Richard Stallman Warns About Non-Free Web Apps

An anonymous reader writes "Richard Stallman has published an article which warns about the 'Javascript trap' posed by non-free AJAX-based applications. The article calls for a mechanism which would enable browsers to identify freely-licensed Javascript applications and run modified version thereof. 'It is possible to release a Javascript program as free software,' Stallman writes. 'But even if the program's source is available, there is no easy way to run your modified version instead of the original ... The effect is comparable to tivoization, although not quite so hard to overcome.'"

OK, dumb question after reading the article

[MillionthMonkey (240664)]

Why do I care if I visit a web site and "non-free" JavaScript runs in my browser?

Re:OK, dumb question after reading the article

[paroneayea (642895)]

Why do you care if non-free python, C, or whatever apps run on your computer? Code is code, and websites aren't what they used to be. The web has become a platform for client/server applications. So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.

Re:OK, dumb question after reading the article

[Timothy Brownawell (627747)]

Why do you care if non-free python, C, or whatever apps run on your computer?

Because it's generally harder to upgrade/maintain (not in the standard apt repositories), I can't fix it myself, and whoever controls it can just randomly disappear or EOL it.

So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.

Except that all of those thing either don't apply to web apps at all, or apply to all web apps. There's nothing to install, upgrade, or fix locally, and you're dependent on some service provider regardless of the status of the code.

Re:OK, dumb question after reading the article

[mr_mischief (456295)]

The client-side code could just as easily be saved to your local drive and loaded from your local drive into your browser as downloaded (or loaded unchanged from cache) every time you visit a page. You local copy could then be altered to better suit your needs, so long as it's still compatible with what the server is doing or is independent of the server. This can be done now, but browsers don't support doing it easily.

What Stallman wants in this case boils down to two things as I read it. First, he wants a standard way to mark the license of the program that's easy to discern both visually and in software so you'll know what license you have to the software and the browser can inform you of that automatically. He also wants an easy way for every piece of client-side code a web page uses to be easily replaceable with your own local version from your own local disk. Right now, you can grab the JavaScript from a page and alter it, but without some work you're still going to be running the publisher's version when you're on their site. He wants some way to specify that the JavaScript that was loaded from, for example 'http://www.foo.com/js/some-script.js', instead gets loaded from your customized local version so you can interact with the web app with your changes in place.

Personally, I think he's got a good idea there. I'm no RMS fanatic, but I do like to be able to alter the software I run to suit me, and I like the GPL (and BSD, CC-SA, and some other licenses) for that reason.

He just wants a couple of technical features built into the OSS browsers to support loading custom client-side code and for you to more easily know which license the code is under. I think this is much easier to accept than some of the more drastic position statements out of the FSF. It really can benefit anyone who prefers any of the Open Source licenses, and not just what the FSF calls Free Software under the GPL.

Re:OK, dumb question after reading the article

[LaughingCoder (914424)]

He also wants an easy way for every piece of client-side code a web page uses to be easily replaceable with your own local version from your own local disk.

That sounds to me like a massive security hole just waiting to be exploited. People navigate to their brokerage page or their online banking page thinking they are running the brokerage/bank software, not knowing some malware made illicit and modified copies of the Java on their hard drive which is run instead. Scary stuff.

Re:OK, dumb question after reading the article

[lwsimon (724555)]

This, of course, can be done now. The first think you learn when dealing with webapp security is that you can never trust the client.

Nothing is stopping me now from loading my own Javascript (or Java, or anything else that runs in the browser) on a bank's webpage.

Re:OK, dumb question after reading the article

[hairyfeet (841228)]

I'll probably get flamed all to hell for daring to say this on a website frequented by website designers, but what the hell, my karma is good. I think we are missing the forest for the trees. A much bigger problem is too damned many websites are using JavaScript that have no reason to. I don't know how many times I have come across websites where basic functions that should have been straight HTML/CSS were coded in JavaScript.

