Slashdot Mirror
Richard Stallman Warns About Non-Free Web Apps
An anonymous reader writes "Richard Stallman has published an article which warns about the 'Javascript trap' posed by non-free AJAX-based applications. The article calls for a mechanism which would enable browsers to identify freely-licensed Javascript applications and run modified version thereof. 'It is possible to release a Javascript program as free software,' Stallman writes. 'But even if the program's source is available, there is no easy way to run your modified version instead of the original ... The effect is comparable to tivoization, although not quite so hard to overcome.'"
About a lot of other thing he may be too fundamentalistic, but this danger is real. The average user is now more than ever dependent on a fragile link of software-service-supplier chain, locking him in totally
"from the beware-hidden-dollarsign dept"
I would think slashdot would know better what Stallman means by when he says free or non-free software. Generally these webapps area available at no cost anyway, and obviously that's not what he's talking about. He's talking about the classic ideas of free software, not whether or not it is okay to sell software. I just think that should be clear here.
Anyway, if we do argue that applications are moving into the web sphere, (which most web 2.0 advocates of course do,) then this is indeed something important to think about within the domain of free software.
http://mediagoblin.org/
P.S. For those interested, here is the transcript of our email conversation.
...
So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.
Huh?
Why should I care what code OTHERS decide to present to the world?
It's more reasonable to state that if you care about freedom, you'd care more about the owner of the web server being FREE to do as he damn well pleases with HIS site.
And you're more than welcome to exercise YOUR freedom by not visiting that site if you don't like the software running/presented there.
RMS may be a cranky extremist, but he's still right far more often than he's wrong. Web apps are in some ways a huge step backwards in terms of openness. If you're lucky there's a wsdl you can analyze but even then that's really just a client-facing API. What's less free/open than a binary-only distribution? One that's never even distributed in the first place. May I please continue to access this application, sir?
He's concerned about vendor lock-in. He's concerned about a small group of people being able to hold the rest of the world hostage by threatening to cut them off from the infrastructure they depend on, and he's concerned about a vast group of people being abandoned by those they trusted to handle their essential infrastructure.
It's a valid concern, it's not hard to understand, and it's not easy to dismiss either. The fingers-in-the-ears-going-la-la-la tactic seems to be the standard approach for a lot of people.
-1 Uncomfortable Truth
For one, you learned something valuable about that piece of software. You learned that it's really poorly written. And that's a bad piece of software to be hitching your wagon to.
With a commercial app, you may have wasted a whole lot of time and invested a whole lot in making the software work instead of learning right off that it was so poorly written that the vendor wouldn't be able to properly maintain it for you.
Secondly, you relied on that piece of software to not have hidden trojans in it. You would likely have been able to rely on the same thing for that particular kind of commercial application. But as a commercial application gets bigger and more popular the level of investment required to put in a hidden trojan and reward for doing so become ever higher.
In my opinion, most really popular commercial software has a wide variety of different kinds of trojans in it for implementing anything from DRM to user behavior tracking. Open Source has strong disincentives for doing that, and a really popular Open Source application is much less likely to have that kind of stuff in it.
Need a Python, C++, Unix, Linux develop
Take it with a grain of salt.
RMS intentionally confuses the terms free and open, because in his mind it isn't free until it's open; to him, free means freedom. The classic example is always "free" as in "free beer" vs "free" as in "free speech"; same word, different meaning.
- MbM
The client-side code could just as easily be saved to your local drive and loaded from your local drive into your browser as downloaded (or loaded unchanged from cache) every time you visit a page. You local copy could then be altered to better suit your needs, so long as it's still compatible with what the server is doing or is independent of the server. This can be done now, but browsers don't support doing it easily.
What Stallman wants in this case boils down to two things as I read it. First, he wants a standard way to mark the license of the program that's easy to discern both visually and in software so you'll know what license you have to the software and the browser can inform you of that automatically. He also wants an easy way for every piece of client-side code a web page uses to be easily replaceable with your own local version from your own local disk. Right now, you can grab the JavaScript from a page and alter it, but without some work you're still going to be running the publisher's version when you're on their site. He wants some way to specify that the JavaScript that was loaded from, for example 'http://www.foo.com/js/some-script.js', instead gets loaded from your customized local version so you can interact with the web app with your changes in place.
Personally, I think he's got a good idea there. I'm no RMS fanatic, but I do like to be able to alter the software I run to suit me, and I like the GPL (and BSD, CC-SA, and some other licenses) for that reason.
He just wants a couple of technical features built into the OSS browsers to support loading custom client-side code and for you to more easily know which license the code is under. I think this is much easier to accept than some of the more drastic position statements out of the FSF. It really can benefit anyone who prefers any of the Open Source licenses, and not just what the FSF calls Free Software under the GPL.
