, it features a few security features not found in the mainline Firefox browser.

https://en.wikipedia.org/wiki/GNU_IceCat

QupZilla 1.6.6 on Debian-Gnome3

qupzilla_screenshot_browser

qupzilla_screenshot_about

install

debian linux

<span style="color: #00ffff;">apt-get update</span>; # you know what this does
<span style="color: #00ffff;">apt-get install qupzilla</span>; # install qupzilla

Screenshots

Import Bookmarks.html

it’s nice that Arora and QupZilla (the naming is terrible 2 remember :-D) allow importing Firefox/Iceweasel exported bookmarks.html.

qupzilla_screenshot_toolbar_bookmarks

QupZilla even gets all the website Icons for you….

qupzilla_screenshot_preferences_bookmark_importer qupzilla_screenshot_preferences_bookmark_importer2

qupzilla_screenshot_preferences_extensions qupzilla_screenshot_preferences_javascript_options qupzilla_screenshot_preferences_privacy qupzilla_screenshot_preferences_appearance qupzilla_screenshot_preferences_downloads qupzilla_screenshot_preferences_browsing qupzilla_screenshot_preferences_browsing2 qupzilla_screenshot_preferences_tabs qupzilla_screenshot_preferences_appearance qupzilla_screenshot_preferences_bookmark_importer qupzilla_screenshot_preferences_adblock_settings

Web (Epiphany)

Web (formerly Epiphany) is the official web browser of the GNOME desktop. It is a very easy to use Webkit based browser with a simplistic user interface. In fact, Web is like the granddaddy of simple web browsers, delivering a simple user interface years before Chrome came on the scene. The browser is very speedy and polished, offering more features with each release. Web makes a great simple alternative to Firefox and Chrome. [Install Now](apt://epiphany-browser)

Bash / Command Line Browsers 🙂

Elinks

Elinks is a text based browser similar to the classic Lynx browser. It launches inside a Terminal window and presents you with only the text of websites, no images, javascript, or Flash. This can be rather useful for website developers to test their sites, or for reading information on sites that are full of annoying javascript and Flash ads.

that’s what http://google.de looks like in elinks:

<a href="https://dwaves.de/wp-content/uploads/2015/07/google.de-in-elinks.png"><img alt="google.de in elinks" class="alignnone size-full wp-image-5752" height="424" src="https://dwaves.de/wp-content/uploads/2015/07/google.de-in-elinks.png" width="910"></img></a>

Source: https://www.starryhope.com/10-alternative-browsers-for-ubuntu-linux/

Links:

http://www.linuxuser.co.uk/reviews/arora-web-browser-review

Other alternative fast / lightweight browsers: https://en.wikipedia.org/wiki/Comparison_of_lightweight_web_browsers

https://sourceforge.net/projects/zbrowser-linux/

https://sourceforge.net/projects/bluelightcat/

http://www.vavai.net/2010/01/7-lightweight-linux-browsers-you-may-want-to-consider-for-fast-browsing-experience/

how to get (a bit) more privacy:

https://dwaves.de/2022/03/31/wie-privatsphare-online-verbessern-mit-tor-und-kostenloser-vpn-firmware-fur-router-how-to-protect-privacy-online-with-tor-and-free-vpn-firmware-for-routers-how-to-setup-tor-node-%d0%ba%d0%b0/

#linux #gnu #gnulinux #opensource #administration #sysops #alternatives #browser #www #internet #web #firefox #Linux #Internet #Browser #Alternatives #html #css #js #browse #theweb #javascript #html5 #webrtc #vivaldi #android #mobile

Originally posted at: https://dwaves.de/2015/07/17/gnu-linux-alternative-privacy-enhanced-browsers-for-desktop-and-mobile-warning-sdks-with-surveillance-build-in-check-vpn-app/

canoodle@nerdpol.ch

GNU Linux -> Alternative Privacy enhanced Browsers :) (for Desktop and Mobile) - WARNING SDKs with surveillance build in!

who/what to trust in 2022?

it’s hard…

“A February 2020 research report published by the School of Computer Science and Statistics at Trinity College Dublin tested six browsers and deemed Brave to be the most private of them, in terms of phoning home: “In the first (most private) group lies Brave, in the second Chrome, Firefox and Safari, and in the third (least private) group lie Edge and Yandex.”[108] (src)

“From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied.”

Both send persistent identifiers that can be used to link requests (and associated IP address/location) to backend servers.”

Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers.”

“As far as we can tell this behaviour cannot be disabled by users.”

“In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.”

(src: arstechnica.com)

alternative Browsers for Mobile OS: Android

https://privacytests.org/android.html

https://privacytests.org/ios.html

alternative Browsers for Desktop OS:

update 2022-04

https://librewolf.net/

https://librewolf.net/

https://librewolf.net/docs/faq/

just for completion:

https://www.torproject.org/download/

https://www.torproject.org/download/

https://brave.com/

(currently best Browser in terms of privacy according to https://privacytests.org <- check em out they got a ton of alternative browsers also mobile)

(based on Google’s https://www.chromium.org/)

how to install for various GNU Linux distributions: https://brave.com/linux/

update 2020-10

(untested)

https://www.falkon.org/

“Vivaldi is a freeware, cross-platform web browser developed by Vivaldi Technologies, a company founded by Opera Software co-founder and former CEO Jon Stephenson von Tetzchner and Tatsuki Tomita” <- if that is a good thing… probably not.

