[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

www/philosophy javascript-trap.html

From: Matt Lee
Subject: www/philosophy javascript-trap.html
Date: Sun, 22 Mar 2009 06:28:31 +0000

CVSROOT:        /web/www
Module name:    www
Changes by:     Matt Lee <mattl>        09/03/22 06:28:31

Added files:
        philosophy     : javascript-trap.html 

Log message:
        added js trap


Index: javascript-trap.html
RCS file: javascript-trap.html
diff -N javascript-trap.html
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ javascript-trap.html        22 Mar 2009 06:28:08 -0000      1.1
@@ -0,0 +1,269 @@
+<!--#include virtual="/server/header.html" -->
+<title>The Javascript Trap</title>
+<!--#include virtual="/server/banner.html" -->
+<h2>The Javascript Trap</h2>
+<p>by <a href="http://www.stallman.org/";>Richard Stallman</a></p>
+<p>You may be running non-free programs on your computer every day
+without realizing it -- through your web browser.</p>
+<p>In the free software community, the idea that non-free programs
+mistreat their users is familiar.  Some of us refuse entirely to
+install proprietary software, and many others consider non-freedom a
+strike against the program.  Many users are aware that this issue
+applies to the plug-ins that browsers offer to install, since they can
+be free or non-free.</p>
+<p>But browsers run other non-free programs which they don't ask you
+about or even tell you about -- programs that web pages contain or
+link to.  These programs are most often written in Javascript, though
+other languages are also used.</p>
+<p>Javascript (officially called ECMAscript, but few use that name) was
+once used for minor frills in web pages, such as cute but inessential
+navigation and display features.  It was acceptable to consider these
+as mere extensions of HTML markup, rather than as true software; they
+did not constitute a significant issue.</p>
+<p>Many sites still use Javascript that way, but some use it for major
+programs that do large jobs.  For instance, Google Docs downloads into
+your machine a Javascript program which measures half a megabyte, in a
+compacted form that we could call Obfuscript because it has no
+comments and hardly any whitespace, and the method names are one
+letter long.  The source code of a program is the preferred form for
+modifying it; the real source code of this program is not available to
+the user.</p>
+<p>Browsers don't normally tell you when they load Javascript programs.
+Most browsers have a way to turn off Javascript entirely, but none of
+them can check for Javascript programs that are nontrivial and
+non-free.  Even if you're aware of this issue, it would take you
+considerable trouble to identify and then block those programs.
+However, even in the free software community most users are not aware
+of this issue; the browsers' silence tends to conceal it.</p>
+<p>It is possible to release a Javascript program as free software, by
+distributing the source code under a free software license.  But even
+if the program's source is available, there is no easy way to run your
+modified version instead of the original.  Current free browsers do
+not offer a facility to run your own modified version instead of the
+one delivered in the page.  The effect is comparable to tivoization,
+although not quite so hard to overcome.</p>
+<P>Javascript is not the only language web sites use for programs sent to
+the user.  Flash supports programming through an extended variant of
+Javascript.  We will need to study the issue of Flash to make suitable
+recommendations.  Silverlight seems likely to create a problem similar
+to Flash, except worse, since Microsoft uses it as a platform for
+non-free codecs.  A free replacement for Silverlight would hardly be
+of use in the free world without free replacement codecs.</p>
+<p>Java applets also run in the browser, and raise similar issues.  In
+general, any sort of applet system poses this sort of problem.  Having
+a free execution environment for an applet only brings us far enough
+to encounter the problem.</p>
+<p>A strong movement has developed that calls for web sites to
+communicate only through formats and protocols that are free (some say
+&quot;open&quot;); that is to say, whose documentation is published and which
+anyone is free to implement.  With the presence of programs in web
+pages, that criterion is necessary, but not sufficient.  Javascript
+itself, as a format, is free, and use of Javascript in a web site is
+not necessarily bad.  However, as we've seen above, it also isn't
+necessarily ok.  When the site transmits a program to the user, it is
+not enough for the program to be written in a documented and
+unencumbered language; that program must be free, too.  &ldquo;Only free
+programs transmitted to the user&rdquo; must become part of the criterion
+for proper behavior by web sites.</p>
+<p>Silently loading and running non-free programs is one among several
+issues raised by &quot;web applications&quot;.  The term &quot;web
+application&quot; was designed to disregard the fundamental
+distinction between software delivered to users and software running
+on the server.  It can refer to a specialized client program running
+in a browser; it can refer to specialized server software; it can
+refer to a specialized client program that works hand in hand with
+specialized server software.  The client and server sides raise
+different ethical issues, even if they are so closely integrated that
+they arguably form parts of a single program.  This article addresses
+only the issue of the client-side software.  We are addressing the
+server issue separately.</p>
+<p>In practical terms, how can we deal with the problem of non-free
+Javascript programs in web sites?  Here's a plan of action.</p>
+<p>First, we need a practical criterion for nontrivial Javascript
+programs.  Since &quot;nontrivial&quot; is a matter of degree, this is
+a matter of designing a simple criterion that gives good results,
+rather than determining the one correct answer.</p>
+<p>Our proposal is to consider a Javascript program nontrivial if it
+defines methods and either loads an external script or is loaded as
+one, or if it makes an AJAX request.</p>
