[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/philosophy javascript-trap.html
From: |
Matt Lee |
Subject: |
www/philosophy javascript-trap.html |
Date: |
Sun, 22 Mar 2009 06:28:31 +0000 |
CVSROOT: /web/www
Module name: www
Changes by: Matt Lee <mattl> 09/03/22 06:28:31
Added files:
philosophy : javascript-trap.html
Log message:
added js trap
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/philosophy/javascript-trap.html?cvsroot=www&rev=1.1
Patches:
Index: javascript-trap.html
===================================================================
RCS file: javascript-trap.html
diff -N javascript-trap.html
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ javascript-trap.html 22 Mar 2009 06:28:08 -0000 1.1
@@ -0,0 +1,269 @@
+<!--#include virtual="/server/header.html" -->
+<title>The Javascript Trap</title>
+<!--#include virtual="/server/banner.html" -->
+
+<h2>The Javascript Trap</h2>
+
+<p>by <a href="http://www.stallman.org/">Richard Stallman</a></p>
+
+<p>You may be running non-free programs on your computer every day
+without realizing it -- through your web browser.</p>
+
+<p>In the free software community, the idea that non-free programs
+mistreat their users is familiar. Some of us refuse entirely to
+install proprietary software, and many others consider non-freedom a
+strike against the program. Many users are aware that this issue
+applies to the plug-ins that browsers offer to install, since they can
+be free or non-free.</p>
+
+<p>But browsers run other non-free programs which they don't ask you
+about or even tell you about -- programs that web pages contain or
+link to. These programs are most often written in Javascript, though
+other languages are also used.</p>
+
+<p>Javascript (officially called ECMAscript, but few use that name) was
+once used for minor frills in web pages, such as cute but inessential
+navigation and display features. It was acceptable to consider these
+as mere extensions of HTML markup, rather than as true software; they
+did not constitute a significant issue.</p>
+
+<p>Many sites still use Javascript that way, but some use it for major
+programs that do large jobs. For instance, Google Docs downloads into
+your machine a Javascript program which measures half a megabyte, in a
+compacted form that we could call Obfuscript because it has no
+comments and hardly any whitespace, and the method names are one
+letter long. The source code of a program is the preferred form for
+modifying it; the real source code of this program is not available to
+the user.</p>
+
+<p>Browsers don't normally tell you when they load Javascript programs.
+Most browsers have a way to turn off Javascript entirely, but none of
+them can check for Javascript programs that are nontrivial and
+non-free. Even if you're aware of this issue, it would take you
+considerable trouble to identify and then block those programs.
+However, even in the free software community most users are not aware
+of this issue; the browsers' silence tends to conceal it.</p>
+
+<p>It is possible to release a Javascript program as free software, by
+distributing the source code under a free software license. But even
+if the program's source is available, there is no easy way to run your
+modified version instead of the original. Current free browsers do
+not offer a facility to run your own modified version instead of the
+one delivered in the page. The effect is comparable to tivoization,
+although not quite so hard to overcome.</p>
+
+<P>Javascript is not the only language web sites use for programs sent to
+the user. Flash supports programming through an extended variant of
+Javascript. We will need to study the issue of Flash to make suitable
+recommendations. Silverlight seems likely to create a problem similar
+to Flash, except worse, since Microsoft uses it as a platform for
+non-free codecs. A free replacement for Silverlight would hardly be
+of use in the free world without free replacement codecs.</p>
+
+<p>Java applets also run in the browser, and raise similar issues. In
+general, any sort of applet system poses this sort of problem. Having
+a free execution environment for an applet only brings us far enough
+to encounter the problem.</p>
+
+<p>A strong movement has developed that calls for web sites to
+communicate only through formats and protocols that are free (some say
+"open"); that is to say, whose documentation is published and which
+anyone is free to implement. With the presence of programs in web
+pages, that criterion is necessary, but not sufficient. Javascript
+itself, as a format, is free, and use of Javascript in a web site is
+not necessarily bad. However, as we've seen above, it also isn't
+necessarily ok. When the site transmits a program to the user, it is
+not enough for the program to be written in a documented and
+unencumbered language; that program must be free, too. “Only free
+programs transmitted to the user” must become part of the criterion
+for proper behavior by web sites.</p>
+
+<p>Silently loading and running non-free programs is one among several