And with all the malware using JavaScript and what seems like a new vulnerability coming out every day it is feeling more and more like JavaScript is going to be the next ActiveX. In fact with all the JavScript exploits [yahoo.com] I'm shocked we even use it at all. Let us be honest here: If this was a MSFT technology instead of cross platform would we still use it? Or would we be calling for its ban because of all the security holes?

So IMHO the question isn't whether the JavaScript code is free or not, but it is whether we should be running it in its current implementation at all. I mean when you have to use Noscript, which is basically a condom for JavaScript, just to surf the web something is seriously fucked up with the JavaScript security model. Maybe instead of looking at whether the code is free or not let us look at how to keep it from being a malware paradise first. And all this talk of sandboxing is frankly just a band aid for a bad security model. If your code is so damned dangerous that the ONLY way to run it safely is to use a VM, I don't want it, thank you very much.

I think if the underlying security model of JavaScript isn't fixed we won't have to worry about whether the code is free or not, because it will end up going the way of ActiveX. There is nothing being done in JavaScript today that couldn't be done in other languages or using other tools like Java and flash. And ATM it is simply too dangerous to allow myself or my clients to use JavaScript without whitelisting. And that is pretty sad.

Re:OK, dumb question after reading the article

[grumbel (592662)]

I disagree with putting the blame on Javascript, the whole problem starts already with HTML/CSS. Webpages these days are something that is generated, not something that is written, meaning what the user gets to see isn't the real data, but just some more or less usable rendering of it and thats pretty much where the trouble starts. The whole notion that its the browsers job to render a webpage in a style chosen by a user, has pretty much completly fade away, today you are basically left with the choice between pixel-perfect representation of what the webdesigner had in mind and absolutely no style at all, there is no in between, no clean separation between actual content and user interface. Even something simply as changing the font size will break close to 100% of all non-trivial webpages out there, on some its just a little glitch (like "Reply to this" button falling appart on Slashdot) while other get completly unusable because elements end up being hidden below others. This whole mess has to stop. I don't mean that webpages should go back to HTML2 or whatever, but simply that they should allow raw access to their content, I don't want a news article flooded with navigation bar and crap, I want the raw news article and nothing else. I doubt that this will happen on a large scale anytime soon, since it would make it to easy to filter away all advertisment, but then even webpages without any advertisment suffers from this very same problem.

Re:OK, dumb question after reading the article

[Belial6 (794905)]

Wow. Just wow.

First, if sending bad data back to your server can bork your web server, then either you are ok with that, or your web app is broken. Your scenario of sending bad data is already trivial to accomplish by malicious people, or those who think they know better than you. If the user can send data back to you server and bork it, you have NOT mad sure the data is clean on the server side so there is no chance of an exploit.

Second, my computer is MY computer. The web browser is NOT sandboxed to make a safe known environment on the client side for the web site developer. It in no way does that. It IS sandboxed to prevent clueless and malicious web developers from screwing up the rest of MY computer.

You are exactly why RMS is correct in his concerns.

Re:OK, dumb question after reading the article

[mea37 (1201159)]

The technical implciations are a bit more involved than "modify how the browser loads code".

Right now, a web develoepr can rely on the fact that every visitor to his site is getting an up-to-date copy of the client software. We can have an interesting philosophical debate about whether they should rely on this assumption, or a much more practical one about how many do rely on it.

So I make non-backward-compatible changes to my website, and you run your cached/modified version of the client. Some features don't work. Your browser behaves in ways my server no longer expects. Depending on whether I forsaw this occurance, maybe the effect is harmless (except you're out of luck until you revert to a new download, and then start making your chnages again); or maybe if I was particularly clumsy or just have lousy luck, you corrupt some resource on the server.

We can mitigate the worst problems "merely" by re-educating every web developer everywhere; but realistically we're calling for a client-server handshake so that the server can let the modified client know that it's out of sync (and/or revert to a backward-compatible mode if possible).

Personally I don't see customization of web apps as a pressing need (prior to this article I've never thought about trying it, so clearly it isn't that important to my daily life). So to me, it isn't worth the trouble. YMMV.

I thought I did.

