forums, mailing lists and other tools

marc marcxfe at
Thu Jan 18 15:34:50 UTC 2018

> The client-side Javascript to me is not a relevant issue anymore since JS is an open standard and browsers are sandboxed these days.


I'd like to disagree with this statement.

Mandating javascript is a problem for several reasons:

 * Webbrowsers have gotten enormously complex, and not
   by accident: In my view this is a result of the fight
   of initially netscape and microsoft, and now google and
   microsoft for control of the web - piling on features
   appears to have been a strategy to place the opponent
   on the back foot. Even if a particular snippet of
   javascript happens to be GPLv3'ed, the infrastructure
   running in support of it (eg, the web browser) is
   probably not. Trying to keep up with this feature race
   is a red queen problem, and soaks up precious developer
   time - I would argue this is by design.

 * The complexity of a browser (almost certainly the
   largest piece of software running on most computers)
   means that securing the sandbox is hard. I would say
   impossibly hard. The recent Spectre class security 
   issues illustrates this nicely.

Then there are other problems, which aren't directly related
to free software issues, but may be relevant to people who
would like to use computers ethically:

 * The unnecessary bloat of contemporary web browsers means
   that computers have to be upgraded often and consume too 
   much power. Without this a computer from a decade ago would
   be perfectly serviceable. Individually this is a minor
   issue, but in total this is a significant environmental

 * The majority of javascript run is not for the benefit
   of the owner of the computer, but to track, spy on and
   manipulate the viewer. Much has been said on surveillance
   capitalism, and I won't repeat it here. But an effective way
   of opting out of much this is to disable javascript 
   completely. If javascript is mandated by the free software 
   community then it becomes that much harder to opt out.

I understand that many programmers develop for the web, that
maybe some on this list regard "being a javascript developer"
as part of their core identity, and so might regard these
statements an attack on themselves personally. But this is
hardly a unique position - coal-powerplant builder, land-mine
manufacturer and even butcher or just fisherman all have to
face these questions, programmers should not be excluded from
those concerns.



More information about the Discussion mailing list