“The browser was officially launched on April 12, 2016.[8][9] The browser is aimed at staunch technologists, heavy Internet users, and previous Opera web browser users disgruntled by Opera’s transition from the Presto layout engine to the Blink layout engine, which removed many popular features.[8][10] Vivaldi aims to revive the old, popular features of Opera 12.[11] The browser has gained popularity since the launch of its first technical preview.[12][13] The browser has 1 million users as of January 2017.[14]

the bigger problem with Opera might be this: the Russian Yandex SDK:

  • “A development kit for applications offered for free by Yandex, the Russian tech giant, collects information, which is then stored on Russian servers.”
  • “The proximity between the company and the Kremlin raises questions about the end use of this data.”
  • “Your personal data probably ends up on Russian servers.”
  • “On Tuesday, March 29, the British daily Financial Times revealed that tens of thousands of applications have been developed using software that retrieves users’ information.”
  • “The computer tool is provided by Yandex, a Russian search engine, Google’s main competitor in this country.”
  • “The recovered data is then stored in servers in Russia and Finland.”
  • auto translated from (src: numerama.com)

Arora

it’s always a good idea to try out alternatives. 🙂 Welcome to Arora: (under Debian-Gnome3)

arora alternative webKit based browser (similar to firefox)_1

is a lightweight, cross-platform, free and open-source web browser

Arora is available for Linux, OS X, Windows, FreeBSD, OS/2, Haiku,[6] and any other operating system supported by the Qt toolkit. Arora’s name is a palindrome.

The browser’s features include tabbed browsing, bookmarks, browsing history, smart location bar, OpenSearch, session management, privacy mode, a download manager, WebInspector, and AdBlock.[7]

For several months, Meyer discontinued development of Arora due to uncertainty about the strictures of non-compete clauses by his employer; finally in July 2011, he announced that he would no longer contribute to the project.[8] Another software developer, Bastien Pederencino forked Arora’s source code, and published a variant called zBrowser – renamed Zeromus Browser in February 2013. In May 2013, Pederencino published another variant called BlueLightCat. In February 2014, some new patches were released on Arora’s github project page, with some Linux distributions incorporating the changes in their individual versions of Arora packages in their repositories.[9]

Source: https://en.wikipedia.org/wiki/Arora_(web_browser)

install

under Debian it’s easy as the usual:

<span style="color: #00ffff;">apt-get update</span>; # update apt package definitions
<span style="color: #00ffff;">apt-get install arora</span>; # install arora browser

Nice features:

  • fast, sleak, efficient, webkit without Google influenced Firefox (they get millions for making Google the default search engine…)
  • JavaScript and Images can be easily disabled
  • AdBlock INCLUDED 🙂
  • Nice Page-loading %percentage% view
  • Excellent https://startpage.com/ / https://ixquick.com/ integration 🙂
  • You can use all the Firefox-Hotkeys like Alt+D to select the Adress-Bar

I really love that loading %percentage display, that also shows you how big and bulky a website is: (maybe disable grafics or js) arora alternative webKit based browser (similar to firefox)_5 size of website

Nicely: Easy to disable image loading (speed up things) and javascript (security problem)

arora alternative webKit based browser (similar to firefox)_3

It has Adblock INCLUDED! 🙂 No extension needed! GOOD JOB!

arora alternative webKit based browser (similar to firefox)_2

Midori

Check out the FAQ.

Midori is a cross-platform GTK browser based on Webkit. It tracks the latest Webkit very closely, so you always have a fresh version. Midori is very lightweight and fast, but still has a lot of features. Midori is amazingly quick and can be useful for sites like Facebook which tend to slow down Firefox. Users concerned about privacy will be interested to know that Midori features Duck Duck Go as the default search engine, offers built-in ad blocking and good cookie control. An old version (0.4.3) is currently included with Ubuntu 13.10, so it is recommended that you install from the Midori PPA.

SETUP:

tested on debian:

<span style="color: #00ffff;">apt-get update; apt-get install midori</span>; # let's test this ;)

QupZilla

QupZilla is a fast Qt and Webkit based browser that is available for multiple operating systems. It features a reasonably simple interface that will seem familiar to new users. The browser is packed with options, but really offers nothing new or unique when compared to Firefox or Chromium. The QupZilla team has put together a really solid browser, but without offering something unique, I find myself asking “what’s the point?” [Install Now](apt://qupzilla)

IceCat

icecat_browser_logo_gnuzilla_fsf

GNU IceCat, formerly known as GNU IceWeasel,[3] is a free software rebranding of the Mozilla Firefox web browser distributed by the GNU Project. It is compatible with Linux, Windows, Android and macOS.[4]

IceCat is released as a part of GNUzilla, GNU’s rebranding of a code base that used to be the Mozilla Application Suite. As an internet suite, GNUzilla also includes a mail & newsgroup program and an HTML composer.

Mozilla produces free and open-source software, but the binaries include trademarked artwork. The GNU Project attempts to keep IceCat in synchronization with upstream development of Firefox (long-term support versions) while removing all trademarked artwork and non-free add-ons. It also maintains a large list of free software plugins. In addition, it features a few security features not found in the mainline Firefox browser.

https://en.wikipedia.org/wiki/GNU_IceCat

QupZilla 1.6.6 on Debian-Gnome3

qupzilla_screenshot_browser

qupzilla_screenshot_about

install

debian linux

<span style="color: #00ffff;">apt-get update</span>; # you know what this does
<span style="color: #00ffff;">apt-get install qupzilla</span>; # install qupzilla

Screenshots

Import Bookmarks.html

it’s nice that Arora and QupZilla (the naming is terrible 2 remember :-D) allow importing Firefox/Iceweasel exported bookmarks.html.

qupzilla_screenshot_toolbar_bookmarks

QupZilla even gets all the website Icons for you….

qupzilla_screenshot_preferences_bookmark_importer qupzilla_screenshot_preferences_bookmark_importer2

qupzilla_screenshot_preferences_extensions qupzilla_screenshot_preferences_javascript_options qupzilla_screenshot_preferences_privacy qupzilla_screenshot_preferences_appearance qupzilla_screenshot_preferences_downloads qupzilla_screenshot_preferences_browsing qupzilla_screenshot_preferences_browsing2 qupzilla_screenshot_preferences_tabs qupzilla_screenshot_preferences_appearance qupzilla_screenshot_preferences_bookmark_importer qupzilla_screenshot_preferences_adblock_settings

Web (Epiphany)

