Web Browser

162 réponses [Dernière contribution]
SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

>When I used T7 I found Icecat to be slow compared to Abrowser

Yep

>possibilty due to its extra plugins like LibreJS

Exactly because of it, mainly.

>The version of Abrowser in Trisquel 8 is based on FF57, so it's much faster now.

57, now 58 is night and day compared to any previous version I have used on GNuxion. Addons will slow it down considerably though, and will especially use a lot of RAM.
I used to run it first for a couple of weeks with noscript only and it was lightning fast and used only 140 mb when started. Now that I have installed umatrix and httpseverywhere it is considerably slower and it uses 240 mb od RAM on start.

Btw I am wondering: how come we need a stupid addon to make it so we are automatically directed to the encrypted version of a website? Isn't that a necessity? Don't you think Mouzzilla should make such behavior the default feature?

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

Tx for the link, senor LeGuitarraJosé :)

I played a little bit fir Mouzillacox and visited this website, which has grown hugely in dimension from the last time I did so, which was give or take a year ago. It would appear they really like their browser to not only have new (mostly useless IMHO) features at each new version but also to phone home like a whiny fat kid on summer campus..

https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections

I don't know if you already gave it a try or if you maybe already posted it here. If I had to read this whole thread I'd probably wind up in a madhouse..

Found a strange thing too. I had 'health report' all disabled according to teh GUI and about:config but when I went to about:healthreport it said it was on, and when I clicked on the thingy to disable it, a notice popped up saying 'you have disabled the heartattack report'... So I went to about:config and wrote 'health'. I set the reporting website to blank and restarted it and now the health:report is a blank page. Can you try and see that too? I guess that's just a GUI thing (read 'bug') but you seem even more suspicious than my excellent self, so maybe you should 'test it' :P

P.s - > these are the two that were already set to false (and those should completely disable health report)

datareporting.healthreport.service.enabled
datareporting.healthreport.uploadEnabled

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections
>
> I don't know if you already gave it a try or if you maybe already
> posted it here.

heyjoe already found that this documentation is broken. Bug report is here: https://bugzilla.mozilla.org/show_bug.cgi?id=1433494

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

I see, masonmate, yeah, as I said in order to preserve my mental health I skimmed through the thing, damn thread is yuge. Did you test this last one thing I was talking about?

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

On 01/28, name at domain wrote:
> I see, masonmate, yeah, as I said in order to preserve my mental
> health I skimmed through the thing, damn thread is yuge. Did you
> test this last one thing I was talking about?

Yes, it's quite the saga. Forunately it seems to be winding down as the important discussion moves to the Mozilla bug reports.

Are you referring to the "How to stop Firefox from making automatic connections" page? If so, yes, I tried it with FF58 and ESR and found as heyjoe did that the documentation is inaccurate (refers to about:config values that do not exist in FF52 or FF58) and incomplete (there are still some automatic connections after completing the rest of the steps).

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

No, I was referring to the following aforementioned part->

Found a strange thing too. I had 'health report' all disabled according to teh GUI and about:config but when I went to about:healthreport it said it was on, and when I clicked on the thingy to disable it, a notice popped up saying 'you have disabled the heartattack report'... So I went to about:config and wrote 'health'. I set the reporting website to blank and restarted it and now the health:report is a blank page. Can you try and see that too? I guess that's just a GUI thing (read 'bug') but you seem even more suspicious than my excellent self, so maybe you should 'test it' :P

P.s - > these are the two that were already set to false (and those should completely disable health report)

datareporting.healthreport.service.enabled
datareporting.healthreport.uploadEnabled

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

In FF58:

datareporting.healthreport.service.enabled does not exist in about:config and datareporting.healthreport.uploadEnabled is true by default.

After going to Help->Health Report and turning off data sharing, datareporting.healthreport.uploadEnabled is set to false as expected.

In FF52

Same as FF58, service.enabled is missing and upload enabled is true by default.

After going to Preferences->Advanced->Data Choices and deselecting "Enable Firefox Health Report" upload.enabled is set to false as expected.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

I admire your persistence, mate Joe.

I don't know about Basilisk but AFAIK Palemoon is proprietary software. Is it not?

With my current settings I get 8.7

And, again, for my own mental sake I think I'll just keep it as it is (for now). Truth be told, and I expressed such truth several times, I dislike Mouzilla very much, I use their browser ONLY because I see no better option and I would really like to find another one, not a fork but completely another browser which would render CSS and images correctly (without messing the whole website up) and allow me to just disable javascript, cookies, adds and trackers. The best I have found so far is netsurf but it could really be improved a lot. I hope someone will develop a truly decent browser some day. I doubt it though. The fashionable insanity of the age appears to be: add more lights and bells and make the code yuge, give 0 damns about privacy and security.
In one word: I give up.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

They are not trolling at all. I first thought they were shilling Chromium when the thread started but indeed they are not and actually Joe is very serious about privacy issues related to Moxillacox.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

>"Pale Moon is, and will always be, completely FREE to download and use! (Open Source and Freeware)"

Well, that is no way to make sure, now, is it? What's the license is the question you should be asking.

https://www.palemoon.org/redist.shtml

That to me does not seem to be free software. Am I missing something?

>Do I have to check even that? :)

Yes, as I said already my cranium has a very limited capacity and my limbs are overly lazy.

>No. Join me.

