Hacker News new | comments | ask | show | jobs | submit login
GNU LibreJS (gnu.org)
213 points by sciurus on Apr 29, 2016 | hide | past | web | favorite | 159 comments

At GitLab we've been working with some volunteers at the FSF/GNU Project to improve our score on the Ethical Repo Criteria Evaluation [1]. We've got an issue open about LibreJS [2] specifically, as well as another to fix the other issue preventing us from receiving a B grade. We're also working on resolving some of the A grade criteria, albeit not all of them [3].

It's disheartening to see the FSF demonized here, as I've been pleasantly surprised with the discussions I've had with most of their members. In the last HN thread about the Ethical Repo Evaluation, people called their requirements ridiculous. I agree with that for some of the A grade criteria, e.g. the GNU/Linux requirement, but I think people are misunderstanding the purpose of the A grade, which is to signal that a site is "sufficiently free" and can be used to host the GNU Project's source code. This is partly the fault of the FSF having poor communication, of course.

I'd like to highlight a comment by an FSF Volunteer regarding our work on some criteria for the A grade, "Thanks for taking the time on this; I'm very encouraged, and I'm happy with any progress made. Again: since these criteria are for hosting of GNU projects, they're a bit more strict and won't be met by most services."

GitLab CE is licensed under the MIT Expat License, not the GPL, and yet they're perfectly happy to work with us regardless. Outwardly they advocate for extreme ideas, but they're also willing to compromise.

Apologies if this is rambly at all, or comes off as "shilling" in any way, I just wanted to share my story of interacting with the FSF. Hopefully I can convince some people that they're not all living in caves yelling about how they'll never use non-GPL software.

[1]: https://www.gnu.org/software/repo-criteria-evaluation.html

[2]: https://gitlab.com/gitlab-org/gitlab-ce/issues/15621

[3]: https://gitlab.com/gitlab-org/gitlab-ce/issues/15678

I'd like to note that GitLab not only is doing an awesome job with the FSF, but they are also themselves embracing free software tools for their internal work.

They're switching from Slack to Mattermost[0], from Google Analytics to Piwik[1], looking for a free software commenting software to replace Disqus[2].

[0]: https://about.gitlab.com/2015/08/18/gitlab-loves-mattermost/

[1]: https://about.gitlab.com/2015/11/27/gitlab-switches-to-piwik...

[2]: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-so...

Just to be fair, internally we're currently using Slack. We'll be switching to Rocket Chat next week (right before we all fly to Austin to meet everyone face-to-face, so God help us there if stuff breaks). I'm relatively new, so I don't know what happened with Mattermost. I also haven't been following what we're intending to ship with in future versions, it could be both or just one, but don't quote me on that.

Has your team looked into http://matrix.org/ ? I looked into rocket chat before finding matrix and I found it covered my needs better.

You post a lot about matrix.org. Are you involved with it, or just a happy user?

I'm not sure, like I said, I haven't been following along with this specifically :)

I don't think there's any OSS solution that can rival Disqus right now. Discourse comes closest in terms of features but it actually redirects the users to the forum when it is embedded, instead of allowing commenting inline on the blog/site. Bad UX :(

Thanks for the downvote, Mr. No-Explanation-Guy.

> This is partly the fault of the FSF having poor communication, of course.

You've highlighted here one of the biggest reasons why the FSF is demonized. The organization has made and continues to make significant contributions to computing. It also sounds like many people who volunteer there also realize the need to compromise in order to move forward.

However, the FSF itself, as a few pointed out belief, is an organization focused on it ideology. While making good software is important for it to advance its agenda, the simple fact is how you say something is just as, if not more than, important as what you are saying. The message comes off just as bad as many fundamentalist religious organizations. That's going to drive away a lot of people, many of whom would agree if the message was marketed better.

That better marketing is supposed to be the open source movement. It is debatable whether that has achieved the desired effect or not. It really depends on what the desired effect is.

Also, the FSF does not really "compromise". If you ask them, "hey can you accept just a liiiiitle bit of non-free software", they'll say "no". A compromise can be disastrous to the FSF, in their view, akin to accepting a liiiiitle slavery.



I think that their aversion to compromise -- effective in practice or not -- is an antidote to Silicon Valley's inherent is-ought fallacy when social laws are concerned: https://news.ycombinator.com/item?id=11600803

Exactly. The people that say that "they advocate for extreme ideas" probably ignore the FSF's actual mission.

Could you also make it work without JavaScript enabled? I'd like to be able to use it with text-mode browsers.

The majority of the sites on the web are non-free software that you interact with -- the browser is effectively a remote terminal. Whether or not large JavaScript is involved seems secondary. I understand the distinction between code running on a remote server and code distributed to me and run the browser but that seems like a more of a technical distinction than a moral one.

(In terms of my own raw time, the percentage of open source[1] software the web I interact with daily is surprisingly high)

[1] Unsure of exact licensing compatibility so I can't say it's all Free Software.

I was thinking this too. You can read the HTML and CSS of any website, but there's likely no licensing information attached to it. And you'll never see the server side code of most websites.

What's the reason that's not considered a problem? Is it because it's not actually running on the user's computer? Or because you can think of the resulting HTML/CSS as output of the program?

> What's the reason that's not considered a problem

It's considered a problem:


> The original idea of web servers wasn't to do computing for you, it was to publish information for you to access. Even today this is what most web sites do, and it doesn't pose the SaaSS problem, because accessing someone's published information isn't doing your own computing.

The more grey area that exists the harder it is for me to understand what Stallman's beliefs actually are. "doing your own computing", why is that the center of his moral beliefs?

The longer time passes, the more it feels like Stallman is holding a lifelong vendetta because he had trouble debugging some printers.

Because laws around digital intellectual property are profoundly different from physical goods, even when the goods are intellectual property like a book.

Consider a trivial example. I bought an iOS SSH app called prompt. The authors subsequently release a new version and removed the old one from the store. It works great on my phone and I decided decided to put it on another device. Guess what? It's not on the App Store any more, and my options for using it are limited.

If you log in to the App Store on that device, go to Updates -> Purchased -> Not on this iPhone (or iPad, etc.) you should be able to install it on the new device.

