Forgot your password?
typodupeerror
Software GNU is Not Unix

Richard Stallman Warns About Non-Free Web Apps 747

Posted by Soulskill
from the beware-hidden-dollarsign dept.
An anonymous reader writes "Richard Stallman has published an article which warns about the 'Javascript trap' posed by non-free AJAX-based applications. The article calls for a mechanism which would enable browsers to identify freely-licensed Javascript applications and run modified version thereof. 'It is possible to release a Javascript program as free software,' Stallman writes. 'But even if the program's source is available, there is no easy way to run your modified version instead of the original ... The effect is comparable to tivoization, although not quite so hard to overcome.'"
This discussion has been archived. No new comments can be posted.

Richard Stallman Warns About Non-Free Web Apps

Comments Filter:
  • by MillionthMonkey (240664) on Monday March 23, 2009 @11:37AM (#27298909)

    Why do I care if I visit a web site and "non-free" JavaScript runs in my browser?

    • Re: (Score:3, Insightful)

      by Arainach (906420)

      You only really care if, like Stallman, you're a "software vegan" and are terrified about touching anything to do with non-GPL code.

      • by CySurflex (564206) on Monday March 23, 2009 @01:18PM (#27300671)
        The problem with that logic is that Stallman missed a huge point. If, from his example you're using Google Docs, even if the JavaScript is "freed" using his new standard with stylized comments and the @source directive - you are still accessing non-free server software (the Google web servers) that responds to the AJAX requests. Not only that, but your browser is also making a call to the Google Ad server, which also has non-free software. You might also argue that its being served by a modified version of MySQL thats non-free, and perhaps even the firewall and the proxy that its passing through is a custom version written by Google Engineers (likely.)
        • by Estanislao Martínez (203477) on Monday March 23, 2009 @01:54PM (#27301223) Homepage
          The problem with that logic is that Stallman missed a huge point. If, from his example you're using Google Docs, even if the JavaScript is "freed" using his new standard with stylized comments and the @source directive - you are still accessing non-free server software (the Google web servers) that responds to the AJAX requests. Not only that, but your browser is also making a call to the Google Ad server, which also has non-free software. You might also argue that its being served by a modified version of MySQL thats non-free, and perhaps even the firewall and the proxy that its passing through is a custom version written by Google Engineers (likely.)

          There are two problems I can perceive with your argument, though:

          1. It is still potentially very useful to you to be able to modify the software that runs on your computer, and to share these modifications with other people. This is one of the major points of the GPL.
          2. You're describing here a system with three kinds of compoments: (a) client software, (b) server software, (c) server data. It's much harder to argue that (b) should be free software, especially if it's in-house Google software that we're talking about, not distributed outside the company. And (c) is not software at all, so the argument doesn't apply. Should the GPL have clauses that forbid, say, a GPL-licensed web browser from being able to connect to a web server running a non-free http server? What if it's a free http server connected to a non-free database? What if the http server and database are free software, but the people who operate the server don't allow you to download all of their data in bulk and serve it yourself?

          You have to draw a line somewhere here, and drawing the line between (a) and (b) seems reasonable.

      • Re: (Score:3, Interesting)

        by Onymous Coward (97719)

        Neither vegan nor software libre philosophies necessitate zealotry. My sincere sympathy to you if your ears were made to ache by rabid proponents of either.

        There exist level-headed proponents who make choices based on the practical implications of these philosophies more so than by emotionalism or terror.

        Granted, they may be hard to engage in clear and rational discourse, especially if the outset of potential dialogue is marred by broad brush dismissals. That's not a problem, however, if reason and clarit

      • Not that he would necssarily give a crap that I do.

        My personal conviction is that Linux came to be what it has come to be *precisely* because it was released as GPLv2 code; I don't think it would have grown to nearly the size and penetration </beavis> that it has were it under some other license.

        Therefore, the state of much of the world today -- not just the computing world, but Real Life -- descends almost entirely from the fact that rms is a extremist about the principles of Free Software.

        We often l

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      I'm pretty sure only Richard Stallman cares. Not sure why anyone cares what he cares about though, he seems like a real barrel of laughs.

      • Re: (Score:3, Funny)

        by wastedlife (1319259)

        Isn't he the guy that claims he browses the web by invoking some daemon to download an html page and email it to him? If so, why would he even care?

      • by registrar (1220876) on Monday March 23, 2009 @06:11PM (#27304515)

        Richard Stallman may or may not be talking about something important here-but we have some extraordinary pay-offs from his insight 25 or so years ago. People legitimately disagree with him (including me) but only a fool would ignore him.

        Just because the man is an uncompromising idealist in no way justifies your cowardly and stupid ridicule. And the moderators who thought you were insightful should the meaning of the word "insight" and moderate accordingly.

    • by paroneayea (642895) on Monday March 23, 2009 @11:43AM (#27298993) Homepage
      Why do you care if non-free python, C, or whatever apps run on your computer? Code is code, and websites aren't what they used to be. The web has become a platform for client/server applications. So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.
      • Why do you care if non-free python, C, or whatever apps run on your computer?

        Because it's generally harder to upgrade/maintain (not in the standard apt repositories), I can't fix it myself, and whoever controls it can just randomly disappear or EOL it.

        So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.

        Except that all of those thing either don't apply to web apps at all, or apply to all web apps. There's nothing to install, upgrade, or fix locally, and you're dependent on some service provider regardless of the status of the code.

