[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] GNU LibreJS won't be removed from GNU IceCat

From: David Hedlund
Subject: Re: [Bug-gnuzilla] GNU LibreJS won't be removed from GNU IceCat
Date: Thu, 22 Feb 2018 20:56:59 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

On 2018-02-22 09:22, Ivan Zaigralin wrote:
On Thursday, February 22, 2018 01:04:30 bill-auger wrote:
this is confusing - what exactly is a
"drive-by-download" and how are they inherently "non-free no matter what
license is attached to them"?

also, how could LibreJS "incorrectly mark an obfuscated piece of
GPL-licensed code as free" - GPL-licensed code IS free
GPL-licensed code is not necessarily free. An obfuscated source is 
unmaintainable regardless of the license, so two freedoms are taken away: the 
freedom to study, and the freedom to run modified versions. LibreJS is unable 
to detect obfuscated code.

Thank you. This is a bug, can you please file a bug report to https://savannah.gnu.org/bugs/?group=librejs ?

Please report all your bugs to that page.

What I mean by drive-by-downloading, here we get philosophical. How free is 
the code which is only meant to be executed once? No one audits > 99% of this 
code, and it's all in constant flux. I would even argue, there's no hope it 
can ever be audited. There are already (I am sure) websites that generate 
brand-new code for every visit, making this assertion literal. How do you 
audit all that code? With an automated tool? An algorithm can't even solve a 
halting problem, let alone audit itself out of a paper bag.

Now put yourself in the shoes of an average web user. Average here is the key 
word. Their freedoms to understand and modify the _javascript_ code have all but 
completely eroded. In a traditional software distribution market they can hire 
experts to explain and fix the software for them. This is utterly unaffordable 
if every click generates new software.

And now back to drive-by-downloading, which is important because it is perhaps 
the source of the problem. All of this is happening, as we all know very well, 
because average users are willing to run software from any source, as long as 
it doesn't make their computer explode right away. They don't even understand 
the basic difference between downloading data versus downloading and executing 
an arbitrary algorithm. When a blog, or a news site, or a government website 
won't load because you didn't let it run an arbitrary algorithm on your 
computer, that's crazy, just crazy. And the norm. These users who leave all 
_javascript_ on, they already buried 2 of their freedoms, and the boilerplate 
license on the disposable code can't change that. They need to be told to 
boycott sites which require JS to function, and to demand legislation which 
would require something like HTML+CSS web fronts from commercial and 
government entities. It is not at all helpful, in my opinion, to differentiate 
between varieties of _javascript_ sources, because none of them should be 
downloaded in the first place. Most importantly, web masters who want a free 
web should stop using _javascript_, and they should be transitioning right now, 
and not stop until there's nothing left for LibreJS to mark as free. All 
desired _javascript_ functionality can be trivially recreated via a combination 
of free browser plugins and calls to free and standard libraries. The drive-
by-download culture, on the other hand, will plunge us deeper into the sea of 
disposable software.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]