Are we implying that we should tap every phone call?

We can say a lot of very bad stuff over the phone too. Should we have a way to prevent this?

I had the idea that moderation is instance based in Lemmy, mods only moderate people on their instance.

I must be missing something (I can see the community is not from lemmy.world but the guy is)

OK I got it, you are completely out of the loop here.

You do not grasp the idea of NoScript and other JS filtering extension. This is not about server code, your all arguments is baseless here.

By the way JS refered to Javascript and not NodeJS.

Anyway I got you whole company/business talk about “keeping the service available, secure, performant” and “GDPR […] bankrupting fine”… yeah lemmy.world.

Thanks for your answer.

First I don’t even grasp what a “service owner” is.

Second, for JS front-end openness there are already a bunch of app (web, android) that are open-source and secured. Everything has dependencies nowadays, this doesn’t prevent good security. Think all the python app and their dependencies, rust, android… even c\c++ packages are built with dependencies and security updates are necessary (bash had security issues).

I think with JS scripts it’s actually even easier to have good security because the app is ran in our web browser so the only possible attacker is the website we are visiting itself. If they are malicious then the close-sourced JS script is even worse. Unless you count 3rd party scripts embedded that bad dev uses in their website without even thinking about trusting them. That is also awful in both open or close source environment.

So even having imperfect security (which happens regardless to openness), who is the attacker here? I would rather run js script on my end if the code can be checked.

I believe you missed the point, I am not in defense of Security through obscurity (https://en.wikipedia.org/wiki/Security_through_obscurity), quiet the opposite.

The point: “[…] risk for the service owner as it gives an easily parsable way for an attacker to check […]” is well known and not the discussion here. You can choose close source for ‘security’ this is opensource community so I am wondering about such a tool.

There’s no “open source” centralized website. You can’t know what the server is effectively running unless you have access to it. To me this makes no sense.

He is right. In Japan there are 2 form of health insurance: from your company 社会保険 (shakai houken) or directly from the government 国民健康保険 (kokumin kenko houken). If you quit your job you loose your health insurance the very day you’re unemployed and must go to your prefecture to ask the national one (you’ll pay for it, around 200$-300$ a month).

Also in France your health insurance is also tied to your job. The french administration is a nightmare to me so I have no idea how to get anything if you’re unemployed.

We always had. Many people wrote personal notes/letters in cryptic ways to prevent unwanted readers from deciphering it.

Imagine a word where we would teach children not to make their own cypher because this is illegal. What a distopian society.