commit 05b23b2f77ffe04b11c68deacd9c854e3211efcd
Author: Mike Gerwitz
Date: Sat Mar 12 22:55:43 2016 -0500
Initial
diff --git a/images/code_quality.png b/images/code_quality.png
new file mode 100644
index 0000000..6774226
Binary files /dev/null and b/images/code_quality.png differ
diff --git a/images/gnu-resources.png b/images/gnu-resources.png
new file mode 100644
index 0000000..de2ecc0
Binary files /dev/null and b/images/gnu-resources.png differ
diff --git a/images/h0us3s-Signs-Hazard-Warning-9.svg b/images/h0us3s-Signs-Hazard-Warning-9.svg
new file mode 100644
index 0000000..43acc0a
--- /dev/null
+++ b/images/h0us3s-Signs-Hazard-Warning-9.svg
@@ -0,0 +1,144 @@
+
+
+
diff --git a/images/librejs-logo.png b/images/librejs-logo.png
new file mode 100644
index 0000000..f7024d8
Binary files /dev/null and b/images/librejs-logo.png differ
diff --git a/images/no-cloud.jpg b/images/no-cloud.jpg
new file mode 100644
index 0000000..103f210
Binary files /dev/null and b/images/no-cloud.jpg differ
diff --git a/images/texput.log b/images/texput.log
new file mode 100644
index 0000000..8867aed
--- /dev/null
+++ b/images/texput.log
@@ -0,0 +1,21 @@
+This is pdfTeX, Version 3.1415926-2.5-1.40.14 (TeX Live 2013/Debian) (format=pdflatex 2015.4.29) 12 MAR 2016 11:28
+entering extended mode
+ restricted \write18 enabled.
+ %&-line parsing enabled.
+**talk.tex
+
+! Emergency stop.
+<*> talk.tex
+
+End of file on the terminal!
+
+
+Here is how much of TeX's memory you used:
+ 3 strings out of 495032
+ 105 string characters out of 6181718
+ 45944 words of memory out of 5000000
+ 3315 multiletter control sequences out of 15000+600000
+ 3640 words of font info for 14 fonts, out of 8000000 for 9000
+ 14 hyphenation exceptions out of 8191
+ 0i,0n,0p,11b,6s stack positions out of 5000i,500n,10000p,200000b,80000s
+! ==> Fatal error occurred, no output PDF file produced!
diff --git a/images/you-win.html b/images/you-win.html
new file mode 100644
index 0000000..737f3d6
--- /dev/null
+++ b/images/you-win.html
@@ -0,0 +1,147 @@
+
+
+
+ YOU WIN!!! (No, you didn't really.)
+
+
+
+
+
+
+
+
+
+
diff --git a/images/you-win.png b/images/you-win.png
new file mode 100644
index 0000000..f3e3b09
Binary files /dev/null and b/images/you-win.png differ
diff --git a/talk.tex b/talk.tex
new file mode 100644
index 0000000..7025689
--- /dev/null
+++ b/talk.tex
@@ -0,0 +1,1793 @@
+\documentclass[pdf,red]{beamer}
+\mode{}
+\usetheme{Boadilla}
+
+\usepackage{listings}
+
+% hide pesky navigation
+\setbeamertemplate{navigation symbols}{}
+
+%% ideas:
+%% etherpad
+
+\newwrite\lecturenotes
+\openout\lecturenotes=lecture.notes
+
+\def\hangleft#1{%
+ \settowidth{\dimen0}{#1}%
+ \hspace*{-\dimen0}%
+ #1%
+}
+
+
+\def\slide#1#2{%
+ \begin{frame}
+ \lecturestart
+}
+\def\endslide{%
+ \end{frame}
+ \lectureend
+}
+
+
+% My ties attempt to keep sentences flowing across (rendered) line breaks,
+% where a brief pause when eyes scan to the beginning of the next line will
+% be okay.
+%
+% Emphasis in these blocks might mean a number of things, such as speaking
+% loudly, or inserting pauses between each word.
+\def\lecturestart{%
+ \makeatletter
+ \xdef\@@lecture@notes{}
+ \makeatsymbol
+}
+\def\lecture#1{\write\lecturenotes{\unexpanded{#1}}}
+
+\def\todo#1{#1}
+
+
+%% TODO: minified code is not source code
+
+
+%% preamble
+\title{Restore Online Freedom!}
+\author{Mike Gerwitz}
+
+\begin{document}
+
+\begin{frame}
+ \titlepage
+
+ \lecture{I'm going to warn everyone upfront---this is a~talk about
+ problems. Many of them are fundamental problems that don't quite
+ have a~solution yet. Others are problems that you can address
+ immediately, both as a user and as a web developer. I hope to
+ provide perspective that sufficiently shocks and motivates; to
+ make a difference, both big and small.}
+\end{frame}
+
+
+\begin{frame}{Who am I?}
+ \lecture{So my name's Mike Gerwitz,}
+
+ \begin{itemize}
+ \item Long-time free software hacker and activist
+ \lecture{I'm a long-time free software hacker and activist}
+
+ \item GNU volunteer, software evaluator, and part of maintainers team
+ \lecture{and volunteer for the GNU project. I'm part of the small
+ team of evaluators for GNU project submissions, and I'm what
+ I'd called a trainee on the maintainers team.}
+
+ \item Author of GNU ease.js
+ \lecture{I'm also the author of GNU ease.js, a classical
+ object-oriented framework for JavaScript licensed under the
+ GNU GPLv3+.}
+
+ \lecture{I've been involved in web development to at least some capacity}
+ \item 10+ years of web development
+ \lecture{for well over ten years. But possibly \emph{just} as
+ importantly, I've been a \emph{user} of the web for even
+ longer. Now, I'm 26---I'm not part of the generation that
+ was swiping at newspapers when they were babies, wondering
+ why nothing was happening, but I did grow up with the
+ Internet.}
+
+ \begin{itemize}
+ \item<2-> The Web has \only<2>{changed}\only<3->{{\bf worsened}} a lot
+ in 10 years
+ \lecture{And as I'm sure all of you here can attest to---and I'm
+ really stating the obvious here---the Internet has changed a
+ \emph{lot} in the past ten years. In fact, it's had a
+ version change---the so-called ``Web 2.0''! Which, to
+ clarify, is just jargon; there's not actually a version
+ change.}
+
+ \lecture{But I suppose I could phrase this in another way: the
+ Internet has also \emph{worsened} a lot in the past ten
+ years. A version bump isn't always an upgrade.}
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{``But the Web is great!''}
+ \lecture{``But the web is great!'', you'll hear people say.}
+
+ \begin{itemize}
+ \item<2-> The Web has improved \emph{technically}
+ \lecture{Yes, the web has improved \emph{technically}---}
+
+ \begin{itemize}
+ \item<2-> Modern software on the web rivals traditional desktop
+ software
+ \end{itemize}
+ \lecture{you can do things on the web today that were
+ \emph{unfathomable} ten years ago. I don't think any
+ rational person who's seen the~transition over the past
+ ten-plus years would argue that.}
+
+ \lecture{But we're talking about \emph{freedom}.}
+
+ \item<3-> The truth is---the web has become alarmingly hostile and
+ freedom-denying toward users
+ \lecture{The web has become increasing \emph{hostile} and
+ freedom-denying toward its users. And that's not progress;
+ technical advancements are great, but \emph{not when they
+ deny users their freedoms}.}
+
+ \item<4-> Freedom trumps all.