I don't know. See the above statement. Also, I can not keep your rate. You seem like a Joe on steroids. I'm 84 years old goddamit, it's a miracle I can type this :)

(I will keep caring and taking notes and doing 'tests', your persistence inspires fresh air in my old bones)

*I'm actually 14, as you can clearly see from my frequent changes of mood and behavior, it's not easy to be a teen today, I have to both study AND catch pokemons.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

>I am not an authority in FOSS or any matter

You don't need to be, nobody needs any authority at all. Software freedom is not based on authority but licenses. All that really matters is the licenses. The license is freedom when it's free and it's jail when it's proprietary.

> I am not selling anything. I don't even take donations.

I guess that was referred more to Heather doubting you or me originally doubting your chromium shilling, for in my last comment or any other ones I never implied that you do, on a contrary I think you are genuinely interested in the topic of privacy.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

>He earned that respect and trust

NEIN!!!! NEIINN!! That's exactly the point of this entire thread: never trust! Always Test! Have you tested the Tramp with tcpdump? No, you haven't!

Shame.png

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> Well, that is no way to make sure, now, is it? What's the license is the
> question you should be asking.
>
> https://www.palemoon.org/redist.shtml
>
> That to me does not seem to be free software. Am I missing something?

This site isn't accessible over Tor without completing one of those demeaning "Click on every picture containing a bus. Oops one of those was a car. Now try clicking on every picture containing a sign. Good boy!" security checks, so I'll take your word for it.

According to Wikipedia, the source code is MPL2, which is a libre license, but Pale Moon-branded binaries are proprietary. It's unclear whether it's the same deal as Firefox where if you modify the software you can no longer call it Firefox, or a more restrictive case where you can't even compile it yourself and redistribute it as Pale Moon.

Apparently it's a Firefox fork. I'd be interested to see what its default about:config looks like.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> If a program is good (works as expected, doesn't spy or damage
> data) and gives you freedom 0 and 1 - do you really need freedom 2
> and 3?

In this case, the source code gives you all four freedoms (assuming you don't consider trademark restrictions to be an infringment), while the binaries only give you freedoms 0 and 2. This makes the source code fine to compile and use if you accept PaleMoon's trademark policy, but the binaries they distribute problematic. Without freedom 1 no one can verify exactly what the software does.

That said, yes. All four freedoms are ethically necessary, whether or not they are practically useful in a given situation. This is not just true for software freedom. All freedoms, including software freedom, free speech, and privacy, are deserved, even on days when I have no desire to share a program, no statement to make criticizing my government, and nothing to hide.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> In this case, the source code gives you...

Well, I'm not certain of that since I'm going off Wikipedia. If you (or you distro) is allowed to build Palemoon without modifying it and call it Palemoon then it's the same situation as Firefox. If not, that means every binary called Palemoon was either built by them and them alone (we only have their word that it really corresponds to the source code) or is illegal.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> You are missing the point of the question.

I did not miss *the* point. There were two points: the specific case of Palemoon and the general case. My first paragraph addressed the former, while my second paragraph addressed the latter. You then acted as if focusing on Palemoon in the first paragraph indicated that I had "missed" the general point, ignoring the content of my second paragraph. You then reiterated the general point in more detail but not in a way that refutes my second paragraph. That does not mean I am right, but it does indicate that you don't have a better response, or else you would not have resorted to evasion. I have tried to be patient with these tactics, and the result is a sprawling mess of a thread in which the very valuable information you have provided is completely buried in off-topic discussion. They are also the reason Mozilla closed your bug report prematurely; it wasn't some conspiracy to silence you, just impatience. I apologize for being blunt, but being subtle has not helped keep the conversation on track.

This is irrelevant to the important hard work you have put into investigating these browsers. If you aren't too pissed at me at this point, I'd like to keep discussing that with you. If you would like to discuss whether or not software freedom is important, a new thread in the troll lounge would be the appropriate place. This thread will go off the rails again if we discuss anything other than web browsers here.

Can you remind me of whether Palemoon's default about:config prevented background connections, or if you had to additionally configure it yourself? (You might have already answered this, but I will go insane if I try to dig through this thread searching for the message.) Either way, it sounds like this Firefox derivative is the easiest you've found for which to disable automatic connections. While I am unwilling to use Palemoon for my computing because it is proprietary (though I respect your right to decide differently) I will download it to compare its about:config to that of Firefox after following the broken documentation page. Focusing on the differences will narrow down the number of value changes to try in order to disable all automatic connections.

ADFENO
Hors ligne
A rejoint: 12/31/2012

Yes, you need to have them available, not because you'll necessarily use
them, but because someone else will, be it the person who gave it a
copy, the other which received a copy from you, the thirty fifth
genration of people who receive copies from your generation.

You never know the econimic and social scenario these people will be
under, they can be in a desert, a censorship regime or a place without
Internet. At the same time their status presses them, the restrictions
on freedom 2 and 3 would also do the same in such status. What good
would it be if a given person in a community without Internet would be
forbidden to distribute original and modified copies? Even if the person
doesn't do such things and instead goes on into "doing fixing service"
for that software, it would again be characterized as distribution
(because the person already knows what to do, so they do it over and
over). As for the distribution of originals, it all goes back to the
pressed situation again, because the person could help others which are
under such case too but which aren't fortunate enough to have such
software to help their daily lives. In all cases, the second half of
"distribution", selling, is also important, otherwise how would that
person reward himself for the work they do in that scenario?

2018-01-29T23:30:29+0100 name at domain wrote:
> If a program is good (works as expected, doesn't spy or damage data)
> and gives you freedom 0 and 1 - do you really need freedom 2 and 3?
>

--
- https://libreplanet.org/wiki/User:Adfeno
- Palestrante e consultor sobre /software/ livre (não confundir com
gratis).
- "WhatsApp"? Ele não é livre. Por favor, veja formas de se comunicar
instantaneamente comigo no endereço abaixo.
- Contato: https://libreplanet.org/wiki/User:Adfeno#vCard
- Arquivos comuns aceitos (apenas sem DRM): Corel Draw, Microsoft
Office, MP3, MP4, WMA, WMV.
- Arquivos comuns aceitos e enviados: CSV, GNU Dia, GNU Emacs Org, GNU
GIMP, Inkscape SVG, JPG, LibreOffice (padrão ODF), OGG, OPUS, PDF
(apenas sem DRM), PNG, TXT, WEBM.

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

Where is the community who has the 'freedoms' to modify things when such critical issue is found?

There are many Firefox forks, what would be impossible without freedom 3. If none fixes what you call "critical issues", it is because their communities do not see those as critical issues. Thanks to freedom 3, another fork can arise to fix the "critical issues". You can push in that direction or, like you do (and it is indeed better to not scatter the development effort), try to convince the developers of Firefox (or of one of the derivatives) that the issues you point are indeed critical and ought to be addressed, despite the associated loss in functionalities.

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

This is nonsense.

There is sense: the telemetry component of Firefox sends anonimized data that help Firefox's development, safe search warns about phishing and malware, etc.

I am honestly tired of reading preaching about the 4 divine commandments which nobody cares to exercise in practice and just waits for the next listed recommendation.

Firefox used by anybody to browse any site is freedom 0 in practice. Administrations and companies customizing Firefox for their needs are exercising freedom 1. Firefox in the repository of GNU/Linux distributions is freedom 2 in practice. And, again, Firefox's forks are freedom 3 in practice.

Forks have arisen. Some claim they fix the issues. And they don't. And you still defend their bible.

What fork I defended? I do not defend Firefox's default configuration either. Even less its adoption of EME. I defend the free software definition, which has nothing to do with what the software does but that you keep on blaming for not providing you the software you want.

You just sit and evaluate what another one does and whether it conforms to the 4 divine commandments or not. And although I have asked a question explicitly saying to leave for a moment these 4, you are back to all that.

You asked "Where is the community who has the 'freedoms' to modify things when such critical issue is found?" and I only replied to that. Now you wrongly claim the four freedoms are not "exercised in practice". So, you (not me) are the one "back to all that". You blame the free software definition for not providing you the software you want. If the community does not bring you the software you want, it probably is because it has different views than yours. "Different views than yours" is what you call "nonsense".

Like I have said since the beginning of this thread, the privacy concerns you raise are interesting. I hope your advocacy will lead to more privacy-respecting Web browsers. Unfortunately, labeling every opinion different than yours as "nonsense" is not helping...

I also hope you will eventually understand that "privacy" and "freedoms" are orthogonal issues. Imperfection (what includes privacy issues) is not the same as oppression. In other words, imperfection is not a reason to blame the free software definition, which has nothing to do with what the software does.

SuperTramp83

I am a translator!

Hors ligne
A rejoint: 10/31/2014

>This site isn't accessible over Tor without completing one of those demeaning "Click on every picture containing a bus. Oops one of those was a car. Now try clicking on every picture containing a sign. Good boy!" security checks, so I'll take your word for it.

It is. I just did it, just needed to change the 'circuit', click on 'change the circuit for this website'. I was lucky, I just needed to do it once, you might be unlucky and change it 5 or 10 times.. Bad sign though.

>or a more restrictive case where you can't even compile it yourself and redistribute it as Pale Moon.

Indeed, if I understand it correctly, that is exactly the case. It's proprietary software. And we are talking about software here, not artwork, not a logo, which is not software.

Abdullah Ramazanoglu
Hors ligne
A rejoint: 12/15/2016

(Posting to main thread in order to reset thread indentation that gone wild.)

It's like comparing the constitution to actualities of life. Both sides have their point, but no constitution can achieve a perfect system, and no irregularities of actual life invalidates a good constitution.

Sticking to one POW at the cost of ignoring the other, leads to parallel monologues instead of a dialogue, and nothing useful can be expected to come off of this.

Heyjoe I admire your intelligence and the way you handle an issue in its width and depth. But please don't overlook the subtle difference between the theory (of freedom, aka the constitution, aka 4 freedoms) and the practical problems that arise in real life.

I am fully with you in that there *are* some serious security and privacy problems yet to be solved in FOSS, and I am not claiming that the 4 freedoms make for a perfect constitution, but it is the best so far man has developed. It's still in evolution.

So, on one hand, pointing out some actual problems (which are indeed serious) is not an excuse to throw the whole constitution. To be able to do that, one should invent an alternative better than the original. And on the other hand, having a good constitution is not an excuse to take real life irregularities lightly. Both sides need to look from both angles, I believe.

Instead of throwing the baby out with the bathwater (for both parties), it might be more fruitful to try to *tune* the thing. A new rule needs to be added to the constitution? One of the rules need to be changed in some way? These are all good subjects for discussion. Rules can be pitched against actual problems, and vice versa. From this, better rules - hopefully - emerge. I'm all in for it. At least it can lead us to grasp just how big a quagmire the freedom issue is. That it cannot be completely and simply solved by a short list of rules, that the constitution only provides for a base to build sophisticated eco-systems on, that a web of peripheral rules (continually tuned with changing times) is necessary, etc.

