[yummybear]

> Help make the web usable with Javascript deactivated.

I don't quite understand why that is a goal in itself. If it's due to accessibility why not ask to "Help make the web more usable for people with disabilities"? Maybe I'm missing something here.

[duckerude]

A lot of non-free software is written in Javascript and runs on webpages. If you want to avoid using non-free software you have to disable Javascript on many websites.

Ideally the Javascript would be freed, but making it optional might be a more feasible goal.

[danShumway]

I've always been a bit confused by this take, because the most likely alternative to having proprietary code in the front-end is to have proprietary code in the back-end.

It's not clear to me why I shouldn't tolerate closed-source Javascript that I can nonetheless inspect, archive, and edit on my own machine, but I should tolerate a closed-source SaaS backend that I can't inspect, archive, or edit.

Of course proprietary software limits freedoms, but does it limit freedom more than serverside logic? There are equal legal restrictions on both codebases, but I can't even exercise fair-use freedoms with code that I literally can't touch.

[blihp]

The difference is that the front-end code runs on 'your' computer, the back-end code runs on 'their' computer. You typically don't care what point of sale software a store you are doing business with is running on their cash registers or the myriad of software run on the systems of the various manufacturers of the products it sells.[1] However, when you go to their web site(s) and it uses a bunch of minified, obfuscated code that runs on your computer... you should care about that.

The idea behind 'free' software was that you should have access to/control of the software running on your devices, not everyone else's. It was originally a pragmatic solution to a problem, not an abstract ideology that it's morphed into for some.

[1] It's up to the business in question to care about the software running on their computers.

[rhinoceraptor]

Javascript in the browser is practically compiled binary software at this point. You can't realistically inspect or edit 99% of what you're running since it's fully minified and obfuscated. And that's even more the case with WASM.

[danShumway]

I'm going to push back on this, at least a bit.

Maybe I'm atypical because I work with Javascript a lot, but I don't think it's that hard to read minified JS. Modern browsers have a lot of tools to help with that -- you can set breakpoints on DOM manipulations, you can autoformat the code so it's not just a jumble of text -- you can even pause execution and add custom code to functions that can do additional logging or subvert existing behavior.

And because the industry is at least somewhat focused on minimizing bundle size, it's pretty uncommon outside of captchas for me to see obfuscated code -- most of the time, you'll only be dealing with minification.

I don't know how WASM is going to affect this -- I suspect it'll be more problematic. But I manipulate minified JS all the time. It's a very 'inspectable' language, for lack of a better term.

[coldpie]

Documentation, comments, code layout and file structure are all critical components to any software project. Minimization removes all of that (right?) and I wouldn't consider it to be in "source form" in the spirit the phrase intends.

[danShumway]

I wouldn't say that I prefer reading minified code over well-formatted code. Certainly minified code isn't ideal or equivalent to getting access to original source form. What I'm specifically pushing back against is the idea that if code is minified, it might as well be running on a server -- that "you can't realistically inspect or edit 99% of what you're running".

I suspect that's hyperbole; browser inspection tools are really good, and I regularly inspect and edit minified code. Even outside of the browser, I've patched and fixed bugs in minified 3rd-party dependencies where I didn't have access to the source code. It takes a little while to untangle the code, but it's not hard -- just time consuming.

I don't want to dismiss people who struggle with that, but I also don't think I'm that special or amazing of a coder. If I can do something, odds are pretty good that other experienced programmers can too.

[jacquesm]

The fact that i can read quite a few Assembly dialects at the binary level doesn't mean that binary is suddenly equivalent to inspectable source.

[danShumway]

Of course not, that's not something I would ever claim.

But, given a choice between serverside code that you absolutely can't inspect no matter what, and a binary blob that you can read with a bit of extra work, wouldn't you prefer the binary blob?

Where serverside logic is concerned, it doesn't even matter if the underlying code is Open Source. I still can't inspect the instance and tell if it's running the correct code, or what its parameters are.

[NotATroll]

Yeah, but what on earth is the alternative?

Mobile gui's without javascript would be horrendous. On top of that, that's the platform you're minifying for.

I don't minify javascript to hide what's running, I minify it because a 3KB file is a lot less to download than a 12KB file.