+ \lecture{\emph{Freedom trumps all.} So we can say that, while Web~2.0
+ was a \emph{technical} upgrade, it has been a steadily
+ progressing \emph{downgrade} for users' freedoms.}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{What freedoms are at stake?}
+ \lecture{So what freedoms are at stake? Well,}
+
+ % TODO: start at 0, skip to 4 after four freedoms
+ \begin{enumerate}
+ \item<+-> Four Freedoms;
+ \lecture{In most every case, the four freedoms. And as you'll see,
+ unlike with traditional desktop software, these aren't easy
+ freedoms to obtain.}
+
+ %\item Freedom to use software of your choice to view webpages;
+ \item<+-> Freedom of choice (interoperability);
+ \lecture{The freedom of \emph{choice}---that is, the freedom to use
+ the software of your choosing to access resources or services
+ online. Interoperability.}
+
+ %\item Freedom to process and adapt (within realm of Fair Use);
+ \item<+-> Freedom to automate and adapt (Fair Use);
+ \lecture{As an extension, the freedom to download resources for
+ indexing, scraping, offline backup, and other personal
+ uses. This is also essential to a number of important
+ activities covered under Fair Use.}
+
+ %\item Freedom to browse with relative anonymity and privacy;
+ \item<+-> Freedom of isolation;
+ \lecture{Freedom of isolation. And by isolation, I mean relative
+ anonymity and privacy---individual websites of the past
+ really didn't correlate your visits with visits on other
+ sites all that often, unless they were owned by the same
+ company.}
+
+ %\item Freedom to do your own computing;
+ \item<+-> Freedom to do your own computing;
+ \lecture{Freedom to \emph{do your own} computing, rather than having a
+ service do it on your behalf. Services as Software
+ Substitutes are particular problems.}
+
+ %\item Freedom to control your own data;
+ \item<+-> Freedom of ownership.
+ \lecture{The freedom to own and control your own data is a corollary
+ of the previous freedom. It's difficult to have that control
+ when you might not even be in possession of your data to
+ begin with.}
+ \end{enumerate}
+
+ \lecture{Now, this is not an exhaustive list; I unfortunately only have so
+ much time to present. But these freedoms should be sufficient to
+ illustrate the core issues.}
+\end{frame}
+
+
+\defverbatim{\gnuhost}{%
+\small
+\begin{verbatim}
+ $ host gnu.org
+ gnu.org has address 208.118.235.148
+\end{verbatim}
+}
+
+\defverbatim{\gnurequest}{%
+\small
+\begin{verbatim}
+ $ curl -v https://gnu.org/
+ [...]
+ > GET / HTTP/1.1
+ > User-Agent: curl/7.35.0
+ > Host: gnu.org
+ > Accept: */*
+\end{verbatim}
+}
+
+\defverbatim{\gnuresp}{%
+\small
+\begin{verbatim}
+ $ curl -v https://gnu.org/
+ [...some lines removed]
+ < HTTP/1.1 200 OK
+ < Date: Wed, 10 Feb 2016 19:45:21 GMT
+ < Server: Apache/2.4.7
+ < Cache-Control: max-age=0
+ < Expires: Wed, 10 Feb 2016 19:45:21 GMT
+ < Transfer-Encoding: chunked
+ < Content-Type: text/html
+ < Content-Language: en
+ <
+ { [data not shown]}
+\end{verbatim}
+}
+
+
+\begin{frame}[fragile]{Understanding the Web}
+ \lecture{Alright; so before we can really talk intelligently on these
+ issues, what is the Web? Quick summary:}
+
+ \begin{overlayarea}{\textwidth}{\textheight}
+ \begin{itemize}
+ \item<1-> Usually involves a web browser
+ \lecture{Normally when we talk about the ``Web'', as opposed to the
+ ``Internet'' as a whole, we're referring to something that you
+ would access using a web browser. That web browser might be
+ a graphical browser like GNU IceCat, or it might be a
+ text-mode browser like w3m. But you don't \emph{have} to use
+ a web browser---you might even use \tt{wget} or \tt{curl}
+ directly and look at the plain text of the document, or parse
+ it with a script.}
+
+ \begin{enumerate}
+ \item <2-> User enters a URL or clicks on a link
+ \only<2>{\par(e.g. \url{https://gnu.org/})}
+
+ \lecture{The user first indicates the resource that they want to
+ ``browse'' to using a URL, which stands for ``Uniform
+ Resource Locator''; it contains both a protocol and a
+ hostname. Let's take ``gnu.org'' as an example.}
+
+ \item<3-> Browser resolves domain to a host IP address (DNS lookup)
+ \only<3>{\gnuhost}
+
+ \lecture{The browser then resolves the domain name---\tt{gnu.org} in
+ this case---to the IP address of the server hosting the
+ resource. This is called a DNS---or ``Domain Name
+ Server''---lookup. The result may be one IP, or it may be
+ multiple. The easiest way to resolve a hostname on a
+ GNU/Linux system without worrying about what a DNS record
+ is, is to use the \tt{host} command. In the case of
+ \tt{gnu.org}, it resolves to a single IP address.}
+
+ \item<4-> For HTTP(S), brower sends HTTP request to host on port
+ 80/443
+ \only<4>{\gnurequest}
+ \lecture{I mentioned a protocol. The beginning of the URL is
+ usually HTTP or HTTPS; we don't care about others for this
+ talk. The former transfers data in plaintext whereas the
+ later is encrypted using SSL. The browser sends an HTTP
+ request to the host requesting the resource.}
+
+ \item<5-> Server responds with resource
+ \only<5>{\gnuresp}
+ \lecture{The server responds. That response might be affirmative,
+ it might be an error, it might be garbage; let's assume
+ that it was a successful response.}
+
+ \item<6-> Browser recursively loads all resources referenced by
+ webpage
+ \begin{itemize}
+ \item<6-> Stylesheets, Images, Scripts, etc.