Either top-down (from constitution to real life) or bottom-up (real life to constitution) design is possible. But before trying to replace the 4 freedom rules we happen to have, I think I ought to point out that there should have been an *immense* cumulative brain-power invested in those rules, which are evolved, tested and rugged by time. We can point to a specific real life problem and make an adjustment to the rules accordingly - only to find later out that our modification backfires on many other fronts. So, it must be a very, very delicate process to tune it.

But the whole subject is a very good food for thought anyway.

Fil
Fil
Hors ligne
A rejoint: 02/29/2016

For what it's worth, I can only say this:
the human being behind Abdullah Ramazanoglu's words must be a wise one.

Thank you for those words.
If only more people were able to reason and talk like that..

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> Back to browsers: The discussion with the authors of pyllyukko user.js lead
> to the idea to create a matrix comparing the settings of different similar
> projects, including Tor. So they suggested that I create a repository on
> GitHub where this matrix can be maintained and updated easily when new
> browser versions appear. Obviously I will have to learn how to use git.

This is an excellent idea. It might be most time efficient to focus on Quantum derivatives, since ESR will be updated to FF60 in a few months and the differences from FF52 won't matter anymore. I have basic knowledge of git. Let me know how I can help.

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

If you have any better idea let me know.

If you want scripts to handle the table, having tab-separated values (you may want to use commas in the cells) looks like a good idea. What scripts are you considering? I can potentially help with Shell or AWK scripts.

For visualization, a script can convert the table into a HTML table.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> This needs lots of man hours and lots of attention, especially for
> the cryptographic parts (and I am not an expert in that).

There may be people here who can help who aren't following this thread. It might be worth starting a new thread with a subject line specific to this project, summarizing what you've found, the purpose of the git repo, and what needs to be done. Since privacy information about Firefox forks will benefit Abrowser, I think this is probably Trisquel-related enough for the main forum (as opposed to the troll lounge).

The evolution of this thread has been interesting. It has almost transcended the status of a single thread that has gotten off topic and become an independent forum with its own subthreads that are only tangentially related to each other but on-topic within themselves, but that keep connecting back to a main branch that runs in parallel to a Bugzilla thread. We've even begun to adapt to the emerging stucture, returnin to the tops levels for posts that require extra visability. There's a part of me that wants to just embrace this and see what curious organism emerges if we let things play out, but discussion of your git repo will probably fare better in a more focused enviornment. :)

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

Here is a Shell script that creates a table from as many user.js and prefs.js file as you want (the only arguments of the script):
#!/bin/sh
if [ -z "$1" ]
then
printf "Usage: $0 prefs1.js ...
"
exit
fi
printf '# key'
TMP=`mktemp -dt all_prefs.XXXXXX`
trap "rm -r $TMP 2>/dev/null" 0
keys=$TMP/$(seq -s " $TMP/" $#)
values=$TMP/$(seq -s ".val $TMP/" $#).val
mkfifo $TMP/keys $keys $values
grep '^ *user_pref *( *"' "$@" | cut -d \" -f 2 | sort -u | tee $keys > $TMP/keys &
for k in $keys
do
printf "\t$1"
grep '^ *user_pref *( *"' "$1" | cut -d \" -f 2- | sed -e 's/" *, */'"$(printf \\t)"/ -e 's/ *) *; *$//' | sort -t "$(printf \\t)" -k 1,1 | join -t "$(printf \\t)" -a 1 -e undef -o 2.2 $k - > $k.val &
shift
done
printf '
'
paste $TMP/keys $values

After a header, the script outputs one row per key, ordered alphabetically in the first column. There is one additional column per file (in the order they are given to the script). In such a column, the value is "undef" if the file does not define the key (present in at least one other file). Values are tab-separated. The script will work as long as the input files do not include any tab and define values with at most one call to "user_pref" per line (and no other call). If some interesting file does not respect those constraints, I can adapt the script. Supernumerary spaces anywhere in the input files should not raise any problem.

For the challenge (performance is not an issue here), I wrote the script above under a constraint: to not write anything to the disk. Only to pipes (and the final output is to the standard output, that you can redirect). As a consequence, all the commands executed in the two longest lines and the final 'paste' run in parallel.

If you (or somebody else) want(s) explanation about part of the script, I can answer.

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

I removed the tabs right before the sed call. The end of the lines were not removed when there was a comment afterwards: the last sed substitution is for that. Finally I was assuming the keys would be defined at most once per file but "ghacks" makes jokes with several definitions of a same "_user.js.parrot" key: I now just keep one of the definitions.

Here is the fixed script:
#!/bin/sh
if [ -z "$1" ]
then
printf "Usage: $0 prefs1.js ...
"
exit
fi
printf '# key'
TMP=`mktemp -dt all_prefs.XXXXXX`
trap "rm -r $TMP 2>/dev/null" 0
keys=$TMP/$(seq -s " $TMP/" $#)
values=$TMP/$(seq -s ".val $TMP/" $#).val
mkfifo $TMP/keys $keys $values
# List, in alphabetic order, all keys in at least one input file
grep '^ *user_pref *( *"' "$@" | cut -d \" -f 2 | sort -u | tee $keys > $TMP/keys &
for k in $keys
do
printf "\t$1"
# List the value in "$1" associated to every key or "undef"
grep '^ *user_pref *( *"' "$1" | cut -d \" -f 2- | tr -d "$(printf \\t)" | sed -e 's/" *, */'"$(printf \\t)"/ -e 's/ *) *; *$//' -e 's, *) *; *//.*$,,' | sort -ut "$(printf \\t)" -k 1,1 | join -t "$(printf \\t)" -a 1 -e undef -o 2.2 $k - > $k.val &
shift
done
printf '
'
paste $TMP/keys $values

Its output when given the four user.js files that https://github.com/jm42/compare-user.js considers is attached.