[Samschnooks (1415697)]

So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.

I was having trouble with a F/OSS app several months ago and I thought "Great! It's F/OSS! I can just get the software source and have a gander and solve my own problems!"

So, I downloaded the code, unzipped it, spent a couple of days getting the development environment right, and brought up the editor. A few days go by, and I'm trudging through uncommented PHP code, digging into class after class calling other classes that called other classes that just set global constants or read environment variables, and so on and so on...

I deleted the code because instead of "solving my problem" I was getting lost and not accomplishing the activity that the software was supposed to accomplish.

I went and got a package that did what I wanted.

In short, I have no desire to look at source code. I don't give a rat's ass. I have better things to do than to dig through other people's mess - thank-you-very-much.

F/OSS only appeals to people who LIKE to trudge through others code to see how it works or make it "better". To me, software is an end to a means and I don't really give a rat's ass how it works as long as it's not doing shit behind may back that I don't want; which I can find out by other means than looking at source code.

Re:I thought I did.

[betterunixthanunix (980855)]

"F/OSS only appeals to people who LIKE to trudge through others code to see how it works or make it "better". To me, software is an end to a means and I don't really give a rat's ass how it works as long as it's not doing shit behind may back that I don't want; which I can find out by other means than looking at source code."

Free-libre software is about more than just looking through source code. The availability of source code is a means to an end; there are non-free licenses that provide access to source code, and even the right to modify that source code. Free-libre licensing grants you freedoms that you really do not have with proprietary systems, including those that make code available to you:

• The freedom to install the software on as many systems, and for as many users, as you wish. For a web apps, some vendors limit how many simultaneous users (or how many users in total) may use the system; a free-libre system cannot impose such a limit.
• The freedom to use the software perpetually.
• The freedom to use the software for whatever purpose you see fit (compare this with the AAC codec license, which forbids "client software" for being used for "professional" purposes).
• The freedom to use modifications to the software that other people have developed.
• The freedom to give the software to someone else.
• The freedom to discuss the software with someone else (there are proprietary systems that forbid or limit this as "trade secrets").

Maybe these are not things that really matter to you. I have encountered restrictions on every one of the above items from different software packages, and it has caused me and the other users/administrators of the software serious headaches. In cases where free-libre software was introduced, people just got their work done -- no worries about breaking the law, no worries about the software suddenly becoming inoperable, no restrictions on who we may discuss the software with.

Re:I thought I did.

[Tom (822)]

Yes, most of the times I don't care for the source, either.

However, several times already I came across a piece of Free Software that did almost exactly what I needed, or that did what I needed but hadn't been updated for quite a while. I could take it and add the feature I wanted, or take it over and continue developing it, or simply fix a few bugs that prevented it from running/compiling in the current compiler/webserver/whatever environment.

Just because you don't use a freedom 99% of your time doesn't mean it isn't valuable. I very rarely make use of my freedom to assemble, and elections are only every few years - but still these are important freedoms to have.

Re:I thought I did.

[Austerity Empowers (669817)]

No one is asking you to. But what if you ran a business and the software vendor for some mission critical app decided he wasn't going to support your desired OS, or some trivially simple feature that a competing system has that makes a lot of financial sense to you? But your cost to switch over outweigh the cost of that feature. Your vendor was either going to hold you hostage for some obscene amount of money required to switch (but enough that he thinks you'd pay, since he knows your costs too), or let you stay on your existing platform which will bleed you dry slowly. What if your software vendor decided that you can run 8 documents at once, but to run each additional document at once would cost $100/document. Not because of any technical limitations, but simply because they want to charge you that way?

If you made a point to never use F/OSS you could simply pay someone else to fix the software, perhaps someone you already have on staff. You could have it your way. You wouldn't get stuck with idiotic licensing scams and other extortion.

This kind of thing happens all the time, at all levels of business. While he sounds like a raving lunatic at times, his zealotry can produce a better world. It works not only for people who like to code, but for those who'd rather pay others to do it for them. We really ought to be looking for ways to use open source as much as possible, in place of proprietary alternatives. He's pointing out ways to help you identify closed source apps you may not know exist.