        • by mr_mischief (456295) on Monday March 23, 2009 @12:35PM (#27299927) Journal

          The client-side code could just as easily be saved to your local drive and loaded from your local drive into your browser as downloaded (or loaded unchanged from cache) every time you visit a page. You local copy could then be altered to better suit your needs, so long as it's still compatible with what the server is doing or is independent of the server. This can be done now, but browsers don't support doing it easily.

          What Stallman wants in this case boils down to two things as I read it. First, he wants a standard way to mark the license of the program that's easy to discern both visually and in software so you'll know what license you have to the software and the browser can inform you of that automatically. He also wants an easy way for every piece of client-side code a web page uses to be easily replaceable with your own local version from your own local disk. Right now, you can grab the JavaScript from a page and alter it, but without some work you're still going to be running the publisher's version when you're on their site. He wants some way to specify that the JavaScript that was loaded from, for example 'http://www.foo.com/js/some-script.js', instead gets loaded from your customized local version so you can interact with the web app with your changes in place.

          Personally, I think he's got a good idea there. I'm no RMS fanatic, but I do like to be able to alter the software I run to suit me, and I like the GPL (and BSD, CC-SA, and some other licenses) for that reason.

          He just wants a couple of technical features built into the OSS browsers to support loading custom client-side code and for you to more easily know which license the code is under. I think this is much easier to accept than some of the more drastic position statements out of the FSF. It really can benefit anyone who prefers any of the Open Source licenses, and not just what the FSF calls Free Software under the GPL.

          • by LaughingCoder (914424) on Monday March 23, 2009 @12:46PM (#27300129)

            He also wants an easy way for every piece of client-side code a web page uses to be easily replaceable with your own local version from your own local disk.

            That sounds to me like a massive security hole just waiting to be exploited. People navigate to their brokerage page or their online banking page thinking they are running the brokerage/bank software, not knowing some malware made illicit and modified copies of the Java on their hard drive which is run instead. Scary stuff.

            • This, of course, can be done now. The first think you learn when dealing with webapp security is that you can never trust the client.

              Nothing is stopping me now from loading my own Javascript (or Java, or anything else that runs in the browser) on a bank's webpage.

              • by mea37 (1201159) on Monday March 23, 2009 @01:01PM (#27300389)

                True. But my browser makes it hard for your malware to cause me to run your version of the bank's client on their website; GP's point is that under RMS's proposal it wouldn't be as difficult to do that.

                It's not about you attacking the bank; it's about you attacking me when I try to use the bank's services.

                • by bentcd (690786) <bcd@pvv.org> on Monday March 23, 2009 @01:11PM (#27300551) Homepage

                  True. But my browser makes it hard for your malware to cause me to run your version of the bank's client on their website; GP's point is that under RMS's proposal it wouldn't be as difficult to do that.

                  It's not about you attacking the bank; it's about you attacking me when I try to use the bank's services.

                  The two are the same problem though. Malicious code could attack the local javascript-repository in an RMS-compliant browser in order to hijack your bank accounts etc. In current browsers, malicious code can achieve the same by attacking your browser directly. The problem only becomes more severe if the RMS-compliant browser has worse security management of its local javascript-repository than it does of its own executable code.

                  • I'll probably get flamed all to hell for daring to say this on a website frequented by website designers, but what the hell, my karma is good. I think we are missing the forest for the trees. A much bigger problem is too damned many websites are using JavaScript that have no reason to. I don't know how many times I have come across websites where basic functions that should have been straight HTML/CSS were coded in JavaScript.

                    And with all the malware using JavaScript and what seems like a new vulnerability coming out every day it is feeling more and more like JavaScript is going to be the next ActiveX. In fact with all the JavScript exploits [yahoo.com] I'm shocked we even use it at all. Let us be honest here: If this was a MSFT technology instead of cross platform would we still use it? Or would we be calling for its ban because of all the security holes?

                    So IMHO the question isn't whether the JavaScript code is free or not, but it is whether we should be running it in its current implementation at all. I mean when you have to use Noscript, which is basically a condom for JavaScript, just to surf the web something is seriously fucked up with the JavaScript security model. Maybe instead of looking at whether the code is free or not let us look at how to keep it from being a malware paradise first. And all this talk of sandboxing is frankly just a band aid for a bad security model. If your code is so damned dangerous that the ONLY way to run it safely is to use a VM, I don't want it, thank you very much.

                    I think if the underlying security model of JavaScript isn't fixed we won't have to worry about whether the code is free or not, because it will end up going the way of ActiveX. There is nothing being done in JavaScript today that couldn't be done in other languages or using other tools like Java and flash. And ATM it is simply too dangerous to allow myself or my clients to use JavaScript without whitelisting. And that is pretty sad.

                    • by grumbel (592662) <grumbel@gmx.de> on Monday March 23, 2009 @03:59PM (#27302841) Homepage

                      I disagree with putting the blame on Javascript, the whole problem starts already with HTML/CSS. Webpages these days are something that is generated, not something that is written, meaning what the user gets to see isn't the real data, but just some more or less usable rendering of it and thats pretty much where the trouble starts. The whole notion that its the browsers job to render a webpage in a style chosen by a user, has pretty much completly fade away, today you are basically left with the choice between pixel-perfect representation of what the webdesigner had in mind and absolutely no style at all, there is no in between, no clean separation between actual content and user interface. Even something simply as changing the font size will break close to 100% of all non-trivial webpages out there, on some its just a little glitch (like "Reply to this" button falling appart on Slashdot) while other get completly unusable because elements end up being hidden below others. This whole mess has to stop. I don't mean that webpages should go back to HTML2 or whatever, but simply that they should allow raw access to their content, I don't want a news article flooded with navigation bar and crap, I want the raw news article and nothing else. I doubt that this will happen on a large scale anytime soon, since it would make it to easy to filter away all advertisment, but then even webpages without any advertisment suffers from this very same problem.

