Hi Gervase, it's true, that our proprietary packaged format doesn't have "openness" written all over it to start with. Here the perspective from partner engineering:
As I want to promote openness and that companies share their work I only recommend putting "business critical" pieces in Emscripten. That means code that companies wouldn't open source anyways, as its part of their core business. With open sourcing other libraries, tools and snippets companies usually have no problem with, given that they can spend the time and people. Even though obfuscation is a side effect of Emscripten; performance and optimal memory use are others. There are other needs, like DRM and message encryption; which depend on protecting keys and sometimes protecting the algorithms. Even though its a weak protection, partners ask for it; some music streaming services bound by label contracts to have it. I'd be happy to get some more ideas on how to get partners to open source more code and worry less about protecting their client side JavaScript. How do you see packaged apps fitting in the story we are weaving around openness and hackability? Cheers, --- Harald Kirschner | Mozillian Partner & Labs Craftsman | [email protected] (mailto:[email protected]) On Tuesday, March 5, 2013 at 9:25 AM, Kumar McMillan wrote: > > On Mar 5, 2013, at 11:11 AM, Gervase Markham <[email protected] > (mailto:[email protected])> wrote: > > > On 04/03/13 17:35, Harald Kirschner wrote: > > > As David said, obfuscates would be a first step to protecting your > > > code. UglifyJS already munges several special cases for more > > > efficient code, making it harder to reverse it. The next step would > > > be Google Closure in advanced mode, which is a one-way > > > transformation. > > > > > > The final and most protected path for you would be Emscripten. > > > Writing your business critical modules (like API client or > > > Encryption) in C++ and compiling them to JavaScript (or even > > > asm.js).The result resembles byte code, using typed arrays as > > > memory. > > > > > > > > > While some partners will no doubt do it anyway, it concerns me a little > > that we are going around actively recommending these things. Mozilla > > runs the Webmaker program, whose entire point is that the web is > > hackable and remixable, and that people should do that. It's this > > ability to change and innovate which is part of the selling point of > > Firefox OS to users and carriers. > > > > If every Firefox OS app came as a bit of Emscripten-compiled-from-C++, > > then it would be a very sad day for the open web. > > > > > I think there is a valid use case in protecting source code when a merchant > is selling an app. If the app can't be protected, how can you sell it? And if > you can't sell an app then you can't build a business on offering something > compelling to the user. This obviously isn't the only business model for apps > but it's one that the open web should support better than it does today, IMO. > > I'd liked to see web businesses get support for more models than the ad > model, which is the most prevalent today and it's clearly disliked by users. > > -Kumar > > > > > Gerv > > _______________________________________________ > > dev-webapps mailing list > > [email protected] (mailto:[email protected]) > > https://lists.mozilla.org/listinfo/dev-webapps > > > > > _______________________________________________ > dev-webapps mailing list > [email protected] (mailto:[email protected]) > https://lists.mozilla.org/listinfo/dev-webapps > > _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