As usual it sounds ridiculous and paranoid, but it does make sense. You may not wish to put your life on hold for lack of F/OSS alternatives, that's not a reasonable expectation, but it makes sense to favor F/OSS solutions and be looking for a way to remove proprietary as much as possible. The economics of the world won't really change much, people will still get paid to write software... but they won't be able to extort you for it either, or pimp it for decades because you have been locked-in.

Re:I thought I did.

[ClosedSource (238333)]

If a software vendor wants to lock you in, he isn't going to cooperate by making his web app easier to work around. There is also the server side that you know nothing about, so if he ever goes out of business you'd have some nice javascript that interacts with a phantom server.

Even if you're a die-hard F/OSS fan, you should spend your energy on initiatives that really make sense.

Re:I thought I did.

[cozziewozzie (344246)]

I share the same philosophy about computers. I don't want to waste hours of my life on coding software. I'd rather just work 1 hour of overtime, and then go out and buy the program I need.

You don't get the whole point of Free Software in the first place.

But the beauty of it is that even you can profit from its fruits. Every time you surf on the internet, or listen to music or watch a movie. Most of those are running on or were created with Free Software.

Re:I thought I did.

[Ifni (545998)]

Thank you. That's right.

He wasn't defending you, by the way. He was pointing out how ludicrous your argument was. Basically, you were saying that since you, personally, will never use this freedom, it has no value for anyone, anywhere, ever, and therefore should not be defended. Not only is that shortsighted and egocentric, it is - well, actually, I think shortsighted and egocentric pretty much covers it.

I'm like you, I don't like digging through other people's messy code. However, I like having the option to so that I can see how something was done so that I can use it to learn new techniques so that when or if I decide to build my own program I have another valuable tool in my toolbox. Also, though I am sorry that the tool you decided to dissect was a mess, a lot of open source code is clean and well documented. That may not be the norm (I haven't looked through much), but from what I have seen, it has improved dramatically over time.

Lastly, even though you may not see the value in being able to view and change code, as you mentioned in the last paragraph of your article, there are those that do. Because of them, FOSS improves and gives you the ability to dump one FOSS app for another that meets your needs better because someone that was willing to improve someone else's code had similar needs to yours. It allows those that like to tinker the ability to make changes to any FOSS app that you use to make it better by adding features that you will use. The point is, if you simply write off the FOSS ideals as useless because you don't take advantage of them directly, then fail to defend them because of that belief, you are missing the bigger picture and risk losing a resource that whether you know it or not you do benefit from.

FOSS appeals to more than just the people who maintain and improve the code, it appeals to anyone that uses it. In fact, I'd even argue that it benefits those that choose to use non-free alternatives as it provides competition - and when competing with free, proprietary has to be that much better in order to succeed with a price tag (and though the extent of this success is debatable, there is certainly increased pressure to improve for many, or FUD/lock-in for some few).

What about the server side?

[patro (104336)]

So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.

Okay, but Javascript is only one part of this problem. What about the code running on the server? I wonder if RMS visits any websites at all besides fsf.org

He can't be sure after all if other sites use only free software on the server side, so he can't visit them to avoid accidentally supporting non-free software.

Re:What about the server side?

[ShieldW0lf (601553)]

He's concerned about vendor lock-in. He's concerned about a small group of people being able to hold the rest of the world hostage by threatening to cut them off from the infrastructure they depend on, and he's concerned about a vast group of people being abandoned by those they trusted to handle their essential infrastructure.

It's a valid concern, it's not hard to understand, and it's not easy to dismiss either. The fingers-in-the-ears-going-la-la-la tactic seems to be the standard approach for a lot of people.

Re:What about the server side?

[ShieldW0lf (601553)]

That's RMS' fault.

http://en.wikipedia.org/wiki/The_Boy_Who_Cried_Wolf [wikipedia.org]

You're right, it is. If he hadn't taken action to solve the problem he was yelling about, people would have suffered enough to show some respect. He should have just gone into the forest to be a hermit and left you to get screwed so you would learn. Now you can just pretend there wasn't a problem that he didn't mitigate on your behalf and talk like an idiot, and most people won't realize or catch you at it.