Well if the FSF had its way prompt would never have been made to the degree of polish and quality that it was, because there would have been no financial incentive, no?

Really? So that's why so many of those fancy proprietary web sites run on fully opensource free stacks?

In the same way that Red Hat isn't a thing, right?

The point of "doing your computing" is the concept of freedom within the Free Software movement.

According to RMS, "freedom is having control over your life". "In a computer system there are just two possibilities: either the user controls the program or the program controls the user".

So, "doing your own computing" is "having control over your life", and thus, having freedom.

My point, that I didn't articulate well, is that over time everything is going to be computing. Some day your pants will have a CPU in it. Do you not have control over your life if proprietary pants software cools your legs when it's hot?

So it seems that the definition of "what is software" has to constantly be redefined OR the whole Free Software thing becomes more and more a luddite idea.

I draw exactly the opposite conclusion: over time everything is going to be computing, yes, and so the whole Free Software thing becomes more and more a fundamental, essential, political idea.

If the objects and systems surrounding you are controlled by software, then your personal freedom to make your own personal choices is determined by your ability to control the software that controls your environment.

> Do you not have control over your life if proprietary pants software cools your legs when it's hot?

Do you have the source code to firmware on the chip in the pants? Can you install a custom version? That would be consistent with the FSF's viewpoint. They want the user to have full access and control over the software he uses in all devices he uses.

To put a bit of a finer point on it: Stallman has said (paraphrasing; I'm having trouble finding a good source) that self-contained embedded firmware/microcode without an update mechanism isn't "software" in a sense relevant to the Free Software movement. Rather, it's equivalent to a hardwired state machine, and we can judge its behavior as a single object, notwithstanding what its architecture looks like internally.

When did he say this? In the 80s when he established the FSF or recently when the issue came up? This is my entire point, over time the definition of "software" has to be re-evaluated to justify the existence of this ethos; if one man defines what is "software" under this philosophy it doesn't feel like a real philosophy at all.

From his site:


However, if I am visiting somewhere and the machines available nearby happen to contain non-free software, through no doing of mine, I don't refuse to touch them. I will use them briefly for tasks such as browsing. This limited usage doesn't give my assent to the software's license, or make me responsible its being present in the computer, or make me the possessor of a copy of it, so I don't see an ethical obligation to refrain from this. Of course, I explain to the local people why they should migrate the machines to free software, but I don't push them hard, because annoying them is not the way to convince them.

Likewise, I don't need to worry about what software is in a kiosk, pay phone, or ATM that I am using. I hope their owners migrate them to free software, for their sake, but there's no need for me to refuse to touch them until then. (I do consider what those machines and their owners might do with my personal data, but that's a different issue, which would arise just the same even if they did use free software. My response to that issue is to minimize those activities which give them any data about me.)

That's my policy about using a machine once in a while. If I were to use it for an hour every day, that would no longer be "once in a while" — it would be regular use. At that point, I would start to feel the heavy hand of any nonfree software in that computer, and feel the duty to arrange to use a liberated computer instead.

Likewise, if I were to ask or lead someone to set up a computer for me to use, that would make me ethically responsible for its software load. In such a case I insist on free software, just as if the machine were mine.

As for microwave ovens and other appliances, if updating software is not a normal part of use of the device, then it is not a computer. In that case, I think the user need not take cognizance of whether the device contains a processor and software, or is built some other way. However, if it has an "update firmware" button, that means installing different software is a normal part of use, so it is a computer.

It's not like he doesn't consider it software, just that he's OK with not being Free. That said, small details at the edges hardly invalidate a philosophy.

Over time this will be unsurmountable; you'll not have the time to audit everything you contact (it all can be software and you not even know it). The only solution is to live an isolationist lifestyle.

The idea is that we'll verify things as a community; not necessarily that we each have to individually audit things

Remember that rms mainly opposes the distribution of proprietary software. His main goal has always been to have enough FOSS written to satisfy the needs of users, allowing them to avoiding having to choose between performing some task or keeping their rights.

I think what it comes down to more than anything is equality. What happens when someone discovers a breakthrough to reverse aging or to improve cognitive functioning? Should that information be public, or only accessible to the rich?

Now take the same analogy to computing. How many people have access to entire data centers to run algorithms for machine learning and AI? Doing your own computing is the opposite of that. Instead of sharing your information, it's saying we should build software and applications that run locally and that are open source so that we can audit the code. It's sad that the norm is everything in the cloud these days without any concern for privacy.

> The longer time passes, the more it feels like Stallman is holding a lifelong vendetta because he had trouble debugging some printers.

That ad hominem is uncalled for.

Much HTML and CSS nowadays is not really readable, but minified or obfuscated. It's not the 1990s where reading other people's static HTML was a good way to learn how to make your own websites.

Eh. HTML and CSS is the easy part - you can't really obfuscated, only minify it to remove whitespace, which is easily reversible. All great browser dev tools have built in ways to unminify web assets. And it's even easier for HTML and CSS as they're easily viewable in parsed form (DOM).

My point is that HTML and CSS rarely is "source code" these days, (i.e. "the preferred form for modification") but the output of a tool. Back when we were using assemblers instead of compilers, assembly was considered source code, but now it's an opaque object. It is most HTML and CSS these days: opaque objects. If nothing else, the identifiers and CSS selectors can be easily obfuscated.

CSS is often compiled from other languages like SASS.

HTML is often built from complicated templates.

> Unsure of exact licensing compatibility so I can't say it's all Free Software.

Open source and free software mean the same thing, or at least they intend to mean the same thing. There are very few obscure examples where they differ (for example, the NASA license). You are very unlikely to run across a difference.



They do not mean the same thing. They are often coincidentally the same thing, but philosophically they are not the same:

"Why 'Free Software' is better than 'Open Source'": http://www.gnu.org/philosophy/free-software-for-freedom.en.h...

(Note: the title is not mine)

No, the intention of "open source" was to have a synonym for "free software".


They mean the same thing in the same way that "digital rights management" and "digital restrictions management" means the same thing: they refer to the same thing, but give a different slant to refer to the same thing.