+issues raised by "web applications". The term "web
+application" was designed to disregard the fundamental
+distinction between software delivered to users and software running
+on the server. It can refer to a specialized client program running
+in a browser; it can refer to specialized server software; it can
+refer to a specialized client program that works hand in hand with
+specialized server software. The client and server sides raise
+different ethical issues, even if they are so closely integrated that
+they arguably form parts of a single program. This article addresses
+only the issue of the client-side software. We are addressing the
+server issue separately.</p>
+
+<p>In practical terms, how can we deal with the problem of non-free
+Javascript programs in web sites? Here's a plan of action.</p>
+
+<p>First, we need a practical criterion for nontrivial Javascript
+programs. Since "nontrivial" is a matter of degree, this is
+a matter of designing a simple criterion that gives good results,
+rather than determining the one correct answer.</p>
+
+<p>Our proposal is to consider a Javascript program nontrivial if it
+defines methods and either loads an external script or is loaded as
+one, or if it makes an AJAX request.</p>
+
+<p>At the end of this article we propose a convention by which a
+nontrivial Javascript program in a web page can state the URL where
+its source code is located, and can state its license too, using
+stylized comments.</p>
+
+<p>Finally, we need to change free browsers to support freedom for
+users of pages with Javascript. First of all, browsers should be able
+to tell the user about nontrivial non-free Javascript programs, rather
+than running them.
+Perhaps <a href="http://noscript.net/">NoScript</a> could be adapted
+to do this.</p>
+
+<p>Browser users also need a convenient facility to specify Javascript
+code to use <em>instead</em> of the Javascript in a certain page.
+(The specified code might be total replacement, or a modified version
+of the free Javascript program in that page.) Greasefire comes close
+to being able to do this, but not quite, since it doesn't guarantee to
+modify the Javascript code in a page before that program starts to
+execute. Using a local proxy works, but is too inconvenient now to be
+a real solution. We need to construct a solution that is reliable and
+convenient, as well as sites for sharing changes. The GNU Project
+would like to recommend sites which are dedicated to free changes
+only.</p>
+
+<p>These features will make it possible for a Javascript program included
+in a web page to be free in a real and practical sense. Javascript
+will no longer be a particular obstacle to our freedom -- no more than
+C and Java are now. We will be able to reject and even replace the
+non-free nontrivial Javascript programs, just as we reject and replace
+non-free packages that are offered for installation in the usual way.
+Our campaign for web sites to free their Javascript can then begin.</p>
+
+<p><strong>Thank you to <a href="http://matt.lee.name/">Matt Lee</a>
+and <a href="http://ejohn.org">John Resig</a> for their help in
+defining our proposed criterion.</strong>
+
+<h3>Appendix: a convention for releasing free Javascript programs</h3>
+
+<p>For references to corresponding source code, we recommend</p>
+<pre>
+ // @source:
+</pre>
+<p>followed by the URL.</p>
+
+<p>To indicate the license of the Javascript code embedded in a page, we
+recommend putting the license notice between two notes of this form:</p>
+<pre>
+ @licstart The following is the entire license notice for the
+ Javascript code in this page.
+ ...
+ @licend The above is the entire license notice
+ for the Javascript code in this page.
+</pre>
+<p>Of course, all of this should be contained in a multiline comment.</p>
+
+<p>The GNU GPL, like many other free software licenses, requires
+distribution of a copy of the license with both source and binary
+forms of the program. However, the GNU GPL is long enough that
+including it in a page with a Javascript program can be inconvenient.
+You can remove that requirement, for code that you have the copyright
+on, with a license notice like this:</p>
+<pre>
+
+ Copyright (C) YYYY Developer
+
+ The Javascript code in this page is free software: you can
+ redistribute it and/or modify it under the terms of the GNU
+ General Public License (GNU GPL) as published by the Free Software
+ Foundation, either version 3 of the License, or (at your option)
+ any later version. The code is distributed WITHOUT ANY WARRANTY;
+ without even the implied warranty of MERCHANTABILITY or FITNESS
+ FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
+
+ As additional permission under GNU GPL version 3 section 7, you
+ may distribute non-source (e.g., minimized or compacted) forms of
+ that code without the copy of the GNU GPL normally required by
+ section 4, provided you include this license notice and a URL
+ through which recipients can access the Corresponding Source.
