What I don’t understand is how they can tell. There’s no mechanism (that I’m aware of) for signalling the licensing of deployed (minified!) JS code. The development code has licensing and versioning and so on but none of that makes it into production. As far as the client is concerned it’s all proprietary.
Technically that is what LibreJS is for. However, beyond LibreJS you can look at the code and see if it is similar to existing JavaScript frontends or libraries.
It is a imperfect solution but it is better than just arbitrarily running programs in your browser or disabling JavaScript completely.
Apparently it’s (by default) everything that doesn’t explicitly specify a license (especially a FOSS one) within the javascript code of the page, which is a ridiculously huge portion of JS on the internet.
Apparently it’s (by default) everything that doesn’t explicitly specify a license (especially a FOSS one) within the javascript code of the page, which is a ridiculously huge portion of JS on the internet.
It is never to late to start something and make people aware of problems and as far as I am concerned not only about software licenses but JavaScript as a security problem.
It doesn’t apply to HTML because HTML is fundamentally not code that runs, but rather a markup. It’s just like how licensing a book under the GPL would be weird and unnatural, because it represents someone’s words. JS is code that runs on your computer, just like any other program
There is definitely a grey area, but HTML is pretty far away from it. HTML doesn’t “execute” and is very far from Turing completeness. You cannot write programs in it, and that is the key. Pure HTML is very much on the side of “rendering text” and not “running software.” Once we start talking about things like LaTex though, the line gets a lot harder to see. Note that whether HTML is “code” is irrelevant. The point is that whether it’s “code” or not, it is never a program.
Shell and python scripts are also code which is executed. HTML (at least back in the day) wasn’t really a network shipped executable, but more like markdown file which is just parsed and rendered
This feels a bit like the debate over whether a virus is “alive” or not. “But the virus/HTML has DNA/code.” “But it requires another cell/web browser in order to replicate/execute.” etc. 😄
For the sake of simplicity, let’s go back to the time when websites were not full of JS and other modern web stuff
You could in principle just wget the html file from a server and parse/render it without having to run that file. Like I said, it is like a simple markdown file.
In terms of modern web, a crude analogy would be to look at the output from static site generators. In those, the server essentially doesn’t execute code, hence a lot of cloud providers can host your static sites for free
I’m still trying to understand what “proprietary JavaScript” means.
JavaScript that’s under a proprietary license (code that doesn’t give you the 4 freedoms)
What I don’t understand is how they can tell. There’s no mechanism (that I’m aware of) for signalling the licensing of deployed (minified!) JS code. The development code has licensing and versioning and so on but none of that makes it into production. As far as the client is concerned it’s all proprietary.
Technically that is what LibreJS is for. However, beyond LibreJS you can look at the code and see if it is similar to existing JavaScript frontends or libraries.
It is a imperfect solution but it is better than just arbitrarily running programs in your browser or disabling JavaScript completely.
https://www.gnu.org/software/librejs/
Apparently it’s (by default) everything that doesn’t explicitly specify a license (especially a FOSS one) within the javascript code of the page, which is a ridiculously huge portion of JS on the internet.
What if they did this with HTML too? :p
It is never to late to start something and make people aware of problems and as far as I am concerned not only about software licenses but JavaScript as a security problem.
It doesn’t apply to HTML because HTML is fundamentally not code that runs, but rather a markup. It’s just like how licensing a book under the GPL would be weird and unnatural, because it represents someone’s words. JS is code that runs on your computer, just like any other program
where is the line drawn though, and who gets to decide?
MANY people say “html code” even if you consider that wrong.
Is a shell script or python “code”? Because it doesn’t directly translate to machine code?
See what I’m getting at?
There is definitely a grey area, but HTML is pretty far away from it. HTML doesn’t “execute” and is very far from Turing completeness. You cannot write programs in it, and that is the key. Pure HTML is very much on the side of “rendering text” and not “running software.” Once we start talking about things like LaTex though, the line gets a lot harder to see. Note that whether HTML is “code” is irrelevant. The point is that whether it’s “code” or not, it is never a program.
Edit: typo in “grey”
Shell and python scripts are also code which is executed. HTML (at least back in the day) wasn’t really a network shipped executable, but more like markdown file which is just parsed and rendered
This feels a bit like the debate over whether a virus is “alive” or not. “But the virus/HTML has DNA/code.” “But it requires another cell/web browser in order to replicate/execute.” etc. 😄
I really don’t think so.
For the sake of simplicity, let’s go back to the time when websites were not full of JS and other modern web stuff
You could in principle just
wget
the html file from a server and parse/render it without having to run that file. Like I said, it is like a simple markdown file.In terms of modern web, a crude analogy would be to look at the output from static site generators. In those, the server essentially doesn’t execute code, hence a lot of cloud providers can host your static sites for free
I agree. Html could also be compared to a config file. Only parsed; it doesn’t provide new instructions (unlike python etc)