[duckerude]

A lot of non-free software is written in Javascript and runs on webpages. If you want to avoid using non-free software you have to disable Javascript on many websites.

Ideally the Javascript would be freed, but making it optional might be a more feasible goal.

[danShumway]

I've always been a bit confused by this take, because the most likely alternative to having proprietary code in the front-end is to have proprietary code in the back-end.

It's not clear to me why I shouldn't tolerate closed-source Javascript that I can nonetheless inspect, archive, and edit on my own machine, but I should tolerate a closed-source SaaS backend that I can't inspect, archive, or edit.

Of course proprietary software limits freedoms, but does it limit freedom more than serverside logic? There are equal legal restrictions on both codebases, but I can't even exercise fair-use freedoms with code that I literally can't touch.

[blihp]

The difference is that the front-end code runs on 'your' computer, the back-end code runs on 'their' computer. You typically don't care what point of sale software a store you are doing business with is running on their cash registers or the myriad of software run on the systems of the various manufacturers of the products it sells.[1] However, when you go to their web site(s) and it uses a bunch of minified, obfuscated code that runs on your computer... you should care about that.

The idea behind 'free' software was that you should have access to/control of the software running on your devices, not everyone else's. It was originally a pragmatic solution to a problem, not an abstract ideology that it's morphed into for some.

[1] It's up to the business in question to care about the software running on their computers.

[rhinoceraptor]

Javascript in the browser is practically compiled binary software at this point. You can't realistically inspect or edit 99% of what you're running since it's fully minified and obfuscated. And that's even more the case with WASM.

[danShumway]

I'm going to push back on this, at least a bit.

Maybe I'm atypical because I work with Javascript a lot, but I don't think it's that hard to read minified JS. Modern browsers have a lot of tools to help with that -- you can set breakpoints on DOM manipulations, you can autoformat the code so it's not just a jumble of text -- you can even pause execution and add custom code to functions that can do additional logging or subvert existing behavior.

And because the industry is at least somewhat focused on minimizing bundle size, it's pretty uncommon outside of captchas for me to see obfuscated code -- most of the time, you'll only be dealing with minification.

I don't know how WASM is going to affect this -- I suspect it'll be more problematic. But I manipulate minified JS all the time. It's a very 'inspectable' language, for lack of a better term.

[coldpie]

Documentation, comments, code layout and file structure are all critical components to any software project. Minimization removes all of that (right?) and I wouldn't consider it to be in "source form" in the spirit the phrase intends.

[danShumway]

I wouldn't say that I prefer reading minified code over well-formatted code. Certainly minified code isn't ideal or equivalent to getting access to original source form. What I'm specifically pushing back against is the idea that if code is minified, it might as well be running on a server -- that "you can't realistically inspect or edit 99% of what you're running".

I suspect that's hyperbole; browser inspection tools are really good, and I regularly inspect and edit minified code. Even outside of the browser, I've patched and fixed bugs in minified 3rd-party dependencies where I didn't have access to the source code. It takes a little while to untangle the code, but it's not hard -- just time consuming.

I don't want to dismiss people who struggle with that, but I also don't think I'm that special or amazing of a coder. If I can do something, odds are pretty good that other experienced programmers can too.

[jacquesm]

The fact that i can read quite a few Assembly dialects at the binary level doesn't mean that binary is suddenly equivalent to inspectable source.

[danShumway]

Of course not, that's not something I would ever claim.

But, given a choice between serverside code that you absolutely can't inspect no matter what, and a binary blob that you can read with a bit of extra work, wouldn't you prefer the binary blob?

Where serverside logic is concerned, it doesn't even matter if the underlying code is Open Source. I still can't inspect the instance and tell if it's running the correct code, or what its parameters are.

[NotATroll]

Yeah, but what on earth is the alternative?

Mobile gui's without javascript would be horrendous. On top of that, that's the platform you're minifying for.

I don't minify javascript to hide what's running, I minify it because a 3KB file is a lot less to download than a 12KB file.

So what? You design an entirely new language that: A) Can't be minified (How?) B) Has to be open source C) Can't be obfuscated (virtually impossible to prevent)

I'm sorry, but the stance is kinda dumb.