+ \end{itemize}
+ \only<6>{\includegraphics[width=\textwidth]{images/gnu-resources.png}}
+ \lecture{This is the meat of the talk. The browser then recursively
+ processes all resources referenced by \emph{that}
+ resource. Most often, these include images, stylesheets,
+ and scripts.}
+ \end{enumerate}
+
+ \item<7-> Distributed network (``web'') of computers
+ \lecture{So fundamentally, the web is a distributed network of
+ computers that serve resources. Resources can be anything
+ from your conventional web page, to a program that runs in
+ your browser, to a live video stream of this talk.}
+ \end{itemize}
+ \end{overlayarea}
+\end{frame}
+
+
+\begin{frame}{Interoperability}
+ \begin{itemize}
+ \item<1-> Fundamental building blocks are standardized (W3C)
+ \lecture{So the Web is composed of many different
+ things. Technically, you can include anything on the
+ Web---certain formats will just invoke external programs or
+ trigger a download. But as far as web pages go, they
+ traditionally consist of HTML}
+ \begin{itemize}
+ \item<+-> HTML---Describes the document
+ \lecture{which describes the~document, and CSS}
+
+ \item<+-> CSS---Describes the document style (appearance)
+ \lecture{which describes the~document \emph{style}---how it looks,
+ what font to render in, the background color, et cetera.}
+
+ \lecture{Those documents can contain more than just text---there
+ is support for media as well, like images and embedded
+ video. Users can submit information by entering data in
+ form fields. Most of that falls under the HTML spec.}
+
+ \item<+-> HTTP---Communication protocol
+ \lecture{All of this communication is done using the HTTP
+ protocol, which defines how the server and client
+ communicate.}
+ \lecture{Back in the day, most every reaction to user input
+ involved loading a new webpage. You're seeing less and
+ less of that today---many web pages look and behave more
+ like \emph{software} than documents.}
+
+ \item<+-> JavaScript---Embed programs in web browser
+ \lecture{The standard way to do this today is with a language
+ called JavaScript.}
+ \end{itemize}
+
+ \item<5-> Variety of programs and standard tools can communicate with
+ webservers and read documents
+ \lecture{Given these standards for representing documents, styles,
+ media, etc---you're free to use whatever software you choose!
+ Everything is interoperable, on both the server and the
+ client. And this is incredibly important for user freedom,
+ and for free software.}
+
+ \item<6-> Threatened in the past: Java applets, ActiveX, Flash,
+ Silverlight, and other proprietary/non-standard software
+ \lecture{That interoperability has been threatened in the past by
+ other proprietary systems for embedding software in the
+ browser. The most popular ones include Java applets,
+ ActiveX, Flash, and Silverlight. Those were dark ages.}
+ \lecture{We do in fact have another looming threat---the Encrypted
+ Media Extensions proposal being considered by the W3C which
+ would effectively introduce DRM as a \emph{standard} for the
+ Web. We must oppose it, and I encourage you to join us
+ in protest just across the street tonight at 8:00.}
+
+ \item<7-> Now the greatest threat is JavaScript
+ \lecture{But an \emph{existing} standard is now our greatest
+ threat. JavaScript.}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{What is JavaScript?}
+ \lecture{So what is \emph{JavaScript}?}
+
+ \begin{itemize}
+ \item<2-> ECMAScript (Standard: ECMA-262; ISO/IEC 16262)
+ \lecture{Formally, it's ECMAScript, which is the standard defining the
+ language. Browsers tend to incorporate their own
+ features---some of which are subsequently incorporated into
+ the spec---so when we refer to ECMAScript, we're talking
+ about a core standard that all browsers implementing that
+ particular version should support. There are other
+ implementations of ECMAScript, like JScript and ActionScript,
+ but they're used almost exclusively in proprietary
+ environments, and you should not use them unless you have a
+ way of running that code on a fully Free operating system.}
+
+ \item<3-> Traditionally: Browser-based, client-side scripting language
+ \lecture{JavaScript started out in the web browser, specifically
+ Netscape. It was written in 1995 with the goal of offering
+ something that was easier for non-programmers to write than
+ Java Applets. The name JavaScript has nothing to do with
+ Java the language.}
+
+ \item<4-> Today: General-purpose programming language
+ \lecture{But today is has evolved into a popular general-purpose
+ scripting language, used on both the client and the
+ server. It's worth noting that JavaScript has been used on
+ the server for pretty much as long as it has
+ existed---Netscape used it on the server back in 1995.}
+
+ \begin{itemize}
+ \item<5-> Heavily popularized by Node.js
+ \lecture{But it wasn't until Node.js that it exploded in
+ popularity, and is often times even \emph{preferable} by
+ some to other languages on the server. I'm not getting
+ into \emph{that} debate today.}
+ \end{itemize}
+
+ \item<6-> ``Assembly language'' of the web
+ \lecture{It's often called the ``assembly language'' of the web,
+ because there are dozens of languages that compile into
+ it---if you want code running in the browser, the standard
+ way to do it is by using JavaScript.}
+ \begin{itemize}
+ \item<7-> Soon: WebAssembly (WebASM)
+ \lecture{But there are properties of the language that don't make
+ ideal for being the compiler target for all things on the
+ web. One popular method is a subset of JavaScript called
+ asm.js that is more effectively optimized. But now we
+ have a low-level language on the horizon called
+ WebAssembly, which is intended as a compiler target for
+ C/C++ code. So expect these issues I'm about to describe
+ to only propagate further in the future as it becomes
+ more and more trivial to write software for the web.}
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{The Illusion of Remote Execution}
+ \lecture{Perhaps one of the greatest dangers of software on the Web is the
+ illusion of remote execution---}
+
+ \begin{itemize}
+ \item<2-> Looks like the web page is manipulating itself
+ \begin{itemize}
+ \item<2-> Many consider the web page as a remote resource, not a local
+ copy of that resource
+ \end{itemize}
+ \lecture{the illusion that, because the program is manipulating and
+ appears to be a part of the web page, it must be executing
+ in a magical remote place.}
+
+ \item<3-> JavaScript programs run \emph{on the client}
+ \lecture{But it's not. JavaScript programs are executed \emph{on your
+ computer, by your web browser}: the program is downloaded
+ just like any other resource and interpreted by a JavaScript
+ engine in your browser.}
+
+ \item<4-> Illusion inhibits consideration of freedoms
+ \lecture{This is an important distinction, because we can't begin to
+ consider how to exercise our four freedoms if we can't even
+ get around to the fact that the program is actually running
+ on our computer.}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}[plain]{}
+ \begin{center}
+ \center\includegraphics[width=0.9\textwidth]{images/you-win.png}
+
+ Would you run some random website's program on your computer?
+ \end{center}
+
+ \lecture{(Read slide)}
+\end{frame}
+
+
+\begin{frame}[plain,c]{}
+ \lecture{Well, you do.}
+
+ \begin{center}
+ Well, you do.
+ \end{center}
+
+ \lecture{If only our web browser gave us a warning like that. But
+ instead, it's silent. And this is more dangerous than a phishing
+ attack---because at least when the user is presented with
+ \emph{this} (return to previous slide), they have a \emph{chance}
+ to be suspicious.}
+\end{frame}
+
+
+\begin{frame}{Covert Ephemeral Software}
+ \begin{itemize}
+ \item Browser downloads and executes arbitrary, often non-free software
+ \begin{itemize}
+ \item (Automatically clicks the download button for you!)
+ \end{itemize}
+
+ \lecture{But no---our web browsers are being stupid on our behalf!}
+
+ \item Most users have no idea this is happening
+ \lecture{And most users---even many technical ones---really don't have
+ any idea that this is happening. Because they don't think
+ about it like that.}
+
+ \begin{itemize}
+ \item And if they did, would they know to care?
+ \lecture{But let's say they did; would they even
+ \emph{know} to care? You can be taught to be suspicious
+ of sites advertising awards and such, but when a site
+ offers no indication at all, then what exactly do you
+ teach? What do you tell them to be suspicious of?
+ Instead, it's just a website.}
+
+ \item Most who \emph{do} know don't care.