+</pre>
+</div>
+<!--#include virtual="/server/footer.html" -->
+
+<div id="footer">
+
+<p>
+Please send FSF & GNU inquiries to
+<a href="mailto:address@hidden"><em>address@hidden</em></a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF.
+<br />
+Please send broken links and other corrections or suggestions to
+<a href="mailto:address@hidden"><em>address@hidden</em></a>.
+</p>
+
+<p>
+Please see the
+<a href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and submitting
+translations of this article.
+</p>
+
+<p>Copyright © 2009 Richard Stallman</p>
+
+<p>This work is licensed under the Creative Commons Attribution-No
+Derivative Works 3.0 United States License. To view a copy of this
+license,
+visit <a
href="http://creativecommons.org/licenses/by-nd/3.0/us/">http://creativecommons.org/licenses/by-nd/3.0/us/</a>
+or send a letter to Creative Commons, 171 Second Street, Suite 300,
+San Francisco, California, 94105, USA.</p>
+
+<p>
+Updated:
+<!-- timestamp start -->
+$Date: 2009/03/22 06:28:08 $
+<!-- timestamp end -->
+</p>
+</div>
+
+<div id="translations">
+<h4>Translations of this page</h4>
+
+<!-- Please keep this list alphabetical, and in the original -->
+
+<!-- language if possible, otherwise default to English -->
+<!-- If you do not have it English, please comment what the -->
+<!-- English is. If you add a new language here, please -->
+<!-- advise address@hidden and add it to -->
+<!-- - in /home/www/bin/nightly-vars either TAGSLANG or WEBLANG -->
+<!-- - in /home/www/html/server/standards/README.translations.html -->
+<!-- one of the lists under the section "Translations Underway" -->
+<!-- - if there is a translation team, you also have to add an alias -->
+<!-- to mail.gnu.org:/com/mailer/aliases -->
+<!-- Please also check you have the 2 letter language code right versus -->
+<!-- http://www.w3.org/WAI/ER/IG/ert/iso639.htm -->
+
+<ul class="translations-list">
+<!-- Bulgarian -->
+<li><a
href="/philosophy/java-trap.bg.html">български</a> [bg]</li>
+<!-- German -->
+<li><a href="/philosophy/java-trap.de.html">Deutsch</a> [de]</li>
+<!-- Greek -->
+<li><a
href="/philosophy/java-trap.el.html">Ελληνικά</a> [el]</li>
+<!-- English -->
+<li><a href="/philosophy/java-trap.html">English</a> [en]</li>
+<!-- Spanish -->
+<li><a href="/philosophy/java-trap.es.html">Español</a> [es]</li>
+<!-- French -->
+<li><a href="/philosophy/java-trap.fr.html">Français</a> [fr]</li>
+<!-- Italian -->
+<li><a href="/philosophy/java-trap.it.html">Italiano</a> [it]</li>
+<!-- Dutch-->
+<li><a href="/philosophy/java-trap.nl.html">Nederlands</a> [nl]</li>
+<!-- Polish -->
+<li><a href="/philosophy/java-trap.pl.html">Polski</a> [pl]</li>
+<!-- Romanian -->
+<li><a
href="/philosophy/java-trap.ro.html">Română</a> [ro]</li>
+<!-- Serbian -->
+<li><a
href="/philosophy/java-trap.sr.html">Српски</a> [sr]</li>
+</ul>
+</div>
+</div>
+
+</body>
+</html>
- www/philosophy javascript-trap.html,
Matt Lee <=
- www/philosophy javascript-trap.html, Matt Lee, 2009/03/22
- www/philosophy javascript-trap.html, Matt Lee, 2009/03/22
- www/philosophy javascript-trap.html, Matt Lee, 2009/03/22
- www/philosophy javascript-trap.html, Matt Lee, 2009/03/22
- www/philosophy javascript-trap.html, Karl Berry, 2009/03/22
- www/philosophy javascript-trap.html, Matt Lee, 2009/03/22
- www/philosophy javascript-trap.html, Yavor Doganov, 2009/03/23
- www/philosophy javascript-trap.html, Matt Lee, 2009/03/23
- www/philosophy javascript-trap.html, Matt Lee, 2009/03/23
- www/philosophy javascript-trap.html, Richard M. Stallman, 2009/03/28