Like you mentioned in your article, this indeed seems to be Bruce Perens' opinion. However, notice how both Eric Raymond (on the side of open source) and Richard Stallman (on the side of free software) disagree with him.

If you listen to people like Eric Raymond, open source is all about quality. "Many eyes make all bugs shallow", etc.

If you listen to people like Richard Stallman, free software is all about users' rights: in some cases free software may be of higher quality than comparable proprietary software, but that's just a welcome side-effect -- what matters is that it respects users' rights. In this view, free software would be worthwhile even if it was technically inferior to contemporary proprietary software.

Or to put it another way: if Eric Raymond one days wakes up convinced that Open Source is technically inferior, he must drop it in order to remain consistent with his own justifications. If Richard Stallman one day wakes up convinced Free Software is technically inferior, he will remain committed to it, since technical quality was never his primary goal.

I'd say that's a pretty big philosophical difference!

> If you listen to people like Eric Raymond, open source is all about quality. "Many eyes make all bugs shallow", etc.

I'm not a fan of ESR at all (he's a bit of a paranoid nutcase), but you are taking that way out of context here.

The "given enough eyeballs" quote was about project leadership styles not software licensing. It was about empowering and accepting many contributors into a project (the bazaar) instead of having a small clique in charge of a project (the cathedral).

> Or to put it another way: if Eric Raymond one days wakes up convinced that Open Source is technically inferior, he must drop it in order to remain consistent with his own justifications.

ESR thought that attracting large contributor bases to projects was the key to improving quality. Not that Open Source automatically means better quality.

Yes, I'm very well that they refer to philosophical differences. But they are both talking about the same damn software. Not the same philosophy, but the same software. This is something everyone agrees about, not just Bruce Perens. This is also the official position of OSI, not just Bruce Perens': that open source is just another name for free software.

That is not true, because every free software is open source, but not every open source software is free. (this is me oversimplifying to make a point)

With respect to actual determinations of acceptability of licenses based on official criteria by FSF and OSI, there are some licenses that are FSF-free that have not been OSI-approved (though possibly in all such cases no meaning should be attached to the failure to approve since it simply reflects that the license was not submitted for approval), and, as I think someone pointed out, some OSI-approved licenses that have specifically been said by the FSF to be nonfree. It seems unlikely to me that the current OSI (disclosure: I'm currently a board member) would be inclined to reach a conclusion that is in conflict with a conclusion reached by the FSF as to license acceptability.

What example do you have in mind of open source software that is not free software? I suspect you might have a (very common) misunderstanding of what each term means.

From http://www.gnu.org/philosophy/open-source-misses-the-point.h...

"Under pressure from the movie and record companies, software for individuals to use is increasingly designed specifically to restrict them. This malicious feature....is the antithesis in spirit of the freedom that free software aims to provide. And not just in spirit: since the goal of DRM is to trample your freedom, DRM developers try to make it hard, impossible, or even illegal for you to change the software that implements the DRM.

Yet some open source supporters have proposed “open source DRM” software. Their idea is that, by publishing the source code of programs designed to restrict your access to encrypted media and by allowing others to change it, they will produce more powerful and reliable software for restricting users like you. The software would then be delivered to you in devices that do not allow you to change it.

This software might be open source and use the open source development model, but it won't be free software since it won't respect the freedom of the users that actually run it."

It's not that simple. Open source implies the source is out there for anyone to study. Free software is not necessarily free of charge and readily available.

Nothing prevents you from paywalling a GPL program as long as you distribute sources to legitimate users on request. Free as in freedom, not as in beer.

Open source as formally defined by the OSI is also not necessarily free of charge and readily available to everyone. The GPL of course is an open source license, some revisionist tendencies to use "open source" to refer only to non-GPL-family licenses notwithstanding.

I had never looked up the OSI definition[0], but you are of course entirely correct. So the difference between free and open source software is the "four freedoms", which I think we all knew to begin with.. :)

0: https://opensource.org/osd

The OSI definition includes the four freedoms, just stated in different ways:

"The freedom to run the program as you wish, for any purpose" - "The license must not restrict anyone from making use of the program in a specific field of endeavor."

"The freedom to study how the program works, and change it so it does your computing as you wish" - "The program must include source code (...) The license must allow modifications and derived works"

"The freedom to redistribute copies so you can help your neighbor" - "The program (...) must allow distribution in source code as well as compiled form."

"The freedom to distribute copies of your modified versions to others" - "The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software."

That's why almost all software considered "open source" is also "free software" and vice-versa.

Apparently it adds a "Complain" tab to your browser when it detects offensive JavaScript: https://www.gnu.org/software/librejs/manual/librejs.html#Com...

That's just what the world needs. More bikeshedding about "offensive JavaScript".

Offensive JS includes:

"It makes an AJAX request or is loaded along with scripts that make an AJAX request" and "Calling methods with the square bracket notation" and "Using any other construct than a string literal with certain methods (Obj.write, Obj.createElement, …)."

If it includes something like the above (which 99% of HTML frameworks do) and it doesn't have a free license statement, should people really complain about it?

Like, fine. Sure. You don't want to run non-free JS. Okay. But there's no reason to waste someone's time complaining about it, either.

How is anyone supposed to take this seriously?

> That's just what the world needs. More bikeshedding

You pretty much summed up one of the two biggest issues at why the FSF has not had a larger impact on the world. The organization makes issues over these kinds of details and then paints it into a "us vs. them" situation. It seems to have little interest with trying to work with people, and more insistent on making sure you follow it's dogma.

The other issue is that the organization presents its arguments like a sophomoric adolescent. "Windows 7 Sins"? Who's going to take that seriously?

The FSF has had a massive impact on the world. The constant discussion of how they should be presenting their message should be in the dictionary under bikeshedding.

Maybe it isn't the way they're presenting their message; maybe you just don't agree with them.

> Maybe it isn't the way they're presenting their message; maybe you just don't agree with them.

I mostly agree with the FSF position and have defended Stallman on these pages many a time, donate a little bit to the Free Software Conservancy... but I have to agree with Delmania that the FSF does crap on in an adolescent manner at times. Like making pet nicknames and always using them (eg the 'Swindle'). The way the arguments are presented, it's like preaching to the choir - name-calling and in-jokes aren't exactly a dispassionate presentation of philosophy, and aren't going to win many friends who aren't already inclined that way to begin with.