+ \lecture{But then there are those who are well aware of what is
+ going on. Many of those are web developers---the same
+ people that \emph{write} this covert software. And
+ surprisingly, at least from my experience, most of them
+ don't care. Many instead take the stance that JavaScript
+ is an essential component of the modern web and it would
+ be silly to consider disabling it and quote-unquote
+ ``break'' websites.}
+ \end{itemize}
+
+ \item Ephemeral software
+ \lecture{And then at the end the software disappears, leaving no
+ trace except for some persistent data storage. A browser
+ doesn't list all the scripts that it executes as
+ ``installed software'' like it would an addon. Users won't
+ know that they were running software.}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}[c]{Just Say ``Yes!''}
+ \lecture{So if we adopt the philosophy of those who really don't care,
+ then life becomes a hell of a lot easier. Just saying ``yes''
+ all the time is much less confrontational; especially when
+ your web browser is doing it for you. And this makes a lot of
+ people pretty excited! Like...}
+
+ \begin{center}
+ \only<+>{Advertisers}
+ \lecture{Advertisers! You say ``yes!'' to their spyware that tracks
+ and analyzes you.}
+
+ \only<+>{Crackers \& Script Kiddies}
+ \lecture{Crackers and script kiddies love you too. You happily say
+ ``yes!'' to their payloads.}
+
+ \only<+>{Governments (also Crackers \& Script Kiddies)}
+ \lecture{Governments! Also crackers and script kiddies. They like to
+ broadly distribute exploits in the hope of maybe catching a
+ criminal. One such exploit was a 0-day used by the FBI to
+ deanonymize Tor users, guilty or not.}
+
+ \only<+>{ISPs (Like Comcast)}
+ \lecture{And what about the entity you depend on the most for your
+ communications online? In November of last year it was
+ discovered that Comcast was MITM'ing customers to inject
+ JavaScript into non-SSL webpages to inform customers of
+ copyright violations. Oh yes.}
+
+ \only<+>{People who want to show off their cool stuff}
+ \lecture{There are certainly other malicious actors, but not everyone
+ has bad intentions---you also have hackers that just want to
+ show you their cool new programs. And some of those are also
+ the ones that find it silly to disable JavaScript---how else
+ would you be able to witness their hard work?}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}[c]{Just Say ``Yes!''...and ``Yes!'' and ``Yes!'' and ``Yes!''...}
+ \begin{itemize}
+ \item<+-> Everyone expects their code to run, always, or there's
+ something wrong with your browser
+
+ \lecture{So if your browser doesn't default to saying ``yes'' to
+ untrusted, random, freedom-denying, possibly malicious
+ programs, then your browser is broken. This is in fact a big
+ deterrent for common-sense freedom and security practices: the
+ Tor Browser Bundle, for example---although it comes with
+ NoScript installed---does not block any websites by default,
+ even though it would make its users safer. No, that would
+ ``break'' websites.}
+
+ \item<+-> But most browsers today give you a binary choice:
+ \lecture{But let's say you are one of those people who might be a
+ little uncomfortable with this situation, and want to do
+ something about it. Well, with most browsers, what are your
+ options?}
+
+ \begin{enumerate}[<+->]
+ \item No---disable JavaScript
+ \lecture{You could disable JavaScript completely. But there might
+ be \emph{some} things that you'd like to run.}
+
+ \item Yes---run everything!
+ \lecture{Or you could run everything! Good choices here. These
+ are clearly not choices that taken into consideration
+ these issues.}
+ \end{enumerate}
+
+ \lecture{Now, many people will simply say, ``Well, I trust the sites I
+ visit.''}
+ \item<+-> You aren't just running that site's JavaScript
+ \lecture{But it's very important to understand that you aren't just
+ running the programs for that website. That website might
+ also include code from other servers---like CDNs. It might
+ inject other code like the Google Analytics spyware. And
+ what if the site is compromised, or susceptible to a XSS
+ attack, and an attacker loads additional scripts?}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{How Do We Install Software (Usually)?}
+ \lecture{If all of this seems awkward to consider, that's because it
+ is. Let's go back to the desktop for a bit; now that we're
+ thinking in terms of programs running on our computer, how do we
+ normally install software?}
+
+ \begin{itemize}
+ \item<2-> Explicitly.
+ \lecture{Explicitly. You indicate that you want some program foo and
+ you make it so. Unless you use a backdoored operating system
+ like Windows, OSX, iOS, or others---they tend to install
+ things for you.}
+
+ \begin{itemize}
+ \item<3-> GNU/Linux---Usually through a package manager
+ \lecture{On a GNU/Linux operating system, you usually install
+ software through that distro's package manager. GNU Guix
+ is a pretty good one to try.}
+
+ \item<4-> Source distribution (tarballs/etc)
+ \lecture{You might compile from source. That's even more of an
+ explicit process.}
+
+ \item<5-> Binaries (especially on proprietary operating systems)
+ \lecture{And, as is usually necessary on proprietary operating
+ systems, there are binaries. They might be downloaded from
+ a website or a walled weed garden,}
+ \end{itemize}
+
+ \item<6-> There is a conscious effort made by the user
+ \lecture{but it's generally a conscious operation all the same. Even
+ users of proprietary operating systems don't like when things
+ appear on their computer without having been requested.}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{Software Signing}
+ \lecture{We also have certain other guarantees. Or attempts, at least.}
+
+ \begin{itemize}
+ \item<2-> Any package manager worth using will verify signatures of
+ package
+ maintainers
+ \lecture{If you're using a package manager that doesn't verify a
+ cryptographic signature of the package, then you should
+ consider another package manager. Many package managers
+ provide---with some caveats---assurances that the package you
+ received is actually the package that the author or
+ maintainer intended for you to receive. I'm not getting into
+ those caveats here.}
+
+ \item<+-> GNU projects also distribute detached signatures for manual
+ verification
+ \lecture{In the case of source distributions, detached signatures are
+ often used. You'll see this with GNU programs, for
+ example---if you download a program from ftp.gnu.org, you'll
+ also find a corresponding signature file, and you should use
+ GPG to verify that your download is what the author
+ actually signed.}
+
+ %% TODO: either come up with a plan or delete this
+ \item<+-> No such thing exists for the Web
+ \lecture{...We don't have this type of thing for the web.}
+
+ \item<+-> We need a web of trust (e.g. PGP)---decentralized
+ \begin{itemize}
+ \item<+-> What not to do: Firefox refuses to install/run addons that
+ are not signed by Mozilla
+ \item<+-> No ``walled gardens''
+ \end{itemize}
+ \end{itemize}
+
+ \lecture{But what does the absence of user control mean?}
+\end{frame}
+
+
+\begin{frame}[c]
+ \begin{center}
+ Everyone is flocking to the web
+ \end{center}
+
+ \lecture{Everyone is flocking to the web. And a major reason is because
+ of the convenience that is provided by transferring even more
+ control away from the user to the authors and distributors.}
+\end{frame}
+
+
+\begin{frame}{Effortless Distribution}
+ \lecture{This convenience provides a distribution model that is
+ exploitative, and highly alluring to many. Two things that go
+ great in the same sentence.}
+
+ \begin{itemize}[<+->]
+ \item Software is downloaded \emph{automatically}---guaranteed!
+ \lecture{So, when you visit a website---as we've already
+ discussed---your browser just starts saying ``Yes!'' to
+ software. So, for the majority of your users, it's
+ essentially guaranteed that your software will be downloaded
+ and executed, and it will be done so immediately. If not,
+ their browser is broken, right? Right.}
+
+ %% Shackle as a Service
+ \item It's so easy for you---just click here!
+ \lecture{Baiting the user into downloading that software is also a
+ trivial task---there's no trying to trick the user into
+ downloading and invoking an executable. Just provide the
+ user with a link, and their freedoms are automatically
+ robbed.}
+
+ \item Cross-\{device,platform\}!
+ \lecture{In the modern web, platform or operating system isn't a
+ border---you can rob someone of their freedoms anywhere, any
+ time, whether they're on a mobile device, their home
+ computer, or their refrigerator.}
+
+ \item Automatic updates! We know best! (Ephemeral software)
+ \lecture{And let's not worry about those pesky users who decide to
+ exercise their freedom to decide what software they want to
+ run. Just overwrite their software for them, at any
+ time. Updates are automatic, and the user has no
+ choice.}
+ \begin{itemize}
+ \item Your browser is effectively a backdoor
+ \lecture{You might hear from security experts that most
+ computers have a backdoor---software updates. Well, in
+ this case, the backdoor is the front door. You have no
+ option. There \emph{is no} separate installation and
+ update---they're one and the same. As I mentioned, we
+ can say that the software is ephemeral---it exists as
+ long as you're on the website, and then disappears until
+ you next load it again.}
+ \end{itemize}
+
+ \item We control your data (SaaSS)!
+ \lecture{But that's not enough. How can we remove every atom of
+ freedom that the user has? Ah, let's also hold their data
+ hostage, and control what they can and cannot do with it!}
+
+ \item So easy to spy on you!
+ \lecture{And what's a magnificent consequence of all of this? We get
+ to spy on you for free! It's part of the package! We know
+ exactly what you are doing, when your are doing it, how you
+ are doing it, and anything in-between. This is too good to
+ be true!}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \begin{center}
+ \only<1>{We can finally get rid of that pesky little bit of control you
+ had left over your physical computing!}
+
+ \lecture{Greedy, malicious software developers and distributors have
+ been searching long and hard for ways to prevent users from
+ even studying the binaries, letalone source code. They've
+ pursued draconian technical and legal measures like DRM and the
+ DMCA out of desperation.}
+
+ \only<2>{SaaS---Shackles as a Service}
+ \lecture{But as it happens, the answer fell right into their
+ laps---``Shackles as a Service''. We're at the point today
+ where the next step to strip all power from the user is to
+ remotely render the program and stream images. And
+ unfortunately, such a thing already exists! It's called
+ ``cloud gaming'', or Gaming as a Service. Hold the fart
+ jokes. These services remotely render games and stream them
+ to the user. All user input is sent to the service. The
+ next logical step after that is then licensing eyeball or
+ brain implants so that the user can't record or manipulate
+ the image on her screen! Vision as a Service, perhaps.}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{The Web Is Easy}
+ \lecture{Let's explore another aspect of why the Web is so appealing for
+ software developers.}
+
+ %% TODO: let's emphasize the benefits a bit more
+ \begin{itemize}[<+->]
+ \item Low Barrier To Entry
+ \lecture{Most everyone has a web browser. Everything rendered in that
+ browser uses standardized document and styling formats---HTML
+ and CSS---which have been used for decades to represent
+ documents. This retrofitting of sorts makes it easy to
+ inspect programs' UIs and play with them. Every modern
+ browser comes with debugging tools for inspecting the DOM and
+ running scripts, for monitoring and inspecting network
+ traffic, for debugging scripts. This is \emph{great} for a
+ free Web---it encourages studying and tinkering. So
+ interested users can easily tweak the page, or type some
+ scripts in the browser's console to see what happens. And
+ when they start writing software, they can see it in the
+ familiar environment that is their web browser. There's not
+ much that is alien to them; if you introduce someone to shell
+ scripting, C, Perl, Python, etc, they're diving into a world
+ that is entirely hidden from their perspective as a
+ \emph{user} of software.}
+
+ \item Huge number of libraries and tools for web development
+ \lecture{Now, the leap from a document format to a program can be a
+ bit daunting. But, because of all the reasons I mentioned,
+ the number of libraries focused on web development is growing
+ at an \emph{unbelievable} rate. You can have working
+ software running on most every modern operating systems
+ quickly and easily, and not even have to worry about how
+ you're going to package and distribute it! And most of these
+ popular libraries are free software. The most daunting task
+ for new web developers is often what library to pick.}
+
+ \item Even desktop software using web libraries
+ \lecture{And then we have software like Node.js that allows running
+ code written for the web directly, without a web browser. So
+ it often makes sense to write software in JavaScript or a
+ language that compiles into it, because then you can share
+ code between the server and client. It makes sense to write
+ your UI using HTML and CSS, because you can execute the
+ program in a way that it doesn't look like a website;
+ Chromium, for example, has a ``app'' mode that makes the
+ loaded page look like a normal program. And then you have
+ those that only really know web development, but are now able
+ to take that knowledge and apply it directly to the server or
+ the desktop.}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \begin{center}
+ \only<1>{This is great for software freedom.}
+ \lecture{All of this is great for software freedom---you have all of
+ these libraries that make it \emph{easy} to develop free
+ software!}
+
+ \only<2>{But we have a problem.}
+ \lecture{...but we have a problem. Well, another in the \emph{web} of
+ problems, I suppose.}
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{Effortless \emph{Proprietary} Software}
+ \lecture{While it's making software easy for the good guys, it's also
+ making it easy for the bad guys! And there's an explanation for
+ that.}
+
+ \begin{itemize}[<+->]
+ \item We have a licensing problem.
+ \lecture{What we have is a licensing problem! We have a \emph{lot} of
+ free software,}
+
+ \item Permissive licensing \emph{enables} proprietary software
+ \lecture{but most of it is licensed under a permissive license---the
+ most popular being the MIT~Expat license, which allows for
+ non-free derivatives. What this means is that proprietary
+ software authors have a relatively easy time developing
+ software that denies users their freedoms. Writing software
+ is expensive---it takes time, and time is money in
+ business. Any time that can be saved using these wonderful
+ free software libraries is money that they can divert toward
+ adding attractive features, releasing early, and implementing
+ ways to screw over the user.}
+ \end{itemize}
+\end{frame}
+
+\begin{frame}{Philosophy/Culture Problem}
+ \lecture{The predominant underlying reason of the licensing problem is a
+ philosophical and cultural one.}
+
+ \begin{itemize}
+ \item<2-> ``Open source almost everything''---Tom Preston-Werner
+ \lecture{If you've listened to any in-depth criticism about licensing
+ practices of the modern web development community, then
+ you've probably heard of Tom Preston-Werner's post entitled
+ ``Open source almost everything''. It has some startling
+ statements that illustrate the mindset of the larger web
+ development community, and the open source community in
+ general. Let's take a look at a few. Now, just a warning,
+ some of what you are about to see may shock and confuse
+ you. Viewer discretion is advised.}
+ \end{itemize}
+
+ \only<3>{
+ \begin{quote}
+ \hangleft{``}If you do it right, open sourcing code is \textbf{great
+ advertising} for you and your company. [...] we like to talk publicly
+ about libraries and systems we've written that are still closed but
+ destined to become open source. [...] It helps determine what to open
+ source [...]. We recently open sourced [...] our chat bot
+ [...]. Within two days it had 500 watchers on GitHub and 409 upvotes
+ on Hacker News. This translates into goodwill for GitHub and more
+ superfans than ever before.'' (Emphasis \emph{not} mine.)
+ \end{quote}
+ \lecture{This is an excellent example of why we should reject ``open
+ source''---as a development methodology, it ignores users' freedoms
+ entirely. While we're talking about users' freedoms, Tom's talking
+ about liberating code for advertising and building suspense over a
+ project to produce ``superfans''. And he determines what to liberate
+ based on input from that suspense. Not because it's the ethical thing
+ to do.}
+ }
+
+ \only<4>{
+ \begin{quote}
+ \hangleft{``}If your code is popular enough to attract outside
+ contributions, you will have created a \textbf{force multiplier} that
+ helps you get more work done faster and cheaper.'' (Emphasis
+ \emph{not} mine.)
+ \end{quote}
+ \lecture{Free labor; that's what Tom sees. They can focus on all the
+ proprietary goodies that provide business value while the
+ community writes the rest of the software for them.}
+ }
+
+ \only<5>{
+ \begin{quote}
+ \hangleft{``}When you open source useful code, you \textbf{attract
+ talent}. Every time a talented developer cracks open the code to one
+ of your projects, you win.'' (Emphasis \emph{not} mine.)
+ \end{quote}
+ \lecture{In other words---liberated code is used in a predatory manner
+ to lure free software hackers into a position of developing
+ proprietary software.}
+ }
+
+ \only<6>{
+ \begin{quote}
+ \hangleft{``}Ok, then what shouldn't I open source? That's
+ easy. Don't open source anything that represents core business
+ value.''
+ \end{quote}
+ \lecture{But what about the stuff that is truly innovative and valuable
+ enough that you consider it a core part of your business? The
+ stuff that you think is the most valuable to you? The stuff
+ that the free software community needs to compete with this
+ ever-growing proprietary world? You hide it. And you suggest
+ that others do the same.}
+ }
+
+ \lecture{Alright, now this last quote blows my mind.}
+
+ \only<7>{
+ \begin{quote}
+ \hangleft{``}Lastly, \textbf{it's the right thing to do}. It's almost
+ impossible to do anything these days without directly or indirectly
+ executing huge amounts of open source code. If you use the internet,
+ you're using open source. That code represents millions of man-hours
+ of time that has been spent and then given away so that everyone may
+ benefit. We all enjoy the benefits of open source software, and I
+ believe we are all morally obligated to give back to that community.''
+ (Emphasis \emph{not} mine.)
+ \end{quote}
+ }
+
+ \lecture{What!? We are all \emph{``morally obligated''}, he says. This
+ is baffling. He recognizes how much he benefits from the free
+ software community after talking about how to exploit it and
+ contribute back only what might benefit their business by
+ attracting free labor and good talent. To quote Bradley~Kuhn
+ from one of his talks, this is incredibly self-serving.}
+\end{frame}
+
+
+\begin{frame}{The Web Scene}
+ \lecture{Tom's philosophy is pervasive throughout the modern web
+ development community. And if we look at the composition, we can
+ see why:}
+
+ \begin{itemize}
+ \item<2-5> Contributions by large corporations (e.g. Google, Facebook,
+ Twitter, GitHub)
+ %% TODO: Examples
+ \lecture{It's no question that life today is largely online, and there
+ are many major corporations that play a big role in
+ that. Many of the popular free libraries for the web are
+ written by those corporations and used within their own
+ proprietary software as well.}
+
+ \item<3-5> Startups (e.g. YCombinator-funded)
+ \lecture{Most new software startups today are going to have some sort
+ of online component---if even just for the social
+ aspect. But as has already been discussed, the web is an
+ attractive platform, and an easy way to create vendor
+ lock-in---something that many misguided startups will
+ consider to be a very important thing for their long-term
+ success. For this to happen---for these young startups to be
+ able to get software out cheaply and quickly with limited
+ resources---they need free software. So there is immense
+ community pressure to create permissively licensed software;
+ it's more difficult to distribute proprietary software for
+ the web when the client libraries carry a copyleft.}
+
+ \item<4-5> New programmers, new culture
+ \lecture{And speaking of that community pressure---the web development
+ community is home to many new or inexperienced
+ programmers. Those programmers are immersed in a culture that
+ talks about ``rockstar'' and ``10x'' programmers; about
+ ``brogrammers'' and ``hipster'' languages---these are very
+ different terms than hackers are used to, and highlight very
+ different concepts. Importantly, they focus on
+ \emph{methodology}---performance, producing something that is
+ cool and will be accepted by your peers. This is not a focus
+ on freedom at all. ``Copyleft'' is a dirty word: if you want
+ to be accepted by your peers---\emph{especially} in the
+ startup community, which you might want to be a part of
+ yourself---you'd better license your libraries
+ permissively. If you don't, someone's going to ask you to
+ relicense so that they can use it in their own proprietary
+ software, and lecture you on how copyleft restricts their
+ freedom as a developer. But that's assuming that you've even
+ been introduced to the concept of copyleft to begin
+ with. And besides, all your friends are doing it, and
+ they're all 10x rockstars!}
+
+ \item<5> Peer pressure
+ \lecture{So there is immense peer pressure---pressure to ignore
+ talking about the awkward politics and philosophy of freedom
+ entirely and just stick to the brogramming, man.}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}
+ \begin{center}
+ Unconscious propagation and consciously manipulative leaders
+ \lecture{Anti-copyleft activists have the benefit of being able to
+ focus on the practical arguments---which are easy---and
+ avoiding or even trying to degrade philosophical
+ arguments---which are hard, because they involve
+ confrontation. It's therefore trivial to push ``open
+ source'' and permissive licensing with the end goal of
+ fighting copyleft, without actually bringing up the issue
+ most of the time, thereby creating a large community that
+ works against copyleft without actually \emph{thinking} about
+ copyleft. This is very dangerous. As I know many others
+ here have witnessed when trying to defend copyleft, it can be
+ very hard to explain these issues to someone who isn't aware
+ that issues even exist. It's an army of ignorance; an army
+ of non-enemies that we can't just tear down, because they
+ might not know better, and we'd do best to try to convince
+ them that their freedoms are important, and that users'
+ freedoms are too. And when we go after the leaders---the
+ mentors---the army swarms to their defense.}
+ \end{center}
+
+ \lecture{Well, having spoken of Bradley Kuhn: as of last month, we even
+ have a term describing broad issue. And, no, it's not a hipster
+ word.}
+\end{frame}
+
+
+\begin{frame}
+ \lecture{Kuhn's paradox!}
+
+ \begin{center}
+ Kuhn's Paradox
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{Kuhn's Paradox}
+ \begin{quote}
+ \hangleft{``}For some time now, this paradoxical principle appears to
+ hold: each day, more lines of freely licensed code exist than ever
+ before in human history; yet, it also becomes increasingly more
+ difficult each day for users to successfully avoid proprietary software
+ while completing their necessary work on a computer.''
+ \end{quote}
+
+ \lecture{(Read Kuhn's Paradox)}
+
+ \lecture{Bradley Kuhn has talked a lot about some of these issues---and I
+ thank him for doing so. I didn't see his talks
+ until---coincidentally---after I started preparing \emph{this}
+ talk, and I was pleasantly surprised to hear him discussing many
+ of these same issues. I recommend his talks.}
+\end{frame}
+
+
+\begin{frame}{Culture of ``Open Source''}
+ \begin{itemize}
+ \item<1-> The licensing problem is a cultural problem
+ \lecture{This is the culture of ``Open Source''. And this is not
+ intended as an insult toward that community---it's simply a
+ truth that the ``Open Source'' movement was created to avoid
+ talking about freedom.}
+
+ \item ``Open Source'' devalues freedom
+ \lecture{And by avoiding that discussion, it devalues it. If we were
+ talking about freedom, then these issues get raised and
+ considered more frequently.}
+
+ \begin{itemize}
+ \item When freedom is inessential, proprietary ``features'' or
+ derivatives aren't bad
+ \lecture{So when freedom isn't valued, then these extra
+ proprietary features or derivatives on top of all the
+ excellent free software and libraries isn't seen as a bad
+ thing.}
+
+ \item ``Open Core'' (Microsoft)
+ \lecture{And this model of having a free base with proprietary
+ extensions is often called ``Open Core'', coined by
+ Microsoft. We thought ``Open Source'' was dangerous---this
+ ``Open Core'' philosophy not only devlaues freedom, but it
+ deligitimizes it through some twisted logic!}
+ \end{itemize}
+
+ \item I'll take my Web partially free, hold the free
+ \lecture{The ``open core'' it describes doesn't exist for freedom---it
+ exists for the benefits of the ``Open Source'' development
+ model.}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}[c]
+ \begin{center}
+ Partial freedom isn't freedom!
+ \end{center}
+
+ \lecture{But partial freedom isn't freedom! It doesn't matter if
+ \emph{part} of your software is free---if even a byte of it robs
+ me of any of my four freedoms, then I can't ethically use it! I
+ would have to concede that your website is worth surrendering my
+ freedoms for. It's probably not.}
+\end{frame}
+
+
+\begin{frame}{No Such Thing As Neutral On Freedom}
+ \begin{itemize}
+ \item Permissive (pushover) licenses are thought to appease multiple
+ parties
+ \lecture{Now remember---''Open Source'' was created to eliminate the
+ discussion of freedom. Freedom can be an uncomfortable
+ topic, because it's philosophical. And it's heavily
+ controversial; some people don't believe in users'
+ freedoms. Imagine that. This makes for uncomfortable
+ conversation that most people want to avoid. So they might
+ try to remain neutral by using pushover licenses, and appease
+ to every group:}
+
+ \begin{itemize}
+ \item<2-> Free software supporters
+ \item<3-> Copyleft haters
+ \item<4-> Businesses
+ \item<5-> People who really don't know/care
+ \end{itemize}
+
+ \item<6-> But there's no such thing as neutrality!
+ \lecture{But that is a flawed reasoning. Because when you try to
+ remain neutral on an important topic, you are remaining
+ neutral on both the good and the bad. Remaining neutral on
+ the topic of freedom is like standing on the sidewalk
+ watching someone being harassed, bullied, beaten. And rather
+ than step in, you just walk away. Maybe peek back. Because
+ if you were to step in to stop the bullying, then you'd piss
+ off the bullies, and you'd be a target. But if you stepped
+ in and bullied yourself, then you'd be called a bully! So
+ what's the end result?}
+
+ \item<7-> Neutral on freedom $\equiv$ allowing erosion of freedoms
+ \lecture{You let the bullies take over---they already have the upper
+ hand, and they'll continue to exert their power as long as it
+ benefits them.}
+
+ \item<8-> Copyleft is \emph{essential} for a free Web
+ \lecture{Standing up to the bullies means \emph{fighting} for freedom,
+ not just talking about it. If you are writing software, that
+ means using copyleft by means of a license like the
+ AGPL. Otherwise, you're standing on the sidelines watching
+ every user of the web being bullied.}
+
+ \begin{itemize}
+ \item<9-> If you use pushover licenses, you're helping to push over
+ everyone else (but perhaps not intentionally)
+ \lecture{Or worse---if you write a library that uses a pushover
+ license, then you're not just watching: you're giving
+ \emph{power} to the bullies. What would they do without
+ the tools you provide them? Well, they'd have to make
+ their own. Or maybe they'd see that you demand freedom,
+ and consider that maybe those they are bullying do
+ actually deserve some respect.}
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+
+
+%% TODO: move to end?
+\begin{frame}[c]
+ \begin{center}
+ If you value freedom,
+ \only<1>{talk about Free Software!}%
+ \only<2>{choose copyleft!}
+ \lecture{If you value freedom, \emph{talk about free software}!}%
+
+ \lecture{If you value freedom, \emph{choose copyleft!} Fight for what
+ you believe in! Now I understand---peer pressure is a hard
+ thing to overcome. But we're your peers too.}
+ \end{center}
+\end{frame}
+
+
+%%%=== BEGIN TIMEBLOCK 6m ==============================================
+
+
+\begin{frame}[c]
+ \begin{center}
+ Freedom is only as good as your ability to exercise it
+ \end{center}
+
+ \lecture{All this focus on copyleft is good and all---if only it were the
+ solution to all of our problems. But we have a whole Web of
+ problems to deal with. Freedom is only as good as your ability
+ to exercise it.}
+\end{frame}
+
+
+\begin{frame}{Maybe free...?}
+ \begin{itemize}
+ \item Almost always no license information or link to source code
+ \lecture{One huge problem we have with software on the web is that it
+ is almost always void of licensing information. So software
+ might be free, but we can't be sure of that without having a
+ JavaScript expert review minified code and try to correlate
+ it with the original sources. I had to do with with Reddit
+ when auditing it for the FSF's Free JavaScript
+ campaign. There's no reasonable expectation for \emph{users}
+ to do that! They wouldn't be able to!}
+
+
+ \item But is all of it free?
+ \begin{itemize}
+ \item Certain things may look free, or have free components
+ (e.g. the ubiquitous jQuery)
+ \lecture{But how do we know that a program is fully free? Let's
+ draw a comparison with traditional binaries. How do you
+ know it's fully free? Well, you rely in part on
+ licensing information for the program. If we hold JS to
+ the same standards, then we at least need licensing
+ information on distributed code.}
+
+ \item Might also load non-free code as a separate program
+ (e.g. Google Analytics spyware)
+ \lecture{But the page might load other programs in \emph{addition}
+ to the free program, for example the Google Analytics
+ spyware. This is like a free software package installing
+ proprietary software alongside of it; SourceForge used to
+ do that, for example.}
+ \end{itemize}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}{Corresponding Source Code}
+ \begin{itemize}[<+->]
+ \item Where can I find the corresponding source?
+ \lecture{The other requirement is the corresponding source code. We
+ should be able to build it ourselves, host it ourselves, and
+ expect to have the same functionality. And we should be able
+ to audit the distributed code and correlate it with the
+ original sources. And guess what---I found a small amount of
+ non-free code missing from the Reddit repository. Very
+ small, and it just screws with the user by moving elements
+ around the page if they have some cursed flag set, but
+ non-free nonetheless.}
+
+ \item Minified code is not source code!
+ \lecture{I have personally had people counter my argument in the past
+ with a statement saying that all JavaScript code is
+ quote-unquote ``open source'' because the source code is
+ distributed to the browser. No!}
+
+ \item ``The 'source code' for a work means the preferred form of the
+ work for making modifications to it. 'Object code' means any
+ non-source form of a work.''
+ \lecture{The GPL defines ``source code'' as (read above). So minified
+ sources are object code. And let's see why:}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}[fragile,plain]
+\scriptsize
+\begin{verbatim}
+add:function(a,b,c,d,e){var
+f,g,h,i,j,k,l,m,o,p,q,r=N.get(a);if(r){c.handler&&(f=c,c=f.handler,
+e=f.selector),c.guid||(c.guid=n.guid++),(i=r.events)||(i=r.events={}),
+(g=r.handle)||(g=r.handle=function(b){return"undefined"!=typeof
+n&&n.event.triggered!==b.type?n.event.dispatch.apply(a,arguments):void
+0}),b=(b||"").match(G)||[""],j=b.length;while(j--)h=fa.exec(b[j])||[],
+o=q=h[1],p=(h[2]||"").split(".").sort(),o&&(l=n.event.special[o]||{},
+o=(e?l.delegateType:l.bindType)||o,l=n.event.special[o]||{},k=n.extend(
+{type:o,origType:q,data:d,handler:c,guid:c.guid,selector:e,needsContext:
+e&&n.expr.match.needsContext.test(e),namespace:p.join(".")},f),(m=i[o])
+||(m=i[o]=[],m.delegateCount=0,l.setup&&l.setup.call(a,d,p,g)!==!1||
+a.addEventListener&&a.addEventListener(o,g)),l.add&&(l.add.call(a,k),
+k.handler.guid||(k.handler.guid=c.guid)),e?m.splice(m.delegateCount++,0,k)
+:m.push(k),n.event.global[o]=!0)}}
+\end{verbatim}
+ \lecture{This is a snippet of jQuery's minified sources for an 'add'
+ method. Real quick---what do each of those arguments mean? What
+ does this function do?}
+\end{frame}
+
+
+\begin{frame}
+ \begin{center}
+ \includegraphics{images/librejs-logo.png}
+ \end{center}
+ \lecture{GNU has an addon for Firefox-based browsers like GNU IceCat that
+ approaches this issue in a few different ways.}
+\end{frame}
+
+
+\begin{frame}{LibreJS}
+ \begin{itemize}[<+->]
+ \item Blocks execution of non-free JavaScript
+ \lecture{LibreJS blocks the execution of non-free JavaScript. But how
+ does it determine what is non-free?}
+
+ \item JavaScript should ideally contain {\tt @license} tags
+ \lecture{A couple ways. Ideally, the JavaScript should be wrapped in
+ license tags. It can identify the license in a number of
+ ways, including the full license header you'd see in source
+ files, or a magnet link, which is much more ideal for
+ minified sources.}
+
+ \item Hashes of common libraries recognized as free
+ \lecture{But the Web is full of \emph{existing} software like
+ libraries that don't contain those labels. So LibreJS also
+ maintains a list of file hashes for popular libraries. For
+ example, the minified jQuery file containing the snippet I
+ showed would be recognized as free, even though it doesn't
+ contain licensing information.}
+
+ \item Web Labels map scripts to corresponding source code
+ \lecture{It then has a method called Web Labels---which is a simple
+ HTML table---that is intended to be a machine-readable way to
+ map scripts to their source code.}
+ \end{itemize}
+
+ \lecture{The LibreJS project needs help from JavaScript developers to
+ develop and maintain the addon. If you're interested, please
+ visit gnu.org/software/librejs}.
+\end{frame}
+
+
+\begin{frame}{Submit Patches To Projects!}
+ \begin{itemize}[<+->]
+ \item Patch your own projects!
+ \item Submit patches to add headers to projects
+ \item Patches for minifiers (e.g. UglifyJS)
+ \item Patches for programs that combine sources (e.g. Browserify)
+ \item For Node.js programs: can pull license right out of {\tt package.json}
+ \end{itemize}
+
+ \lecture{You can help by adding licenses to your own projects and by
+ submitting patches to other projects; this will not only help
+ solve the licensing issue for that project, but also make others
+ aware of the issue. And one great way to help is to submit
+ patches to minifiers like UglifyJS to automatically add that
+ license information to sources, or retain it if it exists. But
+ that doesn't help when a minified file might contain code under
+ various licenses, so it'd also be helpful to patch programs like
+ Browserify---which packages Node.js modules for the client---to
+ recognize licenses and add them as appropriate. For node.js
+ pull the license right out of the package.json file.}
+\end{frame}
+
+
+%%%=== END TIMEBLOCK 6m ==============================================
+
+
+\begin{frame}{Replacing Programs}
+ \begin{itemize}
+ \item<1-> How do you replace a program (free or non-) on your computer?
+ \lecture{Alright. So back to your desktop for a moment. If you want
+ to replace a non-free program with a free one, or modify a
+ free program, how do you do it?}
+ \begin{itemize}
+ \item<2-> You just do.
+ \lecture{Well...you just do.}
+ \end{itemize}
+
+ \item<3-> How do you replace a program (free or non-) on the Web?
+ \lecture{But what about on the web?}
+ \end{itemize}
+\end{frame}
+
+
+\begin{frame}[c]
+ \begin{center}
+ Ha!
+ \end{center}
+\end{frame}
+
+
+\begin{frame}{Replacing Programs---The Best Case}
+ \only<1->{
+ \begin{enumerate}
+ \item The program is entirely packaged in its own JavaScript file(s)
+ \item All dependencies are packaged with or alongside it
+ \end{enumerate}
+ }
+ \lecture{The best situation we have for replacing programs is when the
+ program is packaged entirely in its own JavaScript files, and
+ so are its dependencies.}
+
+ Solution:
+
+ \only<2->{
+ \begin{enumerate}
+ \item Block program scripts
+ \item Block undesirable dependencies
+ \item Inject replacement program
+ \end{enumerate}
+ }
+ \lecture{The solution isn't all that complicated then. Block those
+ undesirable scripts from loading and inject a replacement
+ program. I'll get into how to do that shortly.}
+\end{frame}
+
+
+\begin{frame}{Replacing Programs---The Realistic Case}
+ \lecture{But if only we were so lucky!}
+
+ \begin{enumerate}
+ \item<1-> The program is actually a number of independent programs
+ (scripts) doing different things
+ \lecture{In reality, a web page often contains what can be considered
+ a bunch of independent programs doing distinct things, like
+ validating forms, populating a real-time search, a shopping
+ cart, animating part of the page, etc.}
+ %% add web page screenshot as an example
+
+ \item<2-> Some scripts are packaged in one or more JavaScript files
+ \lecture{Some of those scripts might be packaged in one or more
+ JavaScript files. Okay, that's good.}
+
+ \item<3-> Some are inline {\tt