Web (formerly Epiphany) is the official web browser of the GNOME desktop. It is a very easy to use Webkit based browser with a simplistic user interface. In fact, Web is like the granddaddy of simple web browsers, delivering a simple user interface years before Chrome came on the scene. The browser is very speedy and polished, offering more features with each release. Web makes a great simple alternative to Firefox and Chrome. [Install Now](apt://epiphany-browser)

Bash / Command Line Browsers 🙂

Elinks

Elinks is a text based browser similar to the classic Lynx browser. It launches inside a Terminal window and presents you with only the text of websites, no images, javascript, or Flash. This can be rather useful for website developers to test their sites, or for reading information on sites that are full of annoying javascript and Flash ads.

that’s what http://google.de looks like in elinks:

<a href="https://dwaves.de/wp-content/uploads/2015/07/google.de-in-elinks.png"><img alt="google.de in elinks" class="alignnone size-full wp-image-5752" height="424" src="https://dwaves.de/wp-content/uploads/2015/07/google.de-in-elinks.png" width="910"></img></a>

Source: https://www.starryhope.com/10-alternative-browsers-for-ubuntu-linux/

Links:

http://www.linuxuser.co.uk/reviews/arora-web-browser-review

Other alternative fast / lightweight browsers: https://en.wikipedia.org/wiki/Comparison_of_lightweight_web_browsers

https://sourceforge.net/projects/zbrowser-linux/

https://sourceforge.net/projects/bluelightcat/

http://www.vavai.net/2010/01/7-lightweight-linux-browsers-you-may-want-to-consider-for-fast-browsing-experience/

how to get (a bit) more privacy:

https://dwaves.de/2022/03/31/wie-privatsphare-online-verbessern-mit-tor-und-kostenloser-vpn-firmware-fur-router-how-to-protect-privacy-online-with-tor-and-free-vpn-firmware-for-routers-how-to-setup-tor-node-%d0%ba%d0%b0/

#linux #gnu #gnulinux #opensource #administration #sysops #alternatives #browser #www #internet #web #firefox #Linux #Internet #Browser #Alternatives #html #css #js #browse #theweb #javascript #html5 #webrtc #vivaldi #android #mobile

Originally posted at: https://dwaves.de/2015/07/17/gnu-linux-alternative-privacy-enhanced-browsers-for-desktop-and-mobile-warning-sdks-with-surveillance-build-in/

canoodle@nerdpol.ch

from HTML5 & Javascript blob technique to ransomeware - JS is evil (when it is allowed to do more than gui animations)

“The Duri malware, for example, uses the Javascript blob technique.

The attacks are triggered by visiting a website with the malicious code.”

(this could be a well known, sincere, but hacked website)

“By downloading, the malware can install itself on the target device.”

“HTML smuggling is also made possible by the HTML5 “Download” attribute for anchor tags.”

“When a user clicks the HTML link, a download of the file is triggered.”

“The attack therefore uses conventional HTML5 and JavaScript functions.”

“The attack occurs especially in email campaigns.”

“That is, users with Exchange Online mailboxes are also affected.”

“Spear phishing campaign can ransomware”

“This technique was noticed in a spear phishing campaign in May 2021.

“As part of these attacks, the banking Trojan Mekotio as well as AsyncRAT/NJRAT and Trickbot were infiltrated – this also means remote code execution and complete takeover of computers is possible.”

Ransomware also enters networks in this way.”

“The Microsoft 365 Defender Threat Intelligence Team shows what such an attack looks like in a Twitter post.

ISOMorph Infection: In-Depth Analysis of a New HTML Smuggling Campaign

src: translated from https://www.security-insider.de/html-smuggling-greift-netzwerke-von-innen-an-a-1109311/

Links:

https://www.bleepingcomputer.com/news/security/duri-campaign-smuggles-malware-via-html-and-javascript/

https://dwaves.de/2018/09/10/javascript-is-evil-a-major-security-problem/

https://dwaves.de/2021/02/26/the-evilness-of-javascript-dont-be-evil-twitter-strikes-again/

https://dwaves.de/2018/11/16/xiaomi-nfc-and-baseband-exploit-confirmed-javascript-is-indeed-evil-also-on-phones/

https://dwaves.de/2017/12/21/bitcoin-zcash-monero-mining-via-javascript-inside-browser-of-website-visitors/

https://dwaves.de/2018/01/04/amd-arm-intel-cpus-all-got-problems-meltdown-and-spectre-javascript-could-steal-your-firefoxs-passwords/

https://dwaves.de/2019/12/17/mail-thunderbird-disable-javascript/

#linux #gnu #gnulinux #opensource #administration #sysops #itsec #itsecurity #js #html5 #html #javascript #cyber #cybersecurity #cybersec

Originally posted at: https://dwaves.de/2022/04/13/from-html5-javascript-blob-technique-to-ransomeware-js-is-evil-when-it-is-allowed-to-do-more-than-gui-animations/

canoodle@nerdpol.ch

GNU Linux -> Alternative Browsers :) (for Desktop and Mobile)

alternative Browsers for Mobile OS: Android

https://privacytests.org/android.html

https://privacytests.org/ios.html

alternative Browsers for Desktop OS:

update 2022-04

https://librewolf.net/

https://librewolf.net/

https://librewolf.net/docs/faq/

just for completion:

https://www.torproject.org/download/

https://www.torproject.org/download/

https://brave.com/

(currently best Browser in terms of privacy according to https://privacytests.org <- check em out they got a ton of alternative browsers also mobile)

(based on Google’s https://www.chromium.org/)

how to install for various GNU Linux distributions: https://brave.com/linux/

https://vivaldi.com/

https://vivaldi.com/

Vivaldi Web Browser Made in Norway (!) by Vivaldi Technologies

(based on Google’s https://www.chromium.org/)

(It is Open Source (get the source here)! but not under GPL, but this licence)

https://vivaldi.com/blog/technology/why-isnt-vivaldi-browser-open-source/

update 2020-10

(untested)

https://www.falkon.org/

update: 2018:

https://en.wikipedia.org/wiki/Vivaldi_(web_browser)

