On Thursday, February 22, 2018 01:04:30 bill-auger wrote:
> this is confusing - what exactly is a
> "drive-by-download" and how are they inherently "non-free no matter what
> license is attached to them"?
> 
> also, how could LibreJS "incorrectly mark an obfuscated piece of
> GPL-licensed code as free" - GPL-licensed code IS free

GPL-licensed code is not necessarily free. An obfuscated source is 
unmaintainable regardless of the license, so two freedoms are taken away: the 
freedom to study, and the freedom to run modified versions. LibreJS is unable 
to detect obfuscated code.

What I mean by drive-by-downloading, here we get philosophical. How free is 
the code which is only meant to be executed once? No one audits > 99% of this 
code, and it's all in constant flux. I would even argue, there's no hope it 
can ever be audited. There are already (I am sure) websites that generate 
brand-new code for every visit, making this assertion literal. How do you 
audit all that code? With an automated tool? An algorithm can't even solve a 
halting problem, let alone audit itself out of a paper bag.

Now put yourself in the shoes of an average web user. Average here is the key 
word. Their freedoms to understand and modify the JavaScript code have all but 
completely eroded. In a traditional software distribution market they can hire 
experts to explain and fix the software for them. This is utterly unaffordable 
if every click generates new software.

And now back to drive-by-downloading, which is important because it is perhaps 
the source of the problem. All of this is happening, as we all know very well, 
because average users are willing to run software from any source, as long as 
it doesn't make their computer explode right away. They don't even understand 
the basic difference between downloading data versus downloading and executing 
an arbitrary algorithm. When a blog, or a news site, or a government website 
won't load because you didn't let it run an arbitrary algorithm on your 
computer, that's crazy, just crazy. And the norm. These users who leave all 
JavaScript on, they already buried 2 of their freedoms, and the boilerplate 
license on the disposable code can't change that. They need to be told to 
boycott sites which require JS to function, and to demand legislation which 
would require something like HTML+CSS web fronts from commercial and 
government entities. It is not at all helpful, in my opinion, to differentiate 
between varieties of JavaScript sources, because none of them should be 
downloaded in the first place. Most importantly, web masters who want a free 
web should stop using JavaScript, and they should be transitioning right now, 
and not stop until there's nothing left for LibreJS to mark as free. All 
desired JavaScript functionality can be trivially recreated via a combination 
of free browser plugins and calls to free and standard libraries. The drive-
by-download culture, on the other hand, will plunge us deeper into the sea of 
disposable software.

Attachment: signature.asc
Description: This is a digitally signed message part.

--
http://gnuzilla.gnu.org

Reply via email to