Stallman argues that the name-calling is actually maturity-in-disguise, and that humour is needed in fighting oppression[1]. However, he's wrong about that, and even if he was right, it's shithouse, clumsy humour that is made for the choir, not for the wider audience.

[1] http://www.gnu.org/philosophy/why-call-it-the-swindle.en.htm...

> The FSF has had a massive impact on the world.

It has? I'll accept that only for the conception of FLOSS. However, I would then say that the OSI and Linux Foundations have had greater impact. They relied on the RMS's license, but they have actually managed to make inroads, whereas the FSF has stayed in it's corner, shouting.

> maybe you just don't agree with them.

What I don't agree with is the all or nothing attitude they have. The ability to know when to compromise is crucial to working with people.

> It has? I'll accept that only for the conception of FLOSS. However, I would then say that the OSI and Linux Foundations have had greater impact

The OSI and Linux Foundations are results of the FSF. The FSF changed the entire face of computing, and the daily lives of every programmer in the world.

> What I don't agree with is the all or nothing attitude they have.

They are an ethics organization. They are consistent and clear. They do not work with organizations or individuals who actively oppose the ethics they endorse. Exactly what goals are they trying to achieve that would benefit from that?

Their goals do not include getting the most users, making computers more convenient, or cheaper, producing the greatest software, or selling the most ads. They are clear about their purpose. When they attempt those things, it is solely to advance ethical goals. Specifically, who should they be working with, to what end?

> They are an ethics organization

That sounds weirdly like Scientology.

Riiiiiight, because the FSF conducts ritual hazing? Or do they pressure people into giving them money by harassing their whole family? Or because they have created the most successful pyramid scheme in the world? Since the FSF hasn't done any of those things, I'm surprised that someone would liken an organisation trying to give freedom to all users of software as being "oddly like Scientology".

As long as the FSF controls Emacs, GCC, and coreutils they're definitely doing a little more than shouting.

I mean they're ‘GNU’ in GNU/Linux, which is a bit more widespread¹ than any BSD/Linux type thing.

¹Pretty sure Android/Linux wins in sheer numbers, but GNU/Linux has been historically more important and is deployed in more scenarios than smartphones. But if we consider ‘widespread’ to mean numbers, my statement is false.

It's Linux, not GNU/Linux. The other problem is people don't consciously associate Emacs or GCC with GNU or the FSF, they're just tools on a machine.

Do you call Android "just Linux" also?

There's a bit more to the OS than just the kernel.

I dunno, I think people tend to associate Emacs = GPL, Vim = BSD. Same with GCC vs Clang. Oh and Emacs says ‘GNU Emacs’ all over itself, same with the GNU Compiler Collection.

It is GNU/Linux. Claiming that Linux is the most important part of the system is rewriting history (the GNU project started almost a decade before Linux was created).

GNU would have gone nowhere without Linux. Do you really think GNU/Hurd would have taken over?

There are many other kernels. Hurd is one of them. There's also several free BSD kernels (which were liberated around the same time as Linux was being made). And universities make operating system kernels all the time. Making a kernel is not as big of a deal as creating a fully compatible Unix-like operating system -- which is what the GNU project did.

So I don't agree that "GNU would've gone nowhere". If GNU had a kernel before Linus made Linux, then Linux would've gone nowhere.

Gnu over a BSD kernel could have. Linux was there at the right time.

Honesty, Linus has been more important than Linux. Linux was just a student's side project. Linus is a force.

But a force for what? The FSF is a force for freedom and good. Linus has questionable views on software freedom.

Linus is a force for marketing GNU tools

>What I don't agree with is the all or nothing attitude they have. The ability to know when to compromise is crucial to working with people.

They consider nonfree software to be not merely inconvenient, but evil, a violation of fundamental human rights. Why would they ever compromise?

The FSF compromises when it makes sense. In the past, rms has advocated for using non-copyleft licenses when it was a more programmatic solution. And they don't have enemies; for example, the FSF has congratulated Microsoft in the past when they released some software under a Free license.

Where they don't compromise is in situations where it would go against the very purpose of the organization, and why should they?

I attended an RMS lecture about free software and the GNU movement. To me, RMS just seems to be too paranoid about "non-free" software to the point that it just seems impractical.

He spoke about LibreJS and about why we should complain, but I wasn't really convinced due to the exact same reason you mentioned.

RMS is not paranoid, he is extremely consistent in applying his philosophy. He shows by example what it's like to use only free software.

For the rest of us, his ways are extremely impractical, so we compromise. We run a lot of proprietary software, and we don't really think about it.

But RMS thinks about it, and tells us in every single instance exactly what we are giving up as a compromise. And in that regard he, and the FSF, are very useful, and deserves respect.

The world would be a worse place without him, but we also only really need one of him.

One can be paranoid and maintain a consistent worldview.

He usually says that we give up freedom in exchange of convenience. For example Facebook is convenient so, who cares about privacy ? I don't use LibreJS or plan to use it either, but I think his points are valid theoretically, implement them in our society is pretty hard but my point is, these libre tools being "impractical" doesn't invalidate the philosophical idea behind. I'd would call him idealist rather than a paranoid.

Let's not forget that he's the impractical idealist who created gcc, bison, emacs, make, the GPL. I'd bet >70% of people here work with a complete or almost-completely free software stack. Thousands of startups were probably made possible by access to tools – not just because they couldn't afford it otherwise, but also because a large part of cs education depends on a 12-year old's ability to clone stuff on github.

> I'd bet >70% of people here work with a complete or almost-completely free software stack.

70% seems quite high if you mean "free" as rms does.

What are you thinking of? MIT/BSD/Apache/etc are all considered Free by rms and the FSF (even if they prefer copyleft licenses).

iOS, OS X, a heap of Sun/Oracle stuff, most Microsoft stuff.

I didn't say floss isn't prolific, I just think it's unlikely 70% of people here depend on it (almost) entirely

RMS takes the polar opposite position to proprietary software. Is his viewpoint always practical; maybe, maybe not.