Vivaldi is a freeware, cross-platform web browser developed by Vivaldi Technologies, a company founded by Opera Software co-founder and former CEO Jon Stephenson von Tetzchner and Tatsuki Tomita. The browser was officially launched on April 12, 2016.[8][9] The browser is aimed at staunch technologists, heavy Internet users, and previous Opera web browser users disgruntled by Opera’s transition from the Presto layout engine to the Blink layout engine, which removed many popular features.[8][10] Vivaldi aims to revive the old, popular features of Opera 12.[11] The browser has gained popularity since the launch of its first technical preview.[12][13] The browser has 1 million users as of January 2017.[14]

Arora

it’s always a good idea to try out alternatives. 🙂 Welcome to Arora: (under Debian-Gnome3)

arora alternative webKit based browser (similar to firefox)_1

is a lightweight, cross-platform, free and open-source web browser

Arora is available for Linux, OS X, Windows, FreeBSD, OS/2, Haiku,[6] and any other operating system supported by the Qt toolkit. Arora’s name is a palindrome.

The browser’s features include tabbed browsing, bookmarks, browsing history, smart location bar, OpenSearch, session management, privacy mode, a download manager, WebInspector, and AdBlock.[7]

For several months, Meyer discontinued development of Arora due to uncertainty about the strictures of non-compete clauses by his employer; finally in July 2011, he announced that he would no longer contribute to the project.[8] Another software developer, Bastien Pederencino forked Arora’s source code, and published a variant called zBrowser – renamed Zeromus Browser in February 2013. In May 2013, Pederencino published another variant called BlueLightCat. In February 2014, some new patches were released on Arora’s github project page, with some Linux distributions incorporating the changes in their individual versions of Arora packages in their repositories.[9]

Source: https://en.wikipedia.org/wiki/Arora_(web_browser)

install

under Debian it’s easy as the usual:

<span style="color: #00ffff;">apt-get update</span>; # update apt package definitions
<span style="color: #00ffff;">apt-get install arora</span>; # install arora browser

Nice features:

  • fast, sleak, efficient, webkit without Google influenced Firefox (they get millions for making Google the default search engine…)
  • JavaScript and Images can be easily disabled
  • AdBlock INCLUDED 🙂
  • Nice Page-loading %percentage% view
  • Excellent https://startpage.com/ / https://ixquick.com/ integration 🙂
  • You can use all the Firefox-Hotkeys like Alt+D to select the Adress-Bar

I really love that loading %percentage display, that also shows you how big and bulky a website is: (maybe disable grafics or js) arora alternative webKit based browser (similar to firefox)_5 size of website

Nicely: Easy to disable image loading (speed up things) and javascript (security problem)

arora alternative webKit based browser (similar to firefox)_3

It has Adblock INCLUDED! 🙂 No extension needed! GOOD JOB!

arora alternative webKit based browser (similar to firefox)_2

What features i would love to see:

  • easy Tor enable/disable buttone 😀 (if that is not making it very bulky)

Links:

http://www.linuxuser.co.uk/reviews/arora-web-browser-review

Other alternative fast / lightweight browsers: https://en.wikipedia.org/wiki/Comparison_of_lightweight_web_browsers

https://sourceforge.net/projects/zbrowser-linux/

https://sourceforge.net/projects/bluelightcat/

http://www.vavai.net/2010/01/7-lightweight-linux-browsers-you-may-want-to-consider-for-fast-browsing-experience/

Midori

Check out the FAQ.

Midori is a cross-platform GTK browser based on Webkit. It tracks the latest Webkit very closely, so you always have a fresh version. Midori is very lightweight and fast, but still has a lot of features. Midori is amazingly quick and can be useful for sites like Facebook which tend to slow down Firefox. Users concerned about privacy will be interested to know that Midori features Duck Duck Go as the default search engine, offers built-in ad blocking and good cookie control. An old version (0.4.3) is currently included with Ubuntu 13.10, so it is recommended that you install from the Midori PPA.

SETUP:

tested on debian:

<span style="color: #00ffff;">apt-get update; apt-get install midori</span>; # let's test this ;)

QupZilla

QupZilla is a fast Qt and Webkit based browser that is available for multiple operating systems. It features a reasonably simple interface that will seem familiar to new users. The browser is packed with options, but really offers nothing new or unique when compared to Firefox or Chromium. The QupZilla team has put together a really solid browser, but without offering something unique, I find myself asking “what’s the point?” [Install Now](apt://qupzilla)

IceCat

icecat_browser_logo_gnuzilla_fsf

GNU IceCat, formerly known as GNU IceWeasel,[3] is a free software rebranding of the Mozilla Firefox web browser distributed by the GNU Project. It is compatible with Linux, Windows, Android and macOS.[4]

IceCat is released as a part of GNUzilla, GNU’s rebranding of a code base that used to be the Mozilla Application Suite. As an internet suite, GNUzilla also includes a mail & newsgroup program and an HTML composer.

Mozilla produces free and open-source software, but the binaries include trademarked artwork. The GNU Project attempts to keep IceCat in synchronization with upstream development of Firefox (long-term support versions) while removing all trademarked artwork and non-free add-ons. It also maintains a large list of free software plugins. In addition, it features a few security features not found in the mainline Firefox browser.

https://en.wikipedia.org/wiki/GNU_IceCat

QupZilla 1.6.6 on Debian-Gnome3

qupzilla_screenshot_browser

qupzilla_screenshot_about

install

debian linux

apt-get update; # you know what this does
apt-get install qupzilla; # install qupzilla

Screenshots

Import Bookmarks.html

it’s nice that Arora and QupZilla (the naming is terrible 2 remember :-D) allow importing Firefox/Iceweasel exported bookmarks.html.

qupzilla_screenshot_toolbar_bookmarks

QupZilla even gets all the website Icons for you….

qupzilla_screenshot_preferences_bookmark_importer qupzilla_screenshot_preferences_bookmark_importer2

qupzilla_screenshot_preferences_extensions qupzilla_screenshot_preferences_javascript_options qupzilla_screenshot_preferences_privacy qupzilla_screenshot_preferences_password_manager qupzilla_screenshot_preferences_downloads qupzilla_screenshot_preferences_browsing qupzilla_screenshot_preferences_browsing2 qupzilla_screenshot_preferences_tabs qupzilla_screenshot_preferences_appearance qupzilla_screenshot_preferences_general qupzilla_screenshot_preferences_adblock_settings