Re:What about the server side?

[Zero__Kelvin (151819)]

"That's RMS' fault.

http://en.wikipedia.org/wiki/The_Boy_Who_Cried_Wolf"

It turns out that if a boy cries wolf, and one is really there, it will run in fear and not be there when the villagers arrive. The villagers have only the boy to thank, but instead they ostracize him and call him a nut. Hey, come to think of it, there is a striking parallel here ...

Re:What about the server side?

[Jamie's Nightmare (1410247)]

I wonder if RMS visits any websites at all besides fsf.org

I'm glad you asked. Let's get a direct quote [lwn.net] from the man himself:

"For personal reasons, I do not browse the web from my computer."

At the risk of obvious ridicule he doesn't give the reasons behind this choice, but that's not really important here. Stallman is truly out of touch with the real needs of people who actually use computers on a daily basis. He is out of touch by his own choice. What really burns my taters is that so few properly chastise Stallman for this foolishness. Even worse, some actually defend it.

Re:OK, dumb question after reading the article

[jkrise (535370)]

Programmability is an important aspect of free software. The javascript trap effectively converts web applications into proprietary client-server type applications, Google's apps included. Which reduces the scope for innovation, standards and progress. Hence Stallman's warning.

Slippery slope to non-free

[dazedNconfuzed (154242)]

Because you are reliant on something which must be paid for (somehow) and/or you can't own. Stallman's view, nutty or not, is that you should be able to function ENTIRELY on free software - which a non-free JavaScript "app" by definition isn't. From his perspective, it's an insidious "slippery slope" undercutting of the free (speech AND beer) software paradigm: it's so easy to get caught in the "[shrug] so what? I didn't have to pay, and I don't have to keep a copy because I just go to the site to run it again" trap, risking reliance on something controlled by someone else.

Re:Slippery slope to non-free

[swillden (191260)]

Well, there's a simple response to Stallman: you're wrong.

If you want to use my service and my resources, then you don't get to dictate your terms to me.

Stallman is perfectly happy avoid using your service and resources. His issue is that he doesn't have an easy way to tell whether or not he *should* avoid you.

Hence his recommendation that Javascript that is Free Software be tagged with something that indicates the license, so that appropriately-configured browsers can avoid executing non-Free code.

On a more general note, why is it that everyone assumes that when Stallman explains how he thinks things should be, or the way he thinks people should act, that he's somehow "dictating" to them. He is extremely clear on the fact that he neither has nor wants the power to dictate, because that would be anti-freedom. Instead, he explains, exhorts and encourages, pushing the growth of Free Software and pointing out non-Free software that may go unnoticed.

Re:Slippery slope to non-free

[Azureflare (645778)]

I can't dictate the terms for your services nd your resources, that's true. However, your client side code is running in MY BROWSER consuming MY RESOURCES.

That is the point Stallman is making. I really think he should have provided more examples.

He doesn't care what you do on the server side. Just provide us with messages to the client (us) that enables us to provide whatever interface to the data that we want.

Implementation

[MillionthMonkey (240664)]

But what's the solution? This is the real question.

Just put a checkbox in the Firefox preferences window somewhere. I suggest this wording:

(x) Warn me before running JavaScript written by capitalist pigs

Re:OK, dumb question after reading the article

[CySurflex (564206)]

The problem with that logic is that Stallman missed a huge point. If, from his example you're using Google Docs, even if the JavaScript is "freed" using his new standard with stylized comments and the @source directive - you are still accessing non-free server software (the Google web servers) that responds to the AJAX requests. Not only that, but your browser is also making a call to the Google Ad server, which also has non-free software. You might also argue that its being served by a modified version of MySQL thats non-free, and perhaps even the firewall and the proxy that its passing through is a custom version written by Google Engineers (likely.)

