Richard Stallman Warns About Non-Free Web Apps 747
An anonymous reader writes "Richard Stallman has published an article which warns about the 'Javascript trap' posed by non-free AJAX-based applications. The article calls for a mechanism which would enable browsers to identify freely-licensed Javascript applications and run modified version thereof. 'It is possible to release a Javascript program as free software,' Stallman writes. 'But even if the program's source is available, there is no easy way to run your modified version instead of the original ... The effect is comparable to tivoization, although not quite so hard to overcome.'"
OK, dumb question after reading the article (Score:5, Insightful)
Why do I care if I visit a web site and "non-free" JavaScript runs in my browser?
Re: (Score:3, Insightful)
You only really care if, like Stallman, you're a "software vegan" and are terrified about touching anything to do with non-GPL code.
Re:OK, dumb question after reading the article (Score:5, Insightful)
Re:OK, dumb question after reading the article (Score:5, Insightful)
There are two problems I can perceive with your argument, though:
You have to draw a line somewhere here, and drawing the line between (a) and (b) seems reasonable.
Re: (Score:3, Interesting)
Neither vegan nor software libre philosophies necessitate zealotry. My sincere sympathy to you if your ears were made to ache by rabid proponents of either.
There exist level-headed proponents who make choices based on the practical implications of these philosophies more so than by emotionalism or terror.
Granted, they may be hard to engage in clear and rational discourse, especially if the outset of potential dialogue is marred by broad brush dismissals. That's not a problem, however, if reason and clarit
Re: (Score:3, Interesting)
we should be able to eat and digest things like all grasses, and branches, etc. We can't do that.
While I agree that veganism is not human nature (it is likely we would not have developed as far mentally without the proteins and Omega-3 fatty acids from meat, for example), I'm not sure I understand the quoted argument. Are you saying that if it is human nature to be vegan, that we should be able to eat any plant matter? All herbivorous animals are not capable of eating the same things. For example, a cow can eat grass, but an herbivorous bird might not be capable of eating grass and can only eat seeds.
simplistic thinking considered harmful (Score:4, Insightful)
It seems my original post failed to be clear. Allow me try again:
I'm vegan and I like pork.
True, I try to minimize buying pork. And, yes, I think that buying pork promotes suffering. But this issue of reducing pork consumption isn't a matter of terror or rabidness.
When we get some quality vat meat produced, you can come to my luau. I'm also a big fan of skirt steak.
The overarching point is that it's easy to be a fuzzy thinker and to have comfortingly simple, black-and-white ideas of what a vegan is. That overly simple kind of thinking is comforting, but really it's unhelpful. Do I resemble your mental picture of a vegan? Do I seem rabid or terrorized? I hope not (or we've got additional problems). Sure there are people out there who are rabid vegans, but they probably also have an overly simple idea of what it means to be a vegan, causing them to condemn non-vegan behavior with severe, fuzzy-headed religious zeal.
Maybe we can agree that unrealistically simple thinking is harmful?
At this point, after having a little more light shined on the really-not-black-and-white concept of veganism, and after some discussion of the harm of simplistic thinking, does it make sense to respond with "yeah, but vegans are rabid food people"?
Re:OK, dumb question after reading the article (Score:5, Funny)
"... vegans are rabbit food people."
Fixed that for you.
Re:OK, dumb question after reading the article (Score:4, Insightful)
Yes, I understood what he was saying, I just don't agree that it follows. Saying that people CAN eat meat and vegetables, therefore they MUST eat both is the most basic fallacy out there. It's a redundant system, not a mutually requisitive system. Regardless of that system, our brains are ALSO part of our human nature, so any way we decide to live (using our human brains) is certainly within the set of human nature. Next he'll be claiming that it's not "natural" for humans to cook their meat.
Now, if he'd made his argument based on some interesting philosophy that can't be easily disproven, such as that the average man is simply happier when he has a good thick steak between his teeth, then the post might have had something to say about "human nature".
I feel the need to come to rms' defense, here (Score:3, Interesting)
Not that he would necssarily give a crap that I do.
My personal conviction is that Linux came to be what it has come to be *precisely* because it was released as GPLv2 code; I don't think it would have grown to nearly the size and penetration </beavis> that it has were it under some other license.
Therefore, the state of much of the world today -- not just the computing world, but Real Life -- descends almost entirely from the fact that rms is a extremist about the principles of Free Software.
We often l
Re: (Score:3, Insightful)
He's done a lot to hold it back, you mean.
Re: (Score:3, Insightful)
I'm pretty sure only Richard Stallman cares. Not sure why anyone cares what he cares about though, he seems like a real barrel of laughs.
Re: (Score:3, Funny)
Isn't he the guy that claims he browses the web by invoking some daemon to download an html page and email it to him? If so, why would he even care?
Re:OK, dumb question after reading the article (Score:4, Interesting)
Richard Stallman may or may not be talking about something important here-but we have some extraordinary pay-offs from his insight 25 or so years ago. People legitimately disagree with him (including me) but only a fool would ignore him.
Just because the man is an uncompromising idealist in no way justifies your cowardly and stupid ridicule. And the moderators who thought you were insightful should the meaning of the word "insight" and moderate accordingly.
Re:OK, dumb question after reading the article (Score:5, Insightful)
Re:OK, dumb question after reading the article (Score:5, Insightful)
Why do you care if non-free python, C, or whatever apps run on your computer?
Because it's generally harder to upgrade/maintain (not in the standard apt repositories), I can't fix it myself, and whoever controls it can just randomly disappear or EOL it.
So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.
Except that all of those thing either don't apply to web apps at all, or apply to all web apps. There's nothing to install, upgrade, or fix locally, and you're dependent on some service provider regardless of the status of the code.
Re:OK, dumb question after reading the article (Score:5, Interesting)
The client-side code could just as easily be saved to your local drive and loaded from your local drive into your browser as downloaded (or loaded unchanged from cache) every time you visit a page. You local copy could then be altered to better suit your needs, so long as it's still compatible with what the server is doing or is independent of the server. This can be done now, but browsers don't support doing it easily.
