Stallman's new enemy: the cloud

Christopher Browne cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Oct 1 16:01:40 UTC 2008 

On Wed, Oct 1, 2008 at 10:42 AM, D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org> wrote:
> OK, there's enough traffic that I'll bite.
>
> | From: Evan Leibovitch <evan-ieNeDk6JonTYtjvyW6yDsg at public.gmane.org>
>
>
> | I just don't get this one.
>
> He's right on at least the purely theoretical level.
>
> There are only a few things that you can do with a cloud and still be
> sure that you haven't leaked information to the provider.
>
> If you don't mind leaking information, you are on a different
> wavelength from me.
>
> If you think that you can prevent leaking information, please tell me
> how.

I think people are misunderstanding somewhat what RMS is *meaning* by
"cloud computing."

He's NOT talking about the notion of running virtualized machines out
in a cloud (which is what Amazon's ECS thing is about, and which seems
to be what "cloud computing" usually seems to refer to).

He may be using terminology a little bit badly; what he's wagging his
finger at is what is getting assortedly called "web services" and "Web
2.0" and "web mashups" and such like.

> | Richard Stallman, recently interviewed, said this about cloud computing:
> |
> | "It's stupidity. It's worse than stupidity: it's a marketing hype
> | campaign"
>
> He explains why he thinks it is stupid for a customer to use these
> services.  This doesn't mean that it is stupid for the provider to
> offer them :-).  The quote does not exactly make clear what Stallman
> was refering to as "it".
>
> Cloud computing surely is marketing hype at the moment.  I didn't use
> the word "just" and neither did the quotation.
>
> | [...]
> | "One reason you should not use web applications to do your computing
> | is that you lose control," he said. "It's just as bad as using a
> | proprietary program. Do your own computing on your own computer with
> | your copy of a freedom-respecting program. If you use a proprietary
> | program or somebody else's web server, you're defenceless. You're
> | putty in the hands of whoever developed that software."
>
> In security, and in theory in general, one often simplifies situations
> to binary: either you are secure or you are not.
>
> With cloud computing, you do give up various forms of control.  When
> you give up some control, that might be leveraged (in a worst case) to
> giving up a lot of control.

Control is lost, I agree.

Risks must also be accepted by the users, and I believe that:

a) Users are not recognizing those risks, and
b) Vendors are certainly not keen on pointing out the risks.

I'll ignore the privacy side of it, as others are addressing it fairly well.

The OTHER issue is that these sorts of systems introduce a
considerable risk of unmitigatable data loss.

I have some set of data stored on Facebook; if Something Were To
Happen, I could very readily lose access to that data, and the shape
of the collection might well be of some importance to me.

It's a pretty closed system, so I don't have any mitigation I can do.
There's no capability to export that information, and there's a fair
bit of "evil" to that.

LinkedIn collects a fair bit of information about business-style
relationships; there is a *limited* export that I can do, to export my
connections, but discussion information, profile information, and
messaging data all lives hidden from my control.  If they turn evil,
or turn incompetent, I *can* keep regular dumps of my contact list,
but the other data becomes so much "chaff."

A third example is "less evil still;" with GMail, I *do* maintain the
ability to download all of my email using a POP/IMAP client, so that
even should they "become evil", and I lose my access to the account, I
still retain copies of all my messages.

Google Contacts and Google Calendar have some capabilities for
exporting much of their data; it's less clear that other of their
services (e.g. - Docs, Reader (RSS)) offer anything meaningfully
similar.

When you choose to use services like these, you have to accept a set
of risks.  RMS is clearly unhappy about *any* acceptance of such
risks, which is one end to the spectrum.  Vendors want you to
gleefully accept the risks unthinkingly, which nicely represents an
opposite end to the spectrum.

You should only *choose* to use such services when you:
 a) Accept, voluntarily, those risks that are present, and
 b) Try to mitigate those risks that can be mitigated.
-- 
http://linuxfinances.info/info/linuxdistributions.html
"The definition of insanity is doing the same thing over and over and
expecting different results."  -- assortedly attributed to Albert
Einstein, Benjamin Franklin, Rita Mae Brown, and Rudyard Kipling
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list