|
On 2018-02-22 09:22, Ivan Zaigralin
wrote:
On Thursday, February 22, 2018 01:04:30 bill-auger wrote:
this is confusing - what exactly is a
"drive-by-download" and how are they inherently "non-free no matter what
license is attached to them"?
also, how could LibreJS "incorrectly mark an obfuscated piece of
GPL-licensed code as free" - GPL-licensed code IS free
GPL-licensed code is not necessarily free. An obfuscated source is
unmaintainable regardless of the license, so two freedoms are taken away: the
freedom to study, and the freedom to run modified versions. LibreJS is unable
to detect obfuscated code.
Thank you. This is a bug, can you please file a bug report to
https://savannah.gnu.org/bugs/?group=librejs ?
Please report all your bugs to that page.
What I mean by drive-by-downloading, here we get philosophical. How free is
the code which is only meant to be executed once? No one audits > 99% of this
code, and it's all in constant flux. I would even argue, there's no hope it
can ever be audited. There are already (I am sure) websites that generate
brand-new code for every visit, making this assertion literal. How do you
audit all that code? With an automated tool? An algorithm can't even solve a
halting problem, let alone audit itself out of a paper bag.
Now put yourself in the shoes of an average web user. Average here is the key
word. Their freedoms to understand and modify the _javascript_ code have all but
completely eroded. In a traditional software distribution market they can hire
experts to explain and fix the software for them. This is utterly unaffordable
if every click generates new software.
And now back to drive-by-downloading, which is important because it is perhaps
the source of the problem. All of this is happening, as we all know very well,
because average users are willing to run software from any source, as long as
it doesn't make their computer explode right away. They don't even understand
the basic difference between downloading data versus downloading and executing
an arbitrary algorithm. When a blog, or a news site, or a government website
won't load because you didn't let it run an arbitrary algorithm on your
computer, that's crazy, just crazy. And the norm. These users who leave all
_javascript_ on, they already buried 2 of their freedoms, and the boilerplate
license on the disposable code can't change that. They need to be told to
boycott sites which require JS to function, and to demand legislation which
would require something like HTML+CSS web fronts from commercial and
government entities. It is not at all helpful, in my opinion, to differentiate
between varieties of _javascript_ sources, because none of them should be
downloaded in the first place. Most importantly, web masters who want a free
web should stop using _javascript_, and they should be transitioning right now,
and not stop until there's nothing left for LibreJS to mark as free. All
desired _javascript_ functionality can be trivially recreated via a combination
of free browser plugins and calls to free and standard libraries. The drive-
by-download culture, on the other hand, will plunge us deeper into the sea of
disposable software.
--
http://gnuzilla.gnu.org
|