But by creating such polar opposite he gives space for a lot more "lessor" free, more practical solutions and options.

So he plays a very important guardian kind of role; which a lot of people will chalk up to paranoia.

It's still paranoia at the end of the day. Consistent paranoia, thoughtful paranoia, but still, ultimately, paranoia.

I think what bothers people about Stallman (or at least, what bothers me about him, and extrapolating) is that he takes a moralistic approach. Non free software isn't a non optimal thing to be fixed for well-thought-out reasons X, Y, and Z, it is an Evil, and you are Wrong for perpetuating it.

It's not paranoia if proprietary software companies do take advantage of you. And they do.

It's the taking advantage of that's evil, not the political status of the code.

The actual issue is that proprietary software puts you in a position where you can be taken advantage of. Free software puts you in a position where that can't happen. Sure, you can have proprietary software that doesn't spy on you. But much of it does, and even though it doesn't spy on you today it could spy on you tomorrow.

So, if you consider "putting people in a situation where they have no control over their lives" as bad (I do), then the concept of proprietary software is wrong -- not just the ones that happen to misuse their power.

Free software puts you in a position where that can't happen.

Heartbleed disagrees. Less likely? Arguable. "Can't happen"? Unequivocally false.

And besides such security benefits are gained by having the source visible, not necessarily "free".

Did you read what I said? I never mentioned security. More secure software is not the goal of free software. The goal is for users to have freedom when using their computers. And it is a simple fact that proprietary software puts you in a position where you can be taken advantage of by the software developer and free software doesn't (you can always pay a developer to fix the code without needing to ask the original developer -- this is unique to the free software world).

So, please stop putting words in my mouth. I never mentioned security, I'm talking about freedom.

>And it is a simple fact that proprietary software puts you in a position where you can be taken advantage of by the software developer and free software doesn't

Two (non security, as you mentioned, even though it's brought up continually by apologists) examples off the top of my head:

* FileZilla, a GPLed FTP client, had malware added to its installer by Sourceforge at the request of its developers.

* Ubuntu, an operating system composed entirely of free software, started sending search data in its UI to third parties without prior notice.

If you think it's impossible for the developer to take advantage of you because their software is "free", you simply aren't being imaginative enough.

In both of those cases, people either created forks or otherwise fixed the software. I recall several scripts people wrote to undo the Ubuntu mishap -- and I'm fairly sure someone made a fork of Ubuntu just to make a point. The point is not that a developer can't do something bad, the developer can't put you in a position where you can't do anything about it. That's what I mean by "take advantage". It's not really taking advantage of a person if they can fix it at any point.

Aside: I don't think that security is a good argument for free software, because it's certainly possible to have secure proprietary software (in theory at least). But even if the software is secure, you can't prove that's the case or fix bugs by yourself or release the fixes to everyone.

Paranoia is a medical condition.

I think it means not what you think it means.

What's wrong with having an ethical position?

> Calling methods with the square bracket notation > If it includes something like the above [...] and it doesn't have a free license statement, should people really complain about it?

Why on earth would this project concern itself with the coding styles of the JS that the author prefers? Even if the site and/or JS is free software, why do things things matter?

I mean, I get linting your own code, but linting the code of sites you visit just seems pointless.

This, banning AJAX requests and with the arduous process of getting into the 'libre' whitelist, makes this project a complete joke.

Where do you guys see the prohibition?

I've opened https://www.gnu.org/software/librejs/manual/librejs.html#ind... and see that having functions, doing AJAX requests, square brackets and the other stuff is what they use to distinguish between trivial JS code and non-trivial one. And it exactly makes sense - no one wants to stick a license over every trivial JS one-liner that's could be less of a program and more of configuration statements block. But those who care about free software don't want to run non-free programs. So, the heuristics.

But I really can't find anything like a ban on use of functions or AJAX requests, or something similarly ridiculous, that some comments here seem to imply.

Seriously, WTF?

> LibreJS includes a default subject line and body for the complaint email, with a link to the JavaScript Trap essay.

If that's not some pedantic RMS bullshit, I don't know what is.

At least it's easy enough for a spam filter to catch.

Either I really didn't get your comment, or you just wanted to call rms names, or you want to say that users shouldn't care about the licensing issues - or, at the very least - they shouldn't ever distract the site owners about what they feel about their site.

In a former case, please clarify and have my apologies. In two other ones - sorry, but that really needs some downvotes.

Funny enough, that spam filter was probably written in emacs, compiled with gcc & make and GPL-licenced :)

The "Complain" feature is my favorite feature of LibreJS! In fact, I think everything should have a complaint box. :P

"Offensive Javascript" is great Newspeak. So in addition to being sandboxed it should also be "safespaced"?

I really want something like this, not for the freedom but for the battery savings.

I'd love to be able to automatically detect which bits of JS are needed and run them selectivity.

The added freedom and privacy are really nice, but I also need my laptop battery to last longer then a few hours.

This is from people who like to turn off JavaScript in a browser, right?

Sort of a weird Camelot-esque quest for freedom.

NoScript I can easily understand. It's deciding for yourself what you do and don't want to run on your computer. LibreJS is trying to dictate that to all web developers, and its demands are ridiculous.

At first I thought, "Oh, this is harmless. It just blocks JS that doesn't meet their standards."

And then I read about the heuristic "Complain" tab.

Dunno why you're being downvoted, that's a legitimate complaint. Why waste people's time on something like this?

"dictate" is too strong a word for my taste. It seems to me more like these people have a certain view of the world and they're trying to convince people of their opinion. Like campaigning.

uMatrix makes it really, really easy to disable JavaScript by default. Yes, I have a tiny tinfoil hat, but it's about 7 seconds when I visit a new page to enable needed JS, and I'm not making thousands of random calls to foreign domains unknowingly.

Asides the core debate, it makes browsing way slower than I'd expect for an extension of this kind.

To me it would seam this boils down to a philosophical issue regarding what is information and what is code, and i guess ownership of information.

If someone gives me something directly (like a book or information in a conversation) without a disclaimer or some sort of contract. I would assume it is now mine and i assume the law does to.

And from my perspective getting a response from a http server is the same thing as being given something.

