FSF Suggests That Google Free Gmail Javascript

← Back to Stories (view on slashdot.org)

FSF Suggests That Google Free Gmail Javascript

Posted by timothy on Thursday March 31, 2011 @07:08AM from the don't-yet-see-what-you-did-there dept.

Phoe6 writes "Apparently, FSF is calling it a 'JavaScript Trap' and wants 'useful websites' such as Gmail and others such as Twitter, Facebook to release their JavaScript code under Free Software License so that users can trust their service."

18 of 413 comments (clear)

Min score:

Reason:

Sort:

In other news.. by LordStormes · 2011-03-31 07:10 · Score: 3, Insightful

FSF wants Windows, Office, Photoshop, and everything else to be free. That's their job. People need to be able to make money on software, or large corporations won't invest in it. That's why FOSS-friendly companies like Sun are going under and being snapped up by profit-hungry pricks like Larry Ellison. Film at 11.
1. Re:In other news.. by betterunixthanunix · 2011-03-31 07:13 · Score: 5, Insightful
  
  Well, except for Red Hat, which last I checked was neither being bought out nor in any financial trouble.
  
  --
  Palm trees and 8
2. Re:In other news.. by characterZer0 · 2011-03-31 07:18 · Score: 4, Insightful
  
  Java was not a failure. Monetizing Java was a failure. The difference is significant.
  
  --
  Go green: turn off your refrigerator.
3. Re:In other news.. by hduff · 2011-03-31 07:21 · Score: 4, Informative
  
  FSF wants Windows, Office, Photoshop, and everything else to be free. That's their job. People need to be able to make money on software, or large corporations won't invest in it. That's why FOSS-friendly companies like Sun are going under and being snapped up by profit-hungry pricks like Larry Ellison. Film at 11.
  Yes, "free" as in the concept of freedom or liberty, not software at no charge or profit.
  You embarrass yourself by not understanding the distiction while speaking on the subject. Or you shame yourself by deliberatley mis-stating it.
  Oh, I see you're in marketing . . .
  
  --
  "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
4. Re:In other news.. by brit74 · 2011-03-31 07:48 · Score: 4, Insightful
  
  FSF wants Windows, Office, Photoshop, and everything else to be free. That's their job. People need to be able to make money on software, or large corporations won't invest in it. That's why FOSS-friendly companies like Sun are going under and being snapped up by profit-hungry pricks like Larry Ellison. Film at 11.
  Yes, "free" as in the concept of freedom or liberty, not software at no charge or profit. You embarrass yourself by not understanding the distiction while speaking on the subject. Or you shame yourself by deliberatley mis-stating it. Oh, I see you're in marketing . . .
  Or maybe you're the one in marketing. It's completely obvious that the phrase "free as in freedom, not free as in beer" is a flat-out false statement. It be accurate, it should be restated as "free as in freedom, AND free as in beer". Here's what the FSF says:
  
  "When we call software “free,” we mean that it respects the users' essential freedoms: the freedom to run it, to study and change it, and to redistribute copies with or without changes. This is a matter of freedom, not price, so think of “free speech,” not “free beer.”"
  
  Notice the phrase "to redistribute copies" - that's "free as in beer". The FSF wants to paint is as a "freedom" issue when they're also smuggling in "free" under that banner.
5. Re:In other news.. by calzones · 2011-03-31 07:57 · Score: 5, Insightful
  
  So what?
  Really... so what? Red Hat is stable and exists as it does perfectly fine. This bizarre notion we have in this country that all companies must always be earning more and more every year than before and always growing and profits must be more than any other company is unsustainable. It does no good for society and is the wrong way to go about things.
  Red Hat and Apple can exist at the same time regardless of size or popularity. All that matters for Red Hat is that they make enough money to support keeping it's employees working and the business around to keep offering what makes its customers happy year in and year out. Suggesting that they are somehow less valid because they are not as big as Apple or Microsoft is a non-sequitor in the context of the preceding discussion.
  What is relevant to the preceding discussion is the question of whether making a living by being in the "OSS industry" can be a viable practice. The answer is clearly "yes."
  