            • Re: (Score:3, Interesting)

              by xSauronx (608805)

              i care about the software on my computer, and avoid non-free stuff as best as i practically can...but theres no way in hell i want to deal with notices and options from all the java stuff on every site i visit.

              i already block what i can get away with via noscript and even thats a hassle sometimes, trying to deal with even what i unblock, in regards to licensing, would drive me nuts.

          • by DrgnDancer (137700) on Monday March 23, 2009 @01:11PM (#27300553) Homepage

            I can see it now:

            ATS: Amazon.com Tech Support, can I help you?
            Cust: Yeah. I can't seem to buy books from your website.
            ATS: I see. Lets' see what we can do to help you.... ...
            an hour later ...
            ATS: Well sir, everything seems fine. We've looked at all of you settings, verified your account, even successfully completed a transaction on antother computer, I'm at a loss...
            Cust: Hang on a sec ... ::what's that? Huh? Umm.. OK:: ... Uh, my son says he modified the javascript for your site for our local browser and it might have done something to... ::click:: ... Hello? Hello?

          • by mea37 (1201159) on Monday March 23, 2009 @01:12PM (#27300559)

            The technical implciations are a bit more involved than "modify how the browser loads code".

            Right now, a web develoepr can rely on the fact that every visitor to his site is getting an up-to-date copy of the client software. We can have an interesting philosophical debate about whether they should rely on this assumption, or a much more practical one about how many do rely on it.

            So I make non-backward-compatible changes to my website, and you run your cached/modified version of the client. Some features don't work. Your browser behaves in ways my server no longer expects. Depending on whether I forsaw this occurance, maybe the effect is harmless (except you're out of luck until you revert to a new download, and then start making your chnages again); or maybe if I was particularly clumsy or just have lousy luck, you corrupt some resource on the server.

            We can mitigate the worst problems "merely" by re-educating every web developer everywhere; but realistically we're calling for a client-server handshake so that the server can let the modified client know that it's out of sync (and/or revert to a backward-compatible mode if possible).

            Personally I don't see customization of web apps as a pressing need (prior to this article I've never thought about trying it, so clearly it isn't that important to my daily life). So to me, it isn't worth the trouble. YMMV.

            • by Ifni (545998) on Monday March 23, 2009 @03:10PM (#27302217) Homepage

              Right now, a web develoepr can rely on the fact that every visitor to his site is getting an up-to-date copy of the client software. We can have an interesting philosophical debate about whether they should rely on this assumption, or a much more practical one about how many do rely on it.

              So I make non-backward-compatible changes to my website, and you run your cached/modified version of the client. Some features don't work. Your browser behaves in ways my server no longer expects. Depending on whether I forsaw this occurance, maybe the effect is harmless (except you're out of luck until you revert to a new download, and then start making your chnages again); or maybe if I was particularly clumsy or just have lousy luck, you corrupt some resource on the server.

              Personally I don't see customization of web apps as a pressing need (prior to this article I've never thought about trying it, so clearly it isn't that important to my daily life). So to me, it isn't worth the trouble. YMMV.

              Greasemonkey [greasespot.net] begs to differ - there is a very real and very popular desire to customize many aspects of popular websites, including the Javascript code in them. Greasemonkey also provides a solution to RMS's issue to an extent. It is not as accessible as he might like, and it doesn't solve the problem of programmatically determining whether you have the developer's permission to modify his code, but people are currently using it to make changes - maliciously or otherwise.

              So you have two camps under RMS's plan - those that tag their client as free, in which case one would hope that they anticipate client side alteration, and those that do not, in which case they are still naive to expect that there will be no alteration of the client and such a change (bringing the possibility of that type of change into the public limelight) might achieve your "re-educating [of] every web developer". Just because it isn't common doesn't mean it isn't done, and whether browser developers embrace RMS's ideas or not doesn't change the fact that proper security should be a part of the design for every public facing resource.

              So the argument, as you mentioned, is not that developers should know what they are doing, but simply that there already exists a desire to customize Javascript (even beyond just AJAX) applications and it needs to be made more accessible to the masses. Right now, people are modifying proprietary apps, which is likely a violation of TOU, because typically no license is included in the script portions of the page. He wants licensing to be made clear to the user so that they can easily detect what they are allowed to change and what they shouldn't (or should only at their own legal risk). More importantly for RMS, he could direct his browser to refuse to run any Javascript that is not free. That is the first step. Once it is clear what you can modify, then he wants the browser to have a simple method for activating your changes. Greasemonkey does this, I believe, but it is not built into the browser (and I don't think it should be, so I disagree with RMS on this point).

              In TFA he extends the argument to Java applets, Flash, and Silverlight, which Greasemonkey does not cover as well (though by changing the calling pages you could force the page to load your local copy of the applet, etc), which adds a little more weight to his claim of inadequate current tools, even including third party add-ons.

              The important part to remember, however, is that those that do not wish to play are free to not tag their programs as free, in which case they are free to continue on in the blissful belief that they can trust the client.