So what? You design an entirely new language that: A) Can't be minified (How?) B) Has to be open source C) Can't be obfuscated (virtually impossible to prevent)

I'm sorry, but the stance is kinda dumb.

[JetSpiegel]

You can serve minified JS, but you should also provide the source code. Doesn't need to be loaded directly, it can be a link on the website.

https://en.wikipedia.org/wiki/GNU_LibreJS

[rhinoceraptor]

I don't think that there is anything necessarily wrong with it. I was just pushing back on the idea that just because Javascript is distributed in source form, that it isn't effectively the same thing as a compiled binary to the end user.

[Crinus]

> I've always been a bit confused by this take, because the most likely alternative to having proprietary code in the front-end is to have proprietary code in the back-end.

He'd push for AGPL for that. Also Stallman doesn't like SaaS: https://www.gnu.org/philosophy/who-does-that-server-really-s...

[duckerude]

That's something of a recurring issue with the philosophy. They also think that moving proprietary firmware into read-only memory is an acceptable solution, but I don't really understand why from a consequentialist point of view.

[cycloptic]

The issue is that usually the manufacturer builds in capabilities to update the firmware, and then reserves for themselves the ability to modify and update that firmware, while intentionally denying that ability to the users. This puts the manufacturer in a position of power over people who use the product.

But if the firmware isn't modifiable by anybody (including the manufacturer) because the capability to update it was never built in the first place, then no capabilities are being withheld from the users of that product.

[toast0]

I don't know that I have a strong opinion on firmware, but I think there's a few points.

Distribution rights are a lot clearer with firmware on the device and a driver in code.

With firmware on the card, the interface between the kernel and the card is likely to be more well defined and thus easier to replace either side.

[Smithalicious]

I think this is a really weird reductionist take. Yes, if you don't run code, you also don't run nonfree code, but I'm skeptical that that "make people run less code" should be a goal of a free software movement...

[gnode]

Given that a major criticism of closed source software is that it can contain adverse behaviour which is practically un-auditable, running less code is the minimal implementation of don't run closed source software.

For some, open source software isn't just seen as a "nice to have", but the only way to avoid a society where freedoms are limited by dependence on software which works against us by design.

[beatgammit]

You can't know before loading a page whether it'll load non-free code. Browsers don't have a mechanism for telling you what license governs the code, and figuring out what license blocked JavaScript uses is a fair bit of work, especially since most pages use multiple JavaScript files, and which flies are downloaded may change from page to page.

Even if nearly everyone uses GPL for their JavaScript, you still need to go through this process for every site that may use non-free software, which is a royal pain.

Perhaps a "better" solution is to fight to have browsers check the license of JavaScript before loading it (either prompt the user, or have a browser setting for acceptable licenses), but that's a much harder battle than promoting JavaScript-less web pages, especially since the user has control of blocking JavaScript today.

[duckerude]

LibreJS is a Firefox add-on that does roughly what you describe. If a piece of Javascript code is not properly annotated with a license (for example in a comment block at the top) it refuses to execute it.

https://www.gnu.org/software/librejs/

https://www.gnu.org/software/librejs/free-your-javascript.ht...

It can be a bit fickle. I recently tried to make code comply with it and it didn't initially work because I was using a non-standard version of the ISC license with one different word.

[close04]

> A lot of non-free software is written in Javascript

Dropping JS will just lead to a lot of non-free software written in [something else]. It's not like non-free software will suddenly stop existing. You're not banning English because of the content that might use it.

There must be a better approach to this than "I'm not running any code because some of it may be non-free".

[simion314]

It is server site rendering, use whatever you want to generate an html file and send it to the browser, most websites can do this (blogs,news, forums) then the small interactive interactions you can make them in JS using GPL/BSD whatever.

[close04]

> then the small interactive interactions you can make them in JS

With JS enabled any site could potentially run non-free code so this has no benefits. As far as I can tell the proposed solution wasn't to develop some tech that ensures (somehow) that all functionality JS provides is transferred to something "free-only" but rather to give up that functionality entirely. That's not a solution, that's just running away from the problem.