  --
  Asking people to think is like asking them to buy you a new car
6. Re:In other news.. by Nerdfest · 2011-03-31 08:12 · Score: 4, Insightful
  
  That's it. Some people don't seem to believe in the concept of 'enough money'.
7. Re:In other news.. by metrix007 · 2011-03-31 08:57 · Score: 3
  
  American. Not USian, American. Retard
  I say this as a non-american.
  
  --
  If you ignore ACs because they are anonymous - you're an idiot.
8. Re:In other news.. by gnarfel · 2011-03-31 09:20 · Score: 3, Insightful
  
  In medicine, we call growth for the sake of growth 'cancer.'
  
  --
  Local music(to upstate NY). http://gnarfel.com/ radio.
9. Re:In other news.. by pclminion · 2011-03-31 09:21 · Score: 4, Insightful
  
  If something with a finite useful lifespan is a failure, then you're a failure. Gotta die someday, right?
10. Re:In other news.. by calzones · 2011-03-31 09:21 · Score: 3, Insightful
  
  For the most part, marketshare is only a meaningful metric to shareholders and a competitive mindset.
  If your employees are well paid and the company is alive and well, it doesn't matter if you're first or last in market share. If your product is crap and you lose marketshare and go out of business, well the problem was the product, not the marketshare; perilously declining marketshare was only a symptom of a problem. But declining marketshare itself, like due to population growth or sprouting competition amidst the growth of an emerging market does not mean your business is dying. You could be doing better year over year and still lose marketshare.
  The mentality that "if you're not growing you're dying" is nothing more than simplistic and short-sighted sloganeering.
  For what it's worth, even if it were true, dying is not necessarily a bad thing if the alternative is unbridled growth for the sole benefit of shareholders and diminishing returns (or loss) to society.
  
  --
  Asking people to think is like asking them to buy you a new car
11. Re:In other news.. by hairyfeet · 2011-03-31 10:16 · Score: 5, Insightful
  
  I'd actually argue that RH is a hell of a lot worse off than they should be, thanks to the "free as in beer!" brigade actively fucking them over. I mean here is a company that puts its money where its mouth is and donates more code than most other companies combined yet thanks to the "Free beer!" brigade nearly 30% of the web servers are running not RH but CentOS, which was originally created by a hardware company that wanted to use RH's tools but were too greedy to give RH a dime.
  So I'd argue that RH and the rest of the F/OSS companies will never be more than a blip on the radar because GPL lets the "free beer!" brigade screw over any company that dares go GPL. Look at how many GPL companies have died or gone on life support simply because the "free beer!" brigade can't stand the thought of paying a cent even if it ultimately hurts them and the community by leaving less vendors, developers, QA, etc.
  I'd say F/OSS is a classic example of the tragedy of the commons and the free rider problem, and while a few companies like RH managing to survive thanks to PHBs that don't like having ANY software without a license doesn't negate the fact that the reason F/OSS has less resources for...well pretty much everything, is because there are so many free riders compared to paying customers. Hell I wouldn't be surprised if MSFT or Apple makes more in a month than RH does in a two year period, there are simply too many leeching and not enough paying.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
Re:Yeah right by H0p313ss · 2011-03-31 07:14 · Score: 3, Insightful

You do realize that you can already debug it and step through because it's client side?

--
XML is a known as a key material required to create SMD: Software of Mass Destruction
Re:Yeah right by doishmere · 2011-03-31 07:16 · Score: 3, Informative

Well, the source is already technically available, since they ship you non-compiled javascript code. FSF's has several problems with this. 1) Gmail has not granted the user the right to modify the Javascript code. 2) Even if (1) is conceded, the FSF is arguing that the obfuscated code transmitted to the client browser does not truly constitute source code. They would like a link to be placed in a comment in the obfuscated code to the original, un-obfuscated code. There is a broader problem, however; even if a website transmits GPL'd code in the clear, the user does not have any easy way to replace the transmitted code with their modified code. They would like browsers to support hot-swapping websites' scripts with modified copies.
Re:i guess that was a sanctioned comment by digitalsushi · 2011-03-31 07:45 · Score: 4, Insightful