          • Re: (Score:3, Interesting)

            by tknd (979052)

            He just wants a couple of technical features built into the OSS browsers to support loading custom client-side code and for you to more easily know which license the code is under.

            Well, we already have a bunch of popular open [mozilla.com] source [konqueror.org] web browsers [google.com]. How about he use his open source ideals and implement it [mozilla.org] himself.

          • Re: (Score:3, Insightful)

            by BitZtream (692029)

            First, he wants a standard way to mark the license of the program that's easy to discern both visually and in software so you'll know what license you have to the software and the browser can inform you of that automatically.

            Or we could just ignore those licenses like we do with stuff from the web now and use it pretty much however we see fit. There is no need to add legitimacy to the bullshit licenses in the world by adding another feature to prop them up and spew them at users.

            Really, I want to go to a w

      • I thought I did. (Score:5, Insightful)

        by Samschnooks (1415697) on Monday March 23, 2009 @12:00PM (#27299295)

        So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.

        I was having trouble with a F/OSS app several months ago and I thought "Great! It's F/OSS! I can just get the software source and have a gander and solve my own problems!"

        So, I downloaded the code, unzipped it, spent a couple of days getting the development environment right, and brought up the editor. A few days go by, and I'm trudging through uncommented PHP code, digging into class after class calling other classes that called other classes that just set global constants or read environment variables, and so on and so on...

        I deleted the code because instead of "solving my problem" I was getting lost and not accomplishing the activity that the software was supposed to accomplish.

        I went and got a package that did what I wanted.

        In short, I have no desire to look at source code. I don't give a rat's ass. I have better things to do than to dig through other people's mess - thank-you-very-much.

        F/OSS only appeals to people who LIKE to trudge through others code to see how it works or make it "better". To me, software is an end to a means and I don't really give a rat's ass how it works as long as it's not doing shit behind may back that I don't want; which I can find out by other means than looking at source code.

        • Re: (Score:3, Insightful)

          Insert key.
          Push the pedal.
          Go.

          I share the same philosophy about computers. I don't want to waste hours of my life on coding software. I'd rather just work 1 hour of overtime, and then go out and buy the program I need.

          • by Austerity Empowers (669817) on Monday March 23, 2009 @12:43PM (#27300067)

            No one is asking you to. But what if you ran a business and the software vendor for some mission critical app decided he wasn't going to support your desired OS, or some trivially simple feature that a competing system has that makes a lot of financial sense to you? But your cost to switch over outweigh the cost of that feature. Your vendor was either going to hold you hostage for some obscene amount of money required to switch (but enough that he thinks you'd pay, since he knows your costs too), or let you stay on your existing platform which will bleed you dry slowly. What if your software vendor decided that you can run 8 documents at once, but to run each additional document at once would cost $100/document. Not because of any technical limitations, but simply because they want to charge you that way?

            If you made a point to never use F/OSS you could simply pay someone else to fix the software, perhaps someone you already have on staff. You could have it your way. You wouldn't get stuck with idiotic licensing scams and other extortion.

            This kind of thing happens all the time, at all levels of business. While he sounds like a raving lunatic at times, his zealotry can produce a better world. It works not only for people who like to code, but for those who'd rather pay others to do it for them. We really ought to be looking for ways to use open source as much as possible, in place of proprietary alternatives. He's pointing out ways to help you identify closed source apps you may not know exist.

            As usual it sounds ridiculous and paranoid, but it does make sense. You may not wish to put your life on hold for lack of F/OSS alternatives, that's not a reasonable expectation, but it makes sense to favor F/OSS solutions and be looking for a way to remove proprietary as much as possible. The economics of the world won't really change much, people will still get paid to write software... but they won't be able to extort you for it either, or pimp it for decades because you have been locked-in.

            • by ClosedSource (238333) on Monday March 23, 2009 @12:57PM (#27300311)

              If a software vendor wants to lock you in, he isn't going to cooperate by making his web app easier to work around. There is also the server side that you know nothing about, so if he ever goes out of business you'd have some nice javascript that interacts with a phantom server.

              Even if you're a die-hard F/OSS fan, you should spend your energy on initiatives that really make sense.

          • Re:I thought I did. (Score:5, Informative)

            by cozziewozzie (344246) on Monday March 23, 2009 @12:52PM (#27300231)

            I share the same philosophy about computers. I don't want to waste hours of my life on coding software. I'd rather just work 1 hour of overtime, and then go out and buy the program I need.

            You don't get the whole point of Free Software in the first place.

            But the beauty of it is that even you can profit from its fruits. Every time you surf on the internet, or listen to music or watch a movie. Most of those are running on or were created with Free Software.

        • Re: (Score:3, Interesting)

          by Omnifarious (11933)

          For one, you learned something valuable about that piece of software. You learned that it's really poorly written. And that's a bad piece of software to be hitching your wagon to.

          With a commercial app, you may have wasted a whole lot of time and invested a whole lot in making the software work instead of learning right off that it was so poorly written that the vendor wouldn't be able to properly maintain it for you.

          Secondly, you relied on that piece of software to not have hidden trojans in it. You woul

        • Re:I thought I did. (Score:5, Informative)

          by betterunixthanunix (980855) on Monday March 23, 2009 @12:44PM (#27300087)
          "F/OSS only appeals to people who LIKE to trudge through others code to see how it works or make it "better". To me, software is an end to a means and I don't really give a rat's ass how it works as long as it's not doing shit behind may back that I don't want; which I can find out by other means than looking at source code."

