FSF Suggests That Google Free Gmail Javascript

Phoe6 writes "Apparently, FSF is calling it a 'JavaScript Trap' and wants 'useful websites' such as Gmail and others such as Twitter, Facebook to release their JavaScript code under Free Software License so that users can trust their service."

Re:In other news..

[betterunixthanunix]

Well, except for Red Hat, which last I checked was neither being bought out nor in any financial trouble.

Re:JavaScript is client-side

[twebb72]

I would agree that client side code is (relatively) accessible via the programmer (even if it is compressed); however trusting their server side execution of those includes is really where the trust factor comes into play. Most browsers will lock down cross domain requests. The real power is controlling what the server serves to the users that use that include.

For example, www.xyz.com decides to include a couple lines libraries from google.com, say, jquery, and analytics. By virtue of making the include, that third party site has the ability of pass messages back and forth via code generation (to bypass the cross domain issues) and manipulate the DOM of www.xyz.com in however it sees fit. Now, a security minded person wouldn't include a resource that's off-site, for this very reason. Good examples of this are bank sites like usaa.com. No where on that site will you see a third party domain resource, once you've signed to your account. Putting the resource files on www.xyz.com makes a lot of sense for versioning, but also securing the site from potential hacks of the third party (hacking that google's analytics includes or akamai servers is a juicy opportunity, but only if you could execute code server side).

When it comes to javascript, the best way to secure your site is to host your own resources, and DON'T use off site includes that are from untrusted sources. Even if the source is trusted, it doesn't mean your in the clear. Your best bet, is to always host your own site resources.

Re:In other news..

[calzones]

So what?

Really... so what? Red Hat is stable and exists as it does perfectly fine. This bizarre notion we have in this country that all companies must always be earning more and more every year than before and always growing and profits must be more than any other company is unsustainable. It does no good for society and is the wrong way to go about things.

Red Hat and Apple can exist at the same time regardless of size or popularity. All that matters for Red Hat is that they make enough money to support keeping it's employees working and the business around to keep offering what makes its customers happy year in and year out. Suggesting that they are somehow less valid because they are not as big as Apple or Microsoft is a non-sequitor in the context of the preceding discussion.

What is relevant to the preceding discussion is the question of whether making a living by being in the "OSS industry" can be a viable practice. The answer is clearly "yes."

Re:In other news..

[hairyfeet]

I'd actually argue that RH is a hell of a lot worse off than they should be, thanks to the "free as in beer!" brigade actively fucking them over. I mean here is a company that puts its money where its mouth is and donates more code than most other companies combined yet thanks to the "Free beer!" brigade nearly 30% of the web servers are running not RH but CentOS, which was originally created by a hardware company that wanted to use RH's tools but were too greedy to give RH a dime.

So I'd argue that RH and the rest of the F/OSS companies will never be more than a blip on the radar because GPL lets the "free beer!" brigade screw over any company that dares go GPL. Look at how many GPL companies have died or gone on life support simply because the "free beer!" brigade can't stand the thought of paying a cent even if it ultimately hurts them and the community by leaving less vendors, developers, QA, etc.

I'd say F/OSS is a classic example of the tragedy of the commons and the free rider problem, and while a few companies like RH managing to survive thanks to PHBs that don't like having ANY software without a license doesn't negate the fact that the reason F/OSS has less resources for...well pretty much everything, is because there are so many free riders compared to paying customers. Hell I wouldn't be surprised if MSFT or Apple makes more in a month than RH does in a two year period, there are simply too many leeching and not enough paying.