Notices by Udon (udon@social.076.ne.jp)
-
Udon (udon@social.076.ne.jp)'s status on Tuesday, 04-Oct-2022 21:04:23 JST 
Udon
@ryo
According to: https://fedidb.org/network?s=gnusocial&page=1
https://bobinas.p4g.club/main/public
and some others with version 2.0.1 doesn't need JS. -
Udon (udon@social.076.ne.jp)'s status on Tuesday, 04-Oct-2022 21:04:23 JST
Udon
@ryo
No, I think it's decided by the admin. IIRC one of the instances listed officially is JS required, but all others don't. -
Udon (udon@social.076.ne.jp)'s status on Tuesday, 04-Oct-2022 21:04:23 JST
Udon
@ryo
Since when did gnusocial.jp requires JS to even read things? 😿 -
Udon (udon@social.076.ne.jp)'s status on Tuesday, 04-Oct-2022 21:04:22 JST
Udon
@gnusocialjp
> And user can use desktop/mobile client application.
I'm not sure if there's any client for desktop that supports GNUSocial however.
> So I think it is not important for web UI personally.
I agree if it is on mobile clients, but for desktop GUI clients there isn't much choice and they aren't that good. For example I use old Tootle (a desktop client) for Mastodon, in new versions the developers added support for Pleroma, but at the same time they decided to switch from GTK3 to GTK4 which I don't like very much. Here the web UI becomes the main factor new users will judge. And also, if you know some decent desktop clients please let me know.
> And it is not problem because you can receive our posts from your timeline. I think you do not need to directly access our site by web browser.
This is only because I already have an account in other instances.
I use different browsers and the main one I use to browse the web, which consists of mostly random and untrusted sites, is always JS-off. The original GNUSocial is working perfectly and now this is a heavy downgrade to me. I do not mind if the interactive features like tooting require JS (this is where GNUSocial really shines, it is even usable without JS), but now, I can't even read anything. Mastodon would be a good example on this. I can read things without JavaScript, without login, and they still have a lot of users. Also UI or the appearance is independent from the client-side JavaScript - that is what CSS is used for.
> I think almost people use modern web browser. User for old web browser is a little.
Yes, I understand. But modern browsers themselves are not good in terms of spyware - their development is fully driven by companies such as Google (including Mozilla), Microsoft and Apple.
If users try to use other browser, or just the older version with less "feature", the webapp JavaScript may or may not work, depends on how they changed the JavaScript standard and more importantly, how the webapp developers adopted them. This also means I have to worry how long I can still use the webapp without being forced to update or switching my browser. However, I have never seen JavaScript that runs on older browsers but not modern browsers.
Anyway the JavaScript problem is 2 layered:
1. Whether I can browse some page without JS.
2. Whether the JS works on my browser. -
Udon (udon@social.076.ne.jp)'s status on Tuesday, 04-Oct-2022 21:04:22 JST
Udon
@gnusocialjp
That could be the cause. With JavaScript disabled, nothing except "Please enable javascript to use this site." is shown.
> GNU socialはUIが古いという批判への対策として導入しました。
The "old UI" is the reason I like GNU Social. To be precise, being functional without JavaScript, which means I can view or even use it with many browsers, not just the latest version of Chromium or Firefox.
In my opinion if user wants a full-featured webapp with modern UI, Misskey or Pleroma is already there. Being another Misskey or Pleroma kills the purpose. -
Udon (udon@social.076.ne.jp)'s status on Sunday, 25-Sep-2022 15:01:22 JST
Udon
@tirifto @gnusocialjp @TerminalAutism @digdeeper @ryo
> If a program spies on me, and I am free to make it stop, it respects my freedom (in that regard)
Yes I agree, like a malware licensed with GPL respects your freedom. Because you can make it malware-less. A closed source malware without free license disrespects your freedom because we are not allowed to make it spy on us, and our freedom is not being respected. Both do nasty things, but the former is FOSS by definition - then what? What are the 4 FOSS laws for? Maybe some just wanted to win a debate on application of the 4 FOSS laws (instead on the meaning of "freedom"). But let's look in a more practical view about freedom.
We can only essentially have freedom when the predictors big bad guys has not chosen us as the next prey. This can only be guaranteed by protecting our privacy, not showing anything unnecessary without consent - not even something they claim as "harmless" (I would never never expect a thief to broadcast "Yay I am going to steal someone's thing!!! Try to catch me ;p !!!") . Similar to the "Nothing to Hide" argument. Privacy is not included inside the 4 FOSS laws, but it is essential for protecting freedom in practice.