I feel like it's asking too much. The concern is, "hey gmail maybe your code triggers some js machine bugs, and we dont trust it." That's valid. But asking them to open source it for inspection, well that lets other folks pick the pieces up and start hawking their own version. Isn't there a middle ground [to ask for, and be denied]? I've just become jaded enough to start agreeing with that crappy business model "let the 10% that complain cancel their service". So long ago that seemed like a joke answer a fake company would use, but now we see it all the time. And I agree with it, alas. If you dont trust gmail, dont use it. Dont ask for their trade secrets either under the veil of security auditing and the intended benefit of legally copying it, or legitimately security auditing it and haphazardly allowing competing services to glean legal copies. Ask for some NDA access to have yourself or someone you trust inspect it. Just because something can be open sourced, doesn't mean it needs to be.

--
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
Re:JavaScript is client-side by twebb72 · 2011-03-31 07:47 · Score: 5, Insightful

I would agree that client side code is (relatively) accessible via the programmer (even if it is compressed); however trusting their server side execution of those includes is really where the trust factor comes into play. Most browsers will lock down cross domain requests. The real power is controlling what the server serves to the users that use that include.
For example, www.xyz.com decides to include a couple lines libraries from google.com, say, jquery, and analytics. By virtue of making the include, that third party site has the ability of pass messages back and forth via code generation (to bypass the cross domain issues) and manipulate the DOM of www.xyz.com in however it sees fit. Now, a security minded person wouldn't include a resource that's off-site, for this very reason. Good examples of this are bank sites like usaa.com. No where on that site will you see a third party domain resource, once you've signed to your account. Putting the resource files on www.xyz.com makes a lot of sense for versioning, but also securing the site from potential hacks of the third party (hacking that google's analytics includes or akamai servers is a juicy opportunity, but only if you could execute code server side).
When it comes to javascript, the best way to secure your site is to host your own resources, and DON'T use off site includes that are from untrusted sources. Even if the source is trusted, it doesn't mean your in the clear. Your best bet, is to always host your own site resources.
Re:Yeah right by GameboyRMH · 2011-03-31 07:54 · Score: 4, Interesting

Nothing a glorified find-and-replace can't help with. This'll help you get started:
http://unwrongest.com/how-to-decompress-javascript/

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
I don't see the point by grumbel · 2011-03-31 08:51 · Score: 3, Insightful

I don't quite see the point. Sure it would be nice to have the Javascript under a Free Software license, but that would be very far down my list of priorities, as with Javascript and the Web in general there is one very fundamental difference to regular software: You neither own that stuff nor control it, they do and that is the problem that needs attacking. It doesn't make a difference if they stick a GPL header on top of their code or not, I as I would still be forced to use whatever version they ship me, keeping around an older copy with features they might have changed/removed/whatever doesn't help me when the API to their servers has changes, that old GPL copy might either break or become unusable. The real solution would be to provide standard data driven APIs for webservices, so that I wouldn't depend on their Javascript and HTML code, but could roll my own.
The whole problem with the Web today is that I don't have direct access to my data, but instead can only access it via a whole swoop of HTML and Javascript stuff, that makes it frequently hard or even impossible to actually do certain operation. A very basic example would be backup. Yeah, I can download mail from GMail via POP or IMAP and that will give me some of my mails, but what about chat logs, mail I send, tags, contacts, etc. and a bunch of other meta data that isn't just the mail? Can I backup all that? And even more importantly: Can I actually restore it? If GMail decides to delete my account tomorrow, can I open a new one and restore my backup into the new account? Can I do that when I change mail providers? Will meta data survive the transfer? That is the problem that needs fixing, as almost all webpages suffer from it, even the glorious 100% Free Software ones generally don't give you full import and export capabilities of your data and even when they do the interfaces are often limited and cumbersome.