+<p>At the end of this article we propose a convention by which a
+nontrivial Javascript program in a web page can state the URL where
+its source code is located, and can state its license too, using
+stylized comments.</p>
+<p>Finally, we need to change free browsers to support freedom for
+users of pages with Javascript.  First of all, browsers should be able
+to tell the user about nontrivial non-free Javascript programs, rather
+than running them.
+Perhaps <a href="http://noscript.net/";>NoScript</a> could be adapted
+to do this.</p>
+<p>Browser users also need a convenient facility to specify Javascript
+code to use <em>instead</em> of the Javascript in a certain page.
+(The specified code might be total replacement, or a modified version
+of the free Javascript program in that page.)  Greasefire comes close
+to being able to do this, but not quite, since it doesn't guarantee to
+modify the Javascript code in a page before that program starts to
+execute.  Using a local proxy works, but is too inconvenient now to be
+a real solution.  We need to construct a solution that is reliable and
+convenient, as well as sites for sharing changes.  The GNU Project
+would like to recommend sites which are dedicated to free changes
+<p>These features will make it possible for a Javascript program included
+in a web page to be free in a real and practical sense.  Javascript
+will no longer be a particular obstacle to our freedom -- no more than
+C and Java are now.  We will be able to reject and even replace the
+non-free nontrivial Javascript programs, just as we reject and replace
+non-free packages that are offered for installation in the usual way.
+Our campaign for web sites to free their Javascript can then begin.</p>
+<p><strong>Thank you to <a href="http://matt.lee.name/";>Matt Lee</a>
+and <a href="http://ejohn.org";>John Resig</a> for their help in
+defining our proposed criterion.</strong>
+<h3>Appendix: a convention for releasing free Javascript programs</h3>
+<p>For references to corresponding source code, we recommend</p>
+    // @source:
+<p>followed by the URL.</p>
+<p>To indicate the license of the Javascript code embedded in a page, we
+recommend putting the license notice between two notes of this form:</p>
+    @licstart  The following is the entire license notice for the 
+    Javascript code in this page.
+    ...
+    @licend  The above is the entire license notice
+    for the Javascript code in this page.
+<p>Of course, all of this should be contained in a multiline comment.</p>
+<p>The GNU GPL, like many other free software licenses, requires
+distribution of a copy of the license with both source and binary
+forms of the program.  However, the GNU GPL is long enough that
+including it in a page with a Javascript program can be inconvenient.
+You can remove that requirement, for code that you have the copyright
+on, with a license notice like this:</p>
+    Copyright (C) YYYY  Developer
+    The Javascript code in this page is free software: you can
+    redistribute it and/or modify it under the terms of the GNU
+    General Public License (GNU GPL) as published by the Free Software
+    Foundation, either version 3 of the License, or (at your option)
+    any later version.  The code is distributed WITHOUT ANY WARRANTY;
+    without even the implied warranty of MERCHANTABILITY or FITNESS
+    FOR A PARTICULAR PURPOSE.  See the GNU GPL for more details.
+    As additional permission under GNU GPL version 3 section 7, you
+    may distribute non-source (e.g., minimized or compacted) forms of
+    that code without the copy of the GNU GPL normally required by
+    section 4, provided you include this license notice and a URL
+    through which recipients can access the Corresponding Source.
+<!--#include virtual="/server/footer.html" -->
+<div id="footer">
+Please send FSF &amp; GNU inquiries to 
+<a href="mailto:address@hidden";><em>address@hidden</em></a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF.
+<br />
+Please send broken links and other corrections or suggestions to
+<a href="mailto:address@hidden";><em>address@hidden</em></a>.
+Please see the 
+<a href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and submitting
+translations of this article.
+<p>Copyright &copy; 2009 Richard Stallman</p>
+<p>This work is licensed under the Creative Commons Attribution-No
+Derivative Works 3.0 United States License. To view a copy of this
+visit <a 
+or send a letter to Creative Commons, 171 Second Street, Suite 300,
+San Francisco, California, 94105, USA.</p>
+<!-- timestamp start -->
+$Date: 2009/03/22 06:28:08 $
+<!-- timestamp end -->
+<div id="translations">
+<h4>Translations of this page</h4>
+<!-- Please keep this list alphabetical, and in the original -->
+<!-- language if possible, otherwise default to English -->
+<!-- If you do not have it English, please comment what the -->
+<!-- English is.  If you add a new language here, please -->
+<!-- advise address@hidden and add it to -->
+<!--    - in /home/www/bin/nightly-vars either TAGSLANG or WEBLANG -->
+<!--    - in /home/www/html/server/standards/README.translations.html -->
+<!--      one of the lists under the section "Translations Underway" -->
+<!--    - if there is a translation team, you also have to add an alias -->
+<!--      to mail.gnu.org:/com/mailer/aliases -->
+<!-- Please also check you have the 2 letter language code right versus -->
+<!--     http://www.w3.org/WAI/ER/IG/ert/iso639.htm -->
+<ul class="translations-list">
+<!-- Bulgarian -->
+<!-- German -->
+<li><a href="/philosophy/java-trap.de.html">Deutsch</a>&nbsp;[de]</li>
+<!-- Greek -->
+<!-- English -->
+<li><a href="/philosophy/java-trap.html">English</a>&nbsp;[en]</li>
+<!-- Spanish -->
+<li><a href="/philosophy/java-trap.es.html">Espa&#x00f1;ol</a>&nbsp;[es]</li>
+<!-- French -->
+<li><a href="/philosophy/java-trap.fr.html">Fran&#x00e7;ais</a>&nbsp;[fr]</li>
+<!-- Italian -->
+<li><a href="/philosophy/java-trap.it.html">Italiano</a>&nbsp;[it]</li>
+<!-- Dutch-->
+<li><a href="/philosophy/java-trap.nl.html">Nederlands</a>&nbsp;[nl]</li>
+<!-- Polish -->
+<li><a href="/philosophy/java-trap.pl.html">Polski</a>&nbsp;[pl]</li>
+<!-- Romanian -->
+<!-- Serbian -->

reply via email to

[Prev in Thread] Current Thread [Next in Thread]