Tiny Core Linux
Off-Topic => Off-Topic - Tiny Core Lounge => Topic started by: PDP-8 on October 18, 2021, 09:45:06 PM
-
A recent discussion about the state of browsers who have basically turned into 90% javascript programs vs 10% html markup has me wondering...
Much of this was caused by me getting pissed off that the current state of affairs of an independent browser developer has to just throw in the towel, because trying to accomodate all the underlying javascript moving goalposts to match the corporate-funded ones was just too much. (Re the TenFourFox dev who I'm surprised hung in there this long!)
How about an "Anti-Browser" ?
That is, a browser which DOESNT use javascript, and any attempt by the site to use it, or detect other probing of your system simply throws up a banner, rather than rendering it poorly:
SITE NOT SUPPORTED
The user is now free to use another browser of course. But with this one, instead of working poorly with it, will simply refuse and be a warning to the user that the site is trying to use javascript, peek or probe at the user.
Essentially, browsers *were* usable in the past. And simple HTML4/5 markup was a pleasure to read. It can be done well and not look like something from 1995 using a million netscape flash-tags. :)
Belly-aching about the current state of affairs is not going to change anything. And the desire here isn't to change the world either.
But, for some of us, perhaps we will want to support sites that aren't abominations of javascript or other forms of remote programming, and simply present decent html markup pages to us. Those sites with a profit motive by having us simply visit it will be disappointed of course.
Kind of working the problem backwards. Instead of corporate funded browsers and site creators dictating what the web should be, a return to what a browser *used* to be can be helpful.
I'm not a luddite or crusader. I'm just wondering if any site-creators would be willing to create sites that work with our "Anti-Browser", which relies mainly on solid HTML to get the message across. Perhaps even throw up banners identifying attempts to use javascript or any other probing of the end-user and just stop.
Again, we can always switch to another browser. Maybe it would be just a browser for us OG's that remember the promise that HTML once had and prefer to visit and support those sites that have the same mindset unless forced to use something else.
-
Sorry about that rant. Disregard as even that's too "bloggy" for my own taste.
Feel free to delete at earliest opportunity.
-
Sorry about that rant.
well i read it!.. , never hear of TenFourFox before intresting
.. genraly `i get` being pissed off that the current state of affairs
wrt all the underlying javascript moving goalposts to match the corporate-funded ones was just too much.
btw
..(wrt browsers) have you heard of next Nyxt browser !
also ---> https://wayforward.archive.org/ <--- this ??!!
How about an "Anti-Browser" ?
did you try lynx (http://tinycorelinux.net/12.x/x86/tcz/lynx.tcz.info) ?
wrt : sitenotsuported afaik that's what <noscript>...</noscript> tag is for
-
@mocore: thanks for the wayforward link! It rises mixed feelings (happiness, sadness) about so many hard-work hours involved and humanity intelligence. Oh well ... "sic transit gloria mundi".
-
it sounds like somebody didn't upgrade their government-issued chromium dose in time.
quick, before you develop worse side-effects, press that button now.
consumers like to be spoon-fed. if you don't like the force-feeding, you have to stop consuming. but it sadly won't prevent others from creating services in a doomed ecosystem.
for crucial services most of the time, you can pretend to be unable to use a webbrowser, then you often get a special service and somebody will use a computer for you, possibly print something out instead (maybe bec. you're too old or blind).
i just hope they won't make a law so that it becomes crucial to own a smartphone, with a specific minimum firmware version, and a government-approved chromium bootloader.
there were much nicer ideas how the web could have looked like... https://www.notion.so/blog/ted-nelson
-
PDP-8, I use anti-browser (Lagrange) and anti-web (Gemini space) sometimes. You should check out Project Gemini. A lot of folks feel like you do.
https://gemini.circumlunar.space/
https://gemini.circumlunar.space/docs/faq.gmi
https://en.wikipedia.org/wiki/Gemini_(protocol)
The Lagrange web geminispace browser is in the x86_64 repository.
