FSF Suggests That Google Free Gmail Javascript

Phoe6 writes "Apparently, FSF is calling it a 'JavaScript Trap' and wants 'useful websites' such as Gmail and others such as Twitter, Facebook to release their JavaScript code under Free Software License so that users can trust their service."

In other news..

[LordStormes]

FSF wants Windows, Office, Photoshop, and everything else to be free. That's their job. People need to be able to make money on software, or large corporations won't invest in it. That's why FOSS-friendly companies like Sun are going under and being snapped up by profit-hungry pricks like Larry Ellison. Film at 11.

Re:In other news..

[betterunixthanunix]

Well, except for Red Hat, which last I checked was neither being bought out nor in any financial trouble.

Re:In other news..

[characterZer0]

Java was not a failure. Monetizing Java was a failure. The difference is significant.

Re:In other news..

[brit74]

FSF wants Windows, Office, Photoshop, and everything else to be free. That's their job. People need to be able to make money on software, or large corporations won't invest in it. That's why FOSS-friendly companies like Sun are going under and being snapped up by profit-hungry pricks like Larry Ellison. Film at 11.

Yes, "free" as in the concept of freedom or liberty, not software at no charge or profit. You embarrass yourself by not understanding the distiction while speaking on the subject. Or you shame yourself by deliberatley mis-stating it. Oh, I see you're in marketing . . .

Or maybe you're the one in marketing. It's completely obvious that the phrase "free as in freedom, not free as in beer" is a flat-out false statement. It be accurate, it should be restated as "free as in freedom, AND free as in beer". Here's what the FSF says:

"When we call software “free,” we mean that it respects the users' essential freedoms: the freedom to run it, to study and change it, and to redistribute copies with or without changes. This is a matter of freedom, not price, so think of “free speech,” not “free beer.”"

Notice the phrase "to redistribute copies" - that's "free as in beer". The FSF wants to paint is as a "freedom" issue when they're also smuggling in "free" under that banner.

Re:In other news..

[dgatwood]

Yes, "free" as in the concept of freedom or liberty, not software at no charge or profit.

That's a nice theory, but it doesn't work in practice. There is no way to make software that can be easily bug fixed by the end user that cannot also be easily enhanced by the end user, and commercial software fundamentally relies on being able to get money from the consumer for new features.

This basically leaves support contracts as the only practical revenue stream. That works fine if you are writing software for businesses (who want someone to sue). That also works fine if your software is so poorly written that you can make money on technical support, at least up until the point that somebody writes new software that doesn't suck or releases patches that fix your mess.

In general, though, once you give up the source code, you've lost control. From that point on, if you don't make the improvements that the customers want, they can go to someone else for improvements, and you no longer have a revenue stream from upgrades.

Thus, in practice, "Free" software is almost inherently "free" as in beer. The alternative is simply unsustainable, no matter how much the propagandists try to claim otherwise. RedHat and a handful of others are simply the exception that proves the rule.

Re:In other news..

[calzones]

So what?

Really... so what? Red Hat is stable and exists as it does perfectly fine. This bizarre notion we have in this country that all companies must always be earning more and more every year than before and always growing and profits must be more than any other company is unsustainable. It does no good for society and is the wrong way to go about things.

Red Hat and Apple can exist at the same time regardless of size or popularity. All that matters for Red Hat is that they make enough money to support keeping it's employees working and the business around to keep offering what makes its customers happy year in and year out. Suggesting that they are somehow less valid because they are not as big as Apple or Microsoft is a non-sequitor in the context of the preceding discussion.

What is relevant to the preceding discussion is the question of whether making a living by being in the "OSS industry" can be a viable practice. The answer is clearly "yes."

Re:In other news..

[ivucica]

Sometimes it's hard to make a distinction.

I'm always looking for ways to be supportive of FSF's stances, but they are a puritan organization. As such, they present views that they know won't gain mainstream acceptance but that's ok, since something more reasonable will gain it. And that's where I stand: I don't consider words of FSF to be holy, but I will support a more "secular" view.

Same here. It's unreasonable to consider an offering "libre" to be truly possible without being fully "unpaid". Not because they are linguistically indistinct concepts, but because they are not to be expected. Licensing schemes, as they exist today for end users, typically allow software that costs thousands to develop (if not monetary, then in food) to be available for lower prices. "Splitting the cost."