What Stallman wants in this case boils down to two things as I read it. First, he wants a standard way to mark the license of the program that's easy to discern both visually and in software so you'll know what license you have to the software and the browser can inform you of that automatically. He also wants an easy way for every piece of client-side code a web page uses to be easily replaceable with your own local version from your own local disk. Right now, you can grab the JavaScript from a page and alter it, but without some work you're still going to be running the publisher's version when you're on their site. He wants some way to specify that the JavaScript that was loaded from, for example 'http://www.foo.com/js/some-script.js', instead gets loaded from your customized local version so you can interact with the web app with your changes in place.
Personally, I think he's got a good idea there. I'm no RMS fanatic, but I do like to be able to alter the software I run to suit me, and I like the GPL (and BSD, CC-SA, and some other licenses) for that reason.
He just wants a couple of technical features built into the OSS browsers to support loading custom client-side code and for you to more easily know which license the code is under. I think this is much easier to accept than some of the more drastic position statements out of the FSF. It really can benefit anyone who prefers any of the Open Source licenses, and not just what the FSF calls Free Software under the GPL.
Re:OK, dumb question after reading the article (Score:4, Insightful)
That sounds to me like a massive security hole just waiting to be exploited. People navigate to their brokerage page or their online banking page thinking they are running the brokerage/bank software, not knowing some malware made illicit and modified copies of the Java on their hard drive which is run instead. Scary stuff.
Re:OK, dumb question after reading the article (Score:5, Insightful)
This, of course, can be done now. The first think you learn when dealing with webapp security is that you can never trust the client.
Nothing is stopping me now from loading my own Javascript (or Java, or anything else that runs in the browser) on a bank's webpage.
Re:OK, dumb question after reading the article (Score:4, Insightful)
True. But my browser makes it hard for your malware to cause me to run your version of the bank's client on their website; GP's point is that under RMS's proposal it wouldn't be as difficult to do that.
It's not about you attacking the bank; it's about you attacking me when I try to use the bank's services.
Re:OK, dumb question after reading the article (Score:4, Insightful)
True. But my browser makes it hard for your malware to cause me to run your version of the bank's client on their website; GP's point is that under RMS's proposal it wouldn't be as difficult to do that.
It's not about you attacking the bank; it's about you attacking me when I try to use the bank's services.
The two are the same problem though. Malicious code could attack the local javascript-repository in an RMS-compliant browser in order to hijack your bank accounts etc. In current browsers, malicious code can achieve the same by attacking your browser directly. The problem only becomes more severe if the RMS-compliant browser has worse security management of its local javascript-repository than it does of its own executable code.
Comment removed (Score:5, Interesting)
Re:OK, dumb question after reading the article (Score:5, Insightful)
I disagree with putting the blame on Javascript, the whole problem starts already with HTML/CSS. Webpages these days are something that is generated, not something that is written, meaning what the user gets to see isn't the real data, but just some more or less usable rendering of it and thats pretty much where the trouble starts. The whole notion that its the browsers job to render a webpage in a style chosen by a user, has pretty much completly fade away, today you are basically left with the choice between pixel-perfect representation of what the webdesigner had in mind and absolutely no style at all, there is no in between, no clean separation between actual content and user interface. Even something simply as changing the font size will break close to 100% of all non-trivial webpages out there, on some its just a little glitch (like "Reply to this" button falling appart on Slashdot) while other get completly unusable because elements end up being hidden below others. This whole mess has to stop. I don't mean that webpages should go back to HTML2 or whatever, but simply that they should allow raw access to their content, I don't want a news article flooded with navigation bar and crap, I want the raw news article and nothing else. I doubt that this will happen on a large scale anytime soon, since it would make it to easy to filter away all advertisment, but then even webpages without any advertisment suffers from this very same problem.
Re: (Score:3, Interesting)
i care about the software on my computer, and avoid non-free stuff as best as i practically can...but theres no way in hell i want to deal with notices and options from all the java stuff on every site i visit.
i already block what i can get away with via noscript and even thats a hassle sometimes, trying to deal with even what i unblock, in regards to licensing, would drive me nuts.
Re:OK, dumb question after reading the article (Score:5, Insightful)
First, if sending bad data back to your server can bork your web server, then either you are ok with that, or your web app is broken. Your scenario of sending bad data is already trivial to accomplish by malicious people, or those who think they know better than you. If the user can send data back to you server and bork it, you have NOT mad sure the data is clean on the server side so there is no chance of an exploit.
Second, my computer is MY computer. The web browser is NOT sandboxed to make a safe known environment on the client side for the web site developer. It in no way does that. It IS sandboxed to prevent clueless and malicious web developers from screwing up the rest of MY computer.
You are exactly why RMS is correct in his concerns.
Re:OK, dumb question after reading the article (Score:4, Insightful)
I can see it now:
ATS: Amazon.com Tech Support, can I help you? ... ... ... ::what's that? Huh? Umm.. OK:: ... Uh, my son says he modified the javascript for your site for our local browser and it might have done something to... ::click:: ... Hello? Hello?
Cust: Yeah. I can't seem to buy books from your website.
ATS: I see. Lets' see what we can do to help you....
an hour later
ATS: Well sir, everything seems fine. We've looked at all of you settings, verified your account, even successfully completed a transaction on antother computer, I'm at a loss...
Cust: Hang on a sec
Re:OK, dumb question after reading the article (Score:5, Insightful)
The technical implciations are a bit more involved than "modify how the browser loads code".
Right now, a web develoepr can rely on the fact that every visitor to his site is getting an up-to-date copy of the client software. We can have an interesting philosophical debate about whether they should rely on this assumption, or a much more practical one about how many do rely on it.
So I make non-backward-compatible changes to my website, and you run your cached/modified version of the client. Some features don't work. Your browser behaves in ways my server no longer expects. Depending on whether I forsaw this occurance, maybe the effect is harmless (except you're out of luck until you revert to a new download, and then start making your chnages again); or maybe if I was particularly clumsy or just have lousy luck, you corrupt some resource on the server.
We can mitigate the worst problems "merely" by re-educating every web developer everywhere; but realistically we're calling for a client-server handshake so that the server can let the modified client know that it's out of sync (and/or revert to a backward-compatible mode if possible).
Personally I don't see customization of web apps as a pressing need (prior to this article I've never thought about trying it, so clearly it isn't that important to my daily life). So to me, it isn't worth the trouble. YMMV.