Web (Epiphany)

Web (formerly Epiphany) is the official web browser of the GNOME desktop. It is a very easy to use Webkit based browser with a simplistic user interface. In fact, Web is like the granddaddy of simple web browsers, delivering a simple user interface years before Chrome came on the scene. The browser is very speedy and polished, offering more features with each release. Web makes a great simple alternative to Firefox and Chrome. [Install Now](apt://epiphany-browser)

Bash / Command Line Browsers 🙂

Elinks

Elinks is a text based browser similar to the classic Lynx browser. It launches inside a Terminal window and presents you with only the text of websites, no images, javascript, or Flash. This can be rather useful for website developers to test their sites, or for reading information on sites that are full of annoying javascript and Flash ads.

that’s what http://google.de looks like in elinks:

<a href="https://dwaves.de/wp-content/uploads/2015/07/google.de-in-elinks.png"><img alt="google.de in elinks" class="alignnone size-full wp-image-5752" height="424" src="https://dwaves.de/wp-content/uploads/2015/07/google.de-in-elinks.png" width="910"></img></a>

Source: https://www.starryhope.com/10-alternative-browsers-for-ubuntu-linux/

#linux #gnu #gnulinux #opensource #administration #sysops #alternatives #browser #www #internet #web #firefox #Linux #Internet #Browser #Alternatives #html #css #js #browse #theweb #javascript #html5 #webrtc #vivaldi #android #mobile

Originally posted at: https://dwaves.de/2015/07/17/gnu-linux-alternative-browsers-for-desktop-and-mobile/

canoodle@nerdpol.ch

Open Letter to Mozilla - Google's Browser dominance - is Firefox not listening to user's needs/requests? - Linus view on it-security

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0

Hello Dear Mozilla / Dear Firefox management & DevTeam,

using this rss app to stay up to date with various open source related blogs & sites., what cought the user’s eye was this headline:

“Firefox Lost Almost 50 million Users: Here’s Why It is Concerning”

https://gs.statcounter.com/browser-market-share

https://gs.statcounter.com/browser-market-share

“Mozilla’s Firefox is losing users big time since 2018, why are users moving away from it? Is this something to be worried about?”

by Ankush Das, August 4, 2021 src: https://news.itsfoss.com/firefox-decline/

Actual results:

Ankush Das published an article, claiming that the beloved Firefox (used to be Netscape) the beacon of the free wild wild web was constantly using users because it was not listening to their requirements.

src: https://news.itsfoss.com/firefox-decline/

some (possible) explanations:

“Chrome browser automatically translated my Greek articles!”

“People normally choose to use Chrome due to it’s speed and simplicity.”

“Mozilla Firefox ( and duckduckgo search engine) are used very widely. That’s my preferred combination too. Chrome is fully featured no doubt but its popularity is also due to its marketing. Many people fall for this gimmick.”

src: www.quora.com

another explanation:

https://gs.statcounter.com/os-market-share

https://gs.statcounter.com/os-market-share

The amount of Mobile Devices (SmartPhones, Tablets) has exploded in contrast to the amount of “traditional” PCs and Laptops.

Google’s Chrome is THE DEFAULT mobile browser on Android (unless tech savy and privacy concerned users install Firefox Mobile)

so: Mozilla, maybe u should start building privacy respecting, fast, great designed SmartPhones with a great camera 🙂 and Firefox Mobile the default browser 🙂

in software, simplicity is defintely key

no matter the gui or the code: it is okay and good and great that Mozilla-Firefox is following the UNIX philosophy of “keep it simple”: keeping a software simple means: the code is better to maintain, it compiles faster, bugs are found faster, testing is faster, the end result will be a better software with security, reliably and speed.

https://dwaves.de/2017/05/02/the-unix-philosophy-simple-and-beautiful-so-it-just-works/

problem: of course users got needs. like: do not break userspace.

Just as Windows user’s should really complain about the massive changes (and not in a good way) of the GUI called the Windows Desktop from Windows 7 to Windows 10 (absolute catastrophe).

It is just like changing the appearance of a screw-driver… it is still a screw-driver… but when it looks and handles completely different, users might not recognize it as a screw-driver anymore.

So users will have to spend massive amounts of time already-known-GUIs, which is a complete waste and disrespect of the user’s time aka a massive M$ caused in-efficiency in computing.

There is another interesting GNU-LINUX principle coming from Linus Torvalds: do not break userspace.

So Mozilla should really really take the user’s needs into consideration.

of course the most important need is still:

a fast & safe (!!!) renderer of html, css and evil evil JavaScript of massive exploitation (imho js should be reduced to very very basic functionalities… because it is pretty frightening that a js-script put into a hacked website like yahoo.com could scan ever user’s network for outdated vulnerable hardware and actually start attacking it, which will compromise the whole network and will probably used for DDoSing other sites).

what about this: keep a list of features and requests and ideas that users commited and “let em vote” on importance (like a star or a heart symbol to click on).

at the end of the month sit together and discuss how and when the top 3 features could be implemented. (with or without complete rewrite 🙂

what about security?

holy crap hope this is fixed by now?

auto translated from: https://www.playground.ru/misc/news/staryj_bag_firefox_obnaruzhennyj_eschyo_9_let_nazad_pozvolyaet_vorovat_paroli-291267

March 20, 2018:

An old Firefox bug discovered 9 years ago allows you to steal passwords

The popular Firefox browser has been using an outdated password saving scheme for 9 years, which can be cracked using modern graphics adapters in less than a minute.

Firefox and Thunderbird allow users to set a master password for added security. As it turned out, this function used the SHA1 cryptographic hashing algorithm for a long period of time, the encryption mechanism of which is easy to crack.