          Free-libre software is about more than just looking through source code. The availability of source code is a means to an end; there are non-free licenses that provide access to source code, and even the right to modify that source code. Free-libre licensing grants you freedoms that you really do not have with proprietary systems, including those that make code available to you:
          • The freedom to install the software on as many systems, and for as many users, as you wish. For a web apps, some vendors limit how many simultaneous users (or how many users in total) may use the system; a free-libre system cannot impose such a limit.
          • The freedom to use the software perpetually.
          • The freedom to use the software for whatever purpose you see fit (compare this with the AAC codec license, which forbids "client software" for being used for "professional" purposes).
          • The freedom to use modifications to the software that other people have developed.
          • The freedom to give the software to someone else.
          • The freedom to discuss the software with someone else (there are proprietary systems that forbid or limit this as "trade secrets").

          Maybe these are not things that really matter to you. I have encountered restrictions on every one of the above items from different software packages, and it has caused me and the other users/administrators of the software serious headaches. In cases where free-libre software was introduced, people just got their work done -- no worries about breaking the law, no worries about the software suddenly becoming inoperable, no restrictions on who we may discuss the software with.

        • Re: (Score:3, Insightful)

          by metamatic (202216)

          In short, I have no desire to look at source code.

          Then don't.

        • by Tom (822) on Monday March 23, 2009 @01:38PM (#27300987) Homepage Journal

          Yes, most of the times I don't care for the source, either.

          However, several times already I came across a piece of Free Software that did almost exactly what I needed, or that did what I needed but hadn't been updated for quite a while. I could take it and add the feature I wanted, or take it over and continue developing it, or simply fix a few bugs that prevented it from running/compiling in the current compiler/webserver/whatever environment.

          Just because you don't use a freedom 99% of your time doesn't mean it isn't valuable. I very rarely make use of my freedom to assemble, and elections are only every few years - but still these are important freedoms to have.

      • by patro (104336) on Monday March 23, 2009 @12:08PM (#27299457) Journal

        So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.

        Okay, but Javascript is only one part of this problem. What about the code running on the server? I wonder if RMS visits any websites at all besides fsf.org

        He can't be sure after all if other sites use only free software on the server side, so he can't visit them to avoid accidentally supporting non-free software.

        • by ShieldW0lf (601553) on Monday March 23, 2009 @12:21PM (#27299687) Journal
          He's concerned about vendor lock-in. He's concerned about a small group of people being able to hold the rest of the world hostage by threatening to cut them off from the infrastructure they depend on, and he's concerned about a vast group of people being abandoned by those they trusted to handle their essential infrastructure.

          It's a valid concern, it's not hard to understand, and it's not easy to dismiss either. The fingers-in-the-ears-going-la-la-la tactic seems to be the standard approach for a lot of people.
        • by Jamie's Nightmare (1410247) on Monday March 23, 2009 @02:00PM (#27301295)

          I wonder if RMS visits any websites at all besides fsf.org

          I'm glad you asked. Let's get a direct quote [lwn.net] from the man himself:

          "For personal reasons, I do not browse the web from my computer."

          At the risk of obvious ridicule he doesn't give the reasons behind this choice, but that's not really important here. Stallman is truly out of touch with the real needs of people who actually use computers on a daily basis. He is out of touch by his own choice. What really burns my taters is that so few properly chastise Stallman for this foolishness. Even worse, some actually defend it.

    • by jkrise (535370) on Monday March 23, 2009 @11:47AM (#27299057) Journal

      Programmability is an important aspect of free software. The javascript trap effectively converts web applications into proprietary client-server type applications, Google's apps included. Which reduces the scope for innovation, standards and progress. Hence Stallman's warning.

    • Re: (Score:3, Insightful)

      by blitzkrieg3 (995849)
      http://www.gnu.org/gnu/manifesto.html [gnu.org]

      Complete system sources will be available to everyone. As a result, a user who needs changes in the system will always be free to make them himself, or hire any available programmer or company to make them for him. Users will no longer be at the mercy of one programmer or company which owns the sources and is in sole position to make changes.

      from "Why all computer users will benefit", among other things.

    • by dazedNconfuzed (154242) on Monday March 23, 2009 @11:53AM (#27299173)

      Because you are reliant on something which must be paid for (somehow) and/or you can't own. Stallman's view, nutty or not, is that you should be able to function ENTIRELY on free software - which a non-free JavaScript "app" by definition isn't. From his perspective, it's an insidious "slippery slope" undercutting of the free (speech AND beer) software paradigm: it's so easy to get caught in the "[shrug] so what? I didn't have to pay, and I don't have to keep a copy because I just go to the site to run it again" trap, risking reliance on something controlled by someone else.

      • Re: (Score:3, Insightful)

        by Greg_D (138979)

        Well, there's a simple response to Stallman: you're wrong.

        If you want to use my service and my resources, then you don't get to dictate your terms to me.

        • by swillden (191260) <shawn-ds@willden.org> on Monday March 23, 2009 @12:42PM (#27300049) Homepage Journal

          Well, there's a simple response to Stallman: you're wrong.

          If you want to use my service and my resources, then you don't get to dictate your terms to me.

          Stallman is perfectly happy avoid using your service and resources. His issue is that he doesn't have an easy way to tell whether or not he *should* avoid you.

          Hence his recommendation that Javascript that is Free Software be tagged with something that indicates the license, so that appropriately-configured browsers can avoid executing non-Free code.

          On a more general note, why is it that everyone assumes that when Stallman explains how he thinks things should be, or the way he thinks people should act, that he's somehow "dictating" to them. He is extremely clear on the fact that he neither has nor wants the power to dictate, because that would be anti-freedom. Instead, he explains, exhorts and encourages, pushing the growth of Free Software and pointing out non-Free software that may go unnoticed.

        • by Azureflare (645778) on Monday March 23, 2009 @12:58PM (#27300339)
          I can't dictate the terms for your services nd your resources, that's true. However, your client side code is running in MY BROWSER consuming MY RESOURCES.

          That is the point Stallman is making. I really think he should have provided more examples.

          He doesn't care what you do on the server side. Just provide us with messages to the client (us) that enables us to provide whatever interface to the data that we want.
          • by Greg_D (138979) on Monday March 23, 2009 @03:06PM (#27302175)

            And who decided to venture over to my page and use my services? YOU DID. The javascript source doesn't do anything without the server communicating with it.

            Stallman's argument has been that one should distribute the source if one distributes the binary.

            There's no binary. There's only source with Javascript, and it is cached in the browser so that you can read it. Whether or not it is beneficial to allow people to license that code and use the API to interface with the server is strictly up to the person who controls the server. As it should be.

            Stallman has never been so worried about free software as he has been about promoting business models which suit his political philosophy. He never anticipated the web service as a business model, and he really doesn't know how to attack it because it neuters his mantra.

    • Re: (Score:3, Informative)

      You may wish to modify extend the web app in some way that is suitable for you. For example, I know people who want GMail to support PGP; there is a Firefox plugin that modifies the page layout and Javascript so that messages can be signed, encrypted, decrypted and verified. This is the same argument that is made for free software on your desktop.
  • by Anonymous Coward on Monday March 23, 2009 @11:37AM (#27298911)
    Has "borrowing" some Javascript (or HTML for that matter) ever resulted in litigation? There's been sort of an understanding since the inception of the Web that people will borrow from each other, because they can, and that's more or less fine.

    I like Stallman's idea, it just doesn't seem particularly urgent.
  • by paroneayea (642895) on Monday March 23, 2009 @11:39AM (#27298941) Homepage

    "from the beware-hidden-dollarsign dept"

    I would think slashdot would know better what Stallman means by when he says free or non-free software [gnu.org]. Generally these webapps area available at no cost anyway, and obviously that's not what he's talking about. He's talking about the classic ideas of free software, not whether or not it is okay to sell software [gnu.org]. I just think that should be clear here.

    Anyway, if we do argue that applications are moving into the web sphere, (which most web 2.0 advocates of course do,) then this is indeed something important to think about within the domain of free software.

    • by u38cg (607297) <calum@callingthetune.co.uk> on Monday March 23, 2009 @11:51AM (#27299125) Homepage
      I think /. is more than aware what they mean. Just because you aren't forking out to use these web applications, doesn't mean that there isn't a cost. Software as a service costs real money to host, and you should be asking where the money is, and why.
    • by SirGarlon (845873) on Monday March 23, 2009 @11:56AM (#27299215)
      I thought the hidden dollarsign referred to malware possibly embedded in non-free Javascript. As Stallman points out in TFA,

      the idea that non-free programs mistreat their users is familiar

      This mistreatment can take many forms, including collecting user data without informed consent, for example, a user profile which can then be used for marketing (and/or sold). That's what I thought the "hidden dollarsign" was referring to.

  • by sbalneav (464064) on Monday March 23, 2009 @11:42AM (#27298983)

    From TFA:

    "Javascript (officially called ECMAscript, but few use that name)..."

    Linux (officially called GNU/Linux, but few use that name)..."

    Practice what we preach, Hmmmmm?

    • by Anonymous Coward on Monday March 23, 2009 @12:13PM (#27299537)
      "Richard Stallman (officially called Dick, but few use that name)..."
  • data (Score:5, Insightful)

    by Lord Ender (156273) on Monday March 23, 2009 @11:45AM (#27299019) Homepage

    The license for the javascript software you are running might be important, but the far more important factor, in my mind, is the IP rights and responsibilities attached to your data.

    Who has access to your data? How can you verify that? Who is responsible for keeping it secure? Who is responsible for making backups? How can you verify that?

  • by Anonymous Coward on Monday March 23, 2009 @11:45AM (#27299035)

    According to this, a Javascript program that talks to a closed source AJAX backend is Not Free, even if the Javascript code itself is Free.

    This is the craziest thing Stallman has come up with yet. Is a web browser that talks to a None Free web server Not Free? What about a program that uses SQL to talk to a database server that is Not Free?

    • by illegalcortex (1007791) on Monday March 23, 2009 @12:07PM (#27299419)

      While I frequently think RMS takes good philosophy and generates stupid conclusion, I actually think your example proves him right. Imagine MS SQL ships you SQL server with all the source code Query Analyzer and the DB access libraries open sourced and GPL. But they continue to distribute the SQL server engine as closed source and with the current license. Does that make SQL server free or not free?

      Your browser example just doesn't work because the browser can access a whole host of other information and isn't built only for talking to that one server. Your other example program could be used to talk to any number of database servers instead of MSSQL. As long as it was a free, open source app and didn't use some incredibly henious MS-specific SQL, you could point it at another DB.

      Now imagine something even more symbiotic than Query Analyzer and MSSQL. Something where there really is no practical use for the client except to talk to that server. For AJAX apps, it's more of a parallel to say the Javascript is just the top layer GUI on the behind-the-scenes application. That's what we're talking about here. The client is only half of the application, the server is the other half. An application can't be "half-free."

      • by assassinator42 (844848) on Monday March 23, 2009 @12:25PM (#27299743)
        Well, lets take the OSCAR plugin in Pidgin/libpurple. It's only (or at least by far the primary) use is to talk to AOL's server(s), which are not free. Does that make the plugin or even libpurple or Pidgin non-free?
      • While I frequently think RMS takes good philosophy and generates stupid conclusion, I actually think your example proves him right.

        Happens every the time, he says something, people go WTF he's nuts, you put smash two neurons and realize he's absolutely right, but still call him crazy. Then repeat without learning your lesson.

        What he is asking for now is not just not crazy, is just standardization and extending of stuff already there. Example, Greasemonkey already lets you run your own javascript in the browser but:

        1) Your script runs ON TOP (and after) the site scripts, you should be able to completely override them.

    • Is a web browser that talks to a None Free web server Not Free?

      A Free web browser which could only talk to a non-Free web server would not be Free enough to satisfy a free-software purist (it would also be a pretty odd web browser).

      The argument is quite reasonable: the owner of the non-free server could withdraw it at any time: the Free client, along with any contributions from the free software community, then has scrap value only (maybe there's some re-usable code in there, maybe not).

      The counter-argument is more pragmatic (so Free Software purists won't like it):

  • by rumith (983060) on Monday March 23, 2009 @11:56AM (#27299225)
    Actually, it was me who alerted him on this issue (using GMail as an example). However, that was almost a year (!) ago. Took him a long time, but I couldn't expect any less, since the man almost never uses a browser at all...

    P.S. For those interested, here [sinp.msu.ru] is the transcript of our email conversation.

    • Re: (Score:3, Insightful)

      I particularly liked this bit:

      I'd like to point out that a user is not necessarily an individual: a user
      can be a corporation like Sun Microsystems or VIA, which obviously can
      design and mass-produce hardware.

      That is true. But if the issue applies only to companies, it is not
      such an important issue.

      I'm sure all the companies out there trying to build their business models on FSS and GPL will be delighted to hear that.

  • FFS (Score:3, Insightful)

    by LizardKing (5245) on Monday March 23, 2009 @12:00PM (#27299291)
    This is from the man who by his own admission doesn't use a web browser. He's becoming more and more like the Ayatollah - issuing edicts about things that he barely comprehends and has never actually tried himself.
    • Re: (Score:3, Insightful)

      by clintp (5169)

      Less like the Ayatollah and more like Jesse Jackson. Jackson is not "the Emperor of Black People", but every time the man chimes in about race-related issues the media is sure to stick a microphone in front of him.*

      The problem is that once someone gets tagged as "representing" a class of people, they're awfully hard to get rid of. The media (Slashdot) falls over themselves when an edict is issued. This keeps them around long after they're usefulness is past.

      Ignore Stallman and he'll go away.

      * Feel free t

  • by BitZtream (692029) on Monday March 23, 2009 @12:01PM (#27299315)

    Let me give you guys a hint. Its a good time to start distancing yourself from Stallman, he's definitely wondering off to the tree-hugging-nutjob-hippie commune.

    He's lost grasp of the point of software. The point of software is not 'to run free software', its to get something done.

    His entire life has turned into 'omg you must use free software or you are doing the wrong thing'. He has no logic for this other than 'its bad for you not to use free software' or 'its bad for you if you cant modify it even though you have no useful reason to do so!!!'

    He goes so far in the article to try to confuse the meaning of 'free' versus 'open', implying they are essentially the same thing. They aren't, and never will be. He has gotten himself so deep into his own bullshit that it would appear that it is now impossible for him to understand that his 'way' isn't the only one. Once you've got yourself to the point where you think 'free' or OSS software is 'the only way' you are no better than those people who refuse to use OSS software, you're just a moronic twit at that point.

    Stallman has reduced himself to a religious leader rather than a promoter of openness for the common good. He's simply gone too far.

    So again, I encourage you to distance yourself from Stallman, he is not someone you should associate with any more than the Church of Scientology as they are both just spreading propaganda for their own personal gain at this point. Now that OSS has become even slightly accepted his usefulness as a supporter of OSS is diminished, so he's taking it to the next level and trying to say all non-free software is bad. Read that carefully, 'non-free'. Not open. In this article he in a round about way attacks 'open' standards that are not 'free' by his definition.

    You need to watch out for the guy who screams 'freedom' while at the exact same time adding new restrictions to the very license he claims is all about 'freedom'. I'm not saying not to use GPL or GPLv3, if the fit your needs/goals, thats entirely fine and should be used if they fit. I license my software under many different licenses based on what I'm trying to accomplish. My applications are generally closed source, I have some libraries that I've released LGPL, and many that are BSD licensed. I have not used GPL proper as it doesn't really fit my Each has their place in MY agenda. I'm just saying that what he does is hypocritical to an extreme only shared by politicians and lawyers, and because of that he should be treated as such.

    I am in no way saying you should abandon OSS or the quest for open standards. I just feel that what Stallman is doing is not the quest for openness, but more like gathering a cult to be lead off to a mass suicide.

    • by Improv (2467) <pgunn@dachte.org> on Monday March 23, 2009 @12:13PM (#27299551) Homepage Journal

      Given what he's already given us, I think you greatly understate the credit he's due. Without Stallman, we would have compilers, operating systems, editors, etc, but it's quite likely we would not enjoy the freedoms we have with them today. Right now, I can install Linux on any number of systems I have as well as systems at work, including all sorts of software, without any legal worries about licensing - Stallman did not write most of it, but he made it possible and drew people's attention to its desirability. It is because he constantly screams "freedom" and enough people listen (or are bound by the GPL's viral nature to listen) that we have a viable way to run computers without people who would significantly restrict our usage of this software getting in the way.

      Stallman isn't perfect - he is known for being hard to work with, he let GCC stagnate for several years because of an inappropriate development model, and the "GNU/Linux" terminology thing wasn't necessary. However, taken as a whole he's a very important and positive figure.

    • by MbM (7065) on Monday March 23, 2009 @12:25PM (#27299747) Homepage

      Take it with a grain of salt.

      RMS intentionally confuses the terms free and open, because in his mind it isn't free until it's open; to him, free means freedom. The classic example is always "free" as in "free beer" vs "free" as in "free speech"; same word, different meaning.

    • by roystgnr (4015) <.roystgnr. .at. .ticam.utexas.edu.> on Monday March 23, 2009 @02:00PM (#27301297) Homepage

      He's been crazy for years. My first exposure to his loony ideas was in that old story of his, "The Right To Read" [gnu.org]. He wrote that when I'd just entered college and just started using this "GNU" stuff, and I remember being being stunned by his paranoia. Grade schools wasting time preaching [cnet.com] about intellectual property [ncsconline.org]? Software being outlawed [slashdot.org] for being able to edit RAM that someone else's program allocated? People who didn't have the root passwords for their own computers [wikipedia.org]? And then there's the central point of the story, that eventually people would be stuck with books they couldn't lend or resell [gizmodo.com]! That Stallman guy was clearly a nutjob.

  • Web Apps (Score:5, Interesting)

    by LaminatorX (410794) <sabotage.praecantator@com> on Monday March 23, 2009 @12:04PM (#27299369) Homepage

    RMS may be a cranky extremist, but he's still right far more often than he's wrong. Web apps are in some ways a huge step backwards in terms of openness. If you're lucky there's a wsdl you can analyze but even then that's really just a client-facing API. What's less free/open than a binary-only distribution? One that's never even distributed in the first place. May I please continue to access this application, sir?

  • by Azureflare (645778) on Monday March 23, 2009 @12:40PM (#27300013)
    Stallman is advocating a more modular method of loading Javascript webapps.

    An example of what he's envisioning: If Gmail was OSS, it would announce to the browser the modular scripts it was using to perform each operation, and the source would provided under a specific license. The browser would be configurable to load alternate web scripts to replace the functionality provided by google.

    What Stallman is advocating is essentially turning webapps into applications where the user can control the application, rather than the service provider.

    This would rely on OSS providers using the standard object passing model between server and client.

    I'm not too sure if his idea would work too well, given how reluctant most non-OSS providers are to give away the code to their main applications.

    It's a very gray area to tread, so many websites really can't be considered to be like traditional desktop applications, but they exist in some middle ground between traditional web sites and desktop apps.

    I think he has an interesting point but he didn't really express it well. If he provided more examples and what the real world implications of relying on and migrating towards proprietary javascript web apps for daily productivity, I think more people would understand.
  • by louzerr (97449) <Mr.Pete.Nelson@gma[ ]com ['il.' in gap]> on Monday March 23, 2009 @12:57PM (#27300319) Homepage

    So, I assume Stallman can't use any typical search engine ... maybe he built his own from Lucene. He also must not do any credit transactions online.

    He must also be careful that any packets his computer sends turn right around should they encounter a Cisco router (or any other proprietary router).

    I suppose in his daily life, using a phone, or a car, or Television would be right out.

    I sure hope Mr. Stallman never needs any medical attention.

    I DO admire much of what Mr. Stallman stands for, and I'm glad there is a champion for free software ... but I live in the real world, where to buy goods, you need some government's currency, and to do anything electronically, you have to use SOME commercial software somewhere.

    I wonder, too ... does Mr. Stallman's PC have a proprietary BIOS, or did he write that code, too?

  • by BlueParrot (965239) on Monday March 23, 2009 @01:01PM (#27300381)

    He seems to be afraid companies will try to deny free software developers source code to improved versions of their free-software code by avoiding to ever distribute the software. It is however not clear that this is at all unethical in the same way as using copyright to restrict users from modifying software they have bought is. To demand a copy of the source code and documentation of software companies use to implement a service is a bit like demanding a cab company give you driving instructions if you ever traveled with them. Ok, so the analogy is not perfect, but there is a huge difference between proprietary software vendors trying to use copyright and shrinkwrap EULAs to limit how you use your computer, and that of service providers simply not distributing the code they use to provide a service.

    In some ways Stallman is essentially making the same mistake proprietary software vendors do when they try to control what you do with software. He seeks to limit what people can and cannot do with software they run on their own computers. His demands even contradicts part of the GPL, which explicitly grant you the right to use the software "FOR ANY PURPOSE". The FSF's FAQ even explains that you're not allowed to ban using the software for things like pornography, because that would violate users right to use software for any purpose they see fit. It would appear that according to Stallman all purposes are equal, it's just that some purposes are more equal than others.

Never buy from a rich salesman. -- Goldenstern

Working...