
GNU LibreJS - sciurus
https://www.gnu.org/software/librejs/
======
connorshea
At GitLab we've been working with some volunteers at the FSF/GNU Project to
improve our score on the Ethical Repo Criteria Evaluation [1]. We've got an
issue open about LibreJS [2] specifically, as well as another to fix the other
issue preventing us from receiving a B grade. We're also working on resolving
some of the A grade criteria, albeit not all of them [3].

It's disheartening to see the FSF demonized here, as I've been pleasantly
surprised with the discussions I've had with most of their members. In the
last HN thread about the Ethical Repo Evaluation, people called their
requirements ridiculous. I agree with that for some of the A grade criteria,
e.g. the GNU/Linux requirement, but I think people are misunderstanding the
purpose of the A grade, which is to signal that a site is "sufficiently free"
and can be used to host the GNU Project's source code. This is partly the
fault of the FSF having poor communication, of course.

I'd like to highlight a comment by an FSF Volunteer regarding our work on some
criteria for the A grade, "Thanks for taking the time on this; I'm very
encouraged, and I'm happy with any progress made. Again: since these criteria
are for hosting of GNU projects, they're a bit more strict and won't be met by
most services."

GitLab CE is licensed under the MIT Expat License, not the GPL, and yet
they're perfectly happy to work with us regardless. Outwardly they advocate
for extreme ideas, but they're also willing to compromise.

Apologies if this is rambly at all, or comes off as "shilling" in any way, I
just wanted to share my story of interacting with the FSF. Hopefully I can
convince some people that they're not all living in caves yelling about how
they'll never use non-GPL software.

[1]: [https://www.gnu.org/software/repo-criteria-
evaluation.html](https://www.gnu.org/software/repo-criteria-evaluation.html)

[2]: [https://gitlab.com/gitlab-org/gitlab-
ce/issues/15621](https://gitlab.com/gitlab-org/gitlab-ce/issues/15621)

[3]: [https://gitlab.com/gitlab-org/gitlab-
ce/issues/15678](https://gitlab.com/gitlab-org/gitlab-ce/issues/15678)

~~~
EuAndreh
I'd like to note that GitLab not only is doing an awesome job with the FSF,
but they are also themselves embracing free software tools for their internal
work.

They're switching from Slack to Mattermost[0], from Google Analytics to
Piwik[1], looking for a free software commenting software to replace
Disqus[2].

[0]: [https://about.gitlab.com/2015/08/18/gitlab-loves-
mattermost/](https://about.gitlab.com/2015/08/18/gitlab-loves-mattermost/)

[1]: [https://about.gitlab.com/2015/11/27/gitlab-switches-to-
piwik...](https://about.gitlab.com/2015/11/27/gitlab-switches-to-piwik-
analytics-to-free-the-javascript/)

[2]: [https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-
so...](https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/)

~~~
connorshea
Just to be fair, internally we're currently using Slack. We'll be switching to
Rocket Chat next week (right before we all fly to Austin to meet everyone
face-to-face, so God help us there if stuff breaks). I'm relatively new, so I
don't know what happened with Mattermost. I also haven't been following what
we're intending to ship with in future versions, it could be both or just one,
but don't quote me on that.

~~~
soupbowl
Has your team looked into [http://matrix.org/](http://matrix.org/) ? I looked
into rocket chat before finding matrix and I found it covered my needs better.

~~~
nitrogen
You post a lot about matrix.org. Are you involved with it, or just a happy
user?

------
wvenable
The majority of the sites on the web are non-free software that you interact
with -- the browser is effectively a remote terminal. Whether or not large
JavaScript is involved seems secondary. I understand the distinction between
code running on a remote server and code distributed to me and run the browser
but that seems like a more of a technical distinction than a moral one.

(In terms of my own raw time, the percentage of open source[1] software the
web I interact with daily is surprisingly high)

[1] Unsure of exact licensing compatibility so I can't say it's all Free
Software.

~~~
justinlardinois
I was thinking this too. You _can_ read the HTML and CSS of any website, but
there's likely no licensing information attached to it. And you'll never see
the server side code of most websites.

What's the reason that's not considered a problem? Is it because it's not
actually running on the user's computer? Or because you can think of the
resulting HTML/CSS as output of the program?

~~~
Delmania
> What's the reason that's not considered a problem

It's considered a problem:

[http://www.gnu.org/philosophy/who-does-that-server-really-
se...](http://www.gnu.org/philosophy/who-does-that-server-really-
serve.en.html)

~~~
Touche
> The original idea of web servers wasn't to do computing for you, it was to
> publish information for you to access. Even today this is what most web
> sites do, and it doesn't pose the SaaSS problem, because accessing someone's
> published information isn't doing your own computing.

The more grey area that exists the harder it is for me to understand what
Stallman's beliefs actually are. "doing your own computing", why is that the
center of his moral beliefs?

The longer time passes, the more it feels like Stallman is holding a lifelong
vendetta because he had trouble debugging some printers.

~~~
Spooky23
Because laws around digital intellectual property are profoundly different
from physical goods, even when the goods are intellectual property like a
book.

Consider a trivial example. I bought an iOS SSH app called prompt. The authors
subsequently release a new version and removed the old one from the store. It
works great on my phone and I decided decided to put it on another device.
Guess what? It's not on the App Store any more, and my options for using it
are limited.

~~~
sooheon
Well if the FSF had its way prompt would never have been made to the degree of
polish and quality that it was, because there would have been no financial
incentive, no?

~~~
izacus
Really? So that's why so many of those fancy proprietary web sites run on
fully opensource free stacks?

------
aaronbrethorst
Apparently it adds a "Complain" tab to your browser when it detects offensive
JavaScript:
[https://www.gnu.org/software/librejs/manual/librejs.html#Com...](https://www.gnu.org/software/librejs/manual/librejs.html#Complaint-
Feature)

~~~
striking
That's just what the world needs. More bikeshedding about "offensive
JavaScript".

Offensive JS includes:

"It makes an AJAX request or is loaded along with scripts that make an AJAX
request" and "Calling methods with the square bracket notation" and "Using any
other construct than a string literal with certain methods (Obj.write,
Obj.createElement, …)."

If it includes something like the above (which 99% of HTML frameworks do) and
it doesn't have a free license statement, should people really complain about
it?

Like, fine. Sure. You don't want to run non-free JS. Okay. But there's no
reason to waste someone's time complaining about it, either.

How is anyone supposed to take this seriously?

~~~
s4chin
I attended an RMS lecture about free software and the GNU movement. To me, RMS
just seems to be too paranoid about "non-free" software to the point that it
just seems impractical.

He spoke about LibreJS and about why we should complain, but I wasn't really
convinced due to the exact same reason you mentioned.

~~~
henrikschroder
RMS is not paranoid, he is extremely consistent in applying his philosophy. He
shows by example what it's like to use only free software.

For the rest of us, his ways are extremely impractical, so we compromise. We
run a lot of proprietary software, and we don't really think about it.

But RMS thinks about it, and tells us in every single instance exactly what we
are giving up as a compromise. And in that regard he, and the FSF, are very
useful, and deserves respect.

The world would be a worse place without him, but we also only really need one
of him.

~~~
krapp
One can be paranoid and maintain a consistent worldview.

------
gravypod
I really want something like this, not for the freedom but for the battery
savings.

I'd love to be able to automatically detect which bits of JS are needed and
run them selectivity.

The added freedom and privacy are really nice, but I also need my laptop
battery to last longer then a few hours.

------
hoodoof
This is from people who like to turn off JavaScript in a browser, right?

Sort of a weird Camelot-esque quest for freedom.

~~~
Zikes
NoScript I can easily understand. It's deciding for yourself what you do and
don't want to run on your computer. LibreJS is trying to dictate that to all
web developers, and its demands are ridiculous.

~~~
striking
At first I thought, "Oh, this is harmless. It just blocks JS that doesn't meet
their standards."

And then I read about the heuristic "Complain" tab.

Dunno why you're being downvoted, that's a legitimate complaint. Why waste
people's time on something like this?

------
andremendes
Asides the core debate, it makes browsing way slower than I'd expect for an
extension of this kind.

------
callesgg
To me it would seam this boils down to a philosophical issue regarding what is
information and what is code, and i guess ownership of information.

If someone gives me something directly (like a book or information in a
conversation) without a disclaimer or some sort of contract. I would assume it
is now mine and i assume the law does to.

And from my perspective getting a response from a http server is the same
thing as being given something.

~~~
roywiggins
It may be yours to view, but it's not yours to copy and republish. That's what
copyright is all about- the right to view and the right to copy are explicitly
unbundled, and the former hardly ever implies the latter.

You can't assume that if someone lets you into their house, they've implicitly
granted you the right to enter their house whenever you want or invite your
own guests. There's no disclaimer needed, ever, because it's their property.
Copyright just extends that idea to intellectual property.

------
chris_wot
This could have been useful if it applied to ALL of Stallman's arguments. Like
for instance, the ability to swap out JavaScript with your own code, which
this can't do.

------
pron
I find the FSF's mission extremely important on an educational, "meta" level —
regardless of the particular content of their ideology — especially in the
Silicon Valley culture. According to the SV ethos, laws come in two flavors.
The first is man-made laws, like the laws of government. Those are often
described as "silly", "outdated" or downright "stupid"; it is imperative that
SV culture hack those — as in break — and replace them with something else (as
in "It's easier to ask forgiveness than it is to get permission"). The second
kind of laws is the laws of the society (or the market, as a special case) —
"what people want". Those laws need to be hacked — as in exploited cleverly —
and are on the same level as natural laws. Opposing those is seen as
"ideology" (with an implied negative connotation, as ideology is the futile
fight with the laws of nature), or worse: " _political_ ideology". Never mind
that the entire goal of technology is fight the actual laws of nature, that in
their eternal indifference, have placed annoying limitations — nay,
"challenges" — on us humans. There is a strong naturalistic fallacy built into
the SV ethos, that is only in effect when social laws are concerned[1]. The
FSF is a movement that tackles celebrated SV ideas (code; freedom) yet reminds
us that "emergent" social laws are just as man-made as the laws of
governments, and unless proven otherwise, they can — and must — be changed by
human action.

This can be maddening to the hacker ideology, which views this direct, real
political action as folly. Why fight what is impossible to fight if you can
somehow hack a workaround? Wasting effort trying to divert a river seems crazy
if you believe that "progress" can be achieved while swimming with the
current.

[1]: I have a theory as to why that is: to the somewhat autistic mind of some
technology types, the physical laws are governed by unforgiving but inherently
simple laws, presenting a well-designed puzzle, meant to be solved. The social
laws, on the other hand, appear complex, impenetrable, even threatening. They
are then either discounted as stupid (i.e., society can be simple, but isn’t
because stupid people complicate it; a utopia would be governed by simple
laws, resembling those of the physical world in structure), or surrendered to
as something too powerful to understand and contend with head-on. A clever
hacker is meant to exploit their quirky, but superficial idiosyncrasies,
uncovered by statistics and "data", but must never fight them and never try to
untangle their deep structure.

~~~
pythia__
>the entire goal of technology is fight the actual laws of nature

I find this a very questionable premise. Technology, being constrained by
physics, necessary works with the laws of nature at least to that extent[1].
Well-designed technology, however, most often also works with rather than
against its materials[2] and with, rather than against, the human mind that is
intended as its user.

[1] E.g., airplanes do not _fight_ physics to fly but use it. The "fight" view
is based on an incomplete picture that ignores everything beyond gravity.

[2] This is not the same as the _intent_ of whoever created the materials,
hence hacking.

~~~
pron
I meant to fight the limitations that the laws of nature place on human
action. I thought that was clear. Obviously, technology can't actually
_change_ the laws of nature as they are (assumed to be) immutable. But in that
sense, we "fight" them (i.e. their effects on us) with technology to the best
of our abilities. Social laws, however, can and constantly do change by human
action, and yet SV culture seems to fear putting as much as a fight against
them as it does "against" the real laws of nature, and even shows some
aversion to studying them in depth (i.e. beyond tallying them with data and
statistics, akin to how the early astronomers studied the heavenly bodies
centuries and millennia ago).

------
DanielDent
Just wait until they discover NaCL, PNaCL, ASM.js, and web assembly...

~~~
rhinoceraptor
Or even just regular minification, or using a compile-to-js language that
emits non-human readable JS.

~~~
Delmania
I could have sworn the "Javascript Trap" mentioned that issue, but I think the
viewpoint is that minified JS is the compiled version. So long as you provide
the raw files, it's fine.

------
ultim8k
There are serious problems on this world and some people just make nonsense
things based on nonsense fears.

------
justinlardinois
And it looks like to get your Javascript to be considered free, even if it
already is free, you have to jump through a bunch of hoops to get this to pick
it up:

[http://www.gnu.org/software/librejs/free-your-
javascript.htm...](http://www.gnu.org/software/librejs/free-your-
javascript.html)

This is a joke.

~~~
rubbingalcohol
I don't see the problem with putting a small license comment in my JS
includes. A lot of people only want to run Free Software to the extent
possible. Just as it's not unreasonable for restaurants to have offerings for
people who are vegans, it's not unreasonable for software developers to offer
software for hardcore FOSS types.

If you don't understand or dislike it, you don't have to include license info
in your JavaScript, but why disrespect people who care?

~~~
zxcvcxz
>why disrespect people who care?

It's called FUD.

All cultures are welcome except free-software culture. Have you ever noticed
that?

Apparently having certain software standards puts us on the same level as
religious fanatics. I don't worship GNU, I don't threaten to chop heads off if
people don't use free software.

The reality is that free software culture poses a threat to proprietary
business practices and so many companies have incentive to create a narrative
where those of us who prefer free software and certain philosophical ideals
are seen as crazy fanatics.

Meditate for a few hours a day? no problem.

Pray toward mecca seven times a day? fine.

Prefer free software on your computer? GOD I HATE FREE SOFTWARE FANATICS AND
THEIR INSANE PHILOSOPHY!

------
Zikes
The linked treatise on JavaScript sounds almost satirical to me[1].

> Our tentative policy is to consider a JavaScript program nontrivial if:

> it makes an AJAX request or is loaded along with scripts that make an AJAX
> request,

Sometimes I think RMS would be happier if the web had just stopped development
after the release of the Mosaic browser.

[1] [http://www.gnu.org/philosophy/javascript-
trap.html](http://www.gnu.org/philosophy/javascript-trap.html)

~~~
throwanem
> Sometimes I think RMS would be happier if the web had just stopped
> development after the release of the Mosaic browser.

Or before. He doesn't really [1] browse the web:

> I generally do not connect to web sites from my own machine, aside from a
> few sites I have some special relationship with. I usually fetch web pages
> from other sites by sending mail to a program (see
> git://git.gnu.org/womb/hacks.git) that fetches them, much like wget, and
> then mails them back to me. Then I look at them using a web browser, unless
> it is easy to see the text in the HTML page directly. I usually try lynx
> first, then a graphical browser if the page needs it (using konqueror, which
> won't fetch from other sites in such a situation).

[1] [https://stallman.org/stallman-
computing.html](https://stallman.org/stallman-computing.html)

~~~
Klathmon
I saw that quote once and i thought it was satire...

~~~
throwanem
Poe's law is in full effect with Dr. Stallman.

------
sdegutis
It's really interesting to see GNU writing their own version of everything so
that it adheres to its own principles. It reminds me of China. Both reinvent
things based on questionable motivations, both seem to really not "get" every-
day people (e.g. understand their needs and wants), and both end up with
products that just feel lower-quality and half-put-together than the products
they're cloning on principle.

~~~
ymse
I'm curious, which products are you referring to? In most cases the GNU
version predates the alternative by a large margin. E.g. screen vs tmux, squid
vs varnish, wget vs curl, net-tools vs iproute2 etc.

Of more recent software "clones", there is guix vs nix, mcron vs vixie-cron,
shepherd vs systemd, gnutls vs openssl, all high-quality implementations of
good ideas.

Sure, lsh has a way to go before it's a viable alternative to OpenSSH, but I
wouldn't say it's low-quality. I don't think I've come across a GNU project
which felt "half-put-together", rather the opposite.

The GNU projects' motivation is very clear-cut and not at all different from
e.g. the BSD camp or suckless. How are they questionable?

~~~
rekado
> _Of more recent software "clones", there is guix vs nix, mcron vs vixie-
> cron, shepherd vs systemd, gnutls vs openssl, all high-quality
> implementations of good ideas._

Shepherd is hardly a clone of systemd. It's older and has much fewer features.
They are both init systems.

The relationship of Guix and Nix is also not that of rivalry. Guix uses the
Nix daemon and subscribes to the idea of functional package management, but
everything else is quite different.

(I realise you put "clone" in quotes and wrote _" all high-quality
implementations of good ideas"_, but I thought I should clarify anyway.)