Is a web browser that talks to a None Free web server Not Free?
A Free web browser which could only talk to a non-Free web server would not be Free enough to satisfy a free-software purist (it would also be a pretty odd web browser).
The argument is quite reasonable: the owner of the non-free server could withdraw it at any time: the Free client, along with any contributions from the free software community, then has scrap value only (maybe there's some re-usable code in there, maybe not).
The counter-argument is more pragmatic (so Free Software purists won't like it): What's the alternative? Isn't it better to have a Free client and a closed server than to have both closed? You get to look at the code for the client, learn from it, port it to minority platforms and can probably deduce the server protocol and write your own server. There may be good reason why the server can't be Free (e.g. it may be serving proprietary data such as maps, and be useless without that data). Its a bit like the Linux argument - binary drivers are Bad but if Linux can't play Flash, MP3s or run NVidia cards then who is going to use it (given that RMS is presumably using Hurd).
Web browsers are a bad example, because they use standard protocols and are therefore useful with any server.
A better question, which I'm sure must have come up before, is whether any software written for a proprietary OS can be Free? If I take a GPL3 program, tack on a nice native Windows or OS X GUI and distribute it, am I in trouble because you still need a Windows/OSX license from MS or Apple to use it?
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
And most importantly, imho:
What do you do when you go to use your amazing web-app and the company no longer exists?
Any business (or home user) that would rely on a piece of software that they don't have physical access to have lost their minds.
If a 'traditional' software vendor were to close shop (insert company name here) you wouldn't have patches, updates, etc. But you would still have the physical media that you could maintain and (re)install. Buying you quite a bit of time (years even) to find a suitable replacement and make the transition.
If a FOSS software vendor were to close shop, chances are (if it was/is popular enough, or depended on enough) someone will come along to maintain and/or continue development. Even if no one picked up development, the IT department could maintain a custom version for the company and make required bug-fixes. Possibly not requiring a transition/replacement (unless needs change beyond the scope of the software, of course).
I think this was Stallman's main point, and it's a major one.
I say don't drink and drive, you might spill your drink. Before you get behind the wheel just stop and think.
So, I assume Stallman can't use any typical search engine ... maybe he built his own from Lucene. He also must not do any credit transactions online.
He must also be careful that any packets his computer sends turn right around should they encounter a Cisco router (or any other proprietary router).
I suppose in his daily life, using a phone, or a car, or Television would be right out.
I sure hope Mr. Stallman never needs any medical attention.
I DO admire much of what Mr. Stallman stands for, and I'm glad there is a champion for free software ... but I live in the real world, where to buy goods, you need some government's currency, and to do anything electronically, you have to use SOME commercial software somewhere.
I wonder, too ... does Mr. Stallman's PC have a proprietary BIOS, or did he write that code, too?
"The large print giveth, and the small print taketh away" -- "Step Right Up", Tom Waits
i care about the software on my computer, and avoid non-free stuff as best as i practically can...but theres no way in hell i want to deal with notices and options from all the java stuff on every site i visit.
i already block what i can get away with via noscript and even thats a hassle sometimes, trying to deal with even what i unblock, in regards to licensing, would drive me nuts.
By and large, language is a tool for concealing the truth. -- George Carlin
He just wants a couple of technical features built into the OSS browsers to support loading custom client-side code and for you to more easily know which license the code is under.
Well, we already have a bunch of popular open source web browsers. How about he use his open source ideals and implement it himself.
Neither vegan nor software libre philosophies necessitate zealotry. My sincere sympathy to you if your ears were made to ache by rabid proponents of either.
There exist level-headed proponents who make choices based on the practical implications of these philosophies more so than by emotionalism or terror.
Granted, they may be hard to engage in clear and rational discourse, especially if the outset of potential dialogue is marred by broad brush dismissals. That's not a problem, however, if reason and clarity aren't the objectives. Just depends on what you're after. My objective is typically to promote better understanding all around. (Though I do a poor job sometimes because I have a hair trigger snark response when people are belligerent.)
I'd like to share an idea here.
The basic philosophy behind veganism is reduction of suffering of all animals (including humans). Whether this exact concept is what you've run up against is a matter of personal experience. Philosophically I would consider myself aligned with veganism, but I love the taste of pig flesh. Mm. Anyway. I avoid buying it to avoid promoting agribusiness's tendency to cause suffering. But once you get that vat meat technology developed... it's bacon time.
Terror's got nothing to do with it. It's true that many self-identified vegans have a fuzzier concept of the philosophy and resulting practical implications than what I've just shared. I've run up against the nebulosity myself. At the vegan potluck I didn't get so much as a reply or even sour glance when I suggested that some day meat would be vegan. There I was dreaming about vat meat again, and the crowd just could not begin to process why this made any sense. A half second pause in conversation and then totally moved on. They didn't have a proper foundation to think from. Too fuzzy, I say. Folks need to understand the fundamentals more clearly, and work through implications in detail. The broad brush fails them. But fuzzy thinking fails detractors as well, if they be confused by the existence of lifestyle-oriented or fuzzy-moral-outrage vegans so that they can't see the true value inherent in the philosophy.
