Weekly Edition
Return to the Front page
| |||||||||||||
Storm clouds
Richard Stallman recently went
on record against cloud-based computing, and against Google's ChromeOS
in particular. Putting one's personal data on remote servers, he says,
necessarily entails loss of control over that data. It is far better to
keep one's data on a system which is under one's physical control. As with
most things, Richard has been most consistent with this message; he has
been saying similar things for a long time. But the increase in
cloud-based services - and systems designed to direct users toward them -
is adding urgency to this message.
Your editor does not always agree with Richard, but Richard has a point here. We have worked for many years to build systems which we have some degree of control over, with quite a bit of success. Even systems which have traditionally been severely closed - phone handsets, for example - are becoming more hackable over time. A suitably motivated and skilled user can avoid proprietary software, and the long list of antifeatures such software tends to include, much of the time. The situation is not perfect, but things could certainly have been a lot worse. When our systems become little more than a window into somebody else's server, though, that control disappears. The results are predictable:
With regard to the last item above, it is encouraging that a US appeals court has just ruled that email cannot be seized from a third-party provider without a search warrant. But it is highly discouraging that such a ruling was necessary in the first place. Seemingly obvious concepts - like the privacy of email - seem to fall by the wayside when network-based providers are involved. Given all this, one might well wonder why such services are seeing any use at all. The simple fact of the matter is that they are awfully convenient. A web-based email account is far easier to set up and maintain than an independent mail server - even for those who have the skills to maintain such a system. Anybody who has been through the tiresome experience of moving into a new phone can only be thrilled when that new Android handset automatically downloads the contact list - and all previously-installed applications. Establishing contacts and sharing information is easy on social networking sites - and essentially impossible otherwise. These services have brought a wide range of capabilities and features to a wide community of users; there is clear value in what these companies are providing. It is well to warn users of what they are giving up when they place their personal information on such a site. Making sure people know when a cloud provider misbehaves is clearly the right thing to do. Many LWN readers heed those warnings and take a great deal of care to limit the information given to cloud providers and to maintain their own infrastructure. But it is futile to tell the rest of the world to avoid cloud-based services when we cannot point them to any alternatives that are useful to them. Such advice will be ignored, and the message as a whole may be lost. The right response to the cloud problem is to create alternatives which give a higher degree of control - and which are usable by people who have no interest in putting their time into making things actually work. That means solving problems at a number of levels. We need applications which provide a rich experience to users which are not tied to any specific machine; the web is the obvious way to provide that experience, but it might not be the only way. Needless to say, these applications must be free software if we are to trust them at all. We need freedom-friendly policies that raise the bar for what users expect and demand. We need a mechanism for deploying these applications on the net which allows users to easily create and maintain their own instances while interoperating with others. It would be good to contemplate what could be done when terabyte storage on mobile platforms is commonplace - we can always have all of our data in our pockets. With pieces like these in place, we might begin to have a story which can compete with the existing providers. Something else is needed, though: a means for financing these services must be developed. "Free" is awfully nice, but, as people far wiser than your editor have observed, if you are not paying for a service, you are not the provider's customer - you are their product. That is a relationship which will inevitably lead to conflicts of interest. Establishing a more straightforward relationship between users and providers of online services seems like an important step toward improving both control and privacy. That does not mean getting companies out of the services business - indeed, it could mean the opposite - but it does mean renegotiating the relationship. (And, naturally, companies have all the same freedom and privacy interests that individuals do when it comes to obtaining services on the net). Recent events have convinced many people that, as we have become increasingly dependent on the net, we have also lost control over it. We may see a more focused effort in the coming years to take back control and freedom at the network level. As with all of these battles, it will be difficult; there is no shortage of powerful interests pushing toward central control. But it's one that we should be able to win. (Log in to post comments)
Storm clouds Posted Dec 16, 2010 3:20 UTC (Thu) by aliguori (subscriber, #30636) [Link]
As with many things, lumping any service that use the internet to exchange data such as Facebook and the Kindle under some banner called "cloud computing" and then pointing out bad things people have done on the internet and asserting that makes cloud computing fundamentally evil is a bit extreme.
Rackspace canceled the account of Florida church that threatened to burn the Quran. I'm sure LWN uses at least a colocation service to host its server and its provider could certainly do the same.
Is everyone supposed to have a direction connection to an internet backbone in their basement with their own UPS-backed redundant storage with multiple servers to scale to meet site demand?
We've relied on third parties to host infrastructure since the earliest days of the internet. There is no fundamentally new privacy threat introduced by modern cloud computing. Cloud computing is about exploiting homogeneity to scale. Economies of scale means things get cheaper.
The only real shift is that instead of everyone deploying their own infrastructure, people are adapting their infrastructure to fit into existing frameworks that already have achieved good scalability.
Storm clouds Posted Dec 16, 2010 9:06 UTC (Thu) by tcourbon (subscriber, #60669) [Link]
I believe that the point here is not about sharing and/or using hardware infrastructure but more on remotely storing data. that formerly were stored locally on a personnal computer.
I am conviced this is two fundamentaly distinct problematics with their own specific issues.
Storm clouds Posted Dec 16, 2010 17:31 UTC (Thu) by vonbrand (subscriber, #4458) [Link] The problem is more that the service is "free", which means that "somebody else" is footing the bill... and as the saying here goes, whoever pays the piper says what to play. As our Esteemed Editor aptly notes, if you don't pay for the service, you aren't a customer (with rights), you are the product. Sure, you are free to enter into such an arrangement, but do it with both eyes open. OTOH, it is certainly true that setting up and managing the equivalent service for oneself is a major chore. And as long as "free" alternatives go around, it will be very hard to set up a paid-for service that gives the user control.
Storm clouds Posted Dec 17, 2010 0:47 UTC (Fri) by giraffedata (subscriber, #1954) [Link] The problem is more that the service is "free", The problem the article talks about is bigger than that. The article uses as an example Wikileaks getting booted off of Amazon. Wikileaks paid for that service and was a customer, but still was at risk. I'd say a first step toward being secure in your dependence on a remote computing service is paying for it. But RMS and others say that's not nearly enough.
Storm clouds Posted Dec 17, 2010 1:45 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]
the amazon terms of service include a statement stating that you have the right to publish everything that you make available through their servers.
in the wikileaks case that is obviously not the case (for the government stuff you may be able to argue that the government stuff isn't copyrighted, but for the leaks from private companies that is clearly not the case)
amazon terminated their service on this basis (true, they may have ignored the violation if other pressure wasn't brought to bear, but they had legitimate reasons for the termination)
Storm clouds Posted Dec 17, 2010 2:52 UTC (Fri) by giraffedata (subscriber, #1954) [Link] That's good information, but don't let it detract from the reason the article uses the Wikileaks incident as an example: Amazon can boot a paying customer off its service. And if Amazon can do it for a good reason, it can do it for a bad one too. And so can someone else. That was also the thrust of the concern about Amazon unselling ebooks. Whether or not it's justified in any particular case, what was most shocking is just that Amazon can sneak in and grab something that you thought was yours.
Storm clouds Posted Dec 17, 2010 3:49 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]
I really get annoyed when people are making points and use bad examples, and then you are supposed to ignore the example and just trust the point.
the initial point then becomes no more than an unsupported statement.
this is a serious issue, and it needs to be treated as such, but bringing in invalid arguments doesn't really help (it may appear to in the short term as it gets people worked up, but the long-term loss of credibility looses all that ground and more)
in the case of the e-books, I think the doctrine of first sale is getting thrown away (and the refusal of the supreme court to uphold this recently is a big problem IMHO)
but when you contract with someone for a service, and then violate your end of the contract, you shouldn't be surprised that the contract is terminated.
now, there are cases where the relative power of the two parties is so out of balance that some portions of the contract should not be enforced, but in the wikileaks case, the clause in the contract boils down to "don't use the service to do illegal things", which is a pretty fair thing to have in the contract.
Storm clouds Posted Dec 17, 2010 17:03 UTC (Fri) by giraffedata (subscriber, #1954) [Link] I really get annoyed when people are making points and use bad examples, and then you are supposed to ignore the example and just trust the point. Maybe it would be less annoying if you would look deeper at the example and see if it was meant as, and is, an example of some other point. In this case, your talking about contracts and copyrights makes it look like you're addressing some different point than the article or I was making with these examples. The point is really quite simple: If you use Amazon to provide access to your data, even if it isn't a free service, Amazon can cut off access to your data. And Amazon can take files off your Kindle. Were you thinking those points are too obvious to require examples? Maybe, but examples are nearly always the easiest way to get an idea across. I would have found the article harder to read if it just asked me to use my imagination.
