Re: Web versions
aviva writes: > On 3/14/21 6:18 PM, DJ Delorie wrote: >> If WebAssembly or Javascript can be used in a >> way that honors the four freedoms, > > But it can't...period. And in the real world , it doesn't. We don't > promote software that hurts peopleperiod. It can and it does, and I showed you that *I* use it in that way. The software has been very helpful to me, in ways I completely control. But don't let me interfere with your period.
Re: Web versions
aviva writes: > On 3/14/21 6:18 PM, DJ Delorie wrote: >> Thus, in a way you are arguing AGAINST the >> user's freedom. > > No - I am arguing against creating a system where you lose control of > your computer and it is over run by hackers because of poor deisgn. > NOTHING can excuse that, GCC has been used to write software that hacks into other people's computers. Should we argue against writing gcc? After all, there's no exuse for using software for criminal activities. You are arguing that we should take away a technology from the user, because some people use that technology in ways you disagree with. However, other people use that same technology in other ways. It is not the technology that is evil, it's how it's used that may be evil.
Re: Web versions
aviva writes: > On 3/14/21 6:18 PM, DJ Delorie wrote: >> This application totally honors the four freedoms, > > No - it doesn't actually. It fails value one that the user is in > control of there system. How so? I downloaded the sources and ran them on my own system. How am I not in control?
Re: Web versions
>>> technology which is designed to be slaveware and dependent un insecure >> This is a value judgement > > > Right, being a slave is bad. That IS a value judgement. Values - that > those are good. Get some! Since you insist on misinterpreting, let me clarify. The value judgement is that the "technology is designed to be something". I say that the technology just *is*. We should judge the technology independently of how some people choose to use it.
Re: Web versions
On 3/14/21 6:18 PM, DJ Delorie wrote: > Discouraging the > technology itself is, IMHO, outside the FSF's scope. Your opinion has been heard and its been explained already to you that it is wrong.
Re: Web versions
On 3/14/21 6:18 PM, DJ Delorie wrote: > If WebAssembly or Javascript can be used in a > way that honors the four freedoms, But it can't...period. And in the real world , it doesn't. We don't promote software that hurts peopleperiod.
Re: Web versions
On 3/14/21 6:18 PM, DJ Delorie wrote: > Thus, in a way you are arguing AGAINST the > user's freedom. No - I am arguing against creating a system where you lose control of your computer and it is over run by hackers because of poor deisgn. NOTHING can excuse that,
Re: Web versions
On 3/14/21 6:18 PM, DJ Delorie wrote: > This application totally honors the four freedoms, No - it doesn't actually. It fails value one that the user is in control of there system.
Re: Web versions
On 3/14/21 6:18 PM, DJ Delorie wrote: > shulie writes: >> technology which is designed to be slaveware and dependent un insecure > This is a value judgement Right, being a slave is bad. That IS a value judgement. Values - that those are good. Get some!
Re: Web versions
On 3/14/21 1:25 PM, Alfred M. Szmidt wrote: The same is absolutley not true for Javascript or Webassembly, it is nigh impossible to download the full set of scripts and other code to run it locally. You have your thumb on the scale. The context is a copy of the GNU operating system built to run on the platform that is universally available to essentially everyone in the world without even trying: the runtime that is built into commodity web browser.s This conversation is filled with subtle attempts to substitute the thing that's actually on the table with a strawman that no one is proposing; you want those talking about the browser runtime as a compilation target to take responsibility for traditional web apps. The problems inherent to traditional web apps are neither here nor there. If I make available a ZIP file containing a file libre.x.htm which takes as input an image of the GNU operating system (shipped within the same ZIP file), then there are *ZERO* web servers involved--at least to no greater degree than traditional distributions' package repositories--and of course I may at my choice place those files on a computer of my own that makes them accessible via HTTP, thus protecting my freedom and allowing me to exercise it to the greatest extent possible in hostile environments where I am otherwise required to use proprietary systems. -- Colby Russell
Re: Web versions
shulie writes: > technology which is designed to be slaveware and dependent un insecure This is a value judgement on the developer writing the software, not the technology of the software itself. Please do not confuse the two. For example, I regularly use a javascript application that is served by another site but runs 100% on my computer with 100% of the sources available to myself. I think I even did a "save file" to run it when the network is down. This application is hosted in source form on github and licensed in a GNU-compatible way. This application totally honors the four freedoms, yet uses a technology you say we should not use. Thus, in a way you are arguing AGAINST the user's freedom. > Or maybe they will, but that doesn't mean it is something the GNU > project should promote. The GNU project should promote Free Software in all the ways that the user can benefit from those freedoms, regardless of what technology underlies those freedoms. If WebAssembly or Javascript can be used in a way that honors the four freedoms, the FSF's position should be to encourage *those* ways, and discourage *other* ways. Discouraging the technology itself is, IMHO, outside the FSF's scope.
Re: Web versions
On 3/11/21 1:42 PM, DJ Delorie wrote: > Everything I've suggested so far complies with the wording and spirit of > the GPL, and is fully under the user's control. no it doesn't, and the user is not in control.
Re: Web versions
On 3/11/21 3:47 PM, Colby Russell wrote: > > (If there were any serious introspection into the issue on the matter of > philosophy, those complaining about WebAssembly would not just agree > with you that it's a compilation target like x86_64 ELF binaries, but > that WASM and JavaScript can be wielded to *increase* user > freedom--since someone who is required to use, say, Microsoft Windows in > their lab can set up a bunch of services running free and open source > software under their control on their own networked computers, and then > use that software through a Web browser instead of the non-free programs > they'd otherwise need to use.) This is not even rational. It is very simple. Noobody is going to build an operating system in an insecure web borswer based on a technology which is designed to be slaveware and dependent un insecure offsite browsers. Or maybe they will, but that doesn't mean it is something the GNU project should promote. Johns catch the clap all the time despite knowing the risk.
Re: Web versions
On 3/11/21 9:33 PM, Jean Louis wrote: > In my opinion question is if that all is free software. Not if it runs > remotely. No, software design matters and its not running remotely. It is running locally in javascript which is imported from a remote location with no control. It is a security nightmare.
Re: Let's discuss these guys - Dfinity
While a cryptocurrency such as Bitcoin has no middleman that takes some of the profits in a transaction, some amount that you pay (which is often quite expensive these days) is a fee that goes to paying people who are supporting the network by mining. With blockchain tech, one of the biggest theoretically advantages of it is that it can only fail if everyone stops supporting it (or if a vulnerability that compromises the network is found, but there's no high-profile examples of this ever happening; there's other theoretical but unproven methods of compromising a network as well). If a currency or a government fails, such as with hyperinflation, you could lose all of your money, but as long as people use bitcoin and the network doesn't fail, it is generally safe from a total collapse in value in a way that no centralized currency like USD is. As a possible example of this, I believe the recent surge in Bitcoin's price is in part caused by the inflation of the US dollar that many people are expecting to happen as a result of COVID-19. Never heard of Holochain before, but it sounds like an interesting project as well. On Fri, Mar 12, 2021 at 03:54:28PM +0530, Zany And Crazy wrote: > OK, so I was watching this: > > https://www.youtube.com/watch?v=JlC2lqihgXo > > Are these guys the good guys? I *want* to believe everything that > they're saying, all this stuff about "open" internet services, problem > is, most of those "open" services have or are going to have, a > *BIZMAN* behind them! *This* I have a problem with - the entire thing > almost keeps talking about MONEY! I'm only somewhat knowledgeable > about Blockchain, mainly because I don't know anyone I can trust to > answer some straight questions for me - am I right in saying, for > example, that if you shop on something like openbazaar.org , ALL your > money goes to the guy MAKING that product, the *platform* makes > nothing?? Isn't that what blockchain IS, removing the middleman?? So - > that would be the end of Amazon then? So - where is the question of > VCs, exits, capital, blah blah blah HERE? > > Is anybody here BUILDING on this thing? Do we trust it?? What about > the OTHER "decentralised web" projects like Tim Berners Lee's Solid, > Holochain etc? Which ones of these are OPEN standards? > > Anybody care to clear it up? :)
Re: Web versions
Taylan Kammer wrote: On 06.03.2021 22:30, Jacob Bachmeyer wrote: In times like that, I wish I had quick access to some Unix-like environment with helpful tools like netcat and nmap on the client's end. If I could just open a browser on the client's PC and visit a website that boots up a GNU/Linux with useful tools like that, it would be pretty amazing. The problem is that to be able to implement tools like that, the browser would need to offer access to the local network at a level that would be a serious security risk. While nmap and netcat/socat can be great for development and troubleshooting, they are also great for an intruder's recon efforts to prepare further intrusions. 8-| Do you want ad companies routinely port-scanning your LAN? -- Jacob
Re: Web versions
> On 14. Mar 2021, at 19:25, Alfred M. Szmidt wrote:
>
> The same is true for JS/Webassembly. In fact, one could argue that this
> is a significant part of the value offering (offline use of the web
> application).
> You can copy the whole site offline and continue using it.
> Yes, there MAY be interaction with a REST API, but that is a completely
> different
> story not directly related to webassembly at all.
>
> The same is absolutley not true for Javascript or Webassembly, it is
> nigh impossible to download the full set of scripts and other code to
> run it locally. And, again -- it is running code (binary, obfuscated,
> or source) from someone else machine.
Why is it a problem that it is binary?
.deb packages also contain only binaries. You can download the source,
but that is not part of apt/deb and can be done out of band due to the freedoms
you (hopefully) have. You can also include non-free repositories. Then you
cannot.
You may even install a free program but the dependencies it pulls in are
ABI-compatible
proprietary libraries. As a user there is nothing you can do against that
except changing the distribution
channel. In the browser you would call such a change "browsing to an
alternative website".
But most importantly, it is not the fault of the program that it was
distributed with
ABI-compatible libraries or the fact that is compiled/dymanically linked!
Can you explain to me what the difference is: Why is the browser as http client
bad
to download binary compiled free software but the apt http client is just fine?
And regarding the difficulty of copying the scripts: How does the browser do it
then?
I think you have not programmed a web application using JS/WA yourself that
actually "obfuscates"
it (e.g. using webpack or webassembly or both).
What happens there is that it "packs" all the code into a single file and
optimizes it for space
and performance. Transpilation and packing is not so much different from
compilation and linking.
For webassembly, it is actually just semantics.
That "blob" (sic) is then downloaded by the browser, or not. It may be cached
(=already downladed) or it may
be a webextension. I guess nothing is really keeping you from copying the
program and running it on another machine or browser
either.
This is because you can very well download a copy any time and run it basically
anywhere.
That is exactly what the browser does and why it is done.
Which brings me to the second point I made: For most JS applications ("single
page applications")
the fact that you can run the program offline without "downloading it from
another persons server" all the time
is the core value offering compared the older style of web applications using
application servers.
And then of course there are webextensions which are even less distinguishable
from other programs running on
your system.
Theoretically, you could have a webextension that has a compiled emacs which
replaces all input fields so you can use it for that.
There is not even a connection with a server. (Except, of course, for
downloading the webextension which might have happened through apt and I am not
sure if you find this problematic now or not as the deb repository is certainly
somebody else's server).
> You have no idea if the code
> you got is free software or not, it is a binary blob that
> automatically runs on your computer. I suggest you read the
> Javascript trap.
>
> Have you tried running emacs on a C64 recently?
>
> Emacs has never run on a C64.
>
>> The suggestion in this thread was to make GNU port to webassembly, and
>> then be run in a web browser, from someone elses machine.
>
> No, it was not:
>
> " ince WebAssembly is now a reality, maybe you guys should get to
> making the browser versions of LL your software? "
>
> In other words, exactly what I wrote.
You said the issue is that that the code comes from "somebody else's server" I
was making the point that
the OP said no such thing and I tried to define "browser version" for you (the
text that would follow if you hadn't removed it).
Note that OP did not even say "web applications" and hence did not imply the
download from a website/server at all.
Please understand that I am trying to understand the logic behind the general
rejection of webassembly as a target platform;
or JS for that matter.
It is a relevant question for packages such as GNUnet and GNU Taler. Both have
features that require the use of a
webextension, for example.
The article on the JavaScript trap is sensible and I agree. It also proposes a
mechanism that allows us to
have a technical means to determine if the binary is FS. Which is something
actual binaries often lack and why reproducible builds
is a good thing (how do YOU determine if your emacs is actually compiled from a
free software source?). But the reasoning behind the necessity for a mechanism
in the case of web applications (JS/WA or otherwise) is well
Re: Web versions
The same is true for JS/Webassembly. In fact, one could argue that this is a significant part of the value offering (offline use of the web application). You can copy the whole site offline and continue using it. Yes, there MAY be interaction with a REST API, but that is a completely different story not directly related to webassembly at all. The same is absolutley not true for Javascript or Webassembly, it is nigh impossible to download the full set of scripts and other code to run it locally. And, again -- it is running code (binary, obfuscated, or source) from someone else machine. You have no idea if the code you got is free software or not, it is a binary blob that automatically runs on your computer. I suggest you read the Javascript trap. Have you tried running emacs on a C64 recently? Emacs has never run on a C64. > The suggestion in this thread was to make GNU port to webassembly, and > then be run in a web browser, from someone elses machine. No, it was not: " ince WebAssembly is now a reality, maybe you guys should get to making the browser versions of LL your software? " In other words, exactly what I wrote.
Re: Web versions
As mentioned having GNU tools available on machines you do not have control over (i.e. your friends machine) makes this infinitely valuable IMO. That is to vauge of a statement to make any general claim, what does "available" mean here? Download the source? Or execute random blobware from someone elses computer? The later is something that is ill suited, and not valuable at all since it subjugates users rights.