Re:OK, dumb question after reading the article

[Estanislao Martínez (203477)]

The problem with that logic is that Stallman missed a huge point. If, from his example you're using Google Docs, even if the JavaScript is "freed" using his new standard with stylized comments and the @source directive - you are still accessing non-free server software (the Google web servers) that responds to the AJAX requests. Not only that, but your browser is also making a call to the Google Ad server, which also has non-free software. You might also argue that its being served by a modified version of MySQL thats non-free, and perhaps even the firewall and the proxy that its passing through is a custom version written by Google Engineers (likely.)

There are two problems I can perceive with your argument, though:

1. It is still potentially very useful to you to be able to modify the software that runs on your computer, and to share these modifications with other people. This is one of the major points of the GPL.
2. You're describing here a system with three kinds of compoments: (a) client software, (b) server software, (c) server data. It's much harder to argue that (b) should be free software, especially if it's in-house Google software that we're talking about, not distributed outside the company. And (c) is not software at all, so the argument doesn't apply. Should the GPL have clauses that forbid, say, a GPL-licensed web browser from being able to connect to a web server running a non-free http server? What if it's a free http server connected to a non-free database? What if the http server and database are free software, but the people who operate the server don't allow you to download all of their data in bulk and serve it yourself?

You have to draw a line somewhere here, and drawing the line between (a) and (b) seems reasonable.

Re:OK, dumb question after reading the article

[lennier (44736)]

"... vegans are rabbit food people."

Fixed that for you.

copyright enforcement?

[by Anonymous Coward]

Has "borrowing" some Javascript (or HTML for that matter) ever resulted in litigation? There's been sort of an understanding since the inception of the Web that people will borrow from each other, because they can, and that's more or less fine.

I like Stallman's idea, it just doesn't seem particularly urgent.

Beware the hidden dollarsign?

[paroneayea (642895)]

"from the beware-hidden-dollarsign dept"

I would think slashdot would know better what Stallman means by when he says free or non-free software [gnu.org]. Generally these webapps area available at no cost anyway, and obviously that's not what he's talking about. He's talking about the classic ideas of free software, not whether or not it is okay to sell software [gnu.org]. I just think that should be clear here.

Anyway, if we do argue that applications are moving into the web sphere, (which most web 2.0 advocates of course do,) then this is indeed something important to think about within the domain of free software.

Re:Beware the hidden dollarsign?

[u38cg (607297)]

I think /. is more than aware what they mean. Just because you aren't forking out to use these web applications, doesn't mean that there isn't a cost. Software as a service costs real money to host, and you should be asking where the money is, and why.

Re:Beware the hidden dollarsign?

[SirGarlon (845873)]

I thought the hidden dollarsign referred to malware possibly embedded in non-free Javascript. As Stallman points out in TFA,

the idea that non-free programs mistreat their users is familiar

This mistreatment can take many forms, including collecting user data without informed consent, for example, a user profile which can then be used for marketing (and/or sold). That's what I thought the "hidden dollarsign" was referring to.

What's in a name?

[sbalneav (464064)]

From TFA:

"Javascript (officially called ECMAscript, but few use that name)..."

Linux (officially called GNU/Linux, but few use that name)..."

Practice what we preach, Hmmmmm?

Re:What's in a name?

[by Anonymous Coward]

"Richard Stallman (officially called Dick, but few use that name)..."

data

[Lord Ender (156273)]

The license for the javascript software you are running might be important, but the far more important factor, in my mind, is the IP rights and responsibilities attached to your data.

Who has access to your data? How can you verify that? Who is responsible for keeping it secure? Who is responsible for making backups? How can you verify that?

Stallman has finally lost it.

[by Anonymous Coward]

According to this, a Javascript program that talks to a closed source AJAX backend is Not Free, even if the Javascript code itself is Free.

This is the craziest thing Stallman has come up with yet. Is a web browser that talks to a None Free web server Not Free? What about a program that uses SQL to talk to a database server that is Not Free?

Re:Stallman has finally lost it.

