Arc Forumnew | comments | leaders | submitlogin
2 points by hjek 2541 days ago | link | parent

On #stripe IRC, someone pointed me to this, http://www.pehjota.net/projects/epirts.js/ , a free software replacement for Stripe.js

I've read about Paypal freezing Wikileaks' account. And, it seems that Paypal have closed off their REST API, and only SDKs for various languages -- not including Racket.



3 points by i4cu 2540 days ago | link

It seems to me that most of the web does not care about a free software option. So why, may I ask, do you?

Personally, I see Stripe as being a trustworthy source and I'd much rather use a non-free version from a trustworthy source than a free version from an untrustworthy source. Yeah you can read the code, but no one is going to do that anyways (besides there's more to it than just looking for something nefarious in the code, you also have to make sure there are no missing parts that lead to vulnerabilities and unless you know what the missing parts are....)

edit: also do a paypal search on HN and you should see their reputation is terrible from a vendor perspective. I think their success is largely due to being the first on the market and establishing a significant base at a time when using cc's on the internet was scary and hard. But stripe, and others, have changed the payment landscape. We can now use cc's for vendor payment with ease. So why Paypal? To cater to people without cc's?

-----

2 points by hjek 2537 days ago | link

You do have a point there, as probably most people on the web run non-free JS.

I'd of course argue that this doesn't mean that most people don't care -- because plenty people I know get real pissed off about video ads, anti-adblockers, pop-up forms, and all that jazz -- but they don't know that this is almost always non-free JS.

So, even if we were to assume that the non-free Stripe JS code is trustable, and ask people to run it, then I'd never recommend anyone to use a browser that runs non-free JS.

Yes, people can use adblockers, but there's plenty more nasty stuff non-free JS code can do, and does[1][2][3][4], so I wouldn't ask anyone to do that.

Yes, there could be free/libre JS malware, but like who'd ever do

   <script> /* Code to log users' keystrokes before they send their message */ </script>
[1] https://stallman.org/archives/2017-sep-dec.html#18_November_...

[2] https://stallman.org/archives/2017-jul-oct.html#18_September...

[3] https://arstechnica.com/information-technology/2013/12/faceb...

[4] https://arstechnica.com/information-technology/2013/10/faceb...

Also, I'm a bit sad that HN was changed to disallow voting w/o JS, but that's mainly because it means you can't vote from Links or Emacs :-)

-----

3 points by i4cu 2536 days ago | link

> this doesn't mean that most people don't care -- because plenty people I know get real pissed off...

Those people you know who get pissed are either A: not representative of 'the web' or B: not caring enough to stop doing what they are doing. So I will stand by "most of the web does not care" (and yes I am inferring you have to care enough).

> I'd never recommend anyone to use a browser that runs non-free JS.

   "most of the web does not care"
Unfortunately this is the world we live in and trust is currently a staple of the internet even as scary as that is to some people.

I have to trust that stripe.js is secure - that's what I'm paying them for and if they get a bad reputation like Paypal has then people, including myself, will stop using them and stop paying them. Frankly for a cc payment type script I think their code should be audited by professionals that can see more than just keystroke loggers and if there are any vulnerabilites then the auditors should have the power to shut them down.

If at all you think I'm not on your side I'll suggest you're wrong as:

    * I deleted my facebook account 10 years ago.
    * I deleted my minimal Linked-in account 2 years ago.
    * I don't use an ad-blocker, but I: 
        * make mental notes not to buy their products because the ad pop'd up.
        * don't revisit websites that have ad pop up.
	* avoid sites that have ads.
		
Using an ad-blocker is admitting defeat and I'm not there yet!

-----

3 points by hjek 2535 days ago | link

First, congrats with getting of Facebook and Linked-In!

Yes, most of the web doesn't care about non-free JS.

However, for me, it's higher priority to do what I think is right, rather than what is popular. If I didn't care about free software, I'd just put stuff on Ebay instead.

That's also why I coded this new event calendar in Arc -- that you can check out in the Anarki repository -- because I'm part of this art collective where everyone have been publishing events exclusively on Facebook, which is super annoying when you don't want to be used by Facebook.

I wanted to make something that was as easy to use but free, because many artists can't be bothered to use FTP to edit plain text files, and all the PHP calendars I looked at were overengineered overcomplex piles of drupal.

Anyway, I might look into Paypals Python SDK, because Hy makes Python acceptable.

-----