Re: Web versions
* Alfred M. Szmidt [2021-03-12 00:24]: >I am confused regarding the issues raised here against "porting" a GNU > package >to WebAssembly and would very much welcome clarification. > > The issue isn't porting the software, the issue what the user must > depend on to be able to run the program -- which is a remote server > when it comes to Javascript and Webassembly (in the normal/intended > case). The other issue is that the remote party effectivley controls > _what_ you run, which is not the case with software you run from your > own computer. Sounds like multi-user UNIX-like system, or modern GNU/Linux multi-user system. My friends, associates and family log into the computer and may use it as remote or local computer. For every user, the root is one that controls which software is installed. None of users has its own computer in my case. They all use remote software or software installed by root. I do not know about WebAssembly and from the above description I do not see a difference to multi-user OS installed by remote administrator. In my opinion question is if that all is free software. Not if it runs remotely.
Re: Web versions
I am confused regarding the issues raised here against "porting" a GNU package to WebAssembly and would very much welcome clarification. The issue isn't porting the software, the issue what the user must depend on to be able to run the program -- which is a remote server when it comes to Javascript and Webassembly (in the normal/intended case). The other issue is that the remote party effectivley controls _what_ you run, which is not the case with software you run from your own computer.
Re: Web versions
Your example assumes that you run things locally, which is seldom the case when it comes to Javascript/Webassembly. The issue is depending on someone elses computer to run somenoe elses software. Which is also entierly different from communicating with a server.
Re: Web versions
On 3/11/21 3:18 AM, Schanzenbach, Martin wrote:
I am confused regarding the issues raised here against "porting" a GNU
package
to WebAssembly and would very much welcome clarification.
Don't be confused, Martin. It's guilt-by-association and nothing more.
There is no subtle or sophisticated philosophical argument here.
(If there were any serious introspection into the issue on the matter of
philosophy, those complaining about WebAssembly would not just agree
with you that it's a compilation target like x86_64 ELF binaries, but
that WASM and JavaScript can be wielded to *increase* user
freedom--since someone who is required to use, say, Microsoft Windows in
their lab can set up a bunch of services running free and open source
software under their control on their own networked computers, and then
use that software through a Web browser instead of the non-free programs
they'd otherwise need to use.)
The agitation that you see here in this thread is the byproduct of a
cultural battle--a form of xenophobia whose underlying principle is,
roughly, "POSIX is the only acceptable platform, and any technology
related to the Web = bad". It has more to do with dumb machismo and a
form of techno-supremacy[1] than anything to do with user freedom. It
certainly has nothing to do with the actual point that RMS is making in
cited article ("The JavaScript Trap").
1. i.e. the *opposite* of the type of concession you see in essays like
and
--
Colby Russell
Re: Web versions
"Alfred M. Szmidt" writes: > Depending on someone else to even be able to run > your program is something we defintily do not want. Are you arguing against Javascript, or SaaS, or just proprietary Saas? Consider the following: You have a Free Software browser which you built yourself. It includes a Javascript engine (also FS) which complies with all relevent standards. You check out a repository that includes sources for gcc, binutils, et al, along with sources for some application. You build gcc, binutils, et al locally, and use them to build webasm versions of each of those plus your application. Now you run your browser and point it at file:///myapp.html Everything I've suggested so far complies with the wording and spirit of the GPL, and is fully under the user's control. Would you object to this just because it's "in a browser" ? Personally, I see a huge difference between a "service" and a "trap". There must be a way to offer a service to others in a way that complies with the spirit of the GPL. We don't complain about others pre-building packages for us, because we *could* build them ourselves. Why not say the same for SaaS? We don't complain about the service if we *could* provide that service for ourselves locally? I think we need to be careful about how we present our arguments, and remain focused on the Free Software aspects, so as not to preclude things which *could* be Free Software just because someone showed one counterexample. Warning: this email was sent using a server which is not under your control, done on your behalf. You have been warned.
Re: Web versions
Browsers already offer websites the ability to access your [computer] And that is the crux of it all, it is the exact situation the Javascript trap talks about. Recommended reeading ...
Re: Web versions
So for instance GNU coreutils, bash, etc. could be compiled to run in a browser tab. I suggest you read the article about the Javascript trap about exactly this type of danger. Depending on someone else to even be able to run your program is something we defintily do not want.
Re: Web versions
Hi, I am confused regarding the issues raised here against "porting" a GNU package to WebAssembly and would very much welcome clarification. As Jacob pointed out, WA can be considered (mostly) a compilation target from my experience. I have used emscripten (LLVM) before to do this IIRC for C programs. So a Free Software browser offering a WebAssembly API and offering support for GNU packages is a problem how? Saying that webassembly is "even more obfuscated" than javascript does not make sense to me either, as a compiled program is always "obfuscated" to a user. So how is a Debian package of a webextension which includes a GNU package compiled to WebAssembly different from the same Debian package of the GNU package compiled against the native libc? Isn't webassembly in contrast an opportunity to bring GNU packages as webextensions into the browser without falling into the JS trap?? BR Martin > On 9. Mar 2021, at 15:01, Taylan Kammer wrote: > > On 08.03.2021 18:59, Jacob Bachmeyer wrote: >> Taylan Kammer wrote: >>> On 06.03.2021 22:30, Jacob Bachmeyer wrote: >>> In times like that, I wish I had quick >>> access to some Unix-like environment with helpful tools like netcat and >>> nmap on the client's end. >>> >>> If I could just open a browser on the client's PC and visit a website >>> that boots up a GNU/Linux with useful tools like that, it would be >>> pretty amazing. >> >> The problem is that to be able to implement tools like that, the browser >> would need to offer access to the local network at a level that would be >> a serious security risk. While nmap and netcat/socat can be great for >> development and troubleshooting, they are also great for an intruder's >> recon efforts to prepare further intrusions. 8-| Do you want ad >> companies routinely port-scanning your LAN? > > Browsers already offer websites the ability to access your microphone, > camera, GPS location, and even *screen contents* (!). Any sane browser > of course asks the user on a per-website basis whether the user would > like to allow this. > > From a quick web search I found out that there's already a draft for a > filesystem API that allows write access and working with directories: > > https://wicg.github.io/file-system-access/ > > I'm not really happy at *all* with the state of the WWW, but it mostly > has to do with the choices website developers make rather than what > browsers are capable of. > > In principle I see little difference between trusting Debian's package > database so much that I never have second thoughts while running > "apt-get update && apt-get upgrade", and trusting a specific website so > much that I have no second thoughts about them changing the "source > code" of a browser-based application they host. > > Preferably of course, such an application would be released under the > AGPL, with a clear indication of what version one is using, and a way > for the browser to checksum the whole application to rule out "sneaky" > changes that aren't reflected in the version number. > > With the way the web continues to evolve I wouldn't be surprised if this > becomes a major way of rolling out arbitrary cross-platform software in > the future. If that happens, I would definitely want to see GNU and the > larger free software community be a part of that future. > > > - Taylan > signature.asc Description: Message signed with OpenPGP