Software needs funding before it exists. It's unreasonable to offer people a "donation jar" to fund software that doesn't exist yet and is unproven. Rare examples of success are not always truly success. Most software is funded a-priori in good faith that somehow one can pay it back. How? By selling a-posteriori. Selling software that must be freely copyable by the recipient is possible, and explicitly supported by FSF, this is rarely feasible nowadays if developing software is your primary work in life. This is because you will rarely have the success of Blender in order to sell other merchandise. A lot of work done under free software platforms is done by volunteers, but a lot of highest quality work is done by companies that have other means of earning money. It's really hard to get quality software written fast when it's not your primary thing in life and with free software, it's hard to make it a primary thing. And if you can't think of writing free software as of a profession because you don't have the financial backing to write free software, FSF bluntly says you shouldn't think of it as your profession. I can't dig it out right now, but it's either somewhere on FSF's site, on GNU site, or on Stallman.org.

It's easy to pretend "libre" isn't followed by "unpaid". It's also easy to see that it's just a pretense. Let's hope that FSF's list of high priority projects does prove me wrong, that you indeed can stick out a donation jar and expect the money to flow a-priori. Because then I will indeed dedicate myself to working on tons of free software projects that I've either started already, or just wanted to work on. I want to work on a good blogging tool for GNU/Linux and Mac. Can I get a-priori funding for that? Or is it easier to dismiss pride and ideals and just sell on the Mac App Store, not opening the source since something like this might happen?

Re:In other news..

[nstlgc]

Explain to me how to make those things "free" without making them free of charge.

Re:In other news..

[Nerdfest]

That's it. Some people don't seem to believe in the concept of 'enough money'.

Re:In other news..

[gnarfel]

In medicine, we call growth for the sake of growth 'cancer.'

Re:In other news..

[pclminion]

If something with a finite useful lifespan is a failure, then you're a failure. Gotta die someday, right?

Re:In other news..

[calzones]

For the most part, marketshare is only a meaningful metric to shareholders and a competitive mindset.

If your employees are well paid and the company is alive and well, it doesn't matter if you're first or last in market share. If your product is crap and you lose marketshare and go out of business, well the problem was the product, not the marketshare; perilously declining marketshare was only a symptom of a problem. But declining marketshare itself, like due to population growth or sprouting competition amidst the growth of an emerging market does not mean your business is dying. You could be doing better year over year and still lose marketshare.

The mentality that "if you're not growing you're dying" is nothing more than simplistic and short-sighted sloganeering.

For what it's worth, even if it were true, dying is not necessarily a bad thing if the alternative is unbridled growth for the sole benefit of shareholders and diminishing returns (or loss) to society.

Re:In other news..

[hairyfeet]

I'd actually argue that RH is a hell of a lot worse off than they should be, thanks to the "free as in beer!" brigade actively fucking them over. I mean here is a company that puts its money where its mouth is and donates more code than most other companies combined yet thanks to the "Free beer!" brigade nearly 30% of the web servers are running not RH but CentOS, which was originally created by a hardware company that wanted to use RH's tools but were too greedy to give RH a dime.

So I'd argue that RH and the rest of the F/OSS companies will never be more than a blip on the radar because GPL lets the "free beer!" brigade screw over any company that dares go GPL. Look at how many GPL companies have died or gone on life support simply because the "free beer!" brigade can't stand the thought of paying a cent even if it ultimately hurts them and the community by leaving less vendors, developers, QA, etc.

I'd say F/OSS is a classic example of the tragedy of the commons and the free rider problem, and while a few companies like RH managing to survive thanks to PHBs that don't like having ANY software without a license doesn't negate the fact that the reason F/OSS has less resources for...well pretty much everything, is because there are so many free riders compared to paying customers. Hell I wouldn't be surprised if MSFT or Apple makes more in a month than RH does in a two year period, there are simply too many leeching and not enough paying.

Re:In other news..

Your ignoring the fact that Red Hat and other GPL companies are just as much users of the free beer brigade as they are contributors. In fact, I remember when Red Hat was nothing more than pre packaged versions of other peoples code that they (got for free) and didn't contribute hardly anything at all back to the community other than making Linux a little bit easier to install.

While you consider that having to re-share your modifications and contributions to code that you got for free in the first place as a tragedy, the truth is companies like Red Hat would not have existed in the first place if it wasn't for that horrible pool of software that can be taken from and used freely as long as you then share your modifications back to that pool.

You can't really complain about others standing on the backs of companies like Red Hat as they build themselves up, when Red Hat and others originally built themselves up in the exact same way. I'd say that's the beauty of the GPL and the free beer brigade.