The vulnerability was discovered by Wladimir Palant, author of the AdBlock Plus extension for blocking ads in browsers. The most interesting thing is that the flaw is already a long-standing one, it was first reported 9 years ago (!). However, during this time, Firefox developers have not fixed the error.

“I looked into the source code and found the sftkdb_passwordToKey () function, which converts the [website’s] password to an encryption key by applying SHA-1 hashing to a string consisting of the actual master password and random characters,” Vladimir Palant wrote in his blog.”

The problem is that the SHA-1 loop counter is one, meaning the function is applied once. Usually, the cycle counter is 10k or more, for example, in LastPass it is equal to 100k. This allows hackers and intruders to easily decrypt the master password and gain access to all stored user passwords. According to Palant, the GTX 1080 graphics card is capable of calculating 8.5 million SHA1 hashes in one second.

At the moment, the problem remains relevant, as well as the topic that the developer raised again on the official Mozilla forum on the detected bugs. Representatives of the company assured that they will soon release a new tool for the master password in the browser called Lockbox. In the meantime, users should come up with a longer password. Just in case.

could not find an update to this topic… https://www.reddit.com/r/firefox/comments/etkt3m/is_firefoxs_master_password_encryption_still_weak/

Linus: Do not break UserSpace

not even for security fixes?

“So from a user standpoint, the hardening was just a big nasty annoyance, and probably made their workflow _break_, without actually helping their case at all, because they never really saw the original bug as a problem to begin with.”

Torvalds’ post explained his view that “… the number one rule of kernel development is that ‘we don’t break users’.”

“Because without users, your program is pointless, and all the development work you’ve done over decades is pointless.”

“Because in the end, those users really do matter. Without those users, your system may be ‘secure’, but all your security work was still just masturbation. You didn’t do anything useful at all in the end.”

src: theregister.com

Torvalds post explained his attitude to security, namely that “security problems are just bugs” rather than opportunities to change the way the kernel behaves.

“The important part about ‘just bugs’ is that you need to understand that the patches you then introduce for things like hardening are primarly [sic] for DEBUGGING.”

“I’m not at all interested in killing processes. The only process I’m interested in is the _development_ process, where we find bugs and fix them.”

src: www.theregister.com

related links:

https://news.slashdot.org/story/21/09/12/181257/ask-slashdot-why-is-firefox-losing-users

https://www.fastcompany.com/90174010/bye-chrome-why-im-switching-to-firefox-and-you-should-too

possible alternatives?

The Browser from Norway / Iceland 🙂

https://vivaldi.com/download/

wiki page about vivaldi

best regards

a concerned long-term-firefox-user (LTU)

#linux #gnu #gnulinux #opensource #administration #sysops #web #mozilla #firefox #chrome #google #android #inet #www #internet #html #js #javascript #vivaldi #opera

Originally posted at: https://dwaves.de/2021/09/15/open-letter-to-mozilla-googles-browser-dominance-is-firefox-not-listening-to-users-needs-requests-linus-view-on-it-security/

bh@sysad.org

Free/Libre Open Source Software and not very free…

Open Swiss Knife

Lets look software development at languages like Python, JavaScript, Ruby, GoLang, etc.

Creators of these languages maintain their own repositories of open source software written at appropriate language. Each language have its own repository. The repository is very large and contains newest versions of software.

Repository owners (creators of an appropriate programming language) provides a powerful tools for easy search and install software from this repository.

The repository contains regular applications that you can run and so-called libraries. Programming library – is the set of functions, components and algorithms aimed to help developers to create their applications and possibly other libraries. For example, you’re writing a graphics editor and you want to introduce a blur effect. Instead of writing code of this effect from scratch, you may attach a library of functions for image processing which can do make a blur too.

Listed languages allow you to easily attach libraries from their repositories to your programs. Usually is enough to write names of wanted libraries into special file in your program directory. All the listed libraries will be installed automatically. And it’s not all – the smart installer will also install all libraries that required to work of the listed libraries. So you can easily prepare environment and begin to work on your new program, without manual searching and installation of required components.

The libraries required to work of a program (or other library) are called dependencies of this program. Dependencies may have their own dependencies and dependencies of dependencies. The full list of dependencies required by your program makes so-called dependency tree of your program.

The usage of ready code is very significant part of free/libre software development. We can say that it is the one of main aims of free software.


Ease of attaching and large amount of ready libraries for all occasions allow you to construct programs like lego buildings. You may not touch actual programming at all. Even with minimal skills you able to create very complex programs and calculation systems.


Software is free and open, but not enough. All was beauty and easy in use, but…

Book

Active usage of third-party code is making dependency tree very large. Such tree for easiest program may contain hundreds of libraries. Even you’ve attached couple of libraries – this couple may pull hundred of others.

In such conditions it is hard to just read all the names of libraries or names of their creators. But you trust them some possibly significant calculations, your or others personal data. Area of access of attached library may not be restricted only by data which is processed in your program. Depending on installation method, third-party libraries may have access to all files of current user and, sometimes, to all files at your computer.

Assume that you’ve decided to be careful with your dependency tree and now it is contains only few libraries. Now you able to read their names and know their authors. You able to make reasonable decision to trust them or not to trust. But it is the open source, it means that you do not need to believe – you can verify the code.

Here you will see the other thing. Automatic installers from language repositories are not aimed to do any verification. In usual case, after deep learning of documentation, you anyway can verify the code before installation. Usually you can ask installer to download the code without installation, after that verify it and install. But it will be not easy and sometimes you will need to disable internet connection at installation phase to avoid of possible downloading updated version of already downloaded and verified packages.

Technically you have ability to verify a source code before installation. But language developers do not foresee such usage of their installation tools. And verification process become extremely inconvenient.

*Here need to note that the process of library installation may run some scripts from this library. It depends from configuration of library package that set by the library developers. So if you want to verify code before run it, then you need to do it before running of the installation procedure.

The wide spread practice is to install dependencies without any control. Most of online courses and even programming courses in universities will teach you to an easy installation of third-party libraries, without any notes about risks related with privacy and security.


Use minimal count of dependencies in your programs, or you will be lost in your dependency tree like in a forest.


About repositories of free/libre open source software…

Distros

Almost any distribution of Linux operating system, Debian, Fedora, Gentoo, etc – is the repository of the open source software. All the software placed in such repository is the distribution of operating system (OS).

Of course the authors of distribution suggest you to install not all software, just some parts what you want to use. Nobody installs the full set of software provided by the OS distribution.

The repository provided by your operating system contains not only applications, but libraries too. The same libraries as in the repository of the programming language. But OS repository provides libraries for all languages. This repository is independent from language creators and is maintained by the creators of your OS distribution. You already decided to trust this repository when you chose your OS distribution, and you had ability to choose. You already have powerful set of tools to easy search and install applications and libraries.

So why do you need to use centralized and unique per programming language repositories from language creators?

The main reason is that these repositories contains much more libraries and applications in their latest versions. But why is it so?

Maintainers of these repositories verify only format of configuration files and directory structure. They do not verify the source code. In couple with centralization it allow to make easiest process of publishing of new libraries. Sometime programming language by it self provides functionality to publish your code in centralized repository of software on this language.

Developers of operating system distribution do their job much responsibly. They verify a source code to be compatible with other parts of OS, and modify it if need. Quality of source code and acceptability of its license are also verified. Sometimes maintainers remove parts of code with non-free license or with license that is incompatible with declared principles of OS distribution. And possibly the main point: the newest, non-verified in practice versions of software will never been included into repositories of OS distributions.


Reject of using of centralized repositories provided by creators of programming languages. Use repository of your operating system instead. It is true that sometimes you will need to install some dependencies manually, and write additional instructions for your users about this installation. But it is the price for the freedom of software and, certainly, for your freedom.


static html: https://coolbug.org/users/bw/open-source/open-source-en.html


#opensource #development #programming #privacy
#python #js #javascript #ruby #go #golang #linux #debian #fedora #gentoo
#freedom

bh@sysad.org

Свободное программное обеспечение (ПО) и не очень свободное…

Open Swiss Knife

Возьмём, например, разработку ПО на таких языках как Python, JavaScript, Ruby, GoLang и др.

Создатели этих языков содержат свой собственный реестр открытого ПО написанного на этих языках (у каждого языка свой собственный реестр). Реестр очень обширный и постоянно обновляется, там содержатся самые свежие версии ПО.

Помимо удобного поиска ПО, разработчики языка, они же владельцы реестра, предоставляют удобные инструменты для быстрой установки программ из реестра.

Реестр содержит не только обычные программы, которые можно запускать и использовать. В него также входят, так называемые, библиотеки — наборы функций, компонентов, алгоритмов, призванные помочь разработчикам в создании программ или других библиотек. Например, вы пишете графический редактор и вам хочется добавить функцию размывки изображения. Вместо того чтобы писать весь код самостоятельно, вы можете подключить библиотеку функций обработки изображений, которая умеет делать размывку.

Перечисленные языки программирования позволяют очень легко подключать библиотеки из их реестра. Обычно достаточно прописать названия библиотек в специальном файле в папке с вашей программой и все указанные вами библиотеки установятся автоматически. И не только они — умный автоматический установщик установит ещё и те библиотеки которые требуются для работы выбранных вами библиотек. Вы можете очень быстро начать работу над вашей новой программой не утруждая себя поиском и ручной установкой нужных вам компонентов.

Библиотеки, необходимые для работы программы (или другой библиотеки) называются зависимостями этой программы. Зависимости могут иметь свои собственные зависимости, а они в свою очередь зависимости зависимостей. Полная совокупность библиотек требуемая вашей программе образует, так называемое, дерево зависимостей вашей программы.

Использование готового кода очень важная часть свободного программного обеспечения. Можно сказать что открытые программы для того и открытые чтобы использоваться повторно во многих других программах.


Лёгкость подключения и многочисленность готовых библиотек на все случаи жизни позволяют составлять программы как из конструктора Lego, почти не касаясь программирования как такового. Даже с минимальными навыками, вы можете создавать достаточно сложные программы и вычислительные системы.


Открытое ПО, да не очень. Всё было красиво и удобно, но…

Book

Активное использование стороннего кода приводит к тому, что дерево зависимостей для самой простой программы может включать в себя сотни библиотек. Даже если вы подключили к своей программе всего пару-тройку зависимостей — эта пара-тройка может притянуть ещё сотню другую.

В таких условиях затруднительно даже просто прочитать все названия задействованных библиотек или имена их создателей. А ведь вы доверяете им какие-то вычисления, какие-то персональные данные, свои или чужие. Подключаемые библиотеки имеют доступ не только к тем данным с которыми непосредственно работает ваша программа, но и ко многим (или ко всем) файлам на вашем компьютере.

Предположим вы задумались над этим вопросом и поработали над своим деревом зависимостей, так что в него входит всего лишь несколько библиотек. Теперь вы можете прочитать их названия узнать их авторов, принять решение доверять авторам или нет. Но зачем доверять если можно проверить — посмотреть код.

Дело в том, что автоматические установщики библиотек от языка программирования не предусматривают возможность посмотреть код до его запуска. Во многих случаях вы всё-таки сможете это сделать, внимательно изучив документацию, и запустив процесс установки по частям — сначала скачать, потом установить скачанное. Но даже здесь вам придётся на определённом этапе отключить интернет, чтобы установщик не скачал из сети какое-нибудь обновление для ранее скачанной и проверенной библиотеки.

То есть техническая возможность проверить исходный код у вас есть, но разработчики языка просто не предусматривают, что их пользователи захотят что-то проверять. И вам будет крайне неудобно это делать.

*Тут надо отметить, что процедура установки библиотеки предусматривает, в зависимости от настроек которые задал её автор, запуск какого-то кода из устанавливаемой библиотеки. То есть решение доверять или нет необходимо принимать до запуска процедуры установки.

На практике же широко распространена абсолютно неконтролируемая установка зависимостей. Этому учат на разных онлайн курсах и даже в университетах безо всяких оговорок и предупреждений о рисках в плане приватности и безопасности.