Storm clouds Posted Dec 17, 2010 19:34 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link]
if you depend on the electric company to power your building, they can terminate your service and you are in trouble, news at 11
saying that if you depend on anyone for anything they can shut you off should not be news to anyone.
but the complaint about wikileaks carries the suggestion that you can be cut off for no reason at all, at someone's whim. If the service is terminated for breech of contract (including, but not limited to, non-payment and breeching the terms of use) you will loose the functionality, and may or may not get any pre-paid funds back.
the exact same situation exists with rented storage, you put lots of personal stuff in a room at someone else's facility, if you fall behind in your payments, or do something in the room that violates the terms of service (storing explosives, or running a meth lab for example), you can loose everything that was in there.
this is just the electronic equivalent.
Storm clouds Posted Dec 18, 2010 2:42 UTC (Sat) by giraffedata (subscriber, #1954) [Link] but the complaint about wikileaks carries the suggestion that you can be cut off for no reason at all, at someone's whim. See, you're discussing something totally different. Neither the article nor the comments contain a complaint about Wikileaks. What they do is ask us to consider that Amazon booted Wikileaks and be reminded that Amazon has that power and then think about, as you say, how someone who puts his stuff in the cloud might be cut off for no reason at all, at someone's whim. That second part isn't supported by anything. The article (and RMS) want us to use our imagination for that part, but the various examples in the article of how that whim might be implemented are still good examples of that.
Storm clouds Posted Dec 18, 2010 5:42 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
don't you see that the statement about Amazon and wikileaks st least strongly suggests that Amazon was wrong to do so?
this is like saying that because the electic company shut someone off who didn't pay their bills, we need to keep in mind how bad it is to rely on the electic company, and therefor everyone should run their own generator instead.
there are valid reasons to not want to depend on amazon, just like there are valid reasons to install your own power generation capacity.
but if what you want to encourage is power independence and Solar/Wind based green power, the way to do so isn't to talk about how some deadbeat had their power shut off.
Storm clouds Posted Dec 19, 2010 16:49 UTC (Sun) by nlucas (subscriber, #33793) [Link]
That point of view may be a little US-centric.
In my country some services, even if privately owned, are considered essential public services and have special rules.
The service company can't terminate the service without a valid reason, but that implies 1-2 months for the reception of a registered letter by the user stating why and when they will terminate the service and allowing the user time to comply.
For now, internet is still not an essential public service, but I believe it's just a question of time (the fixed phone was also added latter).
My point is that, for now, in my country, I can expect this automatic termination of internet services to be legal, but I can expect that some years from now they will also be added as essential public services and protect it's users from the service company acting on a whim -- this doesn't apply when a court order arrives, but that is another story and forces the involvement of a judge.
So, I can't view the electric company example as valid, and can expect the Amazon example to just be some years away from being invalid.
Storm clouds Posted Dec 19, 2010 17:30 UTC (Sun) by giraffedata (subscriber, #1954) [Link] That point of view may be a little US-centric. FWIW, I believe it's the same way throughout the US; certainly in the parts in which I've lived.
Storm clouds Posted Dec 16, 2010 9:50 UTC (Thu) by tcarrez (subscriber, #53314) [Link]
I agree, cloud computing is not really a new challenge: loss of control is something we accept as soon as we outsource some service (Data hosting, Email servers, DNS records, even your network connection).
What makes it new is that there isn't enough competition yet in the IaaS space, so you won't find, yet, a public cloud hosted by a Swedish ISP under a mountain. You use Amazon's cloud and have to accept their interpretation of the rules. When there will be more competition in that space, you will be able to select a provider that better suits your needs for privacy, security or independence.
Once we'll have an open source "Apache of the cloud" that makes it easy for anyone to deploy that kind of service, we'll end the monopoly.
Storm clouds Posted Dec 16, 2010 14:50 UTC (Thu) by foom (subscriber, #14868) [Link]
Yeah, there's a looong way to go before we're there. Almost all of the cloudy software (not the low-leve infrastructure itself, but the actual *Applications*) is closed source. And I suspect even if e.g. Google had an abrupt about-face and open sourced everything they'd ever written, it would still not be particularly feasible for anyone else to reasonably deploy their software.
If you're running 10 application on a gazillion machines like google does, the amount of expertise required to keep each application running can reasonably be *much* higher than if you're trying to run 10 applications on 10 machines, or on 1 machine.
I'd bet the webapp software world will never get to the point where there's a set of good open source apps for all the things you do, and you can simply install and run them all on your own server if you feel like it. There's just so much stacked against that. Hopefully I'm wrong, though. :)
Storm clouds Posted Dec 16, 2010 18:41 UTC (Thu) by iabervon (subscriber, #722) [Link]
I think the fundamental issue if that there are certain advantages that come from running on a cloud instead of a single server; and it's not that they're cloud applications running on a cloud platform, but rather that they're actually running on the best choice of a ton of servers for doing the particular task.
The main advantage that Gmail has is that, whenever you try to get your mail, the server you're asking isn't one whose motherboard just blew up, isn't halfway around the world from where you are on a trip, and isn't behind a router that's gotten misconfigured.
I think the form of the solution is to make it possible to choose, on a per-file basis, whether you want it to be in the cloud or not, and may it cheap and easy to run a server that acts like the cloud except that it's only one server, so ordinary people can have one for their private information and the experience is seamless between keeping something to yourself and sharing it with a cloud service. You'd have your phone's data on servers that aren't going to get dropped off a boat accidentally, and the stuff that isn't secret would be on Google's servers (maybe including the public key and name of your private server), but your private data is somewhere you control.
I think this would even be a good situation for Google; they'd like access to all of the data that people don't mind them having access to. The data that people don't want them to have access to benefits them as well, but maybe not as much as people's discomfort hurts them. That is, "we aren't even able to disclose things you want us not to share" is probably a bigger selling point than the ability to sell ads that will look creepy to consumers, and they do better selling ads targeted towards how consumers intend to present themselves (the impression an advertizer wants to give is "I need that thing" not "How did they know I need that thing?").
Storm clouds Posted Dec 16, 2010 3:25 UTC (Thu) by djm (subscriber, #11651) [Link]
(not speaking for my employer)
Many users already store their mail "in the cloud" in the form of their ISP's IMAP server and have done so for years. Moreover, insider attacks and wiretapping are almost as easily implemented on an ISP MTA as on a "cloud" webmail system. Unless users are prepared to run their own mail servers they are exposed anyway.
On the other hand, ChromeOS offers good protection for everyday users against malware, which is IMHO a vastly more practical threat to privacy and security.
Storm clouds Posted Dec 23, 2010 9:30 UTC (Thu) by rqosa (subscriber, #24136) [Link] > Many users already store their mail "in the cloud" in the form of their ISP's IMAP server There's an important difference: with an IMAP server (or similar), you can make a local copy of all of your mail. (Once you've got the local copy, it's not under the control of the server operators anymore.) I doubt that most webmail services are designed to allow users to do that.
Storm clouds Posted Dec 16, 2010 4:34 UTC (Thu) by thoffman (subscriber, #3063) [Link]
Not speaking for my employer either, but the claim that Google "reads messages" is scaremongering. The ads are produced by an algorithm scanning for keywords. In other words, pretty much how your spam filter "reads your email" to decide what's spam. Many other assertions in that linked article are also bogus. This isn't surprising when you look at other articles by that author - she obviously isn't a tech journalist.
I like LWM a lot, and Google should be criticized. But accurate articles by experts make a better case!
Leaving that one article aside and considering the larger question of cloud services, I think two points should be made more clearly than they were in this article. First, it is unfair and inaccurate to toss all cloud computing companies into the same bucket.
Second, with some services, it is possible to have the benefits of cloud computing without many of the listed risks. For example, Jungledisk provides encrypted, cross-platform, cloud backup, where you hold the keys.
As another example, anyone using Google services can export and backup their data using tools from here: http://www.dataliberation.org/
Cloud computing is not as scary as this article makes it out to be. One should consider carefully before becoming dependent on _any_ company or service, but this isn't a "cloud" issue.
Storm clouds Posted Dec 16, 2010 10:30 UTC (Thu) by nix (subscriber, #2304) [Link] This isn't surprising when you look at other articles by that author - she obviously isn't a tech journalist.Even if she was, it's from the Daily Mail, a newspaper whose editor is explicit that he doesn't care whether what he publishes is the truth, only that it sells papers. There are countless examples of outright lies from it in the past: in areas in which it specialises, such as cancer cures, there are so very many examples, often mutually contradictory, that entire websites have been set up to track them. It is almost always a mistake to cite the Daily Mail as an authority on anything.
Storm clouds Posted Dec 16, 2010 11:31 UTC (Thu) by paulj (subscriber, #341) [Link]
What about the Google sysadmin, David Barksdale, who was spying on people?
It seems like Google has very poor granularity in the systems that control & monitor access to their users' data. That basically all engineering/sysadmin staff get access to all user data. E.g. Barksdale was only 'unmasked' by the parents of those he'd been spying on - not by any internal control. And there are reports his was not the only such case.
It's the same as everywhere else... Posted Dec 16, 2010 15:28 UTC (Thu) by khim (subscriber, #9252) [Link] It seems like Google has very poor granularity in the systems that control & monitor access to their users' data. That basically all engineering/sysadmin staff get access to all user data. Citation needed! Seriously. Most articles about David don't forget the mention that he was "a member of an elite technical group"... but actually he was not. He was mere "Site Reliability Engineer" - but his work was specifically to keep GMail running. If you think there are noone @Amazon or @Rackspace who have similar level of access then you are sorely mistaken: it's very hard to troubleshoot system if you don't have a root access on the problematic system. And if you have root access you can add all kinds of monitoring-circumventing tools.
It's the same as everywhere else... Posted Dec 17, 2010 15:03 UTC (Fri) by paulj (subscriber, #341) [Link]
1. You say "citation needed!", presumably on poor access-control, but then note Barksdale was a "mere" SRE. Well, if a general admin has access to all user-data, doesn't that demonstrate the poor access-control?
2. Why mention other companies? I never did. Unless you're trying to offer a "everyone has poor access control" defence, which isn't a very good one. Am I aware certain problems require very wide-powers to fix? Well, duh, yes. Does technically that mean that *all* admins, regardless of their function, must have access to these highly-empowered roles? Of course not. More usefully, is it economically worth it to Google to take the cost of building-in more fine-grained access controls and better auditing in to their systems? Well that depends on whether or not sufficient users are concerned enough about this to avoid entrusting their data to Google if they don't address the apparent AAA problem they have wrt their staff and their users' data.
It's the same as everywhere else... Posted Dec 17, 2010 17:27 UTC (Fri) by khim (subscriber, #9252) [Link] You say "citation needed!", presumably on poor access-control, but then note Barksdale was a "mere" SRE. Yup. Is there a contradiction? Please read the whole sentence again: "He was mere "Site Reliability Engineer" - but his work was specifically to keep GMail running". The important part is after dash - and you ignore it completely. Well, if a general admin has access to all user-data, doesn't that demonstrate the poor access-control? Agree 100%. If "general admin" has access to the user data then there are big problem. But David was not "general admin". He was GMail SRE. His work basically was to troubleshot GMail servers and keep them running. I know of no companies (beyond military) where mail server admin can not read e-mail on said mail server. Few think they have such protection, but none actually do. Audit logs help if you need to prove that someone did wrong thing (how do you think Google was able to fire David?), but they rarely help to prevent break-in attempts from authorized personnel. More usefully, is it economically worth it to Google to take the cost of building-in more fine-grained access controls and better auditing in to their systems? Once again: why you think Google does not have such system? To prevent incidents like discussed one you need to have a system where even "root" does not have access to the whole information on the system - and while it's possible to design and implement said systems (military does it, after all), it's very expensive and goes far beyond "fine-grained access controls".
It's the same as everywhere else... Posted Dec 18, 2010 13:46 UTC (Sat) by paulj (subscriber, #341) [Link]
Of course email system admins can read email. Barksdale, despite his role, had access to *more* than just GMail data though. He was able to snoop on and reset user-blocks in Google Chat, and access Google Voice logs, according to reports. If I read between the lines of the reports, it seems he also had unfettered access to the user account systems. Note that it is far from clear that Googles' auditing systems played much part even in substantiating the claims against him and his dismissal - they didn't help in catching him it seems.
If your gripe with my original comment is that email admins technically effectively MUST also have access to IM, VoIP and user-ac systems, or even root-level systems access, then I disagree.
No doubt there are efficiency and integration arguments to be made for why GMail admins should have access to lots of non-GMail data. Those arguments must be balanced against the impact on user-privacy. Further, Google are extremely secretive about how they operate. So while Google gave assurances that they were continually improving their AAA systems in the wake of the Barksdale affair, we generally do not know what those improvements are or how effective Googles' systems for protecting user-privacy are.
So to answer your question: Neither I nor any other Google user can know what systems Google have. That's part of the user-privacy problem! We do however know those systems were very weak in the past. Further, the economics mean that it is not in Googles' interest to put in strong, internal AAA controls unless users' care a lot about this issue (and I think most don't still).
Note that I'm *not* making a qualitative judgement per se. If vast majority of users' (actual and potential) don't care about this issue, then why should Google go to the expense? All I did was give a *factual* counter-example to the original commentator that "Google" did not read users' data (at least some rogue SREs have) and make the *factual* statement that access control granularity has, given the reports, shown to be "poor" at some point in the past (poor in the sense of a lack of granularity, but I admit the loading on that word perhaps made it a bad choice).
Storm clouds Posted Dec 17, 2010 9:18 UTC (Fri) by njwhite (subscriber, #51848) [Link]
The gmail advert stuff is more concerning than spamassassin.
The programs that are used to determine themes of email, to more precisely target advertisments, are also very useful to others in surveilling your activities. I don't know whether Google are currently storing and aggregating the information about your email habits from these programs, but they certainly could be, and it would be in their interests to do so.
Whether or not it's used for this at present, and whether such information is shared with other companies or governments, this is a real danger. Add to that the fact that the infrastructure means that you can never really know if/how your information is shared (particularly with shadier sections of governments,) and it is a quite unpleasant risk.
Storm clouds Posted Dec 19, 2010 16:59 UTC (Sun) by kleptog (subscriber, #1183) [Link]
I would be really surprised if google had lots of specific bits of code to determine "themes" for emails. Basically because it would be completely unscalable. Google works for many different languages, so whatever they do it needs to be language agnostic.
ISTM that they have a process that turns your email into something like a huge matrix, combines this with some matrix that it has learned gives results you like, and uses this to produce its ads results.
The point being, google doesn't have a entry somewhere saying "this guy likes hello kitty". Instead, the matrix somehow makes these things appear higher in the list.
One of the issues with machine learning algorithms is that at times (with good learning techniques) they can produce really good results, however they're really bad at telling you *why* they produce the results they do. They do however have a bunch of numbers which somehow represent what you like.
What I suppose they could do is run a whole lot of queries as you and note the results and use that to make a profile. But that's a completely different story than saying google knows everything about you. In a sense you're right they're aggregating data about you, but I doubt it's in a form that's useful for anything other than searching and advertising.
Storm clouds Posted Dec 16, 2010 5:02 UTC (Thu) by DOT (subscriber, #58786) [Link]
I would certainly love to run my own mail server from my house, but two things prevent this right now: my ISP blocks the relevant ports, and an easily configurable mail server is thought to cause massive loads of spam without curing world hunger.
Private email server vs cloud Posted Dec 17, 2010 1:09 UTC (Fri) by giraffedata (subscriber, #1954) [Link] I would certainly love to run my own mail server from my house, but two things prevent this right now: Plus, you would be far more likely to lose your data and your accessibility than having Google do your mail. You don't have enough time or money to come close to the reliability of Gmail (for starters, you would at least need more than one house), even after you consider the chance of Google booting you off for some political reason or going broke or whatever. For many years, I ran my own mail server in my house. It was a fun hobby, but a nerve-racking experience. I now have that server on a rented virtual machine at Rackspace and breathe much, much more easily. It's still not as reliable as Gmail, though.
Storm clouds Posted Dec 16, 2010 5:54 UTC (Thu) by aschwinm (subscriber, #33817) [Link]
I think it's about awareness: if you are aware of security implications of what you do then there is no problem as you can adapt what you are doing. As most email is not encrypted it can be intercepted a couple of times already before it reaches my mail server that I can't do anything about if the other party doesn't encrypt the message.
I agree that most people don't have that understanding.
Storm clouds have a silver lining Posted Dec 16, 2010 6:01 UTC (Thu) by pabs (subscriber, #43278) [Link]
Eben Moglen had a similar message at his DebConf10 talk in NYC:
http://penta.debconf.org/dc10_schedule/events/641.en.html
If there is a sane version of "cloud computing", Eben's vision would be it.
I for one hope this project goes somewhere:
Storm clouds have a silver lining Posted Dec 16, 2010 17:35 UTC (Thu) by wookey (subscriber, #5501) [Link]
Indeed. Eben's vision of 'simple' tech for normal people to regain control over their data is a powerful one. We have most of the tech already, but it needs refining and making idiot-proof and slick-looking. It also need people to spend some actual enginering effort making it happen. There has been some significant design effort so far, but there is still a lot to do.
Storm clouds Posted Dec 16, 2010 7:22 UTC (Thu) by Curan (subscriber, #66186) [Link]
About the "open-door policy": as a provider I can only follow this example in my jurisdiction or I loose the "provider privilege", which exempts me from liability for things my customers do or have done. So this is more a legal problem. Please note, that I'm only required to disclose information (or "freeze" it) when (/until) I get a warrant signed by a judge. But then I have to comply. But if e.g. a copyright infringement is brought to my attention, I need to take action immediately and take the infringing content offline to retain the provider privilege (assuming that the content is infringing, which can be hard to judge sometimes).
About alternatives for syncing: I think solutions like "Firefox Sync" (<http://www.mozilla.com/firefox/sync/>) are good examples which we can name and/or even offer independent sync servers (e.g. as an alternative "cloud" service (because more providers are significantly harder to shut down than just a few) or set up for those who want such services on their own hardware) for. Similar things should be possible for all the other things named in the article (e.g. a sort of aptitude state bundle for syncing installed applications).
Cheers,
Storm clouds Posted Dec 16, 2010 14:04 UTC (Thu) by sorpigal (subscriber, #36106) [Link] So it's largely a legal issue. The question then becomes "How can we stay safe without any changes to the law?" Answers like "Encrypt everything" won't work for the average user unless it's very easy.
Storm clouds Posted Dec 16, 2010 17:58 UTC (Thu) by Curan (subscriber, #66186) [Link]
I agree, though the long term goal must be to get back to sane laws. Encrypting everything works reasonably well even for users with solutions like Enigmail for Icedove/Thunderbird and file manager extensions to easily encrypt a file from the UI. I can claim quite a success with educating users about using GnuPG on every e-mail for example. It's sometimes a bumpy start but always works out in the end.
Cheers,
Sound bite from my .sig.d archives Posted Dec 16, 2010 14:49 UTC (Thu) by maney (subscriber, #12630) [Link]
People make secure systems insecure because insecure systems do what people want and secure systems don't. -- James Grimmelmann
I wonder if that's one that I collected from an article here at LWN many years ago? Anyway, this is the dark heart of things: most people, and even many of us who are entirely able to setup free alternatives, cave in when the non-free alternative is easier for us. It's the lure of outsourcing: you see the cost/time/trouble savings, the downside appears only slowly, after you're already entangled.
Storm clouds Posted Dec 16, 2010 17:21 UTC (Thu) by karim (subscriber, #114) [Link]
Or maybe it's all about basic economics. Thinking aloud here ...
I can't find the reference anymore but I recall reading an article/essay a while ago about the fact that "Open Source" was an inevitable phenomenon once cheap, large-scale network connections became possible in the early '90s - i.e. the web/Internet. If that holds true, a reasonable corollary would be to say that another necessary ingredient was access to increasingly powerful cheap consumer hardware. Yet, said network connections and consumer hardware only became cheap because there was a mass market for it.
IOW, what the mass market was willing to pay for (pervasive network connections and cheap hardware) made it possible for those with the appropriate skillset to create alternative software stacks for the masses. And that is all good.
However, when the mass market starts to take a taste to something different ("cloud computing" in this case) one has to re-evaluate the equation. For one thing, said "open source" stack has been instrumental in making "cloud computing" possible (Linux, MySQL, PHP, etc.) Now, as the editor has pointed out, the fact of the matter is that users are increasingly finding "cloud computing" more appealing than "desktop computing". I, for one, think this is an irreversible trend. But what's driving this is, like before, cheap/easy access. The cheaper, the easier, the more appealing. Nothing Richard says (or any of us here) will change that.
So the question then is: Is it relevant to have open source equivalents to cloud services? I'm not sure it is. What exactly would I do if I had Twitter's source code? Launch an alternative Twitter? Useless. The value is that data stored on those servers, the know-how of those who operate them and, most importantly, the buy-in from all those who've made it a habit. Replicating that would be close to impossible. Let alone economically feasible. And that's probably where the issue lies in as far as I'm concerned: there is nothing any FOSS license or community member can do to eliminate the costs/resources required to run "cloud computing" applications.
Software freedom/openness and cost/resources may in fact be completely orthogonal issues. FOSS community members may care about both, but they can only act on one. And the costs/resources issue will require more than software skill. It will require being able, at the very least, to be able to connect computer systems across vast networks virtually for free (i.e. no cost at all, no matter how much traffic.) In that sense, it would seem that Eben Moglen would have been prescient in his professed desire to see the airwaves being opened up.
... an incomplete thought at best. But that's what comes to mind for now.
Storm clouds Posted Dec 16, 2010 18:39 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]
cloud computing is not inevitable, any more than desktop computing is inevitable.
cloud computing is a larger version of the old mainframe paradigm where the local system is just a display, for many years it was 'inevitable' that desktop computing was better, now it's 'inevitable' that cloud computing is better.
they both have advantages and disadvantages.
Storm clouds Posted Dec 17, 2010 1:26 UTC (Fri) by giraffedata (subscriber, #1954) [Link] The ironic thing about this problem is that cloud computing doesn't create it; it solves it. In the marketing rush to call everything "cloud computing," the term has taken on lots of meanings, and in the case of this article, it apparently means outsourcing -- putting your stuff on someone else's server. Well, cloud computing is quite different: it means not putting your stuff on any particular server. Taken to its logical conclusion, it means not trusting it to any one company, government, or technology either. There are copies of your data all over the place, and if one misbehaving company decides to shut off your access, you barely feel a blip. We're all familiar with striping data across multiple disk drives redundantly so if one has a head crash, you still have your data. That can be done across multiple computing service companies as well, to protect against the various ways people and governments let us down. Trusting your stuff to the cloud is more reliable than trying to keep it on a system all your own.
Storm clouds Posted Dec 17, 2010 8:29 UTC (Fri) by anselm (subscriber, #2796) [Link] We're all familiar with striping data across multiple disk drives redundantly so if one has a head crash, you still have your data. That's not striping, that's mirroring. Striping is when you put part of a file on one drive and part on another for speed.
Storm clouds Posted Dec 17, 2010 16:52 UTC (Fri) by giraffedata (subscriber, #1954) [Link] We're all familiar with striping data across multiple disk drives redundantly so if one has a head crash, you still have your data.That's not striping, that's mirroring. Striping is when you put part of a file on one drive and part on another for speed. I was thinking of RAID 5, where you write every 2 blocks of data as 3 blocks in a stripe across 3 disk drives so that if you lose one drive you still have all your data (while using less than twice as much disk space, as you would with mirroring).
"Provider-Independent Security" Posted Dec 18, 2010 2:40 UTC (Sat) by warner (guest, #51755) [Link]
It seems appropriate to put in a plug here for our free-software project: Tahoe-LAFS (http://tahoe-lafs.org/trac/tahoe-lafs) is a distributed filesystem which stores encrypted/erasure-coded shares on remote storage servers. The confidentiality and integrity of your data is unaffected by any storage server's behavior: they get only ciphertext. The availability of your data relies upon a quorum of storage servers to keep working: you can tolerate the loss of many servers without losing your data. We built it specifically to provide a consumer backup service in which the service provider could not see your data: you're paying them for disk space, not to provide security.
When you spread the data among multiple "cloud storage" providers, you get a scheme we jokingly refer to as RAIC: Redundant Array of Independent Clouds.
I'm keenly interested in building systems that put as little trust as possible into central servers.. it just seems like the right thing to do.
Opening clouds as free software Posted Dec 17, 2010 2:51 UTC (Fri) by andyo (guest, #30) [Link]
I am posting a series of articles this week and next week to O'Reilly's Radar site that proposes a comprehensive approach to opening clouds:
The series leads up to a proposal in the final segment.
Storm clouds Posted Dec 18, 2010 12:11 UTC (Sat) by lab (subscriber, #51153) [Link] Well said Jon. Balanced and insightful as always.
Storm clouds Posted Dec 23, 2010 20:46 UTC (Thu) by mauriziob (guest, #71998) [Link]
I am surprised no one seems to make a connection between "cloud computing" and the banking system: Put your money/data in there and have access to it anywhere you want, kept secure and backed up by professionals instead of keeping it in your own server/safe. And in both cases you don't really own anything anymore: Of course your money/data will be given back to you most of the times, but you have no way to be sure. And the way you use your money/data may well be restricted by the ones who now really control it.
It is interesting to note that with respect to the bank, the developement of alternative systems (based on alternative currencies for instance) is in general prohibited.
|
|||||||||||||