Hacker News new | ask | show | jobs
by yebyen 4316 days ago
I see what they did now. They're not blocking any nontrivial JavaScript altogether. They're blocking nontrivial JavaScript insofar as it's unlicensed, or not licensed with a free license.

So your trivial, unlicensed javascript can be allowed to run, but once you cross the heuristic threshold of non-triviality they've applied, you need to have a license so the user is sure they're not using some complex, non-free thing.

At first I thought it was blocking all "non-trivial" JavaScript, like you. That would be boneheaded of them.

If you were working at the EFF (on the Linux kernel), or on a Free Software project, I'm sure you wouldn't want to find out that you depend on some non-free binary-only modules that you've been running without knowing about it this whole time. The Linux kernel has a whole framework of "taint" for doing the exact same thing as this LibreJS. You are meant to know when you are running non-free kernel modules, if you are paying attention to the signals the kernel is sending.
1 comments
maga 4316 days ago
Ok, let's assume for a moment that we want to stick to the idea that programs ought to be readable/comprehensible by the user, thus "trivial" in a sense. But who decides on "nontriviality"? How did they come up with those heuristics? I can hardly find any nontrivial js code with my years of experience in it (except some jsfuck perhaps), yet at the same time I see every other day someone coming from .NET/Java land crying about all the wtf's of js. So how do we decide what is trivial and what's not?
link
mattl 4316 days ago
http://www.gnu.org/philosophy/javascript-trap.html

Our tentative policy is to consider a JavaScript program nontrivial if:

* it makes an AJAX request or is loaded along with scripts that make an AJAX request,

* it loads external scripts dynamically or is loaded along with scripts that do,

* it defines functions or methods and either loads an external script (from html) or is loaded as one,

* it uses dynamic JavaScript constructs that are difficult to analyze without interpreting the program, or is loaded along with scripts that use such constructs. These constructs are:

- using the eval function,

- calling methods with the square bracket notation,

- using any other construct than a string literal with certain methods (Obj.write, Obj.createElement, ...).

How do we tell whether the JavaScript code is free? At the end of this article we propose a convention by which a nontrivial JavaScript program in a web page can state the URL where its source code is located, and can state its license too, using stylized comments.

link