That's very nice of you but perhaps it would be better to refactor it so that it is self explanatory (comments etc).

I added two comments. The script is like 20 lines long. There is not much to refactor.

We could probably make an interface (a form) with default and recommended values and a column in which the user can enter values (or pick from existing). Then a simple 'Submit' button would be able to generate the user.js.

That would be a separate project that could take at input the output of this script (maybe to fill up a database). I will not write any PHP. I can write Shell command lines or AWK programs that process the table the above script outputs.

Pièce jointeTaille
all_prefs.txt 34.52 Ko
Abdullah Ramazanoglu
Hors ligne
A rejoint: 12/15/2016

> Thoughts?

With multi-millions of LOC, FF forks doing just cosmetic changes is only normal. What else could they possibly do? Trying to produce a secure and privacy respecting browser out of an opposite one (and an obese one in that) is not very good strategy IMHO.

What's wrong with -say- Midori? Seeing that it is already ripe for adoption, it's beyond me why FSF wouldn't adopt such a good platform and build on it.

Abdullah Ramazanoglu
Hors ligne
A rejoint: 12/15/2016

> What do you suggest?

Unfortunately I have no suggestion for a browser that is both as www-compatible as FF and fairly lightweight and security/privacy respecting. The closest I came with was Midori (yes, it shows it's age and orphanage) for general web browsing, Qupzilla (eith its non-free dependencies and KDE direction) for the rather difficult sites, and a FF fork (possibly Tor) for the most difficult sites. I do accept it's not a perfect compromise, but it's the best I can do.

And no, neither have I time to fiddle with entrails of a browser, so I will just stick to off-the-shelf solutions, save some critical user settings.

Abdullah Ramazanoglu
Hors ligne
A rejoint: 12/15/2016

> Things have become so complex in the
> last 10 years that it is difficult to
> follow, what's left for development.

Maybe a modularized approach could solve this. You know, once "lp" was a huge software, with print management and printer drivers lumped into a monolithic package. Then lpr-ng came about, IIRC it was the first print management software that separated drivers to their proper place and thus was able to focus on the print management job itself. Nowadays each printer has its own driver, readily usable by any print management software you'd choose.

I suspect similar dissection might be possible in web browsers too. Ofcourse this must entail a strong standardization regarding how each piece of a browser interact with each other (or at least with the main trunk). In such a hypothetical structure, a browser would be no more than a slim, main trunk, perhaps outsourcing even the basic HTML rendering to an external module ("driver" in lpr analogy). So, browser trunks (which are quite manageable in size) compete with each other on their own merit, likewise "drivers" for a specific function do so between them. This would both promote natural selection process among the components, and would - hopefully - free browser development "privilege" from a few tech giants.

But then it would be a different story to choose a browser. You would need to choose the main browser and external modules separately. Maybe a new wave emerges from this, where people start making "browser recipe"s and package them together. And then we would have perhaps hundreds of recipe packages to choose from.

I don't know if it makes much sense. Just brainstorming.

Abdullah Ramazanoglu
Hors ligne
A rejoint: 12/15/2016

> If huge effort should be applied, it should
> start from the very root of the problem.

In the past, hardware was either so basic as to not utilize firmware, or, when it did, onboard processor was barely coping with the job to have spare cycles for spying around. In that era, "proprietary hardware" meant nothing. So, only software has to be freed, and that was a manageable task. The whole suit (OS, DE, utilities) could be dissected and developed by relatively small teams of people, down to a broke individual.

Good days are over.

Now, hardware is sophisticated enough to have lots of spare cycles for spying. But how to free the hardware without multi-million dollars of funds? Design and production of CPU, GPU, networking, etc. components are gigantic tasks needing multi-millions of dollars. There must be a solution or we can find ourselves between the rock and a hard place (correct usage of the term, I hope).

I think the Shakti Project, from this perspective, is of utmost importance. I regard it as start of a revolution in hardware domain. Luke is also trying to find a solution for GPU. So far the "solution" seems to be using spare general purpose CPU cores and running specialized software on it, to turn that core into a sort of GPU (with too low performance and too high power consumption). I hope, in future there will be other projects, like Shakti, focused on the GPU question. And then there is networking hardware...

We are bound by physical constraints in libre hardware production. It's not like "lets club together and write a module - or whatever". Until the hardware question is solved, all we can do is "defensive driving", as far as I can see. In the meantime we can try to prune the free software in regards to security/privacy issues. I believe you did more than your fair bit in this regard.

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

Here is a small AWK program that processes the output of the previous script:
#!/usr/bin/awk -f
BEGIN { FS = "\t" }
{
val = ""
for (i = 2; i <= NF; ++i) {
if ($i != "undef") {
if (val == "") {
val = $i
count = 1
}
else {
if (val == $i) {
++count
}
else {
count = 0
break
}
}
}
}
if (2 * count >= NF) {
print "user_pref(\"" $1 "\", " val ");"
}
}

It does the same as https://github.com/jm42/compare-user.js, i.e., "adds a preference if there are >=50% [of the prefs.js/user.js files in argument of my previous script] with the same value and there no other value. The output file is already a valid file to include in your profile directory". Using the same four user.js files as earlier, only 60 keys satisfy the constraints: the output is attached.