So if anyone here's got fuzzy, broad-brush thoughts about vegans and veganism, it might be worthwhile to refine that a bit.
And if anyone's got fuzzy, broad-brush thoughts about software libre, there's another area that might benefit from more sincere, less reflexive thinking.
Not that he would necssarily give a crap that I do.
My personal conviction is that Linux came to be what it has come to be *precisely* because it was released as GPLv2 code; I don't think it would have grown to nearly the size and penetration </beavis> that it has were it under some other license.
Therefore, the state of much of the world today -- not just the computing world, but Real Life -- descends almost entirely from the fact that rms is a extremist about the principles of Free Software.
We often look on extremists with amusement or scorn, but I personally tend to try to remember Tom Peters' observation from one of the Excellence books:
We don't all have to be as hardcore as rms is -- Linus isn't -- but if *he* *weren't*, then I don't think we'd be where we are today.
So yeah, comparing him to a vegan is probably pretty accurate -- they have similar types of motivation.
But *dissing* him for it?
No, I don't think that's really the best outlook to have.
I'll probably get flamed all to hell for daring to say this on a website frequented by website designers, but what the hell, my karma is good. I think we are missing the forest for the trees. A much bigger problem is too damned many websites are using JavaScript that have no reason to. I don't know how many times I have come across websites where basic functions that should have been straight HTML/CSS were coded in JavaScript.
And with all the malware using JavaScript and what seems like a new vulnerability coming out every day it is feeling more and more like JavaScript is going to be the next ActiveX. In fact with all the JavScript exploits I'm shocked we even use it at all. Let us be honest here: If this was a MSFT technology instead of cross platform would we still use it? Or would we be calling for its ban because of all the security holes?
So IMHO the question isn't whether the JavaScript code is free or not, but it is whether we should be running it in its current implementation at all. I mean when you have to use Noscript, which is basically a condom for JavaScript, just to surf the web something is seriously fucked up with the JavaScript security model. Maybe instead of looking at whether the code is free or not let us look at how to keep it from being a malware paradise first. And all this talk of sandboxing is frankly just a band aid for a bad security model. If your code is so damned dangerous that the ONLY way to run it safely is to use a VM, I don't want it, thank you very much.
I think if the underlying security model of JavaScript isn't fixed we won't have to worry about whether the code is free or not, because it will end up going the way of ActiveX. There is nothing being done in JavaScript today that couldn't be done in other languages or using other tools like Java and flash. And ATM it is simply too dangerous to allow myself or my clients to use JavaScript without whitelisting. And that is pretty sad.
ACs don't waste your time replying, your posts are never seen by me.
I wish other systems would be ported to linux.
If there was an Solaris/Linux, AIX/Linux and BSD/Linux out there, the GNU/Linux thing would be much more clear to people like the OP.
we should be able to eat and digest things like all grasses, and branches, etc. We can't do that.
While I agree that veganism is not human nature (it is likely we would not have developed as far mentally without the proteins and Omega-3 fatty acids from meat, for example), I'm not sure I understand the quoted argument. Are you saying that if it is human nature to be vegan, that we should be able to eat any plant matter? All herbivorous animals are not capable of eating the same things. For example, a cow can eat grass, but an herbivorous bird might not be capable of eating grass and can only eat seeds. Are you saying that makes them not vegan?
Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"
GPL is certainly not the only free license. And what about people that go the "GPL\0for files in the \"GPL\" directory" way?
Well for the latter, obviously we'd fix the bug that allows poison null bytes to break a string, since that's a pretty serious security vulnerability in a web browser.
For the former, all of the following are valid in both HTML 4.01 Strict and XHTML 1.0:
<link rel="copyright" href="http://www.gnu.org/licenses/gpl.html" />
<link rel="copyright" href="http://www.opensource.org/licenses/mit-license.php" />
<link rel="copyright" href="http://www.microsoft.com/opensource/licenses.mspx#Ms-PL" />
And all of the following work in any included ECMAScript file:
You certainly have the freedom to alter your user agent to require any set of licenses you're comfortable with.
NO CARRIER
Richard Stallman may or may not be talking about something important here-but we have some extraordinary pay-offs from his insight 25 or so years ago. People legitimately disagree with him (including me) but only a fool would ignore him.
Just because the man is an uncompromising idealist in no way justifies your cowardly and stupid ridicule. And the moderators who thought you were insightful should the meaning of the word "insight" and moderate accordingly.