parent
30edd62455
commit
558bac1f39
122
talk.tex
122
talk.tex
|
@ -373,9 +373,7 @@
|
|||
\only<6>{People who want to show off their cool stuff}
|
||||
\lecture{There are certainly other malicious actors, but not everyone
|
||||
has bad intentions---you also have hackers that just want to
|
||||
show you their cool new programs. And some of those are also
|
||||
the ones that find it silly to disable JavaScript---how else
|
||||
would you be able to witness their hard work? And I think a
|
||||
show you their cool new programs. And I think a
|
||||
lot of people fall into this group---I don't think many of them
|
||||
are being intentionally malicious.}
|
||||
\end{center}
|
||||
|
@ -393,8 +391,7 @@
|
|||
deterrent for common-sense freedom and security practices: the
|
||||
Tor Browser Bundle, for example---although it comes with
|
||||
NoScript installed---does not block any websites by default,
|
||||
even though it would make its users safer. No, that would
|
||||
``break'' websites.}
|
||||
even though it would make its users safer.}
|
||||
|
||||
\item<2-> But most browsers today give you a binary choice:
|
||||
\lecture{But let's say you are one of those people who might be a
|
||||
|
@ -617,23 +614,18 @@
|
|||
|
||||
\begin{itemize}
|
||||
\item Low Barrier To Entry
|
||||
\lecture{Most everyone has a web browser. Everything is standardized,
|
||||
and every very major browser comes with excellent debugging
|
||||
and inspection tools. This is \emph{great} for a free
|
||||
Web---it encourages studying and tinkering. And when users
|
||||
start writing software, they can see it in the familiar
|
||||
environment that is their web browser. There's not much that
|
||||
is alien to them; if you introduce someone to shell
|
||||
scripting, C, Perl, Python, Lisp, etc, they're diving into a
|
||||
world that is entirely hidden from their perspective as a
|
||||
\emph{user} of software.}
|
||||
\lecture{Most everyone has a web browser, and every very major browser
|
||||
comes with excellent debugging and inspection tools. This is
|
||||
\emph{great} for a free Web---it encourages studying and
|
||||
tinkering. And when users start writing software, they can
|
||||
see it in the familiar environment that is their web
|
||||
browser.}
|
||||
|
||||
\item Huge number of libraries and tools for web development
|
||||
\lecture{Because of all those reasons, the number of libraries focused
|
||||
on web development is crazy, and steadily growing. And most
|
||||
of these popular libraries are free software. The most
|
||||
daunting task for new web developers is often what library to
|
||||
pick.}
|
||||
\lecture{Because of that, the number of libraries focused on web
|
||||
development is crazy, and steadily growing. And most of
|
||||
these popular libraries are free software. The most daunting
|
||||
task for new web developers is often what library to pick.}
|
||||
|
||||
\item Even server/desktop software [substitutes] using web libraries
|
||||
\lecture{And then we have software like Node.js that allows running
|
||||
|
@ -967,23 +959,13 @@
|
|||
to do that! They wouldn't be able to!}
|
||||
|
||||
|
||||
\item But is all of it free?
|
||||
\begin{itemize}
|
||||
\item Certain things may look free, or have free components
|
||||
\lecture{But how do we know that a program is fully free? Let's
|
||||
draw a comparison with traditional binaries. How do you
|
||||
know it's fully free? Well, you rely in part on
|
||||
licensing information for the program. If we hold JS to
|
||||
the same standards, then we at least need licensing
|
||||
information on distributed code.}
|
||||
|
||||
\item Might also load non-free code as a separate program
|
||||
(e.g. Google Analytics spyware)
|
||||
\lecture{But the page might load other programs in \emph{addition}
|
||||
to the free program, for example the Google Analytics
|
||||
spyware. This is like a free software package installing
|
||||
proprietary software alongside of it; SourceForge used to
|
||||
do that, for example.}
|
||||
\item Might also load non-free code as a separate program
|
||||
(e.g. Google Analytics spyware)
|
||||
\lecture{The page might also load other programs in \emph{addition}
|
||||
to the free program, for example the Google Analytics
|
||||
spyware. This is like a free software package installing
|
||||
proprietary software alongside of it; SourceForge used to do
|
||||
that, for example.}
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
@ -1105,7 +1087,7 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
|
|||
|
||||
|
||||
|
||||
%%%=== BEGIN TIMEBLOCK 7m ==============================================
|
||||
%%%=== BEGIN TIMEBLOCK 5m ==============================================
|
||||
|
||||
\begin{frame}{Replacing Programs}
|
||||
\begin{itemize}
|
||||
|
@ -1167,7 +1149,6 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
|
|||
be considered a bunch of independent programs doing distinct
|
||||
things, like validating forms, populating a real-time search,
|
||||
a shopping cart, animating part of the page, etc.}
|
||||
%% add web page screenshot as an example
|
||||
|
||||