By the way, all the software I write, including the two scripts in this thread, is under the terms of the GNU General Public License version 3 or any later version.

Pièce jointeTaille
user.js_.txt 2.96 Ko
quantumgravity
Hors ligne
A rejoint: 04/22/2013

> So you are pasting lines of code in a public forum claiming that by using this code any completely anonymous person is signing a legal agreement with you (an anonymous licensor) and that that this has legal power? Are you serious?

Why should it matter where he releases his software? Github might be a more convenient place to share code, but from a legal perspective it's not special at all.
I also can browse any github project right now completely anonymously and download every single one of them, still i'm bound to the license agreement attached to the program, no matter how big or small it is.
Seriosly, what you said here makes no sense whatsoever and I don't even know what you're trying to achieve.

Abdullah Ramazanoglu
Hors ligne
A rejoint: 12/15/2016

For a (any) licence to take legal effect, the work has to be legally owned by some entity, i.e. copyrighted, AFAIK.

Without a © it is basically public domain, and cannot be subjected to a license. So, I gather that MagicBanana is not demanding, but kindly requesting that the work to be used in accordance with GPL.

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

This is sheer nonsense and yet another attempt to renew someone's favorite discussion about 4 freedoms and all the rest of it.

Everybody can observe that you are, once again, the one bringing back the four freedoms.

The GitHub repo I opened will use "The Unlicense" which means no copyright and restrictions/regulations.

No copyright would actually mean the classical copyright, under the Berne convention.

I will never accept anything from anyone who tells me "I can potentially help" and then imposes regulations on that "help" (however 'ethical' anyone may consider that).

Whatever. Good luck with your GitHub repository that only contains a license file (where is the "software" the license is talking about?): https://github.com/anchev/user.js

jxself
Hors ligne
A rejoint: 09/13/2010

Thanks to things like the Berne Convention as well as various international treaties that have come along since then, when someone makes something they're not getting one single solitary copyright from their home country but about 200 different copyrights from various countries around the world. It's not clear if people can legally abandon their all of their copyrights in all of those countries around the world. It appears that Germany does not allow this for example. There may be others too.

The reason I mention this is to show that when things like the unlicense recommend that people use the wording:

"I dedicate any and all copyright interest in this software to the public domain. I make this dedication for the benefit of the public at large and to the detriment of my heirs and successors. I intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this software under copyright law."

...it like likely won't have full effect on all of those different copyrights that that person got when they made their contribution i.e., for people in Germany it's still under full "All Rights Reserved" copyright, since they don't allow copyright abandonment.

I imagine that things like the Unlicense were probably written without international copyright attorneys involved, or this problem would have been identified.

Creative Commons was looking into that very problem and this is why they wrote CC0 in the way that they did, into 3 parts:
1. The first part tries to abandon all copyrights
2. The second part grants a broad permissive license in the case that the first can't be done. This addresses the problem with countries that don't recognize #1.
3. The third part is a promise not to sue in case that license doesn't work for some reason.

And so, something like CC0 is more likely to accomplish the intended goal.

Abdullah Ramazanoglu
Hors ligne
A rejoint: 12/15/2016

> And so, something like CC0 is more likely to accomplish the intended goal.

This is news to me. Up to now I thought simply a missing copyright notice automatically translates into public domain.

Then what would be the legal status of of the legacy public domain base?

For instance could I be held liable for modifying a public domain humor/joke and sharing that in a forum? Or modifying the lyrics of a folks song, etc.? There is an immense database of works without even a trace to their origins.

More to the point, there are sites to download so called public domain programs - huge collections of them. What are their status?

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

In some jurisdictions, they cannot be "public domain", unless their authors died at least 70 years ago, which I very much doubt. They are probably distributed under a so-called "permissive license" (aka "lax license", aka "pushover license"), which lets anyone do anything they want with the work. Including changing its license for a proprietary software license.

The other category of free software licenses are copylefted licenses, such as the GNU GPL. Using a copylefted license, your work cannot end up in proprietary software. It is the whole point of the copyleft: preventing the middleman from stripping out the freedoms you want to give to whoever uses your work, modified or not. See https://www.gnu.org/copyleft/

Now, if the programs you are referring to do not bear any license, they are "All Rights Reserved", hence proprietary, under the Berne convention. See https://www.infoworld.com/article/2615869/open-source-software/github-needs-to-take-open-source-seriously.html for instance. Here is an excerpt:

You don't have to include a copyright statement for your creative work to be under copyright. In any country that's a signatory to the Berne Convention, copyright -- or stronger -- is the default as soon as something is created. If you completely ignore the subject, all your work is copyrighted to you (or to your employer in many cases), and anyone who copies it to use or improve it is in breach of your copyright.

See https://www.gnu.org/licenses/license-list.html for a long list of licenses. For free software licenses, the description usually tells whether the license is permissive or copylefted. About "Public Domain", that page says:

If you want to release your work to the public domain, we encourage you to use formal tools to do so. We ask people who make small contributions to GNU to sign a disclaimer form; that's one solution. If you're working on a project that doesn't have formal contribution policies like that, CC0 is a good tool that anyone can use. It formally dedicates your work to the public domain, and provides a fallback license for cases where that is not legally possible.