Используйте минимальное количество зависимостей, иначе заблудитесь в дереве зависимостей как в лесу.


О реестрах свободного ПО…

Distros

Дело в том, что практически каждый дистрибутив операционной системы Linux, будь то Debian, Fedora или Gentoo — это по сути реестр свободного программного обеспечения. Вся совокупность программ представленных в реестре и есть операционная система (ОС).

Конечно, вам предлагается установить не полный набор ПО, а только те компоненты которые вам необходимы. Никто не устанавливает полный набор программ операционной системы.

В реестре программ вашей ОС представлены и библиотеки. Точно такие же как и в реестре от языка программирования, только в реестре ОС представлены библиотеки сразу ото всех языков программирования. Этот реестр независим от создателей языка и управляется создателями вашей операционной системы. При установке ОС вы уже приняли решение, что доверяете программам из этого реестра. У вас уже есть удобный набор инструментов для быстрого поиска и установки программ и библиотек.

Зачем же вам дались эти централизованные, единственные в пределах языка, реестры от создателей языков?

Дело в том, что в эти реестры занесено намного больше библиотек, чем в реестры операционных систем, и библиотеки там самые новые. Но почему так?

Операторы реестров от языков программирования проверяют только формальную структуру папок и конфигурационных файлов библиотек и программ. Исходный код никто не проверяет. В сочетании с централизацией реестров это позволяет максимально упростить процедуру публикации новых библиотек, иногда до такой степени, что сам язык программирования предоставляет функции публикации.

Разработчики де дистрибутивов операционных систем более ответственно подходят к своей работе. Они проверяют исходный код на совместимость с остальными компонентами системы, и модифицируют его, если это требуется. Также проверяется и качество кода, и приемлемость его лицензии. Иногда удаляются части кода с несвободной лицензией или с лицензией несовместимой с принципами разработчиков дистрибутива. И, наверное, главное: в реестр операционной системы никогда не добавляются самые новые, не проверенные на практике, версии программ и библиотек.


Откажитесь от централизованных реестров ПО предоставляемых создателями языков программирования. Используйте реестр вашей операционной системы. Да, иногда вам придётся устанавливать недостающие библиотеки вручную и описывать процесс их установки в инструкциях для ваших пользователей. Но ведь это ради сохранения свободы программного обеспечения, и, как следствие, вашей свободы.


static html: https://coolbug.org/users/bw/open-source/open-source-ru.html


#opensource #development #программирование #privacy
#python #js #javascript #ruby #go #golang #linux #debian #fedora #gentoo
#freedom #свобода

taz@pod.geraspora.de

Schon wieder eine #Stellenausschreibung

Webentwickler:in mit Schwerpunkt Frontend in Voll- oder Teilzeit für taz.de ab sofort gesucht

Die #taz war die erste online lesbare #Tageszeitung Deutschlands. Sie bietet nach wie vor alltäglich die Möglichkeit Dinge anders zu machen und ist immer noch #Konzern-unabhängig.
Willst Du mit uns die zunehmend digitale #Zukunft des #Journalismus gestalten? Wir bieten ein kooperatives #Umfeld, das Raum für #Weiterentwicklung und #Kreativität lässt, aber auch strategisches #Denken erfordert und die Bereitschaft, alltägliche Probleme auch eigenverantwortlich zu lösen.

Wir suchen zeitnah ein:e Kolleg:in mit praktischer Berufserfahrung in der Webentwicklung, gerne auch als Quereinsteiger:in. Wichtig ist uns, dass Du nicht nur teamfähig bist, sondern bevorzugt gemeinsam arbeitest, auch mit technischen Laien.

Im #Frontend-Bereich von taz.de stehen viele Veränderungen an. Derzeit gestalten und bauen wir unseren Verlagsbereich neu. Als nächstes plant die #taz, den redaktionellen Bereich zu relaunchen. Dabei werden wir vieles überdenken und verändern. Neben der Pflege und der Weiterentwicklung von taz.de erwartet dich ein bunter Strauß an Themen: #Datenschutz, #Tracking, #Ads, #SEO, strukturierte #Daten, #Feeds, #Barrierefreiheit und vieles mehr.

Anforderungen:

Wenn Du Lust darauf hast, in einem nach wie vor politisch motivierten Umfeld als Teil des Web-Entwickler:innen-Teams auch abteilungsübergreifend mit vielfältig interessanten Menschen, mit Produktentwicklung, EDV, Redaktion und Verlag zusammenzuarbeiten, melde Dich.
Bei der taz bieten wir nicht nur ein kollegiales Arbeitsumfeld, sondern auch familienfreundliche #Arbeitszeiten (flexible #Vollzeit 36,5h/Woche, remote-Arbeit aktuell bis auf Weiteres aufgrund von #Corona erwünscht, auch danach ist prinzipiell #Home-Office möglich, 30 Tage #Urlaub) – es gibt ein ordentliches (und subventioniertes) #Mittagessen im taz-Café.
Wir wollen diverser werden. Deshalb freuen wir uns besonders über Bewerbungen von People of Color und Menschen mit Behinderung. Deine Perspektiven sind uns wichtig und sollen in der taz vertreten sein. Die Arbeitsplätze und Toiletten sind weitestgehend #barrierefrei. Das taz-Café ist mit dem #Rollstuhl erreichbar.
Schicke uns deine #Bewerbung und zeige uns, welche Kenntnisse und Erfahrungen Du gerne bei der taz entfalten würdest.
Es handelt sich um eine volle unbefristete Stelle ab taz-Lohngruppe V. Auch Teilzeit wäre denkbar, wenn Vollzeit für dich nicht möglich ist. Arbeitsaufnahme zum nächst möglichen Zeitpunkt. Schreibe uns gerne, ab wann Du einsteigen könntest und richte Deine Bewerbung an webjob@taz.de.

Wir freuen uns auch über Weiterleitung, ihr findet die Stellenausschreibung auch unter https://taz.de/jobs

#job #jobs #arbeit #anstellung #jobangebot