Re:OK, dumb question after reading the article (Score:4, Insightful)
Right now, a web develoepr can rely on the fact that every visitor to his site is getting an up-to-date copy of the client software. We can have an interesting philosophical debate about whether they should rely on this assumption, or a much more practical one about how many do rely on it.
So I make non-backward-compatible changes to my website, and you run your cached/modified version of the client. Some features don't work. Your browser behaves in ways my server no longer expects. Depending on whether I forsaw this occurance, maybe the effect is harmless (except you're out of luck until you revert to a new download, and then start making your chnages again); or maybe if I was particularly clumsy or just have lousy luck, you corrupt some resource on the server.
Personally I don't see customization of web apps as a pressing need (prior to this article I've never thought about trying it, so clearly it isn't that important to my daily life). So to me, it isn't worth the trouble. YMMV.
Greasemonkey [greasespot.net] begs to differ - there is a very real and very popular desire to customize many aspects of popular websites, including the Javascript code in them. Greasemonkey also provides a solution to RMS's issue to an extent. It is not as accessible as he might like, and it doesn't solve the problem of programmatically determining whether you have the developer's permission to modify his code, but people are currently using it to make changes - maliciously or otherwise.
So you have two camps under RMS's plan - those that tag their client as free, in which case one would hope that they anticipate client side alteration, and those that do not, in which case they are still naive to expect that there will be no alteration of the client and such a change (bringing the possibility of that type of change into the public limelight) might achieve your "re-educating [of] every web developer". Just because it isn't common doesn't mean it isn't done, and whether browser developers embrace RMS's ideas or not doesn't change the fact that proper security should be a part of the design for every public facing resource.
So the argument, as you mentioned, is not that developers should know what they are doing, but simply that there already exists a desire to customize Javascript (even beyond just AJAX) applications and it needs to be made more accessible to the masses. Right now, people are modifying proprietary apps, which is likely a violation of TOU, because typically no license is included in the script portions of the page. He wants licensing to be made clear to the user so that they can easily detect what they are allowed to change and what they shouldn't (or should only at their own legal risk). More importantly for RMS, he could direct his browser to refuse to run any Javascript that is not free. That is the first step. Once it is clear what you can modify, then he wants the browser to have a simple method for activating your changes. Greasemonkey does this, I believe, but it is not built into the browser (and I don't think it should be, so I disagree with RMS on this point).
In TFA he extends the argument to Java applets, Flash, and Silverlight, which Greasemonkey does not cover as well (though by changing the calling pages you could force the page to load your local copy of the applet, etc), which adds a little more weight to his claim of inadequate current tools, even including third party add-ons.
The important part to remember, however, is that those that do not wish to play are free to not tag their programs as free, in which case they are free to continue on in the blissful belief that they can trust the client.
Re:OK, dumb question after reading the article (Score:4, Insightful)
That's one approach to letting the browser know that its version is out of sync. It's not trivial, though.
First of all, you don't see all of the code for a web app when you first load it; you see one page at a time. Consider this sequence of events:
1) I write an app made up of Page A and Page B.
2) Page A has some behavior that doesn't seem to matter, so you modify it.
3) I upgrade the app, making changes to Page B that take advantage of that behavior on Page A. (Apparently that behavior you replaced was groundwork for the feature I've just finished implementing.)
4) You visit the site, and see that the hash of Page A still matches. You run your version. Then you go to Page B, and you see a changed hash so you download the new version... but your session is in a bad state.
Also, even on a page-by-page basis, what do you hash? The entire page, so that even a cosmetic change invalidates your modified client? Or do you have to parse out all of the script code, concatenate it in some way, and hash that (which could still break if I moved elements around in the code)?
Re: (Score:3, Interesting)
He just wants a couple of technical features built into the OSS browsers to support loading custom client-side code and for you to more easily know which license the code is under.
Well, we already have a bunch of popular open [mozilla.com] source [konqueror.org] web browsers [google.com]. How about he use his open source ideals and implement it [mozilla.org] himself.
Re: (Score:3, Insightful)
Or we could just ignore those licenses like we do with stuff from the web now and use it pretty much however we see fit. There is no need to add legitimacy to the bullshit licenses in the world by adding another feature to prop them up and spew them at users.
Really, I want to go to a w
Re: (Score:3, Insightful)
Except that all of those thing either don't apply to web apps at all, or apply to all web apps. There's nothing to install, upgrade, or fix locally, and you're dependent on some service provider regardless of the status of the code.
That is exactly his point -- and the fact that these limitations can be worked around.
Not having anything to install or upgrade locally is a feature. Forcing some parts of a web app to be local may let you fix them, but it will also break things when your local version gets out of date. I'd also be very interested to know how you intend to work around needing a service provider for your collaboration / document sharing / photo sharing / communication / whatever, web apps tend to have some fundamental need to be networked.
I thought I did. (Score:5, Insightful)
So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.
I was having trouble with a F/OSS app several months ago and I thought "Great! It's F/OSS! I can just get the software source and have a gander and solve my own problems!"
So, I downloaded the code, unzipped it, spent a couple of days getting the development environment right, and brought up the editor. A few days go by, and I'm trudging through uncommented PHP code, digging into class after class calling other classes that called other classes that just set global constants or read environment variables, and so on and so on...
I deleted the code because instead of "solving my problem" I was getting lost and not accomplishing the activity that the software was supposed to accomplish.
I went and got a package that did what I wanted.
In short, I have no desire to look at source code. I don't give a rat's ass. I have better things to do than to dig through other people's mess - thank-you-very-much.
F/OSS only appeals to people who LIKE to trudge through others code to see how it works or make it "better". To me, software is an end to a means and I don't really give a rat's ass how it works as long as it's not doing shit behind may back that I don't want; which I can find out by other means than looking at source code.
Re: (Score:3, Insightful)
Insert key.
Push the pedal.
Go.
I share the same philosophy about computers. I don't want to waste hours of my life on coding software. I'd rather just work 1 hour of overtime, and then go out and buy the program I need.