\item<1-> Some scripts are packaged in one or more JavaScript files
|
||||
\lecture{Some of those scripts might be packaged in one or more
|
||||
|
@ -1179,10 +1160,7 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
|
|||
|
||||
\item<1-> Some are inline JavaScript fragments in HTML attributes
|
||||
\lecture{And others still might be fragments of JavaScript in HTML
|
||||
attributes. Not everyone knows how to write proper
|
||||
JavaScript, and others who do simply don't care that they're
|
||||
writing a mess of spaghetti code. Or something might be
|
||||
auto-generating that code for them.}
|
||||
attributes.}
|
||||
%% example
|
||||
\end{enumerate}
|
||||
|
||||
|
@ -1204,9 +1182,8 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
|
|||
|
||||
\begin{frame}{Blocking Scripts---Entirely}
|
||||
\lecture{One option is to turn of JavaScript in your browser,
|
||||
entirely. And that feature does exit, hidden within the bowels
|
||||
of your browser's configuration. But if you disable JavaScript,
|
||||
then you can't run any replacements.}
|
||||
entirely But if you disable JavaScript, then you can't run any
|
||||
replacements.}
|
||||
|
||||
\begin{itemize}
|
||||
\item Can disable JavaScript entirely
|
||||
|
@ -1218,12 +1195,9 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
|
|||
\begin{frame}{Blocking Scripts---NoScript}
|
||||
\begin{itemize}
|
||||
\item NoScript is effective at blocking scripts per (sub-)domain
|
||||
\lecture{I consider NoScript to be a necessity for the web. And
|
||||
consequently, I can't recommend using Chromium or its
|
||||
proprietary derivative, because it doesn't provide the
|
||||
necessary APIs to do what NoScript does. And what it does is
|
||||
block scripts entirely, but allows you to create a whitelist
|
||||
for specific domains or sub-domains.}
|
||||
\lecture{I consider NoScript to be a necessity for the web. And what
|
||||
it does is block scripts entirely, but allows you to create a
|
||||
whitelist for specific domains or sub-domains.}
|
||||
|
||||
\item Careful---some domains serve lots of scripts (e.g. CDNs)
|
||||
\lecture{But you have to be careful when you do this, because some
|
||||
|
@ -1232,10 +1206,8 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
|
|||
|
||||
\item Some sites require you to trust many different domains
|
||||
\lecture{It's also not uncommon to see a site referencing scripts from
|
||||
a dozen different domains. That's a bad practice---you
|
||||
shouldn't do that, even if only for performance. But do you
|
||||
really want to trust a dozen third parties to run software
|
||||
for a single website?}
|
||||
a dozen different domains. Do you really want to trust a
|
||||
dozen third parties to run software for a single website?}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
@ -1267,12 +1239,6 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
|
|||
anti-features and replace it. Well, you should, anyway,
|
||||
if you can find a \emph{way} to replace it.}
|
||||
\end{itemize}
|
||||
|
||||
\item Doesn't play well with NoScript
|
||||
\lecture{It also doesn't play well with NoScript---even if NoScript
|
||||
would block scripts on a page, LibreJS will process them. I
|
||||
don't know how difficult this would be to fix, but ideally it
|
||||
would so that we can have the benefits of both.}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
|
@ -1297,25 +1263,6 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
|
|||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}{Injecting Styles---Stylish}
|
||||
\begin{itemize}
|
||||
\item GPLv3
|
||||
|
||||
\item Inject user-defined CSS into web pages
|
||||
|
||||
\item \url{http://userstyles.org}
|
||||
\end{itemize}
|
||||
|
||||
\lecture{When modifying software, you often need to modify the style
|
||||
associated with certain elements on the page. Or maybe you're
|
||||
only interested in changing the stylesheet---you can do a lot of
|
||||
things that way. You can do this with JavaScript, or even inject
|
||||
CSS with JavaScript, but there's also an addon dedicated to it if
|
||||
you'd prefer---Stylish. Like greasemonkey, it has a repository
|
||||
of user-define stylesheets for websites.}
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}{Injecting Scripts/Styles---dotjs}
|
||||
\begin{itemize}
|
||||
\item MPL 1.1
|
||||
|
@ -1364,7 +1311,7 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
|
|||
\lecture{But let's be honest.}
|
||||
\end{frame}
|
||||
|
||||
%%%=== END TIMEBLOCK 7m ==============================================
|
||||
%%%=== END TIMEBLOCK 5m ==============================================
|
||||
|
||||
|
||||
|
||||
|
@ -1402,16 +1349,7 @@ k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
|
|||
\end{itemize}
|
||||
|
||||
\lecture{You'll often hear that these services are hosted quote ``in the
|
||||
cloud''.}
|
||||
\end{frame}
|
||||
|
||||
|
||||
\begin{frame}[plain]
|
||||
\begin{center}
|
||||
There is no cloud.
|
||||
\end{center}
|
||||
|
||||
\lecture{But let's not fool ourselves.}
|
||||
cloud''. But let's not fool ourselves.}
|
||||
\end{frame}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue