Re: Web versions
* Jacob Bachmeyer [2021-03-17 05:09]: > Jean Louis wrote: > > * Jacob Bachmeyer [2021-03-16 10:30]: > > >3. Web apps stored on "the cloud" are bad because they often do not > > > respect the user's freedoms, as even if the software is under Free license > > > terms, technical issues can make running a modified version difficult or > > > impossible. > > > > Just because there is possibility of abuse one shall reject the > > technological opportunity?! > > That is ridiculous, but we should still take steps to mitigate possibilities > for abuses. After all, we have the GPL to mitigate the abuse of "walking > off" with a copy of a Free program and making a proprietary derivative, and > GPL3 was introduced to mitigate the abuse of Tivoisation. Exactly. We can mitigate it: - plugins for safety of work with Webassembly for now do not exist. There is this Webassembly detector: https://addons.mozilla.org/en-US/firefox/addon/webassembly-detector/?utm_source=addons.mozilla.org_medium=referral_content=search and there is possibility to disable it completely. In my opinion we shall have a plugin that asks user if to run it or not and start making list of safe websites with Webassembly. > > Or maybe you wanted to define "GNU operating > > system" as only those software packages developed by GNU, but not > > those software packages delivered with the GNU operating systems like > > Parabola in my case? > > The original request that started this discussion was a suggestion to port > all of the software developed by GNU to WebAssembly to run in browsers. > There are some packages, such as coreutils, for which that is obviously > nonsensical. This does not mean that we could not support WebAssembly as a > general compilation target, or that we could not build effectively a > browser-based HURD port, (and HURD's architecture fits such an environment > fairly well, treating the browser itself as a Mach-analogue) but generally > relying on browsers is dangerously close to SaaSS. In one of the referenced hyperlinks I have shown that somebody has already started with GCC, binutils in Webassembly. I do not see why coreutils do not make sense. Why you think so? How to handle all the scripts when compiling software? Maybe review the fact that Webassembly need not run in browser, it can run standalone, that makes such programs cross platform, thus useful. Coreutils are then easily deployed on various systems. Binutils, GDB is already there: https://github.com/pipcet/binutils-gdb > but generally relying on browsers is dangerously close to SaaSS. It is generalization. If you know a bug, why not report specific bug? Web browser with Webassembly is not anymore a web browser only, just as Emacs is not just editor. > The original request was for GNU packages to be offered as SaaSS. Making GNU packages run in Webassembly does not make it automatically hosted or served by third party. There is difference between SaaSS and software alone. As software it is useful to have possibility to run GNU, various other free software, including Emacs in Webassembly, or complete OS-es. If some company or party will run any software as SaaSS that is their choice. Serving it or selling it in that way is separate issue of having software for Webassembly. Having software means: user can run it from their own computer after downloading and making informed decision as Alfred said. Users can host it on local area network. But need not. Users can host it on their websites, LAN or similar. But need not to, they can execute it even from USB. Thus usefulness of having software that runs on every OS is separate from SaaSS. Jean
Re: Web versions
* Alfred M. Szmidt [2021-03-16 21:12]: >Webassembly runs in the browser, I click on the URL and >application is in the browser, > > And thats the problem. How do you check that the program you just ran > (pretense) is free software? In that particular example I have been checking programs that are free software as they are hosted on Github with free software licenses. I gave you hyperlinks as references, you could verify it yourself. Level of verification is never perfect, regardless of the type of software. How do I know that software delivered in Guix or Parabola GNU OS is free software? I do not know, I can just assume as developers claim to be so, and OS-es are endorsed by FSF. On the next level of verification one will find that proprietary pieces may be found in such OS-es and those issues are handled by bug tracker. But I still cannot verify if software is really free software, I would need to verify each upstream and compare it with the one that I got. Then again, how do I know that binary is really free software? I would need to do it on the next higher level of verification. Maybe I would need to re-compile myself and get reproducible build that I become more sure that it is free software, and also not tampered or malicious one. There is practically no difference between Webassembly and packages delivered with GNU OS. > When you download something, you have not executed the program yet, > and can make an informed decision if you wish to run it or not, > e.g., There are various gradients of informed decision as I have demonstrated above. Teenagers will be informed enough if the software they downloaded can run on their computer. They may not go into any verifications. Majority of people will not verify anything. Once I was verifying all software and there were still proprietary issues. That is why we are safer with FSF endorsed GNU OS and other endorsed OS distributions. We rely on trust to FSF or our basic knowledge about the distribution mostly. Majority of people will not go into extensive verifications of each single package. Thus making adequately informed decision is difficult task for any software. For Webassembly, I have been following the list of examples and found the SSH in browser, it is free software and I find it very handy. I can finally use mutt/ssh and handle my stuff on servers through a browser. My way of making informed decision is looking for useful pieces of software that is free and then using it. > if it is free software or not by looking at whatever tar-ball it came > with, examining the license, etc. You can do that with Webassembly in the same way. > That is not normally the case with Javascript or Webassembly -- when > you access the program, you're already executing it It should be by consent of the user -- that is open task to do, to make some plugins to help user consent to each website specifically. LibreJS is good plugin for Javascript, but I think it will not handle Webassembly. In desktop OS, when I access the system like any computer, I am already executing software. Unless I am informed that it is GNU/Linux or other free system, I am already executing it. Majority of users are in this situation, they are not root or administrators or aware users. Majority of GNU/Linux users are in the same situation as you described it, there are many distributions and they are not fully free -- so users will not necessarily know differences. Thus Javascript or Webassembly shall simply by sorted by GNU into same lists, or packages that we are distributed in FSF endorsed distributions. It is the same process of selection of software just as how developers do it now. How do we choose software? By accessing and downloading the indexed and curated list of software that is assumed to be free software because of developers who have set their set of principles. How can we choose Webassembly as free software? By having lists of websites that provide useful Webassembly programs. If such list is not curated by free software enthusiast then one may find some proprietary software inside just as it happened to me with that PDF kit. Firefox is free browser, so GNU OS may ship derivative with Webassembly disabled or with a plugin that may ask if to run software or not. about:config and one can disable javascript.options.wasm not to run it. Easy. To mitigate risks not to run Webassembly or Javascript automatically one can use plugins (if such exists). We could create plugin that white lists the free software websites running Webassembly, where users can report the website to be free software for further review, and otherwise to keep Webassembly blocked. Jean
Re: Web versions
Alfred M. Szmidt wrote: 2. Browsers do not offer POSIX API to JS/WebAssembly for very good reasons. The other issue is that it wouldn't really be an operating system, if it runs in a web browser. Which kinda is the whol point of the GNU project. :-) The GNU project also provides some application software. Octave or Emacs, to name two examples, could usefully be offered as "run this in your browser" in addition to the regular native ports, but general lower performance and Web security policies are likely to make browser ports of packages like R and libGMP useful only as demonstrations. -- Jacob
Re: Web versions
Jean Louis wrote: * Jacob Bachmeyer [2021-03-16 10:30]: 3. Web apps stored on "the cloud" are bad because they often do not respect the user's freedoms, as even if the software is under Free license terms, technical issues can make running a modified version difficult or impossible. Just because there is possibility of abuse one shall reject the technological opportunity?! That is ridiculous, but we should still take steps to mitigate possibilities for abuses. After all, we have the GPL to mitigate the abuse of "walking off" with a copy of a Free program and making a proprietary derivative, and GPL3 was introduced to mitigate the abuse of Tivoisation. [...] Or maybe you wanted to define "GNU operating system" as only those software packages developed by GNU, but not those software packages delivered with the GNU operating systems like Parabola in my case? The original request that started this discussion was a suggestion to port all of the software developed by GNU to WebAssembly to run in browsers. There are some packages, such as coreutils, for which that is obviously nonsensical. This does not mean that we could not support WebAssembly as a general compilation target, or that we could not build effectively a browser-based HURD port, (and HURD's architecture fits such an environment fairly well, treating the browser itself as a Mach-analogue) but generally relying on browsers is dangerously close to SaaSS. I am sure that my Hyperscope system can be modified to run in any browser. It will become possible to develop Dynamical Knowledge Repositories as envisioned by Engelbart and request documents of any kinds and see/view them without modifying the OS. Open up DJVU document on any computer, use Emacs from any worldwide Internet cafe or point, play your favorite game without installing anything on a host computer. Those are great. That is something that *fits* the Web platform model. [...] For me, Webassembly does not dictate necessarily "external network resources". Why not speak of the concept of running software in Webassembly without using external network resources, such as it is GNU Health, that could eventually in future, run inside of Firefox or modified Firefox browser in local area network. That is useful. There would be no need to install clients on every computer, it would be just enough to run the computer even from the USB stick, fire up browser, and one could manage the hospital. Software could be downloaded for execution from local area network. GNU Health is part of GNU system and GNU package, GNU software, routine operation of hospital management is to run GNU Health to manage patients and their health improvements. GNU Health is another good example of a package that could usefully be ported to a Web-ish runtime, and SaaSS is not a problem if the servers are running Free software under your own control on your own LAN, as would be expected in a hospital installation. I believe that "Who Does That Server Really Serve?" better applies to these issues than "The JavaScript Trap" does: the former warns against relying on systems outside of the user's control, even if those systems are also running Free software, while the latter applies to a widespread means of "sneaking" non-free software into otherwise-Free environments under the user's proverbial nose. Sure I understand that viewpoint. I just don't think of proprietary viewpoint. There is plethora of free software already written for Webassembly. https://github.com/search?p=2=webassembly=Repositories You can install applications yourself, you can install them on your computer or your local area server or your own server. The original request was for GNU packages to be offered as SaaSS. As platform for development of free software Webassembly is great tool. Let us think of free software. I agree with this point. Or Vim editor ported to Webassembly: https://github.com/rhysd/vim-wasm why we don't have Emacs running? Probably because Emacs is a full Lisp runtime and vim is much simpler. I had to learn to use vim for a while when I had just gotten a new AMD64 system and Emacs had not yet been ported to x86-64. (Nor had X yet been adapted to support building both 32-bit and 64-bit libraries; Emacs gained x86-64 support before I had X multilibs.) -- Jacob
Re: Web versions
[...] I click on the URL and application is in the browser ... I think that sentence sums up the overall problem. In Emacs, since you gave that as an example, when you install a package, the list is curated. Same with your GNU/Linux system. When you copy a snippet of Emacs lisp code, you will see the license text and can decide what to do before running the program. Had non-free software been irrelevant, web browsers executing random code (if we can wish for a world where non-free software is irrelevant, we can wish for software without security issues :), then the Javascript trap wuldn't have been a trap.
Re: Web versions
It is free software and specific use example. In those examples I cannot see anything bad. You show one example, when the majority do not follow that example. It is the overal practise of how "web applications" work that is the problem, not unicorn instances that just happen to be OK. Javascript and Webassembly (or maybe more specifically, web browsers) facilitate the issue but running unknown code so trivially from someone else. I am sure we could find examples of where DRM can be put to good use...
Re: Web versions
Webassembly runs in the browser, I click on the URL and application is in the browser, And thats the problem. How do you check that the program you just ran (pretense) is free software? When you download something, you have not executed the program yet, and can make an informed decision if you wish to run it or not, e.g., if it is free software or not by looking at whatever tar-ball it came with, examining the license, etc. That is not normally the case with Javascript or Webassembly -- when you access the program, you're already executing it
Re: Web versions
* Alfred M. Szmidt [2021-03-16 19:11]: > Nobody has argued that there are no other models where > Javascrip/Webassembly could be used in an ethical fashion, but a > discussion that talks about anything, and everything will end up in > nothing. > > The way that Javascript, and Webassembly is intended to be use is the > problem. Generalization is not good. Then we can say this world is the problem because there are some problems in the world. Useful Webassembly application, SSH in browser: https://www.ssheasy.com/ https://madewithwebassembly.com/showcase/ssheasy/ It is free software. It runs on user's computer. That means I can host it myself anywhere and access my servers through SSH without using my personal computer. Then I can read and write emails, handle notes, handle customers, make sales on the run. That is very specific use case. What I have been doing before is I have been downloading Putty.exe to access my remote servers from Internet cafes' Windoze computers. Sometimes it worked to run the Putty sometimes not, permissions were not enough. This way it will work stable. Many Webassembly applications can accept uploading of a file into your own browser. So files and data need not necessarily go to remote server. Or DICOM parser: https://www.orthanc-server.com/external/wasm-dicom-parser/ After making X-ray image in hospital, image is given to patient sometimes on the DVD-ROM. DICOM viewer runs in the browser, client-side, read the page. It can help doctors to review X-ray images. It is free software and specific use example. In those examples I cannot see anything bad. Jean
Re: Web versions
* Alfred M. Szmidt [2021-03-16 20:17]: >I have downloaded so much software in last 24 hours as I was >installing new OS (Parabola), so I have downloaded it from some server >and I run it. > > How is that related the topic of Javascript / Webassembly and porting > the GNU system to it? You don't see similarity, that is why you got the examples. Webassembly runs in the browser, I click on the URL and application is in the browser, I can run it on my computer. Quick check shows it is free software. I can move application to my own server or inspect the source. Four freedoms granted. Then I can run it any time from any computer, be it my computer or not. Isn't that nice? The difference is that I run such application by one click, it is easier than using package manager to download application and then run the application from personal computer. > How is this similar to how Javascript / Webassembly works when you > access a URL in a web browser where it? It is practically same thing with the difference that Webassembly application will work on any OS that has browser that supports it. I do not need to think of dependencies, it just works. >>There are now many Javascript application such as notes, where all >>users' data remain in the browser, nothing is stored on the remote >>server. That is good development. >> >> It is not, since such a program could just as well be run locally, >> without the dependancy on someone else infrastructure. If that server >> goes away, you're shit out of luck. > >I am sure you are mistaken there. I said, there are now applications >(at least I know about them now), that run quite everything on your >computer, through browser. So there is no server dependency. > > But you wrote "remote server", which is it? The whole disucssion is > about _HOW_ technology is used, not _WHAT_ technology is used. Remote server, yes. Application is loaded from remote server. But it could be as well on your own computer. You can keep Webassembly applications on your personal computer. Remote server need not be third party's server. Important is that application is accessible and that it can be run. When I download packages of Parabola GNU/Linux-libre, several mirrors are used, they are all remote servers, applications are loaded on computer and I can run it. Same with Webassembly. Difference is that Webassembly applications are cross platform. I don't think that I understood functionality of it wrong. I think you are pushing in some direction where Webassembly does not belong, in my opinion you have to study it better to understand what it is. Jean
Re: Web versions
I have downloaded so much software in last 24 hours as I was installing new OS (Parabola), so I have downloaded it from some server and I run it. How is that related the topic of Javascript / Webassembly and porting the GNU system to it? How is this similar to how Javascript / Webassembly works when you access a URL in a web browser where it? >There are now many Javascript application such as notes, where all >users' data remain in the browser, nothing is stored on the remote >server. That is good development. > > It is not, since such a program could just as well be run locally, > without the dependancy on someone else infrastructure. If that server > goes away, you're shit out of luck. I am sure you are mistaken there. I said, there are now applications (at least I know about them now), that run quite everything on your computer, through browser. So there is no server dependency. But you wrote "remote server", which is it? The whole disucssion is about _HOW_ technology is used, not _WHAT_ technology is used. That is one good example. You can edit notes and save it, all locally, it works offline. I don't think anyone claimed that one cannot find examples where something still is ethically sound, running in a web browser, and in Javascript or some other language. The issue is that this is not the intent, or how Javascript / Webassembly is mainly used. So why bring up such examples? It is not the issue here, it is not the issue of the Javascript trap either.
Re: Web versions
2. Browsers do not offer POSIX API to JS/WebAssembly for very good reasons. The other issue is that it wouldn't really be an operating system, if it runs in a web browser. Which kinda is the whol point of the GNU project. :-) 3. Web apps stored on "the cloud" are bad because they often do not respect the user's freedoms, as even if the software is under Free license terms, technical issues can make running a modified version difficult or impossible. Indeed. Therefore: Porting to "the Web" is simply not practical or appropriate for most GNU software. This does not exclude the possibility of writing useful Free software for "the Web" but the GNU project is focused on the GNU operating system. The GNU operating system is not supposed to depend on external network resources for routine operation. I believe that "Who Does That Server Really Serve?" better applies to these issues than "The JavaScript Trap" does: the former warns against relying on systems outside of the user's control, even if those systems are also running Free software, while the latter applies to a widespread means of "sneaking" non-free software into otherwise-Free environments under the user's proverbial nose. Very good point, I forgot about that article.
Re: Web versions
Please use a kinder tone on this list, your language is simply not acceptable here.
Re: Web versions
Nobody has argued that there are no other models where Javascrip/Webassembly could be used in an ethical fashion, but a discussion that talks about anything, and everything will end up in nothing. The way that Javascript, and Webassembly is intended to be use is the problem.
Re: Web versions
>Or collaborative PDF annotation environment: >https://pspdfkit.com/guides/web/current/pspdfkit-for-web/getting-started/ This reference below is most probably not free software, I have assumed it to be so as I found reference on Github in the collection of various free software reference, mistake. I don't recommend this.
Re: Web versions
* Jacob Bachmeyer [2021-03-16 10:30]: >3. Web apps stored on "the cloud" are bad because they often do not > respect the user's freedoms, as even if the software is under Free license > terms, technical issues can make running a modified version difficult or > impossible. Just because there is possibility of abuse one shall reject the technological opportunity?! Why then reject all software at all, as I could jokingly paraphrase that as: --- jokingly paraphrased -- 3. Programs on the distk are bad because they often do not respect the user's freedoms, as they are often proprietary, as even if the software is under Free license terms, lack of user's skills and technical issues can make running a modified version difficult or impossible. -- GNU/Linux has been abused by people since its inception, it is still insecure, and we still use it. It is being used worlwide millions or billions times to subjugate users who run software remotely on GNU/Linux systems -- all that is not relevant. Possibility of some abuse or evil conduct is not reason to say not to create free software on a free software platform (Webassembly). Is it useful to create software? If yes, why not. > Therefore: >Porting to "the Web" is simply not practical or appropriate for most GNU > software. This does not exclude the possibility of writing useful Free > software for "the Web" but the GNU project is focused on the GNU operating > system. GNU Operating Systems are various, they may already contain Webassembly if some of GNU systems include Firefox with it. For example in Parabola GNU/Linux-libre, the system I use on this computer there is package "wabt" with description "The WebAssembly Binary Toolkit is a suite of tools for WebAssembly". Thus GNU project already delivers tools for further development of Webassembly. "GNU Operating System" is the one I am running here, and I can install that package for Webassembly within seconds. Logic fails there. Or maybe you wanted to define "GNU operating system" as only those software packages developed by GNU, but not those software packages delivered with the GNU operating systems like Parabola in my case? Webassembly already has envisioned POSIX API. Please see: https://webassembly.org/docs/use-cases/ where it says: "POSIX user-space environment, allowing porting of existing POSIX applications" -- so why not? Then read: "Developer tooling (editors, compilers, debuggers, …)." -- so that means one can in future, as how it is envisioned, develop new programs for platforms X by using editors and compilers. For me that means using GCC and Emacs or similar tools. Existing POSIX applications will work in Webassembly. > Therefore: >Porting to "the Web" is simply not practical or appropriate for most GNU > software. This does not exclude the possibility of writing useful Free > software for "the Web" but the GNU project is focused on the GNU operating > system. Things are not practical when they are not implemented and not integrated. Webassembly makes it practical as it provides integration. It may not be the best method to run compatible applications on multiple OS-es. But then who is to make it better? There were various attempts to have toolkits that work well across OS-es and they are still there, this attempt with Webassembly makes it possible. It is of course there because Apple, Google and Microsoft and Mozilla have envisioned how it will be useful for them, but there is also the use for free software developers. It is new direction, new platform, seem to be the most advanced in the under developed 21st century. I have expected much more of computing in 2021, we are back in the era of Netscape and Javascript introduction, just on a new level. By the way, back in time, I remember that all kinds of plugins were installable in browsers, so all kinds of programs could run anyway inside of browsers. I have been running perl remotely executed on my browser. Here are some traces of that technology: https://www.brainbell.com/tutors/Perl/newfile295.html and I remember using similar technology before 1999. It is possible to modify browsers to run any kind of code. There is nothing new to the concept. Webassembly is attempt to make it in a safe environment. Those large companies are not known to keep the things safe, I know, but still, that is so far one of advanced cross platform environments. Let us develop software for it. I am sure that my Hyperscope system can be modified to run in any browser. It will become possible to develop Dynamical Knowledge Repositories as envisioned by Engelbart and request documents of any kinds and see/view them without modifying the OS. Open up DJVU document on any computer, use Emacs from any worldwide Internet cafe or point, play your favorite game without installing anything on a host computer. > The GNU operating system is not supposed to depend on external network > resources for routine operation. I agree
Re: Web versions
* aviva [2021-03-16 05:55]: > On 3/15/21 6:26 PM, Jean Louis wrote: > > That is one good example. You can edit notes and save it, all locally, > > it works offline. > > And why is that good? Are you lacking a shell? At certain situations on travel I am lacking a computer and I use browser to handle emails, notes, planning, documents and to print it. If Nextcloud is good for that, then why not cloud-less technology? I could place the final file with modified data any browser or any computer to work equally. I believe TiddlyWiki could then equally well run on my Android tablet, Motorola Lineage OS E + LTE, on GNU/Linux computer and hostile Windoze computers in Internet points in East Africa. I could print the notes from any computer where I arrive with certainty they come out same as I expect it, without having my personal computer with me. Storage could be on one of devices, on the remote server or USB stick or similar. I would not need to pay for VPS or dedicated server to run my application as application runs in the browser and I can move NOTES.html to other devices. That is integration. Me and you we are on different places on the planet, and have different education and experiences. For logic to be the same one would need to start from same set of data. Logic depends on data. With different data and context, logic is also different. Sure I use shell and I can use shell to create notes. But assumption that I should use shell to save notes does not conform majority of people on this planet. They don't have it. Would GNU software be the initiator of the WWW and first creator of a browser, I do not think we would be discussing here how taking notes in a browser is odd and how one should be using shell. As it is not so, the set of data is different and logic is different. Would GNU Emacs be very advanced to support 3D, to have video capabilities, better image editing capabilities, it would be today what Webassembly wants to become. By simple click one would invoke programs and run them quicker and equally well on every operating system. That is what Emacs wants to become. Integration is what brings people to use technology. Not the technology itself. Think of integration on Android, there are contacts, one can click on phone number and phone call is activated, or click on email to send email, or click on image to share image with specific contact by using any kind of communication line. That is one small example of integration, it helps people to connect and get things faster. Downloading software, unpacking it, building it from sources and installing it is one good example of lack of integration for the end user (although the underlying integration efforts could be great). Clicking on software and clicking on it to install and run it is little better integration. There is no need to think on how to build it. In the next step one could just click and run the software. Or not even click, just stumble upon the website. Integration is what becomes useful for people. Webassembly integrates things, it skips the OS problem and provides equal experience on any OS where the browser can run. I also believe that it is free software at least in the Firefox version. Why would not GNU programs run in Webassembly? I see no reason. GNU Health could then run on various operating systems without installing it on each single computer, this lessens the cost of installation in hospitals. Just click on the URL and manage customer's information. This use case can be completely off the Internet and can run in local area network. Sales teams can have their CRM's running straight in browser, Webassembly offers more than Javascript alone can offer. Click on URL and manage databases. Plethora of uses. Jean
Re: Web versions
* shulie [2021-03-16 11:22]: > On 3/15/21 6:26 PM, Jean Louis wrote: > > If I download software into Emacs, I run it in Emacs. > > And you need to be told that emacs is not compatable to web borwser .. > but if EMACS was, it wouldl download random code from an unknown source > and run an entire OS in it with full trottle access and network access. > And it would be JUST as stupid. Emacs may not be equivalent to common web browser, but it does have web browser built-in, eww that works within Emacs. Additionally there is webkit based browsing within Emacs, depending of configuration at build time. To make Emacs run some code based on extension or some embeded script (beyond Javascript) inside of HTML tag would be relatively easy. The subject of security for Webassembly is built upon the experiences with insecurity with browsers over period of time. There are also many insecurities in operating systems and in just any kind of classes of software that is out there. How to Run a More Secure Browser https://www.dragonflybsd.org/docs/handbook/RunSecureBrowser/ Further you need not consider your personal, with personal data backed computer to be the only one to run WebAssembly. I can imagine plethora of uses of Webassembly. That potentially the vendor/hoster can take control over software is clear. It is clear that Microsoft, Google, Apple all want to run Webassembly to gain more customers. That however opens the door to free software as well, we may as well gain more aware customers, it is upon developers as social group to build upon it. Developers will work and create free software for it (it is inevitable). Question is just how much. Use cases and usefulness vouch for it. It allows computers to be cheaper which would run Webassembly. Computers can run it that are similar to those Chromebooks with low hardware power. It may bring computing to masses, to developed countries, it may increase education in the world due to low cost hardware requirements. The subject of security of Webassembly may be solved by making sure that browser executing binaries is well sandboxed and that OS is separate from browser while making sure that software that is run is free software. I do not know if integrity of the binary may be ensured with some hash, for example, for user to know that the build is reproducible and that it was made from free software version ACME 1.2.3 This is 21st century. Software is supposed to run on many operating systems equally and Webassembly is one solution for it. If you have something technical to add to security of Webassembly, I am sure that developers would consider your bug reports. Use cases: https://webassembly.org/docs/use-cases/ Jean
Re: Web versions
> On 16. Mar 2021, at 06:07, Jacob Bachmeyer wrote: > > Colby Russell wrote: >> On 3/15/21 9:02 PM, Jacob Bachmeyer wrote: > [...] >> > One of the rationales presented to me (off-list) for this was that a >> > WebAssembly port of GNU could be run as a web app and therefore be >> > "always up-to-date" >> >> Despite quoting the salient parts from The JavaScript Trap, you have >> regressed to committing the same error of critiquing the computing model >> of traditional web apps, which is, once again, totally irrelevant. It >> is neither here nor there. Here you do it again: >> >> > Web apps stored on "the cloud" are bad [...] Porting to "the Web" is >> > simply not practical or appropriate >> >> Please, please stop using this kind of sleight of hand to redirect the >> context to web apps and "the cloud". "The cloud" and "the Web" are >> _simply_not_relevant_ to the computing model described above, which >> treats the browser as a runtime which can be targeted during compilation >> and which you happen to get "for free" on upwards of 90% of personal >> computing devices, *NOT* as a thin client that you all keep insisting >> on. > > The original poster who started this discussion (and does not seem to have > actually replied to the list even once afterwards...) directly told me (and > possibly others) off-list that avoiding package management tasks (which "the > cloud" is well-known to promise to "magically" handle for you) was one of his > goals. > >> It's as if there's a short-circuit in at least half of respondents' >> brains that prevents them from engaging in any way without at some point >> insisting that this *MUST* involve cloud architecture and SaaS-like web >> apps being the central focus. It is _absurd_ that it takes this much >> energy to continually refute this over and over. Ideally, it shouldn't >> have to occur even a single time, but failing that, once should suffice. >> At this point, I have to wonder how many times this has to be pointed >> out? Is there any number which would be sufficient? > > We are in violent agreement here, but the original poster clarified > (off-list) that SaaS-like services were exactly what he wanted. > > > I am beginning to suspect that we have all been trolled, especially since > giving those extra details to only some participants would be likely to cause > violent discussion between those (including me) who were told (off-list) what > the original poster was actually requesting and those (presumably including > you) who are still thinking of the general case, where Free software *can* be > packaged using the "Web platform" as a portable runtime. Mozilla's XULRunner > was a closely-related example, and I believe that there are similar current > "Web app on local storage as desktop app" runtimes currently maintained. > > If this was a troll, it has been quite successful -- just look at all the > vitriol and hot air in this thread. We all seem to have been had. > Obviously the OP was a tongue-in-cheek kind of question. But this should not prevent us from lucidly reflecting on the topic and find truth in the joke; to then find common ground. However, from my (brief) experience here in this ML, this discussion is a disaster. It is not even a discussion. Some replies here a display of ignorance combined with superstition and outright hostility. No effort is made to understand the issue and preconceived talking points are thrown out seemingly at random. A magnificent display of what goes wrong when you religiously believe and are unable to actually apply your values to developments in the world. Which is why I stopped replying. It was a disappointing experience and I see no basis for discourse. > > On a side note, at what point does it become appropriate to forward replies > received off-list to the list when bad faith is suspected? > > > -- Jacob > signature.asc Description: Message signed with OpenPGP
Re: Web versions
On 3/16/21 1:07 AM, Jacob Bachmeyer wrote: > > I am beginning to suspect that we have all been trolled yah think?
Re: Web versions
On 3/15/21 4:26 PM, Alfred M. Szmidt wrote: > square Richard's call to action >to replace non-free JS with free JS BTW - in this case, Richard is talking about the little snippet garbage that people use as large scale widgets for web bowsers. THOSE things, since you are running javascript anyway, can be freed build kits rather than using unfree ones owned by google. But they both suck because in both cases, the user has no control. And it doesn't sidestep the other aspect of this he discusses, which is software as a service, which is what ALL of this is and he wanted to ditch it in GPL3 https://news.slashdot.org/story/09/04/27/1356235/rms-says-software-as-a-service-is-non-free https://www.gnu.org/philosophy/who-does-that-server-really-serve.html Javascript is just a form of Software as a Service, instead of on a remote server, you LET THEM take over your computer. It is stupid. It is dangerous. It strips the user of all computer ownership. NO NO NO
Re: Web versions
On 3/15/21 6:26 PM, Jean Louis wrote: > If I download software into Emacs, I run it in Emacs. https://web.archive.org/web/20010302031109/http://crackmonkey.org/fanmail.html#CHAPTER1
Re: Web versions
On 3/15/21 4:26 PM, Alfred M. Szmidt wrote: > Javascript isn't bad, Yes - it is pretty bad which is why we need to do this WHOLE end run around it to protect ourselves. Turning the browser into apware, frankly sucks, It is used for tracking, fingerprinting, stealing, and abusing users and there is no need for it at all. Taking it OUT of the browser, I couldn't care less about it other than it is a cluster of bad programming paradigns and produces vomit like code that is impossible to maintain.
Re: Web versions
On 3/14/21 11:04 PM, DJ Delorie wrote: > Since you insist on misinterpreting, let me clarify. I am not misinterpreting anything. You do not install anything in a browser that can run an OS.
Re: Web versions
On 3/15/21 11:30 PM, Colby Russell wrote: > It's as if there's a short-circuit in at least half of respondents' > brains that prevents them from engaging in any way without at some point > insisting that this *MUST* involve cloud architecture and SaaS-like web > apps being the central focus. Because YOUR browser doesn't get information from random physical locations on the internet... you have a SPECIAL browser
Re: Web versions
On 3/15/21 6:26 PM, Jean Louis wrote: > If I download software into Emacs, I run it in Emacs. And you need to be told that emacs is not compatable to web borwser .. but if EMACS was, it wouldl download random code from an unknown source and run an entire OS in it with full trottle access and network access. And it would be JUST as stupid.
Re: Web versions
On 3/15/21 6:15 AM, Jean Louis wrote: > If not, let us not work with hypothetical illusions. Software running in your broswer to take over your computer and creating a security whole is NOT hypothetical, although it WAS when RMS first addressed it.
Re: Web versions
On 3/14/21 6:18 PM, DJ Delorie wrote: > The GNU project should promote Free Software in all the ways that the > user can benefit from those freedoms, Correct and that is why this is disqualified out of the gate. This is broken by design you know like APSX and Outlook and even Java. The nifty arm chair analysis of what it MIGHT do is irrelevant. What it does is strip the user of control of there own computer and enslave them to someone elses manipulations without limit.
Re: Web versions
On 3/14/21 11:04 PM, DJ Delorie wrote: > "technology is designed to be something". Something in this case is software designed to enslave the user and allow for hackers to take over your computer.
Re: Web versions
On 3/14/21 11:08 PM, DJ Delorie wrote: > GCC has been used to write software that hacks into other people's We are nt talking about GCC... We are talking about running a complete OS in the broswer after loading it from an unsafe source. NO NO NO. You DO understand that Browsers were created to allow for ANONYMOUS AND SECURE information transport from one secure system to another. It is not supposed to be a security hole to run an entire OS our of. We have something to do that... X11
Re: Web versions
On 3/14/21 11:10 PM, DJ Delorie wrote: > It can and it does, and I showed you No sooner than we finally ditch flash and javabeans and the same bad idea lifts its ugly head AGAIN. It is a no. Someone will likely seriously die because of this being implimented. Stuffing a VM and an OS in a broswer is bad. It has always been bad and it is still bad. You already have a network ready OS - you don't NEED to stuff binaries and running code into the browser.
Re: Web versions
On 3/14/21 6:18 PM, DJ Delorie wrote: > This is a value judgement on the developer writing the software, not the > technology of the software itself. No. That value was made when they created the software. It is the intention of the software itself. There is nothing nuetral about it. It is designed the screw the end user.
Re: Web versions
On 3/15/21 6:08 AM, Jean Louis wrote: > Question of losing control over software that runs on computer must > involve the question "Is the software proprietary?" No. Richard had been working on this since the new GPL and this issue isn't is it proprietary. The issue is software as a service that does an end run around the entire licensing issue because new gives you the software. It just takes over your computer.
Re: Web versions
On 3/14/21 11:05 PM, DJ Delorie wrote: > How so? because you are loading unknow code from a proven hostile source and it is running and entire OS ... in your browser. We are talking a security breach that makes outlook look like trusted entity. Come now. We are adults.
Re: Web versions
On 3/15/21 11:30 PM, Colby Russell wrote: > Of course not, and it doesn't matter; it wouldn't make sense to expect > it to use those APIs even if they were available. That would entail > reliance on the local machine's resident system to perform essential > services e.g. to manage the user's files and the files used by the > system itself. rite - files are magic things that exist in the alternate universe quack quack?
Re: Web versions
On 3/14/21 7:57 AM, Schanzenbach, Martin wrote: > No, it was not: > > " > ince WebAssembly is now a reality, maybe you guys should get to making the > browser versions of LL your software? > " webassembly needs to be removed from any browser. It is a security hole if you can an OS in it without local supervision.
Re: Web versions
On 3/14/21 8:36 AM, Schanzenbach, Martin wrote: > But I think it is important to look at such technology without prejudice. No, you need to have servere prejudice. It is a bad idea from the ground up, and it is not even an original idea. And can there be a WORST programming language than javascript? No - we do not promote the intentional building of back doors in our computers and do so without prejudice. We are extremely prejudice. I would rather be dead than run something like that. It is time to rip javascript completely out of the browser. It provides NOTHING but security nightmares and user tracking.
Re: Web versions
On 3/14/21 7:57 AM, Schanzenbach, Martin wrote: > This issue is completely unrelated to the technology. It is EXACTLY what the technology is designed to do, so by all means, believe otherwise.
Re: Web versions
DJ Delorie wrote: [...] You are arguing that we should take away a technology from the user, because some people use that technology in ways you disagree with. However, other people use that same technology in other ways. It is not the technology that is evil, it's how it's used that may be evil. OK, so what is a "not evil" use for Digital Restrictions Management? -- Jacob
Re: Web versions
Colby Russell wrote: [...] Consider this passage from The JavaScript Trap: If the program is self-contained [...] you can copy it to a file on your machine, modify it, and visit that file with a browser to run it. But that is an unusual case. In particular, consider the irony of it, in light of the way this discussion has gone. In this discussion, it has been you all who would bear responsibility for this case remaining "unusual": by continually invoking the web app canard and responding to imagined caricatures of the arguments being sent your way, rather than the actual arguments themselves. The original message that started this discussion was a request to port all GNU packages to WebAssembly targets. As I understand, that is not currently technically feasible because WebAssembly does not offer the APIs that most GNU packages use. I further suggest that making it feasible would be a bad idea because that would effectively remove the browser sandbox. One of the rationales presented to me (off-list) for this was that a WebAssembly port of GNU could be run as a web app and therefore be "always up-to-date" and I answered that removing the option to continue using an old (possibly customized) version from the user, as that would do, is wrong. In short: 1. Most GNU packages are written to POSIX API, possibly with GNU extensions. 2. Browsers do not offer POSIX API to JS/WebAssembly for very good reasons. 3. Web apps stored on "the cloud" are bad because they often do not respect the user's freedoms, as even if the software is under Free license terms, technical issues can make running a modified version difficult or impossible. Therefore: Porting to "the Web" is simply not practical or appropriate for most GNU software. This does not exclude the possibility of writing useful Free software for "the Web" but the GNU project is focused on the GNU operating system. The GNU operating system is not supposed to depend on external network resources for routine operation. I believe that "Who Does That Server Really Serve?" better applies to these issues than "The JavaScript Trap" does: the former warns against relying on systems outside of the user's control, even if those systems are also running Free software, while the latter applies to a widespread means of "sneaking" non-free software into otherwise-Free environments under the user's proverbial nose. -- Jacob
Re: Web versions
Colby Russell wrote: On 3/15/21 9:02 PM, Jacob Bachmeyer wrote: [...] > One of the rationales presented to me (off-list) for this was that a > WebAssembly port of GNU could be run as a web app and therefore be > "always up-to-date" Despite quoting the salient parts from The JavaScript Trap, you have regressed to committing the same error of critiquing the computing model of traditional web apps, which is, once again, totally irrelevant. It is neither here nor there. Here you do it again: > Web apps stored on "the cloud" are bad [...] Porting to "the Web" is > simply not practical or appropriate Please, please stop using this kind of sleight of hand to redirect the context to web apps and "the cloud". "The cloud" and "the Web" are _simply_not_relevant_ to the computing model described above, which treats the browser as a runtime which can be targeted during compilation and which you happen to get "for free" on upwards of 90% of personal computing devices, *NOT* as a thin client that you all keep insisting on. The original poster who started this discussion (and does not seem to have actually replied to the list even once afterwards...) directly told me (and possibly others) off-list that avoiding package management tasks (which "the cloud" is well-known to promise to "magically" handle for you) was one of his goals. It's as if there's a short-circuit in at least half of respondents' brains that prevents them from engaging in any way without at some point insisting that this *MUST* involve cloud architecture and SaaS-like web apps being the central focus. It is _absurd_ that it takes this much energy to continually refute this over and over. Ideally, it shouldn't have to occur even a single time, but failing that, once should suffice. At this point, I have to wonder how many times this has to be pointed out? Is there any number which would be sufficient? We are in violent agreement here, but the original poster clarified (off-list) that SaaS-like services were exactly what he wanted. I am beginning to suspect that we have all been trolled, especially since giving those extra details to only some participants would be likely to cause violent discussion between those (including me) who were told (off-list) what the original poster was actually requesting and those (presumably including you) who are still thinking of the general case, where Free software *can* be packaged using the "Web platform" as a portable runtime. Mozilla's XULRunner was a closely-related example, and I believe that there are similar current "Web app on local storage as desktop app" runtimes currently maintained. If this was a troll, it has been quite successful -- just look at all the vitriol and hot air in this thread. We all seem to have been had. On a side note, at what point does it become appropriate to forward replies received off-list to the list when bad faith is suspected? -- Jacob
Re: Web versions
Jean Louis wrote: [...] Question is rather if software is free or if one need proprietary programs to run it in WebAssembly. If there is nothing proprietary, we shall encourage creation of software as WebAssembly is there because some people find it useful, we encourage creation of free software. The original message that prompted this discussion was a request to port all existing GNU packages to a WebAssembly target. As I understand, such ports would not be possible for many GNU utilities because they rely on facilities that are not available in browsers for good reason. Making those APIs available in browsers would be a bad idea because it would effectively eliminate the browser sandbox, allowing common Web malware free reign on most user's systems. -- Jacob