Re:I thought I did. (Score:5, Insightful)
No one is asking you to. But what if you ran a business and the software vendor for some mission critical app decided he wasn't going to support your desired OS, or some trivially simple feature that a competing system has that makes a lot of financial sense to you? But your cost to switch over outweigh the cost of that feature. Your vendor was either going to hold you hostage for some obscene amount of money required to switch (but enough that he thinks you'd pay, since he knows your costs too), or let you stay on your existing platform which will bleed you dry slowly. What if your software vendor decided that you can run 8 documents at once, but to run each additional document at once would cost $100/document. Not because of any technical limitations, but simply because they want to charge you that way?
If you made a point to never use F/OSS you could simply pay someone else to fix the software, perhaps someone you already have on staff. You could have it your way. You wouldn't get stuck with idiotic licensing scams and other extortion.
This kind of thing happens all the time, at all levels of business. While he sounds like a raving lunatic at times, his zealotry can produce a better world. It works not only for people who like to code, but for those who'd rather pay others to do it for them. We really ought to be looking for ways to use open source as much as possible, in place of proprietary alternatives. He's pointing out ways to help you identify closed source apps you may not know exist.
As usual it sounds ridiculous and paranoid, but it does make sense. You may not wish to put your life on hold for lack of F/OSS alternatives, that's not a reasonable expectation, but it makes sense to favor F/OSS solutions and be looking for a way to remove proprietary as much as possible. The economics of the world won't really change much, people will still get paid to write software... but they won't be able to extort you for it either, or pimp it for decades because you have been locked-in.
Re:I thought I did. (Score:4, Insightful)
If a software vendor wants to lock you in, he isn't going to cooperate by making his web app easier to work around. There is also the server side that you know nothing about, so if he ever goes out of business you'd have some nice javascript that interacts with a phantom server.
Even if you're a die-hard F/OSS fan, you should spend your energy on initiatives that really make sense.
Re: (Score:3, Insightful)
The programmer if a consultant will cost say $100 an hour. Or you need to hire a full time employee, and you will need to keep them there for years, if you are going to be ethical about it. So say it takes 10 days at 8 hours a day to fix a small problem.
8*10*1000 that is $8000 to fix the small problem. Vs. Paying $5000 for the Vendor... That is a $3000 savings. Or if you hire a full time programmer, you will need to find ways to keep him busy after solving the problem. For most companies there isn't a work load for programmers if they are not a programming company. Even if you have a development staff. You will need to take them off possible more profitable projects to fix this problem. So you may delay a program that can make you 1k a day. So you lost $10k of profits to save $5k.
Working out the numbers you may find that being "Stuck" to close source is cheaper then Trying to Maintain Open Source code
The revolutionary bit is when you realize that if you just find three or four other people with the same problem as you have and they agree to chip in, you're now actually saving money.
More likely, if it's a popular piece of software, there will be hundreds or even thousands of people out there who share your problem and with a bit of luck someone else has already solved it and made their fix available.
Re: (Score:3, Informative)
The problem is that proprietary software is usually not supply and demand. There are very few competitors and the products are never exactly the same. Further the man hours required to develop and support the products create a high barrier for new products, essentially restricting the market further.
Putting your vendor in a position where they have to compete against a $100/hr consultant is supply and demand. There is an essentially fungible commodity whose price is dictated by a competitive system. You can
Re:I thought I did. (Score:5, Informative)
I share the same philosophy about computers. I don't want to waste hours of my life on coding software. I'd rather just work 1 hour of overtime, and then go out and buy the program I need.
You don't get the whole point of Free Software in the first place.
But the beauty of it is that even you can profit from its fruits. Every time you surf on the internet, or listen to music or watch a movie. Most of those are running on or were created with Free Software.
Re: (Score:3, Funny)
It still counts as time wasted if you have to call up Geek Squad because you couldn't fix it yourself! ROTFLMAO
If you are going to seriously try to tell me that it isn't a pervasively well known fact that Windows degrades over time, becoming more and more virus ridden and slower and slower in proportion to the time it has been connected to the internet, then I can't take you seriously. Of course, if you openly acknowledge the fact and s
Re: (Score:3, Interesting)
For one, you learned something valuable about that piece of software. You learned that it's really poorly written. And that's a bad piece of software to be hitching your wagon to.
With a commercial app, you may have wasted a whole lot of time and invested a whole lot in making the software work instead of learning right off that it was so poorly written that the vendor wouldn't be able to properly maintain it for you.
Secondly, you relied on that piece of software to not have hidden trojans in it. You woul
Re:I thought I did. (Score:5, Informative)
Free-libre software is about more than just looking through source code. The availability of source code is a means to an end; there are non-free licenses that provide access to source code, and even the right to modify that source code. Free-libre licensing grants you freedoms that you really do not have with proprietary systems, including those that make code available to you:
Maybe these are not things that really matter to you. I have encountered restrictions on every one of the above items from different software packages, and it has caused me and the other users/administrators of the software serious headaches. In cases where free-libre software was introduced, people just got their work done -- no worries about breaking the law, no worries about the software suddenly becoming inoperable, no restrictions on who we may discuss the software with.
Re: (Score:3, Insightful)
Then don't.
Re:I thought I did. (Score:5, Insightful)
Yes, most of the times I don't care for the source, either.
However, several times already I came across a piece of Free Software that did almost exactly what I needed, or that did what I needed but hadn't been updated for quite a while. I could take it and add the feature I wanted, or take it over and continue developing it, or simply fix a few bugs that prevented it from running/compiling in the current compiler/webserver/whatever environment.
Just because you don't use a freedom 99% of your time doesn't mean it isn't valuable. I very rarely make use of my freedom to assemble, and elections are only every few years - but still these are important freedoms to have.
Re: (Score:3, Insightful)
If you don't want to look at code, however bad it is, it doesn't mean you should necessarily turn to proprietary software (or even "not fight for F/OSS).. Which is somehow his point. If locked on proprietary software, his only option was to ask the editor to correct the bug. Which may or may not be willing to do so.
With opensource software, he could have hired someone to waste his time on it, even if the original developper wouldn't have been willing to do so.. Plus it could have been a nice contribution, s
Re: (Score:3, Insightful)
I try to use open-source solutions where possible, for a whole slew of reasons that need not be repeated here. The biggest issue I encounter is a total lack of motivation in the F/OSS community to actually fix what's broken, and let's be honest here: a ghetto mailing list or forum usually does not lead to solutions, it only leads to a bunch of people with unanswered questions, or long flame wars between rival developers.
A commercial outfit wants your money, so they will take the 2 seconds to read your trou
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
My experience is the opposite. Open source projects are either alive or dead. If they are dead, don't bother trying to get support or fixes. It's just like a company that has dropped the project. If they are active, you can usually submit patches or bug reports and get at least a semi-timely fix.
With closed source, at least if you're talking about software targeted at end users, I have complained about major (as in "won't install" at all) failures in major products by Adobe, MakeMusic, etc. that haven't
Re:I thought I did. (Score:5, Insightful)
Thank you. That's right.
He wasn't defending you, by the way. He was pointing out how ludicrous your argument was. Basically, you were saying that since you, personally, will never use this freedom, it has no value for anyone, anywhere, ever, and therefore should not be defended. Not only is that shortsighted and egocentric, it is - well, actually, I think shortsighted and egocentric pretty much covers it.
I'm like you, I don't like digging through other people's messy code. However, I like having the option to so that I can see how something was done so that I can use it to learn new techniques so that when or if I decide to build my own program I have another valuable tool in my toolbox. Also, though I am sorry that the tool you decided to dissect was a mess, a lot of open source code is clean and well documented. That may not be the norm (I haven't looked through much), but from what I have seen, it has improved dramatically over time.
Lastly, even though you may not see the value in being able to view and change code, as you mentioned in the last paragraph of your article, there are those that do. Because of them, FOSS improves and gives you the ability to dump one FOSS app for another that meets your needs better because someone that was willing to improve someone else's code had similar needs to yours. It allows those that like to tinker the ability to make changes to any FOSS app that you use to make it better by adding features that you will use. The point is, if you simply write off the FOSS ideals as useless because you don't take advantage of them directly, then fail to defend them because of that belief, you are missing the bigger picture and risk losing a resource that whether you know it or not you do benefit from.
FOSS appeals to more than just the people who maintain and improve the code, it appeals to anyone that uses it. In fact, I'd even argue that it benefits those that choose to use non-free alternatives as it provides competition - and when competing with free, proprietary has to be that much better in order to succeed with a price tag (and though the extent of this success is debatable, there is certainly increased pressure to improve for many, or FUD/lock-in for some few).
What about the server side? (Score:5, Insightful)
So if you do care about free software on the desktop, it's reasonable that you should care about free software in your browser.
Okay, but Javascript is only one part of this problem. What about the code running on the server? I wonder if RMS visits any websites at all besides fsf.org
He can't be sure after all if other sites use only free software on the server side, so he can't visit them to avoid accidentally supporting non-free software.
Re:What about the server side? (Score:5, Interesting)
It's a valid concern, it's not hard to understand, and it's not easy to dismiss either. The fingers-in-the-ears-going-la-la-la tactic seems to be the standard approach for a lot of people.
Re:What about the server side? (Score:5, Insightful)
http://en.wikipedia.org/wiki/The_Boy_Who_Cried_Wolf [wikipedia.org]
You're right, it is. If he hadn't taken action to solve the problem he was yelling about, people would have suffered enough to show some respect. He should have just gone into the forest to be a hermit and left you to get screwed so you would learn. Now you can just pretend there wasn't a problem that he didn't mitigate on your behalf and talk like an idiot, and most people won't realize or catch you at it.
Re:What about the server side? (Score:5, Funny)
It turns out that if a boy cries wolf, and one is really there, it will run in fear and not be there when the villagers arrive. The villagers have only the boy to thank, but instead they ostracize him and call him a nut. Hey, come to think of it, there is a striking parallel here ...
Re:What about the server side? (Score:5, Informative)
I wonder if RMS visits any websites at all besides fsf.org
I'm glad you asked. Let's get a direct quote [lwn.net] from the man himself:
"For personal reasons, I do not browse the web from my computer."
At the risk of obvious ridicule he doesn't give the reasons behind this choice, but that's not really important here. Stallman is truly out of touch with the real needs of people who actually use computers on a daily basis. He is out of touch by his own choice. What really burns my taters is that so few properly chastise Stallman for this foolishness. Even worse, some actually defend it.
Re: (Score:3, Funny)
Figures, a gem like this post only comes up when I don't have mod points.
Re: (Score:3, Insightful)
Why should I care what code OTHERS decide to present to the world?
I dunno, because it's executing on your computer?
Re:OK, dumb question after reading the article (Score:5, Insightful)
Programmability is an important aspect of free software. The javascript trap effectively converts web applications into proprietary client-server type applications, Google's apps included. Which reduces the scope for innovation, standards and progress. Hence Stallman's warning.
Re:OK, dumb question after reading the article (Score:4, Informative)
You are using software which uses Berkeley sockets, from the BSD project, to communicate with others over the Internet. Either the code is from BSD or it has been written to be compatible with BSD sockets. Very little software in the world speaks TCP/IP that doesn't use Berkeley sockets to do so.
If you are using a closed-source browser other than Opera, you're using one based on the open-source Mosaic or Mozilla browsers, or on the open-source KHTML or WebKit (which itself is based on KHTML). The very first web browser and the very first graphical web browser were both open source. The very first browser was called WorldWideWeb (and later Nexus to avoid confusion with "The Web" as a whole), and Tim Berners-Lee released it into the public domain in 1993. All web browsers are knockoffs of an open source project, some more directly than others.
You are using a site which is written in a language which has always been open with language tools that have always been open (that language is Perl, by the way, and any commercial Perl distribution you've seen is a copy of the open one).
The code for the Slashdot site itself is open. Although some changes may be different between the version control system and the exact code this site runs at any given moment, an open-source version of the codebase exists over at Slashcode.com [slashcode.com] for your enjoyment or use.
The site is served by use of an open-source web server called Apache. Perhaps you've heard of it. The original web server was also open-source software, and was called CERN HTTPd. CERN HTTPd was adopted by the W3C as W3C HTTPd and has sicne been supplanted by the open-source web server Jigsaw. All web servers are clones of an open-source project.
Any version of Emacs you might use, including any of the commercial Emacs clones that are proprietary and closed-source, are based on the open-source Emacs written by none other than RMS.
Most of the first games for computers had freely available source, and some of them are still available. That's a whole market in which the closed-source people were not the first movers.
Re: (Score:3, Insightful)
Complete system sources will be available to everyone. As a result, a user who needs changes in the system will always be free to make them himself, or hire any available programmer or company to make them for him. Users will no longer be at the mercy of one programmer or company which owns the sources and is in sole position to make changes.
from "Why all computer users will benefit", among other things.
Slippery slope to non-free (Score:5, Insightful)
Because you are reliant on something which must be paid for (somehow) and/or you can't own. Stallman's view, nutty or not, is that you should be able to function ENTIRELY on free software - which a non-free JavaScript "app" by definition isn't. From his perspective, it's an insidious "slippery slope" undercutting of the free (speech AND beer) software paradigm: it's so easy to get caught in the "[shrug] so what? I didn't have to pay, and I don't have to keep a copy because I just go to the site to run it again" trap, risking reliance on something controlled by someone else.
Re: (Score:3, Insightful)
Well, there's a simple response to Stallman: you're wrong.
If you want to use my service and my resources, then you don't get to dictate your terms to me.
Re:Slippery slope to non-free (Score:5, Insightful)
Well, there's a simple response to Stallman: you're wrong.
If you want to use my service and my resources, then you don't get to dictate your terms to me.
Stallman is perfectly happy avoid using your service and resources. His issue is that he doesn't have an easy way to tell whether or not he *should* avoid you.
Hence his recommendation that Javascript that is Free Software be tagged with something that indicates the license, so that appropriately-configured browsers can avoid executing non-Free code.
On a more general note, why is it that everyone assumes that when Stallman explains how he thinks things should be, or the way he thinks people should act, that he's somehow "dictating" to them. He is extremely clear on the fact that he neither has nor wants the power to dictate, because that would be anti-freedom. Instead, he explains, exhorts and encourages, pushing the growth of Free Software and pointing out non-Free software that may go unnoticed.
Re:Slippery slope to non-free (Score:5, Insightful)
That is the point Stallman is making. I really think he should have provided more examples.
He doesn't care what you do on the server side. Just provide us with messages to the client (us) that enables us to provide whatever interface to the data that we want.
Re:Slippery slope to non-free (Score:4, Insightful)
And who decided to venture over to my page and use my services? YOU DID. The javascript source doesn't do anything without the server communicating with it.
Stallman's argument has been that one should distribute the source if one distributes the binary.
There's no binary. There's only source with Javascript, and it is cached in the browser so that you can read it. Whether or not it is beneficial to allow people to license that code and use the API to interface with the server is strictly up to the person who controls the server. As it should be.
Stallman has never been so worried about free software as he has been about promoting business models which suit his political philosophy. He never anticipated the web service as a business model, and he really doesn't know how to attack it because it neuters his mantra.
Re: (Score:3, Insightful)
If its about who needs ad revenue, the FS camp is going to lose. The vast majority of computer users on the Internet are quite happy to use Windows, and even those who primarily use FS are not all die-hards of the FS-or-the-highway mindset.
Yes, if a website won't comply with demands related to software freedom, FS advocates have the option of not using it; I think that understanding was implied in GP's post.
Now, I do have to question how committed you expect people to be to FS ideals. If your bank refuses
Re: (Score:3, Informative)
Re: (Score:3, Funny)
I couldn't find a real reason why anybody (other than Stallman) would care.
Contrariness?
Implementation (Score:5, Funny)
But what's the solution? This is the real question.
Just put a checkbox in the Firefox preferences window somewhere. I suggest this wording:
(x) Warn me before running JavaScript written by capitalist pigs
copyright enforcement? (Score:4, Insightful)
I like Stallman's idea, it just doesn't seem particularly urgent.
Beware the hidden dollarsign? (Score:5, Interesting)
"from the beware-hidden-dollarsign dept"
I would think slashdot would know better what Stallman means by when he says free or non-free software [gnu.org]. Generally these webapps area available at no cost anyway, and obviously that's not what he's talking about. He's talking about the classic ideas of free software, not whether or not it is okay to sell software [gnu.org]. I just think that should be clear here.
Anyway, if we do argue that applications are moving into the web sphere, (which most web 2.0 advocates of course do,) then this is indeed something important to think about within the domain of free software.
Re:Beware the hidden dollarsign? (Score:5, Insightful)
Re:Beware the hidden dollarsign? (Score:5, Interesting)
This mistreatment can take many forms, including collecting user data without informed consent, for example, a user profile which can then be used for marketing (and/or sold). That's what I thought the "hidden dollarsign" was referring to.
Re: (Score:3, Insightful)
Dunno if that's actually true, but I know he doesn't use active email. Dude batches up email and sends them once a day.
I'm not particularly interested in the rantings of somebody who doesn't understand how people actually use computers.
What's in a name? (Score:5, Funny)
From TFA:
"Javascript (officially called ECMAscript, but few use that name)..."
Linux (officially called GNU/Linux, but few use that name)..."
Practice what we preach, Hmmmmm?
Re:What's in a name? (Score:4, Funny)
Re: (Score:3, Insightful)
I think you would have a more compelling argument the day you don't:
Just sayin'. And I probably missed a few things.
data (Score:5, Insightful)
The license for the javascript software you are running might be important, but the far more important factor, in my mind, is the IP rights and responsibilities attached to your data.
Who has access to your data? How can you verify that? Who is responsible for keeping it secure? Who is responsible for making backups? How can you verify that?
Stallman has finally lost it. (Score:4, Insightful)
According to this, a Javascript program that talks to a closed source AJAX backend is Not Free, even if the Javascript code itself is Free.
This is the craziest thing Stallman has come up with yet. Is a web browser that talks to a None Free web server Not Free? What about a program that uses SQL to talk to a database server that is Not Free?
Re:Stallman has finally lost it. (Score:5, Insightful)
While I frequently think RMS takes good philosophy and generates stupid conclusion, I actually think your example proves him right. Imagine MS SQL ships you SQL server with all the source code Query Analyzer and the DB access libraries open sourced and GPL. But they continue to distribute the SQL server engine as closed source and with the current license. Does that make SQL server free or not free?