Re:Yeah right

[H0p313ss]

You do realize that you can already debug it and step through because it's client side?

Javascript is evil! Use GnuWebScript!

[mveloso]

You may not know it, but the website you're reading RIGHT NOW is a festering hotbed of evil. EVIL. Evil code that will steal your information, kill your wife and children, and damage the transmission on your car.

The ONLY way around that is to use our new FSF GnuWebScript, which is Totally Open and Free. Not only is it a Force for Good, it whitens your teeth and makes your toes smell nicer. It will never do those evil and nasty things that the Javascript does, because it's not Javascript - it's GnuWebScript!

GnuWebScript is a free side-set* of ECMAscript, a tragically unfree industry standard. GnuWebScript implements everything in ECMAscript slightly differently using free, non-proprietary language extensions.

GnuWebScript - to be free you must chain yourself to it!

* side set is not a superset or a subset - it's a sideset.

Re:i guess that was a sanctioned comment

[digitalsushi]

I feel like it's asking too much. The concern is, "hey gmail maybe your code triggers some js machine bugs, and we dont trust it." That's valid. But asking them to open source it for inspection, well that lets other folks pick the pieces up and start hawking their own version. Isn't there a middle ground [to ask for, and be denied]? I've just become jaded enough to start agreeing with that crappy business model "let the 10% that complain cancel their service". So long ago that seemed like a joke answer a fake company would use, but now we see it all the time. And I agree with it, alas. If you dont trust gmail, dont use it. Dont ask for their trade secrets either under the veil of security auditing and the intended benefit of legally copying it, or legitimately security auditing it and haphazardly allowing competing services to glean legal copies. Ask for some NDA access to have yourself or someone you trust inspect it. Just because something can be open sourced, doesn't mean it needs to be.

Re:JavaScript is client-side

[twebb72]

I would agree that client side code is (relatively) accessible via the programmer (even if it is compressed); however trusting their server side execution of those includes is really where the trust factor comes into play. Most browsers will lock down cross domain requests. The real power is controlling what the server serves to the users that use that include.

For example, www.xyz.com decides to include a couple lines libraries from google.com, say, jquery, and analytics. By virtue of making the include, that third party site has the ability of pass messages back and forth via code generation (to bypass the cross domain issues) and manipulate the DOM of www.xyz.com in however it sees fit. Now, a security minded person wouldn't include a resource that's off-site, for this very reason. Good examples of this are bank sites like usaa.com. No where on that site will you see a third party domain resource, once you've signed to your account. Putting the resource files on www.xyz.com makes a lot of sense for versioning, but also securing the site from potential hacks of the third party (hacking that google's analytics includes or akamai servers is a juicy opportunity, but only if you could execute code server side).

When it comes to javascript, the best way to secure your site is to host your own resources, and DON'T use off site includes that are from untrusted sources. Even if the source is trusted, it doesn't mean your in the clear. Your best bet, is to always host your own site resources.

I don't see the point

[grumbel]

I don't quite see the point. Sure it would be nice to have the Javascript under a Free Software license, but that would be very far down my list of priorities, as with Javascript and the Web in general there is one very fundamental difference to regular software: You neither own that stuff nor control it, they do and that is the problem that needs attacking. It doesn't make a difference if they stick a GPL header on top of their code or not, I as I would still be forced to use whatever version they ship me, keeping around an older copy with features they might have changed/removed/whatever doesn't help me when the API to their servers has changes, that old GPL copy might either break or become unusable. The real solution would be to provide standard data driven APIs for webservices, so that I wouldn't depend on their Javascript and HTML code, but could roll my own.

The whole problem with the Web today is that I don't have direct access to my data, but instead can only access it via a whole swoop of HTML and Javascript stuff, that makes it frequently hard or even impossible to actually do certain operation. A very basic example would be backup. Yeah, I can download mail from GMail via POP or IMAP and that will give me some of my mails, but what about chat logs, mail I send, tags, contacts, etc. and a bunch of other meta data that isn't just the mail? Can I backup all that? And even more importantly: Can I actually restore it? If GMail decides to delete my account tomorrow, can I open a new one and restore my backup into the new account? Can I do that when I change mail providers? Will meta data survive the transfer? That is the problem that needs fixing, as almost all webpages suffer from it, even the glorious 100% Free Software ones generally don't give you full import and export capabilities of your data and even when they do the interfaces are often limited and cumbersome.