On Thursday, February 22, 2018 01:04:30 bill-auger wrote: > this is confusing - what exactly is a > "drive-by-download" and how are they inherently "non-free no matter what > license is attached to them"? > > also, how could LibreJS "incorrectly mark an obfuscated piece of > GPL-licensed code as free" - GPL-licensed code IS free
GPL-licensed code is not necessarily free. An obfuscated source is unmaintainable regardless of the license, so two freedoms are taken away: the freedom to study, and the freedom to run modified versions. LibreJS is unable to detect obfuscated code. What I mean by drive-by-downloading, here we get philosophical. How free is the code which is only meant to be executed once? No one audits > 99% of this code, and it's all in constant flux. I would even argue, there's no hope it can ever be audited. There are already (I am sure) websites that generate brand-new code for every visit, making this assertion literal. How do you audit all that code? With an automated tool? An algorithm can't even solve a halting problem, let alone audit itself out of a paper bag. Now put yourself in the shoes of an average web user. Average here is the key word. Their freedoms to understand and modify the JavaScript code have all but completely eroded. In a traditional software distribution market they can hire experts to explain and fix the software for them. This is utterly unaffordable if every click generates new software. And now back to drive-by-downloading, which is important because it is perhaps the source of the problem. All of this is happening, as we all know very well, because average users are willing to run software from any source, as long as it doesn't make their computer explode right away. They don't even understand the basic difference between downloading data versus downloading and executing an arbitrary algorithm. When a blog, or a news site, or a government website won't load because you didn't let it run an arbitrary algorithm on your computer, that's crazy, just crazy. And the norm. These users who leave all JavaScript on, they already buried 2 of their freedoms, and the boilerplate license on the disposable code can't change that. They need to be told to boycott sites which require JS to function, and to demand legislation which would require something like HTML+CSS web fronts from commercial and government entities. It is not at all helpful, in my opinion, to differentiate between varieties of JavaScript sources, because none of them should be downloaded in the first place. Most importantly, web masters who want a free web should stop using JavaScript, and they should be transitioning right now, and not stop until there's nothing left for LibreJS to mark as free. All desired JavaScript functionality can be trivially recreated via a combination of free browser plugins and calls to free and standard libraries. The drive- by-download culture, on the other hand, will plunge us deeper into the sea of disposable software.
signature.asc
Description: This is a digitally signed message part.
-- http://gnuzilla.gnu.org