And about CC0:

CC0 is a public domain dedication from Creative Commons. A work released under CC0 is dedicated to the public domain to the fullest extent permitted by law. If that is not possible for any reason, CC0 also provides a lax, permissive license as a fallback.

jxself
Hors ligne
A rejoint: 09/13/2010

"Then what would be the legal status of of the legacy public domain base?"

It would be hard to generalize about this because of so many factors. What country is it public domain in and why (copyright expiration? Because the author abandoned it (and maybe other countries won't recognize that)?

If memory serves Wikipedia's policy to consider something "public domain" is if it is that way in the host country (where it was first published) and in the United States. Although that doesn't say anything about other countries. Unless it's very old it's probably not free of copyright restrictions on a worldwide basis.

For example to quote from https://en.wikipedia.org/wiki/Wikipedia:Public_domain:
"However, some countries make exceptions to this rule. A notorious case is Germany, which has had a bilateral treaty with the U.S. governing copyright since January 15, 1892. That treaty, which is still in effect, defined that a U.S. work was copyrighted in Germany according to German law irrespective of the work's copyright status in the U.S., and it did not contain a "rule of the shorter term". In one case, a German court therefore decided that a U.S. work that had fallen into the public domain in the U.S. was still copyrighted in Germany in 2003 in spite of §7(1) of the EU directive."

"There is an immense database of works without even a trace to their origins."

Yes, automatic copyright means that orphan works are a problem:
https://en.wikipedia.org/wiki/Orphan_work

And the continued retroactive copyright terms that the U.S. keeps doing don't help this.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

I don't know the answer to all of these situations, but if the author has explicitly released the work into the public domain you should be fine modifying and redistributing it (although they should really use CC0 to avoid ambiguity), while if the author has omitted a license you should assume it is under copyright. If the author is unknown, the work may still be copyrighted but it is unlikely to be enforced. The huge collections of "public domain" programs you refer to probably contain many works for which copyright law won't be enforced, but I would not assume that before modifying or redistributing one. Exceptions are if the work is uncopyrightable or the copyright would have expired by now. For example, in the United States any work published before 1923 is public domain (unless the copyright has been renewed or the work meets certain conditions), so a folk song written before 1923 is public domain whether or not the author is known. Recordings of folk songs are another story, as the recording is considered a separate work from the composition. (From the link below it seems like it should be a derivative work of the composition for the purposes of copyleft, but for some reason this is not the case.) If a folk song was recorded after 1923 it is autmatically copyrighted like any other work, *but* if it was published before March 1, 1989 the recording has to have been released with the copyright notice attached in order for the copyright to be enforcable. AFAIK that last detail is only the case for recordings. Bascially, copyright law is a shitshow, especially in the States. Thanks Disney.

https://www.law.cornell.edu/definitions/uscode.php?width=840&height=800&iframe=true&def_id=17-USC-1602536950-364936160&term_occur=1&term_src=title:17:chapter:1:section:101

jxself
Hors ligne
A rejoint: 09/13/2010

Of course, it should probably be said that this is a U.S.-centric viewpoint and not necessarily applicable to non-U.S. people.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> Of course, it should probably be said that this is a U.S.-centric viewpoint
> and not necessarily applicable to non-U.S. people.

Absolutely, I thought I had clarified this but now realize I only specified that the 1923 thing is U.S.-specific. Everything I said after that point is also specific to the U.S.

jxself
Hors ligne
A rejoint: 09/13/2010

Yes. And so, circling back to Abdullah Ramazanoglu's original question, determining the public domain status of a thing depends on establishing a specific fact pattern for that thing, taken in light of a specific country. That can result in something being public domain in one country and not another.

Circling back to the original discussion that started this sub-conversation, I have not done an analysis of the situation in all the countries of the world; I don't have the time or resources to accomplish that but hopefully providing even just one example helps to show that copyright abandonment is a complex topic and abandoning all of the roughly 200 different copyrights that someone gets is probably not possible. Thanks to the efforts of copyright maximalists like Big Media it's usually easier to play along with copyright and grant the permissions to make something be Free rather than trying to fight back to get rid of of the copyright and ultimately failing. The former is more internationally recognized; the latter is not.

chaosmonk

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/07/2017

> I will never accept anything from anyone who
> tells me "I can potentially help" and then imposes regulations on that
> "help" (however 'ethical' anyone may consider that).

I thought that if a program works as expected and is open and transparent we don't need additional freedoms. :)

I've noticed that people who find the GPL restrictive often fail to be similarly outraged by far more restrictive proprietary licenses. It's almost as if they are really offended by the moral stance rather than the restrictions used to protect that stance.

If you do not plan to exploit Magic Banana's contribution to create proprietary software, the GPL does not affect you in any way. If you do (I doubt this. I believe you have good intentions.), then Magic Banana is right to use the GPL to protect himself from becoming complicit.

Unrelated, your recent tactic of projecting your actions onto others (e.g. making an off-topic point to be evasive and then accusing them of being off-topic when they respond to it) is very transparent. We share common ground on some issues, but I'm done trying to discuss anything else. I'm going to stop following this thread now, but I will keep an eye on the github repo and try to help out once there is something up there to work with. Personalities aside, I sincerely appreciate the work you're doing.

quantumgravity
Hors ligne
A rejoint: 04/22/2013

Let me get this straight:
Magic Banana writes a piece of software and releases it under the GPL, and you accuse him of having a
"serious mental disorder" for that.
What the **** is wrong with you?

He explicitly grants every user the four freedoms he deservers, and instead of being grateful for that, you just spread FUD about copyright law claiming a piece of work without a license is immediately public domain.
It is NOT in the wast majority of countries and you have been told so countless times.