Re: Web versions
> On 14. Mar 2021, at 12:57, Schanzenbach, Martin > wrote: > > > >> On 13. Mar 2021, at 16:48, Alfred M. Szmidt wrote: >> >> Sounds like multi-user UNIX-like system, or modern GNU/Linux >> multi-user system. >> >> On a multi-user system you can keep your own files in our home >> directory. You can decide to copy a program you like from one >> location to your home directory. >> > > The same is true for JS/Webassembly. In fact, one could argue that this > is a significant part of the value offering (offline use of the web > application). > You can copy the whole site offline and continue using it. > Yes, there MAY be interaction with a REST API, but that is a completely > different > story not directly related to webassembly at all. > >> With Webassembly / Javascript (specifically in the form of SaSS) you >> are at the mercy of whoever is hosting the program to run it. > > This issue is completely unrelated to the technology. > You are at the mercy of the (HTTP!) hoster of the software repos you use in > your > distro. It is simply by the fact that the distro project (may!) state that you > receive free software. The same can be and is done for web applications. > Reproducible builds may help a savvy user to confirm if trust is not enough. > But the same could be done for WA. > The application it self may rely on communication with a remote systems. But > I though this > is what AGPL is for. > Maybe here is where we can actually untie the knot. The issue is the software architecture. It can be abused by having the local application heavily depend on the backend. Sometimes this is necessary (see email). But I guess you could formulate guidelines in this regard. But I think it is important to look at such technology without prejudice. The current reality includes much more than SaaS. And implementing a GNU package probably would not result in such an architecture anyway. It (Webassembly) would be an organic compilation target. As mentioned having GNU tools available on machines you do not have control over (i.e. your friends machine) makes this infinitely valuable IMO. >> Maybe >> even depending on that site for storing your data. The issue is >> _intent_ of how these things are to be used -- depriving users of how >> they can run their programs. > > Have you tried running emacs on a C64 recently? You will have to modify the > source to compile it to the platform. You can do the same even if the source > also happens to > compile and run as webassembly or ELF. > >> >> The suggestion in this thread was to make GNU port to webassembly, and >> then be run in a web browser, from someone elses machine. >> > > No, it was not: > > " > ince WebAssembly is now a reality, maybe you guys should get to making the > browser versions of LL your software? > " > > A browser version can be a webextension. It can also be provided through a > webserver (see distribution repository). > As it happens, if it were to be provided as a web extension it would likely > be possible to provide > it through the distribution repositories as well. Which shows how bizzare the > argument is. > > In fact, a "browser version" can even be a full browser including the > application! (e.g. mattermost) > Yes, ugly, but that is not the point. > >> In my opinion question is if that all is free software. Not if it runs >> remotely. >> >> That it is free software is a side issue. Sometimes the issues of >> software freedom are not just about the four freedoms. > > Yes, but it is completely unclear from this thread what the issue actually is. > "You are not sufficiently in control" is not it. > > BR > signature.asc Description: Message signed with OpenPGP
Re: Web versions
> On 13. Mar 2021, at 16:48, Alfred M. Szmidt wrote: > > Sounds like multi-user UNIX-like system, or modern GNU/Linux > multi-user system. > > On a multi-user system you can keep your own files in our home > directory. You can decide to copy a program you like from one > location to your home directory. > The same is true for JS/Webassembly. In fact, one could argue that this is a significant part of the value offering (offline use of the web application). You can copy the whole site offline and continue using it. Yes, there MAY be interaction with a REST API, but that is a completely different story not directly related to webassembly at all. > With Webassembly / Javascript (specifically in the form of SaSS) you > are at the mercy of whoever is hosting the program to run it. This issue is completely unrelated to the technology. You are at the mercy of the (HTTP!) hoster of the software repos you use in your distro. It is simply by the fact that the distro project (may!) state that you receive free software. The same can be and is done for web applications. Reproducible builds may help a savvy user to confirm if trust is not enough. But the same could be done for WA. The application it self may rely on communication with a remote systems. But I though this is what AGPL is for. > Maybe > even depending on that site for storing your data. The issue is > _intent_ of how these things are to be used -- depriving users of how > they can run their programs. Have you tried running emacs on a C64 recently? You will have to modify the source to compile it to the platform. You can do the same even if the source also happens to compile and run as webassembly or ELF. > > The suggestion in this thread was to make GNU port to webassembly, and > then be run in a web browser, from someone elses machine. > No, it was not: " ince WebAssembly is now a reality, maybe you guys should get to making the browser versions of LL your software? " A browser version can be a webextension. It can also be provided through a webserver (see distribution repository). As it happens, if it were to be provided as a web extension it would likely be possible to provide it through the distribution repositories as well. Which shows how bizzare the argument is. In fact, a "browser version" can even be a full browser including the application! (e.g. mattermost) Yes, ugly, but that is not the point. > In my opinion question is if that all is free software. Not if it runs > remotely. > > That it is free software is a side issue. Sometimes the issues of > software freedom are not just about the four freedoms. Yes, but it is completely unclear from this thread what the issue actually is. "You are not sufficiently in control" is not it. BR signature.asc Description: Message signed with OpenPGP