Your browser example just doesn't work because the browser can access a whole host of other information and isn't built only for talking to that one server. Your other example program could be used to talk to any number of database servers instead of MSSQL. As long as it was a free, open source app and didn't use some incredibly henious MS-specific SQL, you could point it at another DB.
Now imagine something even more symbiotic than Query Analyzer and MSSQL. Something where there really is no practical use for the client except to talk to that server. For AJAX apps, it's more of a parallel to say the Javascript is just the top layer GUI on the behind-the-scenes application. That's what we're talking about here. The client is only half of the application, the server is the other half. An application can't be "half-free."
Re:Stallman has finally lost it. (Score:4, Insightful)
Re: (Score:3)
While I frequently think RMS takes good philosophy and generates stupid conclusion, I actually think your example proves him right.
Happens every the time, he says something, people go WTF he's nuts, you put smash two neurons and realize he's absolutely right, but still call him crazy. Then repeat without learning your lesson.
What he is asking for now is not just not crazy, is just standardization and extending of stuff already there. Example, Greasemonkey already lets you run your own javascript in the browser but:
1) Your script runs ON TOP (and after) the site scripts, you should be able to completely override them.
So can any Windows/OS X software be Free...? (Score:3, Interesting)
Is a web browser that talks to a None Free web server Not Free?
A Free web browser which could only talk to a non-Free web server would not be Free enough to satisfy a free-software purist (it would also be a pretty odd web browser).
The argument is quite reasonable: the owner of the non-free server could withdraw it at any time: the Free client, along with any contributions from the free software community, then has scrap value only (maybe there's some re-usable code in there, maybe not).
The counter-argument is more pragmatic (so Free Software purists won't like it):
Nice to see it worked (Score:5, Interesting)
P.S. For those interested, here [sinp.msu.ru] is the transcript of our email conversation.
Re: (Score:3, Insightful)
I particularly liked this bit:
I'd like to point out that a user is not necessarily an individual: a user
can be a corporation like Sun Microsystems or VIA, which obviously can
design and mass-produce hardware.
That is true. But if the issue applies only to companies, it is not
such an important issue.
I'm sure all the companies out there trying to build their business models on FSS and GPL will be delighted to hear that.
Re: (Score:3, Interesting)
FFS (Score:3, Insightful)
Re: (Score:3, Insightful)
Less like the Ayatollah and more like Jesse Jackson. Jackson is not "the Emperor of Black People", but every time the man chimes in about race-related issues the media is sure to stick a microphone in front of him.*
The problem is that once someone gets tagged as "representing" a class of people, they're awfully hard to get rid of. The media (Slashdot) falls over themselves when an edict is issued. This keeps them around long after they're usefulness is past.
Ignore Stallman and he'll go away.
* Feel free t
Every time he speaks I just want to shoot him (Score:4, Insightful)
Let me give you guys a hint. Its a good time to start distancing yourself from Stallman, he's definitely wondering off to the tree-hugging-nutjob-hippie commune.
He's lost grasp of the point of software. The point of software is not 'to run free software', its to get something done.
His entire life has turned into 'omg you must use free software or you are doing the wrong thing'. He has no logic for this other than 'its bad for you not to use free software' or 'its bad for you if you cant modify it even though you have no useful reason to do so!!!'
He goes so far in the article to try to confuse the meaning of 'free' versus 'open', implying they are essentially the same thing. They aren't, and never will be. He has gotten himself so deep into his own bullshit that it would appear that it is now impossible for him to understand that his 'way' isn't the only one. Once you've got yourself to the point where you think 'free' or OSS software is 'the only way' you are no better than those people who refuse to use OSS software, you're just a moronic twit at that point.
Stallman has reduced himself to a religious leader rather than a promoter of openness for the common good. He's simply gone too far.
So again, I encourage you to distance yourself from Stallman, he is not someone you should associate with any more than the Church of Scientology as they are both just spreading propaganda for their own personal gain at this point. Now that OSS has become even slightly accepted his usefulness as a supporter of OSS is diminished, so he's taking it to the next level and trying to say all non-free software is bad. Read that carefully, 'non-free'. Not open. In this article he in a round about way attacks 'open' standards that are not 'free' by his definition.
You need to watch out for the guy who screams 'freedom' while at the exact same time adding new restrictions to the very license he claims is all about 'freedom'. I'm not saying not to use GPL or GPLv3, if the fit your needs/goals, thats entirely fine and should be used if they fit. I license my software under many different licenses based on what I'm trying to accomplish. My applications are generally closed source, I have some libraries that I've released LGPL, and many that are BSD licensed. I have not used GPL proper as it doesn't really fit my Each has their place in MY agenda. I'm just saying that what he does is hypocritical to an extreme only shared by politicians and lawyers, and because of that he should be treated as such.
I am in no way saying you should abandon OSS or the quest for open standards. I just feel that what Stallman is doing is not the quest for openness, but more like gathering a cult to be lead off to a mass suicide.
Re:Every time he speaks I just want to shoot him (Score:5, Insightful)
Given what he's already given us, I think you greatly understate the credit he's due. Without Stallman, we would have compilers, operating systems, editors, etc, but it's quite likely we would not enjoy the freedoms we have with them today. Right now, I can install Linux on any number of systems I have as well as systems at work, including all sorts of software, without any legal worries about licensing - Stallman did not write most of it, but he made it possible and drew people's attention to its desirability. It is because he constantly screams "freedom" and enough people listen (or are bound by the GPL's viral nature to listen) that we have a viable way to run computers without people who would significantly restrict our usage of this software getting in the way.
Stallman isn't perfect - he is known for being hard to work with, he let GCC stagnate for several years because of an inappropriate development model, and the "GNU/Linux" terminology thing wasn't necessary. However, taken as a whole he's a very important and positive figure.
Re:Every time he speaks I just want to shoot him (Score:4, Interesting)
Take it with a grain of salt.
RMS intentionally confuses the terms free and open, because in his mind it isn't free until it's open; to him, free means freedom. The classic example is always "free" as in "free beer" vs "free" as in "free speech"; same word, different meaning.