Yeah, that's not how it works. Copyright applies without notice (and even without intent). And as much as I disregard "Terms of Service" that some websites post (you may not deep-link...), I see that I can't construct the server's response as any sort of agreement to terms favourable to me.

Nope. Viewing a website is much like watching a broadcast tv show.

Copyright, in most countries, is granted implicitly to the creator, meaning you don't automatically get to 'own' any content from my website.

It may be yours to view, but it's not yours to copy and republish. That's what copyright is all about- the right to view and the right to copy are explicitly unbundled, and the former hardly ever implies the latter.

You can't assume that if someone lets you into their house, they've implicitly granted you the right to enter their house whenever you want or invite your own guests. There's no disclaimer needed, ever, because it's their property. Copyright just extends that idea to intellectual property.

This could have been useful if it applied to ALL of Stallman's arguments. Like for instance, the ability to swap out JavaScript with your own code, which this can't do.

I find the FSF's mission extremely important on an educational, "meta" level — regardless of the particular content of their ideology — especially in the Silicon Valley culture. According to the SV ethos, laws come in two flavors. The first is man-made laws, like the laws of government. Those are often described as "silly", "outdated" or downright "stupid"; it is imperative that SV culture hack those — as in break — and replace them with something else (as in "It's easier to ask forgiveness than it is to get permission"). The second kind of laws is the laws of the society (or the market, as a special case) — "what people want". Those laws need to be hacked — as in exploited cleverly — and are on the same level as natural laws. Opposing those is seen as "ideology" (with an implied negative connotation, as ideology is the futile fight with the laws of nature), or worse: "political ideology". Never mind that the entire goal of technology is fight the actual laws of nature, that in their eternal indifference, have placed annoying limitations — nay, "challenges" — on us humans. There is a strong naturalistic fallacy built into the SV ethos, that is only in effect when social laws are concerned[1]. The FSF is a movement that tackles celebrated SV ideas (code; freedom) yet reminds us that "emergent" social laws are just as man-made as the laws of governments, and unless proven otherwise, they can — and must — be changed by human action.

This can be maddening to the hacker ideology, which views this direct, real political action as folly. Why fight what is impossible to fight if you can somehow hack a workaround? Wasting effort trying to divert a river seems crazy if you believe that "progress" can be achieved while swimming with the current.

[1]: I have a theory as to why that is: to the somewhat autistic mind of some technology types, the physical laws are governed by unforgiving but inherently simple laws, presenting a well-designed puzzle, meant to be solved. The social laws, on the other hand, appear complex, impenetrable, even threatening. They are then either discounted as stupid (i.e., society can be simple, but isn’t because stupid people complicate it; a utopia would be governed by simple laws, resembling those of the physical world in structure), or surrendered to as something too powerful to understand and contend with head-on. A clever hacker is meant to exploit their quirky, but superficial idiosyncrasies, uncovered by statistics and "data", but must never fight them and never try to untangle their deep structure.

>the entire goal of technology is fight the actual laws of nature

I find this a very questionable premise. Technology, being constrained by physics, necessary works with the laws of nature at least to that extent[1]. Well-designed technology, however, most often also works with rather than against its materials[2] and with, rather than against, the human mind that is intended as its user.

[1] E.g., airplanes do not fight physics to fly but use it. The "fight" view is based on an incomplete picture that ignores everything beyond gravity.

[2] This is not the same as the intent of whoever created the materials, hence hacking.

I meant to fight the limitations that the laws of nature place on human action. I thought that was clear. Obviously, technology can't actually change the laws of nature as they are (assumed to be) immutable. But in that sense, we "fight" them (i.e. their effects on us) with technology to the best of our abilities. Social laws, however, can and constantly do change by human action, and yet SV culture seems to fear putting as much as a fight against them as it does "against" the real laws of nature, and even shows some aversion to studying them in depth (i.e. beyond tallying them with data and statistics, akin to how the early astronomers studied the heavenly bodies centuries and millennia ago).

Just wait until they discover NaCL, PNaCL, ASM.js, and web assembly...

Why? Do you see Stallman objecting to people distributing binaries?

Or even just regular minification, or using a compile-to-js language that emits non-human readable JS.

I could have sworn the "Javascript Trap" mentioned that issue, but I think the viewpoint is that minified JS is the compiled version. So long as you provide the raw files, it's fine.

There are serious problems on this world and some people just make nonsense things based on nonsense fears.

And it looks like to get your Javascript to be considered free, even if it already is free, you have to jump through a bunch of hoops to get this to pick it up:


This is a joke.

I don't see the problem with putting a small license comment in my JS includes. A lot of people only want to run Free Software to the extent possible. Just as it's not unreasonable for restaurants to have offerings for people who are vegans, it's not unreasonable for software developers to offer software for hardcore FOSS types.

If you don't understand or dislike it, you don't have to include license info in your JavaScript, but why disrespect people who care?

>why disrespect people who care?

It's called FUD.

All cultures are welcome except free-software culture. Have you ever noticed that?

Apparently having certain software standards puts us on the same level as religious fanatics. I don't worship GNU, I don't threaten to chop heads off if people don't use free software.

The reality is that free software culture poses a threat to proprietary business practices and so many companies have incentive to create a narrative where those of us who prefer free software and certain philosophical ideals are seen as crazy fanatics.

Meditate for a few hours a day? no problem.

Pray toward mecca seven times a day? fine.


Vegans are probably much more likely to give you money in exchange for something.

Sure, but how else can it tell? It isn't like code inherently has some kind of magical tag that tells you the license. So they created a format to tell the license.

My point is that you're likely to get a lot of false negatives. For your browser to remain usable after installing this, you'll pretty much have to add every new site you visit to your whitelist.

This convention will only work if everyone follows it. And very few will because it's aiming to solve a problem that doesn't exist.

>This convention will only work if everyone follows it.

Just like original FOSS licenses started out then? What's the problem? People who care will start to follow it and if it turns out to be a good idea (like how the original GPL & similar licenses came to being into a mostly proprietary licensed world) people will follow.

Except with most FOSS licenses, the application of the license has a direct and practical impact: You can hack on it yourself.

