mikegerwitz
/
online-freedom
1
0
Fork 0
Code Releases Activity

Simplify portions of talk 

Just slightly.
master
Mike Gerwitz 2016-03-19 19:38:26 -04:00
parent 30edd62455
commit 558bac1f39
No known key found for this signature in database
GPG Key ID: F22BB8158EE30EAB
1 changed files with 30 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

122
talk.tex
View File

@ -373,9 +373,7 @@
\only<6>{People who want to show off their cool stuff}
\lecture{There are certainly other malicious actors, but not everyone
has bad intentions---you also have hackers that just want to
show you their cool new programs. And some of those are also
the ones that find it silly to disable JavaScript---how else
would you be able to witness their hard work? And I think a
show you their cool new programs. And I think a
lot of people fall into this group---I don't think many of them
are being intentionally malicious.}
\end{center}
@ -393,8 +391,7 @@
deterrent for common-sense freedom and security practices: the
Tor Browser Bundle, for example---although it comes with
NoScript installed---does not block any websites by default,
even though it would make its users safer. No, that would
``break'' websites.}
even though it would make its users safer.}
\item<2-> But most browsers today give you a binary choice:
\lecture{But let's say you are one of those people who might be a
@ -617,23 +614,18 @@
\begin{itemize}
\item Low Barrier To Entry
\lecture{Most everyone has a web browser. Everything is standardized,
and every very major browser comes with excellent debugging
and inspection tools. This is \emph{great} for a free
Web---it encourages studying and tinkering. And when users
start writing software, they can see it in the familiar
environment that is their web browser. There's not much that
is alien to them; if you introduce someone to shell
scripting, C, Perl, Python, Lisp, etc, they're diving into a
world that is entirely hidden from their perspective as a
\emph{user} of software.}
\lecture{Most everyone has a web browser, and every very major browser
comes with excellent debugging and inspection tools. This is
\emph{great} for a free Web---it encourages studying and
tinkering. And when users start writing software, they can
see it in the familiar environment that is their web
browser.}
\item Huge number of libraries and tools for web development
\lecture{Because of all those reasons, the number of libraries focused
on web development is crazy, and steadily growing. And most
of these popular libraries are free software. The most
daunting task for new web developers is often what library to
pick.}
\lecture{Because of that, the number of libraries focused on web
development is crazy, and steadily growing. And most of
these popular libraries are free software. The most daunting
task for new web developers is often what library to pick.}
\item Even server/desktop software [substitutes] using web libraries
\lecture{And then we have software like Node.js that allows running
@ -967,23 +959,13 @@
to do that! They wouldn't be able to!}
\item But is all of it free?
\begin{itemize}
\item Certain things may look free, or have free components
\lecture{But how do we know that a program is fully free? Let's
draw a comparison with traditional binaries. How do you
know it's fully free? Well, you rely in part on
licensing information for the program. If we hold JS to
the same standards, then we at least need licensing
information on distributed code.}
\item Might also load non-free code as a separate program
(e.g. Google Analytics spyware)
\lecture{But the page might load other programs in \emph{addition}
to the free program, for example the Google Analytics
spyware. This is like a free software package installing
proprietary software alongside of it; SourceForge used to
do that, for example.}
\item Might also load non-free code as a separate program
(e.g. Google Analytics spyware)
\lecture{The page might also load other programs in \emph{addition}
to the free program, for example the Google Analytics
spyware. This is like a free software package installing
proprietary software alongside of it; SourceForge used to do
that, for example.}
\end{itemize}
\end{itemize}
\end{frame}
@ -1105,7 +1087,7 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
%%%=== BEGIN TIMEBLOCK 7m ==============================================
%%%=== BEGIN TIMEBLOCK 5m ==============================================
\begin{frame}{Replacing Programs}
\begin{itemize}
@ -1167,7 +1149,6 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
be considered a bunch of independent programs doing distinct
things, like validating forms, populating a real-time search,
a shopping cart, animating part of the page, etc.}
%% add web page screenshot as an example
\item<1-> Some scripts are packaged in one or more JavaScript files
\lecture{Some of those scripts might be packaged in one or more
@ -1179,10 +1160,7 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
\item<1-> Some are inline JavaScript fragments in HTML attributes
\lecture{And others still might be fragments of JavaScript in HTML
attributes. Not everyone knows how to write proper
JavaScript, and others who do simply don't care that they're
writing a mess of spaghetti code. Or something might be
auto-generating that code for them.}
attributes.}
%% example
\end{enumerate}
@ -1204,9 +1182,8 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
\begin{frame}{Blocking Scripts---Entirely}
\lecture{One option is to turn of JavaScript in your browser,
entirely. And that feature does exit, hidden within the bowels
of your browser's configuration. But if you disable JavaScript,
then you can't run any replacements.}
entirely But if you disable JavaScript, then you can't run any
replacements.}
\begin{itemize}
\item Can disable JavaScript entirely
@ -1218,12 +1195,9 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
\begin{frame}{Blocking Scripts---NoScript}
\begin{itemize}
\item NoScript is effective at blocking scripts per (sub-)domain
\lecture{I consider NoScript to be a necessity for the web. And
consequently, I can't recommend using Chromium or its
proprietary derivative, because it doesn't provide the
necessary APIs to do what NoScript does. And what it does is
block scripts entirely, but allows you to create a whitelist
for specific domains or sub-domains.}
\lecture{I consider NoScript to be a necessity for the web. And what
it does is block scripts entirely, but allows you to create a
whitelist for specific domains or sub-domains.}
\item Careful---some domains serve lots of scripts (e.g. CDNs)
\lecture{But you have to be careful when you do this, because some
@ -1232,10 +1206,8 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
\item Some sites require you to trust many different domains
\lecture{It's also not uncommon to see a site referencing scripts from
a dozen different domains. That's a bad practice---you
shouldn't do that, even if only for performance. But do you
really want to trust a dozen third parties to run software
for a single website?}
a dozen different domains. Do you really want to trust a
dozen third parties to run software for a single website?}
\end{itemize}
\end{frame}
@ -1267,12 +1239,6 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
anti-features and replace it. Well, you should, anyway,
if you can find a \emph{way} to replace it.}
\end{itemize}
\item Doesn't play well with NoScript
\lecture{It also doesn't play well with NoScript---even if NoScript
would block scripts on a page, LibreJS will process them. I
don't know how difficult this would be to fix, but ideally it
would so that we can have the benefits of both.}
\end{itemize}
\end{frame}
@ -1297,25 +1263,6 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
\end{frame}
\begin{frame}{Injecting Styles---Stylish}
\begin{itemize}
\item GPLv3
\item Inject user-defined CSS into web pages
\item \url{http://userstyles.org}
\end{itemize}
\lecture{When modifying software, you often need to modify the style
associated with certain elements on the page. Or maybe you're
only interested in changing the stylesheet---you can do a lot of
things that way. You can do this with JavaScript, or even inject
CSS with JavaScript, but there's also an addon dedicated to it if
you'd prefer---Stylish. Like greasemonkey, it has a repository
of user-define stylesheets for websites.}
\end{frame}
\begin{frame}{Injecting Scripts/Styles---dotjs}
\begin{itemize}
\item MPL 1.1
@ -1364,7 +1311,7 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
\lecture{But let's be honest.}
\end{frame}
%%%=== END TIMEBLOCK 7m ==============================================
%%%=== END TIMEBLOCK 5m ==============================================
@ -1402,16 +1349,7 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
\end{itemize}
\lecture{You'll often hear that these services are hosted quote ``in the
cloud''.}
\end{frame}
\begin{frame}[plain]
\begin{center}
There is no cloud.
\end{center}
\lecture{But let's not fool ourselves.}
cloud''. But let's not fool ourselves.}
\end{frame}