P.S. 95% of Lagrange's size consists of the built-in font files in resources.lgr. The Lagrange binary itself (the actual geminispace client) is 848 kB. If a GUI client offends your minimalistic sensibilities, there are tiny CLI and TUI clients out there.
-
Interesting stuff - I'll have to take a look at it.
What the TenFourFox developer revealed was eye-opening (but not surprising).
http://tenfourfox.blogspot.com/2020/04/the-end-of-tenfourfox-and-what-ive.html
The problem goes beyond just trying to reach feature parity - each browser's own "javascript minifiers" are so obfuscated that they might as well be binary blobs.
Which is important since most major pages today are 90% javascript and maybe 10% content which end up relying on the custom minifiers to display properly because the site creators use those features, and without a well-funded development team, there is no hope for an individual developer to keep up. Where 90% of his time is dealing with the majors flinging obfuscated code at each other.
And for what? That is the question. Market dominance. Web dominance.
Ie, the browser IS the O/S, more concerned with remote page-display programs driven by javascript, and now with the reliance on obfuscated javascript-minifiers, they can easily tout being "open source", but in reality are just masquerading as such.
We've been down this road before. A very loose analogy would be when RMS was trying to keep up with feature-parity with the lisp-machines fiasco. And finally, the finger was flipped and gnu took shape. It's important history kids, and those who don't know history are doomed to repeat it. And this is looong before Torvalds.
At any rate - my thought for dealing with this was rather than using a bunch of browser work-arounds, perhaps developers could attack this problem with a coordinated effort:
Any site detected using invasive *anything* like cookies, 3rd-party connections, obfuscated javascript (or perhaps even attempts to use javacript at all) the whole gamut of junk we use plug-ins for today to avoid, instead informs the user that the SITE IS UNSUPPORTED, perhaps with an educational banner about what it is trying to do, and purposely fail to try and render the page at all!
The end-user can of course use a major browser if they wish. But instead of hiding all this invasiveness, obfuscation and so forth, the "Anti-Browser" becomes an informative tool that perhaps the end-user might not wish to visit certain sites in the future even with a major browser!
Just a thought. Won't change the world. But instead of the majors playing fast and loose and masquerading at being open source for an open web, we rip off the blinders and expose what they are really after. Just like the lisp-machines fiasco.
-
Lisp Machine fiasco parallel? Here is the best info from the horses mouth.
Look at this from a historical context, and leave any personal feeling about RMS out of it. This happened. And brought us gnu which fledged into something I'm typing on right now.
http://www.gnu.org/gnu/rms-lisp.html
There is a lot of historical context about emacs - but move beyond that to the lisp-machine situation at the AI lab, that was such a disappointment that gnu appeared.
(Albeit I remember seeing Gosling emacs being advertised in Datamation or some other computer mag as bundled - binaries were one price. Source was a LOT more.) But I digress...
I see the parallel in history here in regards to the major browsers and hope we heed the warning.
OR, maybe TinyCore needs to turn into a Plan-9 project. :)
-
Long story short - I'm slowly moving from Dillo to Netsurf. JasonW of dCore fame has done a fine job on the out-of-box settings experience with the latest 3.9 tcz.
It works with what it works with, and if I need something bloated to fill in my taxes or whatever, so be it. I'll use one of those major browsers.
I think for individual developers - don't throw in the towel. There's no hope trying for feature-parity. Some of us really appreciate what your code does NOW.
But for what Netsurf DOES work with (namely trying to follow W3C standards, and not those imposed by the big browser makers fighting amongst themselves) it does a great job as a lightweight browser for what is now considered lightweight needs.
-
Oops. Forgot to give major handclaps to further maintainers like Juanito, neozeed, and jazzbiker. Kudos.
-
A SOLUTION ALREADY EXISTS!
The FSF answered my prayers long ago with everything I asked for above!
TL;DR - Use a Mozilla browser with the LibreJS extension.
It essentially get to the ROOT of the problem with Javascript. What was once used for trivial page additions to html, can be exploited to what much of it is today. It doesn't turn it off, but blocks bad behaving scripts.
Read about it here:
https://www.gnu.org/philosophy/javascript-trap.html
Install the extension here, since existing extensions in the Mozilla repos themselves may not be up to date.
https://www.gnu.org/software/librejs/
One of the best things that I love about it is that is actually SHOWS me what and WHY certain scripts are either considered trivial and passed, or non-trivial unlicensed, obfuscated, or calling other languages like Ajax are blocked.
I'm overjoyed. Basically if a site is unusable with this extension installed, then it is not worth visiting. AND, I can use a heavyweight like Firefox with it. Awesome.
Perhaps if that TenFourFox developer adopted this extension and mindset, he and his users could further lengthen the life of their older browsers. And most importantly, be doing what he loves to do without trying to play an endless trap of feature-parity with a web that has gone insane.
-
sounds like you unever used ublock origin or umatrix before? :D
-
I have along with things like noScript - but LibreJs has a different approach and goal other than mere blocking. I think noscript's author is also working with the team putting out the new dual-named Javascript-Restrictor / JShelter extension. (depends on whether you are running mozilla or chome based browser)
Most important to me, is that it identifies the actual line in the page code which shows whether the js is trivial pretty-ing up type code, or blocked because it is purposely obfuscated with too many loops and conditionals, unknown licensed js etc etc. Could help an unwary site builder throwing frameworks together to just "get it to work", without realizing the implications.
Anyway my lineup now is a bit different from years past: I run three now in order of importance:
LibreJS
Jshelter aka Javascript Restrictor
Privacy Badger (for those that are allowed, but later behave badly)
And of course the simplicity of the LibreJS interface goes a long way. Sometimes the other tools are too cumbersome to use or be setup improperly anyway defeating the purpose. :)
-
Other main feature:
With LibreJS pointing out the actual line reference to objectionable scripts, you can see for yourself if you click on those links in the librejs window which puts them into a new tab. Some are pretty horrifying.
Some will be readable. Some will be totally obfuscated, like have all the line-endings removed. Or if a programmer, recognize the unnecessary loops and conditionals. Or unknown code that was picked up off the gutter and put into your computer to execute.
And if you click on some of the rejected ones, Mozilla itself with throw up the security warnings asking you if it's safe to continue! How about that!
So it is a tool that is more valuable than just selective blocking. It allows you to see the trivial or treacherous code in real time. Hopefully for site-creators to fix that problem, rather than us just blocking or avoiding it.
-
the worst, and the most common problem when you try to avoid evil scripts, is when a website shows zero usable content when you disable the javascripts.
javascript is often used not just to obfuscate code, but also to obfuscate content.
that's why i think 99.9% of all javascript is unneeded and thus evil. readable, or obfuscated code alike. normally i'm there for the content and not the code, and i don't want to run untrusted javascript just to get to some trivial text (rarely some image) content.
-
Well, how about this solution:
Instead of relying on blockers - or js shamers for us og's like me running LibreJs, try this method:
Allow javascript to run. But instead of blocking, identifying, or shaming the code, put a virtual firewall around the API's used.
https://jshelter.org/
So js runs, but if a site doesn't work with this container about what JS can and cannot do, then you REALLY don't want to support that site.
For now, it can also be seen as Javascript Restrictor too, but that name may go away.
This solves the question for those who simply don't care about computing freedom, yet at the same time might wonder at how well the browser makers themselves are determining what restraints (if any) that javascript can do.
Jshelter allows js to run, making most modern sites work, but puts the kibosh on bad-actors with algorithms, rather than just use somebody else's simplistic blocklist.
This is also a line in the sand kind of thing. If a site objects to you using this, then it really wants unfettered access and wants total dictatorship 1984-dystopian style.
The best part is that it easily uncovers them.