The problem is that Javascript is already like that (obfuscated or otherwise). I can step through even the crappiest JS obfuscation with a debugger and, say, find out if it's working against me. Or tracking me. Or whatever.

The license header stuff serves no purpose but to appease the paranoia of a subset of a microscopic subset of users who would not visit a website, on principle alone, because of the "freeness" of its javascript.

And this is not a slam against those users, it's a simple fact of numbers. Even with the most liberal possible estimates of how many of those users exist, and the most conservative estimate of what my theoretical engineers are getting paid, it doesn't make sense to bother with this.

You can also reverse engineer code, sniff your network traffic, and lots of other things with proprietary software, but that doesn't make it free.

Also, there _is_ a practical impact on the JS you see on a particular site: the fact that you can debug it doesn't mean you can change and redistribute it.

There are very real implications of having a piece of code released under a particular license and it's hardly accurate to call these implications "paranoia".

No, not really. I was talking about network effects (https://en.wikipedia.org/wiki/Network_effect), in that this tool for detecting free Javascript is only useful if all (or at least most) of the free Javascript on the web is marked as such.

When you apply a license to a piece of software, it's immediately useful for that particular piece of software. You don't need an entire ecosystem of free software for one free program to be useful.

I use Browserify and a lot of NPM modules (and therefore their dependencies too) on my own sites. Some of the sites are only built from free and open source code, but manually complying with LibreJS's standards for listing all of the licenses involved seems painful. It would be really handy if there were a Browserify plugin that recorded the licenses of the packages of the files that went into my Browserify bundle, and then output that licensing info into a LibreJS-compatible way that I could reference in my pages.


you shouldn't use terms like "Nazism" so loosely. It makes it lose its denotative and connotative value. If you do, then what words will you have at your disposal if the real thing comes around?

Unless RMS is leveraging nationalism through racist policies and wants a strong police state or thinks mercantilism should replace capitalism, it's really not a very good label - save that for the real thing.

Certainly a hyperbole to use the said term. Nonetheless, from RMS' recent commentaries, it does seem like for software, he wants to replace capitalism with socialism. Like cited in the Slashdot link in my previous comment, he's gone so far as to demonize free software that isn't GPL.

Nonetheless, from RMS' recent commentaries, it does seem like for software, he wants to replace capitalism with socialism.

Nonsense. There's nothing "socialist" about Free Software. Plenty of capitalistic companies make their money by using and writing FOSS.

Like cited in the Slashdot link in my previous comment, he's gone so far as to demonize free software that isn't GPL.

All he's doing is asking people to refrain from accepting a patch before he can talk to someone about it. What demonization?

"All he's doing is asking people to refrain from accepting a patch before he can talk to someone about it. What demonization?" - At this point I'm convinced that you're biased and wouldn't provide objective feedback. No point furthering this discussion.

The linked treatise on JavaScript sounds almost satirical to me[1].

> Our tentative policy is to consider a JavaScript program nontrivial if:

> it makes an AJAX request or is loaded along with scripts that make an AJAX request,

Sometimes I think RMS would be happier if the web had just stopped development after the release of the Mosaic browser.

[1] http://www.gnu.org/philosophy/javascript-trap.html

I don't think the point is that RMS is against complex Javascript apps at all. His point is:

a) If it makes an AJAX request, it likely is a piece of software (a web app) more than it is a webpage.

b) If it is software, then he (and the people using this) care about it being free software.

I use and have made proprietary web apps, yet I wouldn't disagree with RMS on the argument that such apps leave less control to the user than free software on their own devices does. It seems like objective reality. Given the practicalities, I don't consider it a deal-breaker in all cases - I give up some control in exchange for other things - but I can understand people who do. This is the "Certified Vegan" for the web. People are free to change their consumption habits for moral reasons and that includes web apps, this remains true even if you think their particular fight has no merit or is not worth fighting.

Blocking the JS is great and makes complete sense. It's like a slightly more open NoScript, in that it tries to analyze the JS first. The part I take issue with is that LibreJS adds a "Complaint" feature[1] that asks users to contact the web developers to ask them to change their pages. Should people really be emailing Google and asking them to disable AJAX in their Gmail application? Or Twitter's automatic feed updates? It puts an unfair burden on developers and defines a ridiculously narrow window of "freedom" for JavaScript.

[1] https://www.gnu.org/software/librejs/manual/librejs.html#Com...

Technically, you wouldn't be asking them to disable AJAX, you would be asking them to make the code free software. Now, if people do this for Gmail or Twitter they will probably get no response or a formulaic response about not opening their code. But how about Wordpress? Or Wikipedia? Or government sites developed with public money in certain countries that require open sourcing public works?

I think opening that tab by default is a bit much, but I can imagine cases where people would report "hey, this site is/should be running open-source/free software, please add a license to your code".

This is not about blocking code execution in your browser, is about not running proprietary code in your browser if you don't want to.

No, people 'should' (according to this view) be emailing Google and asking them to release their client webapp as free software, after which they can continue using all the AJAX they want. If by some miracle they agreed, it would give users a number of advantages including:

- Making customization (Greasemonkey etc.) easier by removing the need for customization tools to muddle through JS minification/obfuscation. While in practice various tools today are doing a good job customizing Gmail anyway, I imagine they could make more changes and more invasive changes with access to the source.

- Special case: making client-side encryption browser extensions safe. Right now they are fundamentally unsafe (if they hook into the webapp rather than providing a separate interface), because there is nothing stopping Google from quietly adding some JS code to grab and report the plaintext before it gets encrypted. By itself, releasing the webapp's source wouldn't fix this because you would still have to trust Google's servers to send the same JS to everyone - but a browser extension could be enhanced to hash the page JS and refuse to operate with non-approved hashes, combined with a process where someone outside of Google manually approves changes as they are released, providing at least cursory review. Nobody wants to review obfuscated code.

- Allowing users to detect and remove any other forms of tracking/deanonymization that might be present such as mouse cursor or keystroke recording, canvas fingerprinting, etc., more reliably than with the sorts of purely technical measures that could be implemented in a browser (since these things are hard to block without preventing the app from doing its job).