Stallman's not wandering anywhere (Score:5, Insightful)
He's been crazy for years. My first exposure to his loony ideas was in that old story of his, "The Right To Read" [gnu.org]. He wrote that when I'd just entered college and just started using this "GNU" stuff, and I remember being being stunned by his paranoia. Grade schools wasting time preaching [cnet.com] about intellectual property [ncsconline.org]? Software being outlawed [slashdot.org] for being able to edit RAM that someone else's program allocated? People who didn't have the root passwords for their own computers [wikipedia.org]? And then there's the central point of the story, that eventually people would be stuck with books they couldn't lend or resell [gizmodo.com]! That Stallman guy was clearly a nutjob.
Web Apps (Score:5, Interesting)
RMS may be a cranky extremist, but he's still right far more often than he's wrong. Web apps are in some ways a huge step backwards in terms of openness. If you're lucky there's a wsdl you can analyze but even then that's really just a client-facing API. What's less free/open than a binary-only distribution? One that's never even distributed in the first place. May I please continue to access this application, sir?
Stallman trying to change definition of Web Apps (Score:3, Insightful)
An example of what he's envisioning: If Gmail was OSS, it would announce to the browser the modular scripts it was using to perform each operation, and the source would provided under a specific license. The browser would be configurable to load alternate web scripts to replace the functionality provided by google.
What Stallman is advocating is essentially turning webapps into applications where the user can control the application, rather than the service provider.
This would rely on OSS providers using the standard object passing model between server and client.
I'm not too sure if his idea would work too well, given how reluctant most non-OSS providers are to give away the code to their main applications.
It's a very gray area to tread, so many websites really can't be considered to be like traditional desktop applications, but they exist in some middle ground between traditional web sites and desktop apps.
I think he has an interesting point but he didn't really express it well. If he provided more examples and what the real world implications of relying on and migrating towards proprietary javascript web apps for daily productivity, I think more people would understand.
How does Stallman use the web? (Score:4, Interesting)
So, I assume Stallman can't use any typical search engine ... maybe he built his own from Lucene. He also must not do any credit transactions online.
He must also be careful that any packets his computer sends turn right around should they encounter a Cisco router (or any other proprietary router).
I suppose in his daily life, using a phone, or a car, or Television would be right out.
I sure hope Mr. Stallman never needs any medical attention.
I DO admire much of what Mr. Stallman stands for, and I'm glad there is a champion for free software ... but I live in the real world, where to buy goods, you need some government's currency, and to do anything electronically, you have to use SOME commercial software somewhere.
I wonder, too ... does Mr. Stallman's PC have a proprietary BIOS, or did he write that code, too?
Re:How does Stallman use the web? (Score:5, Informative)
How does Stallman use the web?
Here's how [lwn.net].
Stallman now does what he used to fight. (Score:3, Funny)
He seems to be afraid companies will try to deny free software developers source code to improved versions of their free-software code by avoiding to ever distribute the software. It is however not clear that this is at all unethical in the same way as using copyright to restrict users from modifying software they have bought is. To demand a copy of the source code and documentation of software companies use to implement a service is a bit like demanding a cab company give you driving instructions if you ever traveled with them. Ok, so the analogy is not perfect, but there is a huge difference between proprietary software vendors trying to use copyright and shrinkwrap EULAs to limit how you use your computer, and that of service providers simply not distributing the code they use to provide a service.
In some ways Stallman is essentially making the same mistake proprietary software vendors do when they try to control what you do with software. He seeks to limit what people can and cannot do with software they run on their own computers. His demands even contradicts part of the GPL, which explicitly grant you the right to use the software "FOR ANY PURPOSE". The FSF's FAQ even explains that you're not allowed to ban using the software for things like pornography, because that would violate users right to use software for any purpose they see fit. It would appear that according to Stallman all purposes are equal, it's just that some purposes are more equal than others.
Re:he is right. (Score:5, Informative)
I think it's pretty clear, if you just keep the fundamental principles of free software in mind. If you use software, you should have the freedom to modify it and run a modified version. Just remember that, and this article will make a lot more sense to you.
I think he enunciates quite clearly the "danger": that we are becoming more and more dependent on software that is temporarily downloaded to our computers in a semi-obfuscated manner and executed to perform non-trivial tasks. This is not quite breaking the "freedom to modify" principle, since technically the source code is available, but he's calling it a trap because in practice it's extremely difficult to get in there and modify a web application since current browsers don't provide an easy way to do it, and the "source code" is almost impossible to read.
Look -- people are calling him crazy for this but I don't know why. (Possibly because they'll jump on any opportunity to call him crazy.) But frankly he's right. If you value the ability to modify software that you use, web applications don't make it easy to do. Not only that, but they can change on you while you're in the middle of using them, making it difficult for any local modifications (based on GreaseMonkey e.g), to "stick".
I don't think he comes off as crazy at all in this article, nor is he even suggesting we don't use JavaScript or anything silly like that. He's merely pointing out some potential problems with web applications vis-a-vis the freedom to modify, and providing a possible solution in the form of metadata.
In fact I'd say this is one of the more practical and shorter things I've seen him write, so I can't understand why people are jumping all over this.
Re: (Score:3, Insightful)
what you have to worry about is google chrome or windows ie suddenly saying "with our latest browser, we are implementing ecmascript shiny plus plus (trademark, copyright), which will allow us to serve you compiled code, which will make your browsing experience more fantastical and delicious!"
then we have a serious sliver against free software
No you don't, you idiot. What other people choose to do with their own websites is none of your fucking business. If you want to download jQuery, go get it.
Re:whoosh (Score:5, Funny)
His beard looks non-free to me, it's obfuscating his face
Re:Stallman has to go (Score:5, Insightful)
"Richard Stallman has done more damage to the open source movement than anyone else. He is pompous, arrogant, rude, inflexible, and intolerant of diversity of opinion."
But he's also *right*. History has proved this, time and again. He seems like a hardass because reality is unforgiving. Too bad. He's still right.
What does 'tolerance of diversity of opinion' have to do with anything? Maths doesn't tolerate 1+1 not equalling 2. There are some places you *can't* tolerate wrong answers. Computer science and law are two of them.
You can disagree with his conclusions as much as you like, but that doesn't invalidate them.