I was thinking about the problem with JavaScript and the misery it brings to people. I think I’ve pinned it down to a conflict of interest.
Software is supposed to serve the user who runs it. That’s the expectation, and rightfully so. It’s not supposed to serve anyone else. Free software is true to this principle, loosely under the FSF “freedom 0” principle.
Non-free software is problematic because the user cannot see the code. The code only has to pretend to serve the user while in reality it serves the real master (the corporation who profits from it).
JavaScript has a similar conflict of interest. It’s distributed by the same entity who operates API services -- a stakeholder. Regardless of whether the JS is free software or not, there is an inherent conflict of interest whereby the JS is produced by a non-user party to the digital transactions. This means the software is not working for the user. It’s only pretending to.
If i build a shitty house and it collapses, I own it, I don't write a manifesto about how it's all lumber's fault.
As does FOSS C - do you install linux from the source tree and build everything yourself? no, you download an .iso, so you are bound to the whims of the OS maintainer, who have their own interests. When you install filezilla you probably download the binary instead of building it from source - oh no, now you are subjected to the filezilla foundation's nefarious interests (purchasing a commercial support license so they can afford to develop GPL software)
Literally every JS package I've ever used does this. They have github actions set up to commit the compiled binaries to the
dist
folder, which is then published to NPM - https://github.com/twbs/bootstrap/tree/main/distFrankly this entire post is just a critique of how commercial entities redistribute MIT licensed code, rather than anything specific to JS. Whatever point that could be made here is entirely obfuscated by flowery language
If you sell the house in a high-pressure sales tactic way (“buy in the next 5 min or deal is off the table”) and deny inspection to the buyer before it collapses, that would be as close as this stupid analogy can get to the JS scenario.
Nonsense. As you were told, C is not dynamically fetched and spontaneously executed upon visiting a website.
Nonsense. Have a look at gentoo. You absolutely can build everything from source. You can inspect it and you can also benefit from the inspection of others. Also, look into “reproduceable builds”.
Nonsense. The web is unavoidably littered with unpublished JS that’s dynamically fetched every time you visit the page.