I was thinking about the problem with JavaScript and the misery it brings to people. I think I’ve pinned it down to a conflict of interest.

Software is supposed to serve the user who runs it. That’s the expectation, and rightfully so. It’s not supposed to serve anyone else. Free software is true to this principle, loosely under the FSF “freedom 0” principle.

Non-free software is problematic because the user cannot see the code. The code only has to pretend to serve the user while in reality it serves the real master (the corporation who profits from it).

JavaScript has a similar conflict of interest. It’s distributed by the same entity who operates API services – a stakeholder. Regardless of whether the JS is free software or not, there is an inherent conflict of interest whereby the JS is produced by a non-user party to the digital transactions. This means the software is not working for the user. It’s only pretending to.

  • bjorney@lemmy.ca
    link
    fedilink
    English
    arrow-up
    5
    ·
    4 months ago

    the problem with JavaScript and the misery it brings to people.

    What. Developers shit on it because 10 years ago it was a cluster fuck, but modern JS is absolutely passable. Most users barely know what JS is, and they attribute buggy sites to the company, not the underlying language (rightly so)

    Non-free software is problematic because the user cannot see the code. The code only has to pretend to serve the user while in reality it serves the real master

    JS runs client side and you can see what scripts are downloaded and running

    Regardless of whether the JS is free software or not, there is an inherent conflict of interest whereby the JS is produced by a non-user party to the digital transactions. This means the software is not working for the user. It’s only pretending to.

    So open source projects written in C benefit the user, but open source projects written in JS do not?

    • LibreMonk@linkage.ds8.zoneOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      edit-2
      4 months ago

      they attribute buggy sites to the company, not the underlying language (rightly so)

      Precisely my point. Recall what I wrote about conflict of interest. I’m not talking about a problem of the language syntax and semantics. I’m talking about JavaScript products (in the mathematical sense of a product not in the commercial sense; the code artifacts, iow).

      JS runs client side and you can see what scripts are downloaded and running

      That does nothing to remedy the conflict of interest. They can also push obfuscated JS but that’s beside the point. The problem is users are not going to review that code even the first time they visit a site, much less every single time due to the nature of dynamically re-fetching the code every single time you visit a page. Even if some OCD nutty user had that level of motivation, they do not benefit from the reviews of others because the code is not being reviewed from a static centralised space. Your idea that software freedom will somehow escape the conflict of interest problem is nonsense. A site admin can do whatever they want to the code to serve themselves and you end up with users running code that is designed to serve someone else.

      So open source projects written in C benefit the user, but open source projects written in JS do not?

      FOSS C projects hard and fast benefit the user because of the distribution of the code. We do not fetch a dynamically changing version of unreviewable unverified C code every time we visit a website. Distribution of C code is more controlled than that.

      FOSS JS depends on how it’s distributed. Someone can write JS in their basement with no public oversight, license it to pass the LibreJS plugin test, and technically it’s FOSS but because of how it’s reviewed and distributed the benefits are diminishing. If the FOSS JS is in a public repo and statically downloadable (e.g. electronmail), then the conflict of interest is removed and the code is static (not fetched on-the-fly upon every execution which escapes a QA process).

      Electronmail demonstrates FOSS JS that avoids the conflict of interest problem but that’s exceptional. That’s not how most JS is distributed. Most JS is distributed from a stakeholder, thus presents a conflict of interest.

      • bjorney@lemmy.ca
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        I’m talking about JavaScript products

        If i build a shitty house and it collapses, I own it, I don’t write a manifesto about how it’s all lumber’s fault.

        FOSS JS depends on how it’s distributed

        As does FOSS C - do you install linux from the source tree and build everything yourself? no, you download an .iso, so you are bound to the whims of the OS maintainer, who have their own interests. When you install filezilla you probably download the binary instead of building it from source - oh no, now you are subjected to the filezilla foundation’s nefarious interests (purchasing a commercial support license so they can afford to develop GPL software)

        If the FOSS JS is in a public repo and statically downloadable

        Literally every JS package I’ve ever used does this. They have github actions set up to commit the compiled binaries to the dist folder, which is then published to NPM - https://github.com/twbs/bootstrap/tree/main/dist

        Frankly this entire post is just a critique of how commercial entities redistribute MIT licensed code, rather than anything specific to JS. Whatever point that could be made here is entirely obfuscated by flowery language

        • LibreMonk@linkage.ds8.zoneOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          edit-2
          4 months ago

          If i build a shitty house and it collapses, I own it, I don’t write a manifesto about how it’s all lumber’s fault.

          If you sell the house in a high-pressure sales tactic way (“buy in the next 5 min or deal is off the table”) and deny inspection to the buyer before it collapses, that would be as close as this stupid analogy can get to the JS scenario.

          As does FOSS C

          Nonsense. As you were told, C is not dynamically fetched and executed upon visiting a website.

          do you install linux from the source tree and build everything yourself? no, you download an .iso, so you are bound to the whims of the OS maintainer,

          Nonsense. Have a look at gentoo. You absolutely can build everything from source. You can inspect it and you can also benefit from the inspection of others. Also, look into “reproduceable builds”.

          Literally every JS package I’ve ever used does this.

          Nonsense. The web is unavoidably littered with unpublished JS that’s dynamically fetched every time you visit the page.

  • henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    Most software is produced by the non-user party for most closed-source software, because naturally, most proprietary projects are structured like an assembly line with clear distinction between producer and consumer of the product.