And when everyone keep a blind eye on "minor harms", once they have grown enough popularity, they will be enforced as part of our life and essentially we will lose our freedom. A live example is the current web environment (abuse of web "standards" and the abuse of JavaScript and Cloudflare) and the trend of systemd (Hey, systemd is FOSS!). The 4 FOSS laws does not, and probably cannot consider such problems.
Axioms in general have the problem of oversimplifying things. They limit our thinking. They are only fine when applied to simple matters or simply used as a reference, or when used in an academic debate (there's usually no prize winning an online debate, however).
Complexity and readability of source code is another issue on the 4 FOSS laws. -
Udon (udon@social.076.ne.jp)'s status on Friday, 23-Sep-2022 16:19:10 JST
Udon
@ryo @luithe
> "Because the brainwashing over here is so deep" as in the general public as a whole.
> it doesn't change the fact that too many people are too brainwashed to not see the tyrannical cloud covering above their heads.
Yes. One of my favorite quote: "It is difficult to get a man to understand something when his salary depends on his not understanding it."
No, that wasn't all of what I implied.
https://web.gnusocial.jp/about/profile/
If you have something like uMatrix, you will see. Although it does not violate what he claimed but it's interesting. -
Udon (udon@social.076.ne.jp)'s status on Friday, 23-Sep-2022 16:19:10 JST
Udon
@ryo @luithe
No, he doesn't care about other thing than following government's law. And I do not think he is brainwashed nor does not know what he is doing. Take a look on his semi-personal site. -
Udon (udon@social.076.ne.jp)'s status on Thursday, 22-Sep-2022 01:27:00 JST
Udon
@TerminalAutism @digdeeper @gnusocialjp @ryo
I see the confusion point is interpreting FOSS as an axiom (referencing the FSF's 4 rules), or interpreting FOSS by the meaning (FREE and open source, and free as in freedom) -
Udon (udon@social.076.ne.jp)'s status on Wednesday, 21-Sep-2022 12:33:24 JST
Udon
@digdeeper @gnusocialjp @ryo
Following axiom is easier to the brain. You do not need to think. All you need to is to accept what the "good guys" say. You do not need to maintain or update your own "axiom" - just use someone else's.
I think another reason why it happens, is related to what we are taught to do in debates. You look up the most approved or authoritative source, stick to it no matter what happens, and you will win the debate (because the source weigh the most). We don't need to care or question why the source is authoritative because it doesn't make you win the debate. -
Udon (udon@social.076.ne.jp)'s status on Wednesday, 21-Sep-2022 08:28:01 JST
Udon
@gnusocialjp
> https://fba.ryona.agency/?domain=misskey.io
> 電気通信事業法第3条「検閲の禁止」や同第4条「通信の秘密の保護」に抵触しかねないシステムを導入しているため
これは興味深いです。 -
Udon (udon@social.076.ne.jp)'s status on Wednesday, 21-Sep-2022 08:27:51 JST
Udon
@gnusocialjp
> あなたが問題ないと思っていても、違法ならば許されません。あなたが有害だと思っていても、合法なら許されます。法律は絶対です。法律の範囲外はモラルの話です。モラルの話は各人の自由です。
> 主観で全てが決まるならば、気に入らないという理由で、個人の逮捕や殺傷を容認することになります。
わたしは Firefox の合法な悪事を批判しましたが、違法の話は全然推奨しなかったです。誤解をさせないでください。
> 法律は客観的です。証拠 (事実・損害) と法律だけで全てを客観的に判断できます。そこに主観はありません。
法律の話ならばいい。あなたの言葉通り、法律は客観的です。法律は法律なので議論はもう無駄です。
> 逆にあなたに何の具体的な損害があるのですか?その損害をどうやって立証しますか?あなたが単に個人的に少し不快なだけでは、その損害を立証できません。
法律においては無害ですので無駄話になりますが、これからはモラルの話をします。
わたしの日本語能力の不足が、もう何度も書きました。
ユーザーは、何を送るはコントロールできないので、無断・予想外の動作本来も損害です。損害はほんの少しでも無害ではありません。テレメトリについては、ただの「不快」と扱うべきではないと思います。
損害の程度は場合によります。ただの「ある特徴の端末がこの時点で(Mozillaのサーバーに)接続しました」かもしれませんが、接続先はユーザーの所有ではない(いまは無害ですが、常に無害とは保証できない)。Firefoxのような複雑なソフトウェアもソースコードの読みは非常に難しい。これはMozilla自社か他のクラッカーは悪用しないと信じるしかない。もともとこのような機能はブラウジングには必要がないので、ほんの少しでもこのリスクを取りたくない。ユーザーも、Wiresharkなどのツールで見なかったら、無断接続のことも知りません。
以下は具体的な損害の例です:
https://spyware.neocities.org/images/safe_browsing.png
https://spyware.neocities.org/images/self_repair.png
https://spyware.neocities.org/images/request2.png
https://web.archive.org/web/20220906172313/https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/
https://web.archive.org/web/20180511002156/https://github.com/mozilla/addons-frontend/issues/2785
もう何度も言ったが、許可があればモラルにも問題がありません。 -
Udon (udon@social.076.ne.jp)'s status on Tuesday, 20-Sep-2022 21:34:35 JST
Udon
@gnusocialjp
My Japanese is poor and it may be insufficient to express my idea, so I am going to use English here. (Feel free to reply in Japanese)
The point you try to justify Firefox's telemetry is they being "harmless", because they do not contain personal information defined by the law.
However, we were discussing whether their act is good or not, and law is artificial so they are useless on discussing problems out of the legal system.
Nothing should be sent without permission if they are unnecessary (even if they are "beneficial"), because why send those in advance? (Assume they are not malicious) The developers always know better than me? It doesn't matter what they sent, or where they are sending to (even to "good" sites like fsf.org). So, regarding to your reply "例えば、リクエスト回数、検索回数、検索キーワード、パソコンやソフトの性能、バージョン情報などは、個人を特定できないので無害です。", do you think it is harmless if these information are sent to multiple sites, including known trackers? (Note: The multiple of 0 is always 0. Harmless is very different from little harm. )
Let's forget what the law tell us which things are private or personal, the telemetries may not be that "harmless" as you thought. Even if we assume it is just a harmless simple GET, it still tells the IP, User Agent that you set, and the time you made your request. Something is sent (just not "personal"). Moreover, a small fragment of information maybe harmless or useless for now, but when they are accumulated enough, they could tell some stories.
And then why the nude photo is harmful? (It's just an example) Because a nude photo alone (wearing mask) isn't enough dox you too, unless you are talking about laws again.
And look, "harmless" or not is different to different people and perspectives (the Firefox telemetry is harmful to me). On the Firefox topic, you tried to justify it from developer's perspective. Telemetry is always beneficial to developers (so they will always justify their actions), since they can know more about users and the performance. But to users, they aren't all fine with that. Developer have their freedom to make bad software or malware while telling their touching stories on how many nights they spent creating them (it takes time to build malware too), it doesn't mean the software is good or not.
If they are good people, they will just simply ask you for permission on first start, or provide options to truly disable those unnecessary features (Like GNU Octave). So both sides of people can choose. But Firefox does not. It even gives you a guide, pretending they can all be off. While most of them can be off, some of them still remains, but they never mention this. Even if we look from developers' perspective, we don't just develop all the time. We are users too, and we will face the consequence justifying or normalizing the bad intentions.
In the end, it's just about the lack of user's permission. Again I will use the nude photo as example, there's nothing wrong if someone ask me to send my nude photo and I say it's ok. However it's very different if they send my nude photo without asking my permission. (If you still insist on the nude photo being harmful, replace it with any other harmless thing)
Also here is another example on "beneficial features" declared by the developers.
> Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails. Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users.
https://web.archive.org/web/20220906172313/https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ -
Udon (udon@social.076.ne.jp)'s status on Monday, 19-Sep-2022 19:39:40 JST
Udon
@gnusocialjp
> 害がなく、何も問題ないならば、勝手にしても問題ないと思います。害があるならば問題です。
> 揚げ足を取るつもりはありませんが、ヌード写真はユーザーの私物・個人ファイル・個人情報になるので、有害だと思います。
個人情報でもヌード写真だけで特定できませんので無害だと思います。方法があれば教えてください。もともと端末も私物で、個人ファイルや個人情報も載ります。
開発側のマルウェア機能の載り、ユーザーのFirefoxなどの利用も自由ですが、わたしは「無害」の定義について語りたかっただけです。これはユーザーが決まるべきと思います。これの一番の解決方法は、最初起動か設定で「Sending Diagnostic Information?」で、許可を問うたらいいと思います。有害か無害はそれぞれなので(それに加害者は自分のことを「有害」と言うはずはない)、許可の有無は重要と思います。Firefoxは予期せず、いくつかの(無害な?)接続も残りますので、それに批判しました。 -
Udon (udon@social.076.ne.jp)'s status on Monday, 19-Sep-2022 17:59:51 JST
Udon
@ikeji @gnusocialjp
乱入は失礼ですが、ブラウジングに必要ないもの、なぜ問わずにユーザーに強制にさせるか。泥棒が悪事を働くは、事前に通知するべきはない。「損害」があるかどうか、これはユーザーが自分で決まることです。「損害」がなくても無断のはしてはいけないと思います。
例として、ヌードの写真の見せもOKですか(マスク付きはOK)?これも無害だと思います。体だけから特定は難しいのでプライバシーにも安全です。要求者は「みんなの安全のため、爆弾かなにかの確認だけ」と言ったら、「無害」か「有益」になりますか。
勿論Firefoxの利用は自由ですが、今はFirefoxの議論と思います。
FOSSもただのライセンスです。ソフトウェア本体か詳細な仕組みと無関係です。FOSSのマルウェア、FOSSの買取もできると思います。 -
Udon (udon@social.076.ne.jp)'s status on Monday, 19-Sep-2022 14:29:12 JST
Udon
@ikeji @gnusocialjp @ryo @Misato
いいえ、完全に止められません。firefox.settings.services.mozilla.com、onecrl.content-signature.mozilla.org はまだ残ってしまいます。 -
Udon (udon@social.076.ne.jp)'s status on Monday, 19-Sep-2022 09:23:25 JST
Udon
@gnusocialjp @ryo @Misato
> 設定されたDNSやNTPのサーバーにアクセスして、うまくいかなかったときの、失敗した時の動作の設定だと思います。たぶん、FallbackDNS, FallbackNTPの設定もない場合に、systemd標準のGoogleやCloudflareのサーバーを見るのだと思います。
サーバーの(複数)指定は自己責任です。そんな「好意」は必要がありません。
> 少しでもリスクがあるなら避けたいというのは理解できます。しかし、根拠や証拠が弱く、一方的な決めつけにみえて、危なっかしく見えました…
https://spyware.neocities.org/articles/firefox.html
この記事はもう読みましたか。
Firefoxの件ならば立場はryoさんと同じです。回線チェックやGoogle SafeBrowsing、それらはブラウジングにいらないので、テレメトリとなります。「無害」でもいらなかったら静のままにするべきです(設定に調整できる、または初めに使うところで問うたらOK)。「塵も積もれば山となる」。
Systemdの件はFallbackDNS/NTP以外、まだ有力な証拠が少ないが、Firefoxのはそうと思うわない。 -
Udon (udon@social.076.ne.jp)'s status on Sunday, 18-Sep-2022 23:56:57 JST
Udon
@gnusocialjp @ryo
> 調べたところ、このフォールバックは設定ファイル (FallbackDNS, FallbackNTP) でも変更できるようです。
ありがとうございます。でもその機能の存在意味は分からないです。
> systemdを採用していないGNU/Linuxのほうが少なく見え、
汎用性が高いDevuanはおすすめ。
> systemdにそんなに大きな問題があるように思いません。
わたしもそう思います(なるべく避けたい程度)。 -
Udon (udon@social.076.ne.jp)'s status on Sunday, 18-Sep-2022 23:11:54 JST
Udon
@gnusocialjp @ryo
> 3個目のこちらのURLには、バックドアの証拠はありませんのでコメントしません。
> そして、フォールバックなので、失敗しない限り見ることありません。失敗したときに見るサーバーなので、安定性の高いサーバーをデフォルトに指定するということで、別におかしいと思いません。
バックドアの証拠は確かにないようですが、バックドアは、報告が出た前存在しません。
NTP、DNSなどはinitの役ではないと思います。元もDNSサーバーは複数の設定は可能で、DNSサーバーの指定もオーナーの責任です。予想外のフォールバック機能はもうバックドアだと思います。systemdのメリットもあまり感じられないので(複雑性と中央集権がメリットかも)、そのリスクは取りたくない。systemdも、他のinitが利用するシステムの互換も悪いので(systemd専用のソフトは増えてるようです)その利用もサポートしたくない。
> しかし、2個目のURLにある通り、ビルドオプションで変更できますので、ディストリビューション側の問題です。
これはユーザーに大変だと思います。ただのフォールバックアドレスの変更はリービルドで必要はないです。ディストリビューションはなぜsystemdに移行か留まるは別の問題ですが、ディストリ側の問題よりsystemdの設計の問題です。 -
Udon (udon@social.076.ne.jp)'s status on Sunday, 18-Sep-2022 18:29:54 JST
Udon
@gnusocialjp @Misato
https://www.unixsheikh.com/articles/the-real-motivation-behind-systemd.html
https://github.com/systemd/systemd/issues/12499
https://www.infoworld.com/article/3159124/linux-why-do-people-hate-systemd.html
All senooken JP Social content and data are available under the 