[JetSpiegel]

You can serve minified JS, but you should also provide the source code. Doesn't need to be loaded directly, it can be a link on the website.

https://en.wikipedia.org/wiki/GNU_LibreJS

[rhinoceraptor]

I don't think that there is anything necessarily wrong with it. I was just pushing back on the idea that just because Javascript is distributed in source form, that it isn't effectively the same thing as a compiled binary to the end user.

[Crinus]

> I've always been a bit confused by this take, because the most likely alternative to having proprietary code in the front-end is to have proprietary code in the back-end.

He'd push for AGPL for that. Also Stallman doesn't like SaaS: https://www.gnu.org/philosophy/who-does-that-server-really-s...

[duckerude]

That's something of a recurring issue with the philosophy. They also think that moving proprietary firmware into read-only memory is an acceptable solution, but I don't really understand why from a consequentialist point of view.

[cycloptic]

The issue is that usually the manufacturer builds in capabilities to update the firmware, and then reserves for themselves the ability to modify and update that firmware, while intentionally denying that ability to the users. This puts the manufacturer in a position of power over people who use the product.

But if the firmware isn't modifiable by anybody (including the manufacturer) because the capability to update it was never built in the first place, then no capabilities are being withheld from the users of that product.

[toast0]

I don't know that I have a strong opinion on firmware, but I think there's a few points.

Distribution rights are a lot clearer with firmware on the device and a driver in code.

With firmware on the card, the interface between the kernel and the card is likely to be more well defined and thus easier to replace either side.

[Smithalicious]

I think this is a really weird reductionist take. Yes, if you don't run code, you also don't run nonfree code, but I'm skeptical that that "make people run less code" should be a goal of a free software movement...

[gnode]

Given that a major criticism of closed source software is that it can contain adverse behaviour which is practically un-auditable, running less code is the minimal implementation of don't run closed source software.

For some, open source software isn't just seen as a "nice to have", but the only way to avoid a society where freedoms are limited by dependence on software which works against us by design.

[beatgammit]

You can't know before loading a page whether it'll load non-free code. Browsers don't have a mechanism for telling you what license governs the code, and figuring out what license blocked JavaScript uses is a fair bit of work, especially since most pages use multiple JavaScript files, and which flies are downloaded may change from page to page.

Even if nearly everyone uses GPL for their JavaScript, you still need to go through this process for every site that may use non-free software, which is a royal pain.

Perhaps a "better" solution is to fight to have browsers check the license of JavaScript before loading it (either prompt the user, or have a browser setting for acceptable licenses), but that's a much harder battle than promoting JavaScript-less web pages, especially since the user has control of blocking JavaScript today.

[duckerude]

LibreJS is a Firefox add-on that does roughly what you describe. If a piece of Javascript code is not properly annotated with a license (for example in a comment block at the top) it refuses to execute it.

https://www.gnu.org/software/librejs/

https://www.gnu.org/software/librejs/free-your-javascript.ht...

It can be a bit fickle. I recently tried to make code comply with it and it didn't initially work because I was using a non-standard version of the ISC license with one different word.

[close04]

> A lot of non-free software is written in Javascript

Dropping JS will just lead to a lot of non-free software written in [something else]. It's not like non-free software will suddenly stop existing. You're not banning English because of the content that might use it.

There must be a better approach to this than "I'm not running any code because some of it may be non-free".

[simion314]

It is server site rendering, use whatever you want to generate an html file and send it to the browser, most websites can do this (blogs,news, forums) then the small interactive interactions you can make them in JS using GPL/BSD whatever.

[close04]

> then the small interactive interactions you can make them in JS

With JS enabled any site could potentially run non-free code so this has no benefits. As far as I can tell the proposed solution wasn't to develop some tech that ensures (somehow) that all functionality JS provides is transferred to something "free-only" but rather to give up that functionality entirely. That's not a solution, that's just running away from the problem.

[UserIsUnused]

Sometimes there is no practical solution, and running away is the pragmatist approach

[close04]

I'm not seeing any reasonable evidence of a consensus that this even is a problem. Let alone that there is no other solution than to run from it.

There's no fix for criminal activity on the internet (objectively worse than non-free code) and yet I don't think anyone (RMS included) is proposing to sever the connections just to make sure they don't accidentally encounter such activity. The more radical comparison would be "bad stuff" in society and completely isolating yourself from it.