[illegalcortex (1007791)]

While I frequently think RMS takes good philosophy and generates stupid conclusion, I actually think your example proves him right. Imagine MS SQL ships you SQL server with all the source code Query Analyzer and the DB access libraries open sourced and GPL. But they continue to distribute the SQL server engine as closed source and with the current license. Does that make SQL server free or not free?

Your browser example just doesn't work because the browser can access a whole host of other information and isn't built only for talking to that one server. Your other example program could be used to talk to any number of database servers instead of MSSQL. As long as it was a free, open source app and didn't use some incredibly henious MS-specific SQL, you could point it at another DB.

Now imagine something even more symbiotic than Query Analyzer and MSSQL. Something where there really is no practical use for the client except to talk to that server. For AJAX apps, it's more of a parallel to say the Javascript is just the top layer GUI on the behind-the-scenes application. That's what we're talking about here. The client is only half of the application, the server is the other half. An application can't be "half-free."

Re:Stallman has finally lost it.

[assassinator42 (844848)]

Well, lets take the OSCAR plugin in Pidgin/libpurple. It's only (or at least by far the primary) use is to talk to AOL's server(s), which are not free. Does that make the plugin or even libpurple or Pidgin non-free?

Nice to see it worked

[rumith (983060)]

Actually, it was me who alerted him on this issue (using GMail as an example). However, that was almost a year (!) ago. Took him a long time, but I couldn't expect any less, since the man almost never uses a browser at all...

P.S. For those interested, here [sinp.msu.ru] is the transcript of our email conversation.

Every time he speaks I just want to shoot him

[BitZtream (692029)]

Let me give you guys a hint. Its a good time to start distancing yourself from Stallman, he's definitely wondering off to the tree-hugging-nutjob-hippie commune.

He's lost grasp of the point of software. The point of software is not 'to run free software', its to get something done.

His entire life has turned into 'omg you must use free software or you are doing the wrong thing'. He has no logic for this other than 'its bad for you not to use free software' or 'its bad for you if you cant modify it even though you have no useful reason to do so!!!'

He goes so far in the article to try to confuse the meaning of 'free' versus 'open', implying they are essentially the same thing. They aren't, and never will be. He has gotten himself so deep into his own bullshit that it would appear that it is now impossible for him to understand that his 'way' isn't the only one. Once you've got yourself to the point where you think 'free' or OSS software is 'the only way' you are no better than those people who refuse to use OSS software, you're just a moronic twit at that point.

Stallman has reduced himself to a religious leader rather than a promoter of openness for the common good. He's simply gone too far.

So again, I encourage you to distance yourself from Stallman, he is not someone you should associate with any more than the Church of Scientology as they are both just spreading propaganda for their own personal gain at this point. Now that OSS has become even slightly accepted his usefulness as a supporter of OSS is diminished, so he's taking it to the next level and trying to say all non-free software is bad. Read that carefully, 'non-free'. Not open. In this article he in a round about way attacks 'open' standards that are not 'free' by his definition.

You need to watch out for the guy who screams 'freedom' while at the exact same time adding new restrictions to the very license he claims is all about 'freedom'. I'm not saying not to use GPL or GPLv3, if the fit your needs/goals, thats entirely fine and should be used if they fit. I license my software under many different licenses based on what I'm trying to accomplish. My applications are generally closed source, I have some libraries that I've released LGPL, and many that are BSD licensed. I have not used GPL proper as it doesn't really fit my Each has their place in MY agenda. I'm just saying that what he does is hypocritical to an extreme only shared by politicians and lawyers, and because of that he should be treated as such.

I am in no way saying you should abandon OSS or the quest for open standards. I just feel that what Stallman is doing is not the quest for openness, but more like gathering a cult to be lead off to a mass suicide.

Re:Every time he speaks I just want to shoot him

[Improv (2467)]

Given what he's already given us, I think you greatly understate the credit he's due. Without Stallman, we would have compilers, operating systems, editors, etc, but it's quite likely we would not enjoy the freedoms we have with them today. Right now, I can install Linux on any number of systems I have as well as systems at work, including all sorts of software, without any legal worries about licensing - Stallman did not write most of it, but he made it possible and drew people's attention to its desirability. It is because he constantly screams "freedom" and enough people listen (or are bound by the GPL's viral nature to listen) that we have a viable way to run computers without people who would significantly restrict our usage of this software getting in the way.

Stallman isn't perfect - he is known for being hard to work with, he let GCC stagnate for several years because of an inappropriate development model, and the "GNU/Linux" terminology thing wasn't necessary. However, taken as a whole he's a very important and positive figure.

Re:Every time he speaks I just want to shoot him

[MbM (7065)]

Take it with a grain of salt.

RMS intentionally confuses the terms free and open, because in his mind it isn't free until it's open; to him, free means freedom. The classic example is always "free" as in "free beer" vs "free" as in "free speech"; same word, different meaning.

Stallman's not wandering anywhere

[roystgnr (4015)]

He's been crazy for years. My first exposure to his loony ideas was in that old story of his, "The Right To Read" [gnu.org]. He wrote that when I'd just entered college and just started using this "GNU" stuff, and I remember being being stunned by his paranoia. Grade schools wasting time preaching [cnet.com] about intellectual property [ncsconline.org]? Software being outlawed [slashdot.org] for being able to edit RAM that someone else's program allocated? People who didn't have the root passwords for their own computers [wikipedia.org]? And then there's the central point of the story, that eventually people would be stuck with books they couldn't lend or resell [gizmodo.com]! That Stallman guy was clearly a nutjob.

Web Apps

[LaminatorX (410794)]

RMS may be a cranky extremist, but he's still right far more often than he's wrong. Web apps are in some ways a huge step backwards in terms of openness. If you're lucky there's a wsdl you can analyze but even then that's really just a client-facing API. What's less free/open than a binary-only distribution? One that's never even distributed in the first place. May I please continue to access this application, sir?

Re:he is right.

[radarsat1 (786772)]

I think it's pretty clear, if you just keep the fundamental principles of free software in mind. If you use software, you should have the freedom to modify it and run a modified version. Just remember that, and this article will make a lot more sense to you.

I think he enunciates quite clearly the "danger": that we are becoming more and more dependent on software that is temporarily downloaded to our computers in a semi-obfuscated manner and executed to perform non-trivial tasks. This is not quite breaking the "freedom to modify" principle, since technically the source code is available, but he's calling it a trap because in practice it's extremely difficult to get in there and modify a web application since current browsers don't provide an easy way to do it, and the "source code" is almost impossible to read.

Look -- people are calling him crazy for this but I don't know why. (Possibly because they'll jump on any opportunity to call him crazy.) But frankly he's right. If you value the ability to modify software that you use, web applications don't make it easy to do. Not only that, but they can change on you while you're in the middle of using them, making it difficult for any local modifications (based on GreaseMonkey e.g), to "stick".

I don't think he comes off as crazy at all in this article, nor is he even suggesting we don't use JavaScript or anything silly like that. He's merely pointing out some potential problems with web applications vis-a-vis the freedom to modify, and providing a possible solution in the form of metadata.

In fact I'd say this is one of the more practical and shorter things I've seen him write, so I can't understand why people are jumping all over this.

Re:How does Stallman use the web?

[shutdown -p now (807394)]

How does Stallman use the web?

Here's how [lwn.net].

Re:whoosh

[mrsteveman1 (1010381)]

His beard looks non-free to me, it's obfuscating his face

Re:Stallman has to go

[lennier (44736)]

"Richard Stallman has done more damage to the open source movement than anyone else. He is pompous, arrogant, rude, inflexible, and intolerant of diversity of opinion."

But he's also *right*. History has proved this, time and again. He seems like a hardass because reality is unforgiving. Too bad. He's still right.

What does 'tolerance of diversity of opinion' have to do with anything? Maths doesn't tolerate 1+1 not equalling 2. There are some places you *can't* tolerate wrong answers. Computer science and law are two of them.

You can disagree with his conclusions as much as you like, but that doesn't invalidate them.