Where are the programs that you released under the public domain? Or do you prefer just blaiming others for writing free software?

quantumgravity
Hors ligne
A rejoint: 04/22/2013

So you completely ignored the fact that NOT attaching a license to a piece of software is immediately making it non-free?
Well, I guess you have to ignore it, because it would make all the rest of you agrumentation just crumble.

> Forums are not the place to "release" software.

Says who?
People can share software wherever they want, even if heyjoe thinks it's "not the place" for doing so.

jxself
Hors ligne
A rejoint: 09/13/2010

"Then I ran the first shared bash script, so I immediately committed a crime"

Copyright doesn't usually do anything with the running of programs, but with derivative works and the making of copies.

"I am also reading (and copy-pasting excerpts from) your automatically non-free copyrighted forum posts without explicit permission (license)"

Reading a copyrighted work is not usually an infringing activity; see above. :)
Also, quoting people and re-using small portions is usually allowed as a fair use exception to copyright in the U.S. and in the various laws of other countries around the world. Details vary of course depending on the specifics.

quantumgravity
Hors ligne
A rejoint: 04/22/2013

That's so much nonsense that I clearly won't bother to argue. Just read jxselfs post if you're really interested in it, but I guess you prefer to defiantly talk back just for the sake of it.

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

Without a © it is basically public domain, and cannot be subjected to a license.

If only that could be true! Unfortunately, under the Berne convention (signed by almost all the countries in the world), the copyright is automatic. The "all rights reserved" copyright I mean. Where you are basically free to do nothing. That is why I wanted to add a copyright notice: to not be told I released proprietary software!

I do not think I am anonymous (there is a link to my Web page on my profile). But anyway, you are right, there is no reason not to be clear. So here are again the two scripts with copyright notices (I rewrote a little the first one and it is now robust to tabs anywhere in the user.js/prefs.js files):

#!/bin/sh
# Copyright 2018 Loïc Cerf (name at domain)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
# See http://www.gnu.org/licenses/
if [ -z "$1" ]
then
printf "Usage: $0 prefs1.js ...
"
exit
fi
printf '# key'
TMP=`mktemp -dt all_prefs.XXXXXX`
trap "rm -r $TMP 2>/dev/null" 0
pairs=$TMP/$(seq -s " $TMP/" $#)
keys=$TMP/$(seq -s ".key $TMP/" $#).key
all_keys=$TMP/$(seq -s ".all $TMP/" 2 $#).all
values=$TMP/$(seq -s ".val $TMP/" $#).val
mkfifo $pairs $keys $all_keys $values
for p in $pairs
do
printf "\t$1"
# List the pairs key-value in "$1", keys alphabetically ordered
# Relevant lines contain 'user_pref', then '(', then '"'
# The key follows, then '"', then ',', then the associated value, then ')', then ';' and the end of the line is reached or '//' introduces a comment
# Space(s) and/or tab(s) may precede/follow any "element" (between single quotes above)
grep '^[[:blank:]]*user_pref[[:blank:]]*([[:blank:]]*"' "$1" | cut -d \" -f 2- | sed -e 's/"[[:blank:]]*,[[:blank:]]*/'"$(printf \\t)"/ -e 's/[[:blank:]]*)[[:blank:]]*;[[:blank:]]*$//' -e 's,[[:blank:]]*)[[:blank:]]*;[[:blank:]]*//.*,,' | sort -ut "$(printf \\t)" -k 1,1 | tee $p | cut -f 1 > $p.key &
shift
done
printf '
'
# List all keys once, in alphabetical order, along the associated values in $TMP/1 or "undef" if undefined
sort -mu $keys | tee $all_keys | join -a 2 -e undef $TMP/1 - > $TMP/1.val &
for p in ${pairs#* }
do
# List, for all keys, the associated values in $p or "undef" if undefined
join -a 2 -e undef -o 1.2 $p $p.all > $p.val &
done
paste $values

#!/usr/bin/awk -f
# Copyright 2018 Loïc Cerf (lcerf [at] dcc.ufmg.br)
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
# See http://www.gnu.org/licenses/
BEGIN { FS = "\t" }
{
val = ""
for (i = 2; i <= NF; ++i) {
if ($i != "undef") {
if (val == "") {
val = $i
count = 1
}
else {
if (val == $i)
++count
else {
count = 0
break
}
}
}
}
if (2 * count >= NF)
print "user_pref(\"" $1 "\", " val ");"
}

Abdullah Ramazanoglu
Hors ligne
A rejoint: 12/15/2016

> QupZilla
> Startup: multiple connections to filter37.adblockplus.org
> Open preferences - zero packets but when I clicked on "Tabs" section more packets to filter37.adblockplus.org were sent

Could you retry it with AdBlock disabled? (in the Tools menu)

On a side note, there was an online/offline selection (in File menu) in the previous version of qupzilla, but it's gone in v2.2.3. This is a backwards evolution regarding privacy. I have worked around that by having 2 separate proxy definitions and selecting arbitrarily one of them (easier to do with "StatusBar Icons" plugin enabled).

Proxy #1 ("online") -> Default to system proxy (direct internet connection)
Proxy #2 ("offline")-> HTTP::localhost:54321 (which doesn't exist, so internet connection is blocked)

I wonder whether qupzilla would still send outgoing packets (other than DNS queries) even with a bogus proxy definiton, as it would mean actively and deliberately going out of its ways to connect to internet - which I wouldn't consider as benign behavior.