[UserIsUnused]

Sometimes there is no practical solution, and running away is the pragmatist approach

[close04]

I'm not seeing any reasonable evidence of a consensus that this even is a problem. Let alone that there is no other solution than to run from it.

There's no fix for criminal activity on the internet (objectively worse than non-free code) and yet I don't think anyone (RMS included) is proposing to sever the connections just to make sure they don't accidentally encounter such activity. The more radical comparison would be "bad stuff" in society and completely isolating yourself from it.

[somedrag]

There are good answers from others but here is the longer explanation in Stallman's own words: https://www.gnu.org/philosophy/javascript-trap.html

[incompatible]

Stallman doesn't want to run proprietary software on his computer, and that includes proprietary Javascript.

[5trokerac3]

This is a perfect example of how Stallman ultimately is an authoritarian. He wants all the freedom to do what he wants, but has no problem with his "free software" vision limiting the rights of others.

As someone else pointed out, "what about proprietary HTML and CSS?"

Stallman has no ability to recognize the need for others to protect their own work, he only wants his free access to the fruits of others' labor.

Don't want to run proprietary JavaScript? Then bite the f'ing bullet and don't visit websites that have it. Don't expect everyone else to conform to your wants.

[simion314]

He is not forcing his views on you, don't like him don't read what he writes.

If you want to have a discussion about freedom then let's do it in a rigorous way, go read the GNU page, read about the 4 freedoms then get back and explain your point more clearly.

His point is that proprietary software is bad and you should now write it and not use it, I agree with him and I still run some proprietary blobs, I do not feel forced to do anything or feel shamed.

[EpicEng]

>He is not forcing his views on you, don't like him don't read what he writes.

His job is (was) convincing others that he is right. He's trying to influence people's thoughts and actions. I think a critique of how he goes about that is warranted. Of course we can look the other way, but obviously that doesn't work to the benefit of his goals.

[kuu]

What about proprietary HTML ? CSS ?

[Sacho]

Quote from https://www.gnu.org/philosophy/javascript-trap.html

> It is theoretically possible to program in HTML and CSS, but in practice this capability is limited and inconvenient; merely to make it do something is an impressive hack. Such programs ought to be free, but CSS is not a serious problem for users' freedom as of 2019.

[badpun]

HTML and CSS are content, not software (they're not executables) - they're like DOC or PDF.

[PyroLagus]

> HTML and CSS are content, not software (they're not executables) - they're like DOC or PDF.

Well… https://keithclark.co.uk/labs/css-fps/

You could also argue that DOCs and PDFs are software.

[beatgammit]

No, DOCs and PDFs aren't necessarily software, they can contain software, just like a webpage. And just like a webpage, Stallman can choose to use FOSS to view those files, and that software can choose to not run any scripts in those files.

I'm sure he'd agree that people should also not include proprietary software in those files as well, but doing so is far less common than webpages, at least for stuff the average user is going to run into.

And how many people are actually programming in HTML/CSS vs JavaScript? A proof of concept is one thing, but most users won't run into it.

[_ph_]

I think we all know the pros and cons about running Javascript on web pages. But it becomes more and more obvious, that while Javascript gets abused for a lot of bad things, a modern web completely without scripting in web pages isn't feasible either.

Consequently, I consider this as something the GNU project failed to address. Why isn't there an official GNU webbrowser with a reasonable Javascript implementation? One where the browser and the JS engine would be free software and which could be seen as a reasonable platform for a modern web?

[extra88]

That wouldn't address Stallman's objection; regardless of which browser is used, the JavaScript delivered by website operators would still be executed in the user's browser.

[_ph_]

I am aware of his objections. I agree that dealing with Javascript is a challenge. But the consequence of that there is no GNU webbrowser and Javascript implementation is, that all users have no real choice but use other browsers which might not even try to protect the user.

[Dude2029]

Good idea regardless of motivation to be honest.

[raxxorrax]

I would say my knowledge about software engineering is to 90% copied from ideas other people had before, but I am certainly underestimating that amount.

[einpoklum]

> I don't quite understand why that is a goal in itself.

It's just like you should not need to take orders from people on the street so as to be able to understand what they're trying to tell you.

[bubblethink]

It's to avoid the use of non-free javascript, which is mostly taken for granted.