-
more band-aids that don't solve the underlying issue. and in that only solve a very negligibly small part of the bad symptoms.
over 99% of the websites at this point *openly* include services that are meant to infringe on your privacy and good taste and waste your computer's resources (e.g. through general inefficiency.
in return - apart from, or instead of some actual content that you would have liked to spend your time learning about - you get useless cosmetic games, animations, ... if not plain out obstructions, paywalls, captchas, and random errors (due to the overburderning complexity that they also fail to manage any more at this point).
i don't need to analyse the javascript to figure out that a service is evil or harmful. it's just one of *many* symptoms.
and sadly even websites that don't intend to be evil still use third party services, that might be evil, for the basic functionality of the website.
it's a bigger issue and sadly, even though i spent ages learning about ways to block all this evil at a very very fine-grained level with umatrix, the end result is that when i don't embrace all they force upon me, i am barred access, and this happens more and more often over time.
i used to run opera7 with javascript disabled by default. for quite a long time this was good enough, maybe 5% of websites didn't work at all as a result, but 10% ironically worked *better* without javascript and the useless games.
but then it became common to not provide any more html/text/image content without javascript being involved, so you basically get a mostly empty canvas when you don't enable javascript.
because of this change, more than 30% of the websites are completely unaccessible if you properly protect against all those evil techniques;
another 30% of all websites load media incompletely as a result (e.g. without images or videos);
and another 20% at this point has become interactive and (maybe even deservedly) requires javascript for your form inputs and other actions.
The little rest that is left doesn't leave enough choice to most people.
And I only see it getting worse over time.
It used to be that I had to enable one or maximum 2 third-party ressource exceptions in umatrix to get some javascript dependencies and the website would be running just fine...
Nowadays it happens quite often that there are so many third-party domains it would take too much time to enable them all, and most of them are domains i have never seen before, so not the top10 most common CDNs or javascript frameworks, but something else entirely.
Nearly impossible to tell which domain is needed only for tracking, analytics and advertisement, and what is meant to actually provide an important service in terms of site functionality.
And then there's the whole sabotage where website owners deliberately ensure that you cannot use their website if you disable any of their ad or tracking dependencies...
The only way to win this is not to play, seriously, it's not even an arm's race any more, the fight is so over.
also, the existence of jschelter just shows that it's not only the website owners, it's also the browser vendors that don't care about your privacy, else these privacy leaks would have been disabled *by default*.
this is all systematic, and chrome (google) or it's fake "competitor" firefox (funded by google), are deep in the game (or should i say advertisement money, hell... world domination?)
-
So, if is game-over, then what "common" user could do today to read (vital) info? Because we still need some critically news (volcano, earth-quake, covid/travel restriction, major climate revolts, new revolutionary OS/technology, medical research, etc).
What are our MAJOR problems about? To keep individual privacy or to lower CPU/resources waste? Both could be "improved" but not totally solved. Or else cave-man path -> go offline. It will work for some time, but then will be like the fail of the Great Chinese Wall. (China was very technologically advanced and build a wall to protect their IP. World evolved even without them, and when china "open" the wall, they realize that they were behind world inventions. So now they embrace USA technology build on their site).
For pseudo-privacy I use A virtual machine (Qemu) and/or firejail sand-box. https://firejail.wordpress.com/ (https://firejail.wordpress.com/)
For lower CPU waste in Firefox I use add-on "ublock" in expert mode (modern version of umatrix). And after I downloaded few tens of pages, just go offline to read them peacefully from RAM.
Any constructive up-to-date solutions are welcome, if you want to share. Thanks.
-
what the common user should do is not run after more technological solutions for a societal problem.
especially computer-savvy people should keep it in mind.
there are always hacks around certain symptoms, but yes, our major problems are not computer problems anyway. there's worse things happening on the world than what is on-topic here of course :)
for us nerds, maybe it's best to at least attempt a parallel strategy, fight both the technological and the underlying offline societal problem at the same time. we can't be just opportunistic about this as is common in programming.
-
The societal aspect is pretty simple - be VERY selective about where you visit, like in real-life. :)
Show people that so-called social-media is anything but merely living(?) in a corporate-sponsored fantasy and sometimes demonstrably dangerous world. Would you send a child into a late-night bar? Go outside. Read a book. Visit a friend in person. Enjoy a hobby like a "personal pc" that doesn't *demand* being online.
While we still can.
Remind people to exercise their free-will and simply turn off the 'tube, which has simply transitioned from the classical device to pc's. Which is ironic, since the personal-computer is not so "personal" anymore. :)
Although some may laugh at web-pages like these from the past, did they not get their message across, provide valuable information, and even serve as kind of a template for those who may want to do the same with some other subject matter?
https://linuxgazette.net/issue61/index.html
Wow, 20 years later it still works. And not a red-flag thrown. The whole thing could be simply emailed and enjoyed without having to use forum software or subscribe to any "service". Nerds like us could look at the underlying html markup if we wanted our own material to look or act differently. A learning experience if one chose to do so.
The point is - it still works. And we could make that work just as well today. But only if we choose to do so.
-
of course. i do chose to do so.
and that's why we few hang out here for example.
and are interested in what others consider archaic technology and archaic community.
yet i'm affected by what they are building sometimes, no matter how much i try to shield myself off.
they try to force me to have a smartphone for everything (banking, renting a car, etc.).
it's a grey area whether i'm allowed to eat in a restaurant without smartphone. so far nobody checked me, but officially i'm supposed to "check in" the qr code into my smartphone, which i don't own...
-
Heh, I wouldn't call it archaic, but TC is an example of good purposeful engineering designed to fit the objective well. On old, and even *new* machines.
It's just a matter of perspective. Those who would call TC and the like archaic are just drinking the cool-aid of $marketing.
But it's always been that way for those who don't idolize only money.
Sorry - history time - the Berkeley BSD 2.x series. What was that about? It was mainly trying to backport the features of BSD4.x from the then current VAX / MicroVax line of computers to the aging PDP-11's which were still running V7 research and were getting little use as they became obsolete comparatively.
Apparently a nightmare to work on 2.x. And for most, seemingly unworthy of doing at all when the PDP-11's should have been taken to the scrap heap.
ARCHAIC! some would exclaim. But those who had a different outlook felt it worthwile and rewarding no matter how difficult it was to do that.
It's all about the perspective one is tuned into, and the ability not to be discouraged by the marketers who ONLY see the world in $$ signs.
-
over 99% of the websites at this point *openly* include services that are meant to infringe on your privacy and good taste and waste your computer's resources (e.g. through general inefficiency.
was just reading this *slightly comical* (allways look on the bright side)
dothq/browser/issues/594 - telemetry * during uninstall
issue
and was reminded of this post ... js on pages is perhaps the thin end of the
resource and associated infringement wedge
One of the fundamental concepts of the "World Wide Web" projects at CERN was "universal readership"
-
...
over 99% of the websites at this point *openly* include services that are meant to infringe on your privacy and good taste and waste your computer's resources (e.g. through general inefficiency.
...
The only way to win this is not to play, seriously, it's not even an arm's race any more, the fight is so over.
...
this is all systematic, and chrome (google) or it's fake "competitor" firefox (funded by google), are deep in the game (or should i say advertisement money, hell... world domination?)
WORLD DOMINATION
so...Much...THIS!!!
...mic drop...
sharing is caring
also see: http://forum.tinycorelinux.net/index.php/topic,23891.0.html
20220402-0610am-modified: added link to another forum thread
added more...sigh...
this opened in dillo:
https://www.thedrive.com/news/44967/audi-owner-finds-basic-hvac-function-paywalled-after-pressing-the-button-for-it
but slashdot?!? fails to open successfully in dillo:
https://tech.slashdot.org/story/22/04/01/2138219/audi-owner-finds-basic-hvac-function-paywalled-after-pressing-the-button-for-it
smh...wth...
20220402-0624am-modified: added more