- The kicker: Allowing the same webapp to be used with a different backend, so if you don't want Google to have access to your email, or don't trust them not to cripple functionality in the future, or need a lot of storage and can get it cheaper elsewhere, or are in China and have an (intentionally) shitty censored connection to the international internet, ... the list goes on... then you can self-host it, without losing the familiar interface. You can also host your own clone service for others to use, perhaps forking off the original code when Google makes an unpopular change, as they are wont to do. Of course this requires someone to actually do the technical work of writing a suitable new backend for the client to talk to, and in the case of a fork to maintain a huge codebase (compare Palemoon and such), but without free software you can't even get started (legally).

Of course, Google might not be too happy about that last point. But rms's ideology has never been pragmatic about 'business needs' and such. It's concerned only for the users.

Twitter is a somewhat less traditional case: the case for free software is either less applicable or far more, depending on how strictly you define "free software". This is because unlike Gmail, which provides decent support for third party clients, Twitter has long cracked down on them in various arbitrary ways and enforced strict rules that prevent them from innovating on UI. Since one of the informally-defined 'freedoms' of free software is the ability to modify it, it should be possible to morph the official browser client into anything you want - even if that means keeping just the API access layer and building an entirely new UI on top - and continue to use it freely. Thus if Twitter changed their tune and actually dedicated themselves to these freedoms, that would imply starting to tolerate access by arbitrary client software, and users would hugely benefit. However, if for some reason Twitter were to hypothetically release their client under a free license - even under the GPL - while otherwise continuing with their current policies, it wouldn't affect the situation much. The license would at least allow third parties to check the source for Twitter's own API key and copy it into their own apps without exposing themselves to legal liability related to copyright/DMCA. But Twitter could still try to identify and block rogue clients, sue under the CFAA ('hacking' statute) for unauthorized access, ban the personal accounts of creators of rogue clients, etc.

> Sometimes I think RMS would be happier if the web had just stopped development after the release of the Mosaic browser

Sometimes I look at modern websites and think I'd be happier too.

There are right and wrong ways to solve the web's many problems. RMS wants to throw the baby out with the bathwater here.

So under the hypothetical assumption that you regarded RMS's problems as valid, what would you consider as the right ways to solve them?

> Sometimes I think RMS would be happier if the web had just stopped development after the release of the Mosaic browser.

Or before. He doesn't really [1] browse the web:

> I generally do not connect to web sites from my own machine, aside from a few sites I have some special relationship with. I usually fetch web pages from other sites by sending mail to a program (see git://git.gnu.org/womb/hacks.git) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly. I usually try lynx first, then a graphical browser if the page needs it (using konqueror, which won't fetch from other sites in such a situation).

[1] https://stallman.org/stallman-computing.html

I saw that quote once and i thought it was satire...

Poe's law is in full effect with Dr. Stallman.

Email makes a network request, just like AJAX, which makes it "non-trivial" by his definition.

Which is why we he uses free software for email.

I mean, doesn't he wget pages and then run them locally in lynx?

Actually, he would likely want everyone to be an absolute masochist like him and have websites converted to emails:


""" I generally do not connect to web sites from my own machine, aside from a few sites I have some special relationship with. I usually fetch web pages from other sites by sending mail to a program (see git://git.gnu.org/womb/hacks.git) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly. I usually try lynx first, then a graphical browser if the page needs it (using konqueror, which won't fetch from other sites in such a situation). """

I for one am glad we aren't back in 1980 on serial connections.

Where does stallman say he wants other people to do the same as him. He merely listed just how he browsers rahpther than how I ther people should browse

Would it not be safe to assume that, if RMS is living according to his principles, his lifestyle reflects what he believes to be a reasonable expression of those principles? Why would he refuse to use a web browser, if it were possible for him to do so within his moral framework?

Why would he refuse to use a web browser, if it were possible for him to do so within his moral framework?

If you had actually read the page, you'd see that he actually does use a web browser occasionally.

That's like saying that priests don't think anyone should have sex.

Priests (for certain values of "priest") do believe only heterosexual married Christians can have sex without committing sin, as long as they only have sex with their spouse, so it is kind of like that.

It's really interesting to see GNU writing their own version of everything so that it adheres to its own principles. It reminds me of China. Both reinvent things based on questionable motivations, both seem to really not "get" every-day people (e.g. understand their needs and wants), and both end up with products that just feel lower-quality and half-put-together than the products they're cloning on principle.

I'm curious, which products are you referring to? In most cases the GNU version predates the alternative by a large margin. E.g. screen vs tmux, squid vs varnish, wget vs curl, net-tools vs iproute2 etc.

Of more recent software "clones", there is guix vs nix, mcron vs vixie-cron, shepherd vs systemd, gnutls vs openssl, all high-quality implementations of good ideas.

Sure, lsh has a way to go before it's a viable alternative to OpenSSH, but I wouldn't say it's low-quality. I don't think I've come across a GNU project which felt "half-put-together", rather the opposite.

The GNU projects' motivation is very clear-cut and not at all different from e.g. the BSD camp or suckless. How are they questionable?

> Of more recent software "clones", there is guix vs nix, mcron vs vixie-cron, shepherd vs systemd, gnutls vs openssl, all high-quality implementations of good ideas.

Shepherd is hardly a clone of systemd. It's older and has much fewer features. They are both init systems.

The relationship of Guix and Nix is also not that of rivalry. Guix uses the Nix daemon and subscribes to the idea of functional package management, but everything else is quite different.

(I realise you put "clone" in quotes and wrote "all high-quality implementations of good ideas", but I thought I should clarify anyway.)

I can only shake my head at your cardboard cutout of "China" and your take on GNU.

I'm working on GNU because I share its vision of providing more computing freedom to people, blurring the lines between admins and users as is the case with Emacs (self-documenting, trivially extensible and modifiable), Guix (trivial inspection and modification of all packages on a system, a large step towards freedom from system administrators, independent software profiles giving each user what they want), and the Hurd (even more freedom from sys admins).

I'm not even talking about the many compilers in GCC, which make it feasible to build a completely free system (such as GuixSD).

You seem to misunderstand the GNU project, and I find it unpalatable to reduce what you call "China" to a cardboard cutout for the sake of a flawed analogy.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact