RMS and Clipperz Promoting Freedom In the Cloud 156
mbarulli writes "Clipperz and Richard Stallman recently launched a joint call for action to bring freedom and privacy to web applications. 'The benefits of web apps are many, but quite often users lose their freedom to study, modify and discuss the source code that powers those web apps. Furthermore, we are forced to trust third parties with our data (bookmarks, text documents, chat transcripts, financial info ... and now health records!) that no longer resides on our hard disks, but are stored somewhere in the cloud.' Clipperz and RMS urge web developers to adopt the new AGPL license and build their applications using a 'zero-knowledge architecture,' a framework for web services that has been derived from Clipperz online password manager. A smooth path toward web apps based on free software that know nothing about you and your data."
If... (Score:3, Insightful)
...you don't trust something, then don't use it.
Simple, really.
Re:Or Not (Score:3, Insightful)
People don't get it.
Software Developers need to eat too.
There is no way I would release anything under 'AGPL' or even 'GPL' if it was important to my core business. How am I supposed to pay for a roof over my head!?
Internet privacy laws are needed.. good luck! (Score:5, Insightful)
Internet privacy laws are needed. Good luck in this climate, a week from now our loyal OPPOSITION party here in the us is going to sell our fourth amendment rights down the river.
The new FISA bill will stop the "illegal" domestic spying all right.. by making it legal and allowing it to continue.
No more "illegal" spying! hurray?
Re:Commie GNU/hippies! (Score:2, Insightful)
I'll stick with BSD/Apache. The possibilities are just as great (and have been undergoing implementation for years, as a matter of fact) and they won't undercut my ability to make money programming.
Re:Or Not (Score:5, Insightful)
Somebody's got to support all that AGPL and GPL code, right?
Re:Or Not (Score:4, Insightful)
Re:Or Not (Score:3, Insightful)
How am I supposed to pay for a roof over my head!?
Make it so furiously complicated to configure in a useful way that nobody ever actually wants to use the code without paying you for support and/or hosting.
Re:Actually (Score:3, Insightful)
You don't need a license. You need a "EFF approved" stamp.
ajax can't do it; server bills; forking code (Score:5, Insightful)
There are a lot of problems with this proposal.
Before we even start worrying about privacy with respect to web apps, we have to worry about making web apps work within the existing technical constraints. There are serious technical problems with adapting the browser and the web to make web apps. Try google's web-app office suite, for example. It implements a tiny fraction of the functionality of a traditional word processor and spreadsheet, and its performance is just plain unacceptable, especially in the spreadsheet. Http, the browser, javascript, and w3c standards simply were not designed for this type of task, and it's not at all clear that they can be adapted to it. That means that if we ever do get something like the experience they're talking about in the article, it will probably be based on an entirely different design, and it's going to be hard to work out the privacy issues without knowing the technical and financial implications of that new design.
The paradigm they're talking about is one in which users get a service from someone running a rack full of servers. For instance, if I write a letter in my web-app word-processor, somewhere there's got to be a server that's storing my document. The person running the service needs to pay their elecric bill. How are they going to do it? Well, they could make their users look at ads, but that won't work if the app is really user-modifiable, because someone will come out with a version that doesn't show the ads. They could charge the user a monthly fee, but that won't work, because the article proposes to set up the service so that the provider knows absolutely nothing about the user, not even his username.
One big reason this won't work is that a web app consists of two separate pieces of code: one that runs on the server, and one that runs on the client. I wouldn't call it open source if I get to modify 50% of the code, but not the other 50%. Another problem is that part of the allure of web apps is that they require zero configuration, and can be invisibly upgraded at any time. It's hard to see how you'd maintain that benefit while having users run a forked version of the client-side code. What happens when the provider wants to modify the server-side code in a way that breaks compatibility with the forked client-side code?
Re:Or Not (Score:4, Insightful)
People don't get it.
Software Developers need to eat too.
There is no way I would release anything under 'AGPL' or even 'GPL' if it was important to my core business. How am I supposed to pay for a roof over my head!?
Maybe by RENTING developer hours for the same price as the code being "sold"? Just because the source is available doesn't make making changes easy. Go ahead, try to fork the Linux kernel and see if you don't end up with something unstable. You need to hire professionals for that. Why would a web application be different?
Selling software is going the way of the dinosaur. You can embrace the new business model of customizing F/OSS, or follow SCO. Your choice.
Re:Actually (Score:2, Insightful)
Screw Stallman, the AGPL , and Clipperz (Score:3, Insightful)
I am really tired of hearing from a guy who's main means of making a living is talking [blogspot.com] (and for which he makes a good living), telling me to work for free. I don't listen to the Tony Robinsons either... blah blah blah, try working instead of jawing for a living before you tell me I shouldn't be able to make money off what I produce. Talk is cheap.
He makes a good living telling people to give away their work so we can't pay our rent. In fact, I would bet he really doesn't have to work another day in his life. He is another version of Tony Robinson motivational speaker. Yes, Stallman wrote some programs before, but I doubt if there is anything really new he has done lately and he doesn't even make his main living from that anyway. He forgets that there are people who do make their main living from software development. I get paid for what I do because most other people cannot or won't do software development on their own. The majority of people can't or won't program computer applications. Why should I give away my work so that others who are too lazy or not intelligent enough to do it themselves, or are working on things that I can buy from them, can take it and take away my ability to eat. I understand the paradigm of selling support for the application you develop and give away for free. But that only works for large apps that are far too complex for even a small group of people to branch and modify. Many web sites and web apps are not so complex, aside from a few like Joomla. If everyone and their dog has your code for building a web site, your market share is killed and you are not going to be able to sell enough support... i.e. you are not going to be able to make a living.
I don't mind sharing tips and help people on forums if they show they are really stumped and not asking for a free ride. And I think that open source is pretty good in some respects but admire the BSD and Apache licenses far more than the GPL. To my mind they are really open source: 'Here is my code, do ANYTHING you want with it... use it, modify it, give it away, sell it, include your modifications, give away your modifications, hide your modifications, give away parts of your code, whatever you want... it is an open license.'
If you don't want them sharing your data... (Score:5, Insightful)
...don't give it to them.
Social networking sites are fundamentally about sharing data. Lots of people, particularly the younger generation, forget this in their desire to play with the latest fad (which, like the one before it, will probably move on in a year or two). But, surprising as it may seem, you don't have to give your complete life story to someone else by joining Facebook, or to post your intimate secrets for the whole world to see on LiveJournal, or to give a minute-by-minute commentary on what you're doing, or to put those slightly dubious looking photos up on a public photo gallery.
I don't see how it would help if someone running a social networking site that collects all your data chose to share the source code. The source code is irrelevant: they still have your data. This is a simple privacy issue, and nothing to do with RMS-style rights to change source code.
Re:Internet privacy laws are needed.. good luck! (Score:3, Insightful)
The real catch with Internet privacy law (well, all Internet law, really) is that the Internet is a global system. If I don't like your country's privacy laws, I'll host my system somewhere else.
Re:clipperz? (Score:5, Insightful)
Actually, one of my black friends routinely tells me black jokes, and vice versa. We think they're pretty hilarious.
Ditto.
/stupid/ or at least /literal/ that they would die because they followed instructions on a shampoo bottle.
/me is in the front of that line!
Part of humor is being able to laugh at one's own foibles, even if they're stereotypical. While some jokes are just plain crude/crass/mean (think: dead baby jokes), most black/gay/duck/white/programmer/non-programmer jokes that I've heard aren't. They really are funny.
How many (coders) laugh (or have laughed) at this one?
Did you hear about the programmer who died in the shower?
His shampoo bottle said "Wash, rinse, repeat"!
Unless that programmer has no sense of humour (most I've met have a great sense of humour), they'll at least grin. But wait, isn't it insulting?? I mean, it suggests that programmers are so
Really? Too many people need to get over their big heads.
Re:Or Not (Score:5, Insightful)
The point of licenses such as this, isn't to serve the developer; it's to serve the user. You have to look at it from that point of view, in order to understand it. Look at it as a user, and AGPL software is attractive and valuable.
As a user, the question is: how do you get such valuable software?
Answer that question, and then you'll see the developers' incentive. As a developer, the reason you would consider writing code with this license, is that someone who wants the software, would be paying you to. Getting paid is your core business.
That doesn't happen, though, until users begin to recognize the value of GPLed software. Thus, RMS preaches.
The "viral" aspect of GPL is related to this, and gives a second incentive for you, the developer, to create GPLed software. If someone wants some software that almost already exists, where most of the software has already been written (e.g. Linux or the GIMP or something like that), then you might be able to give a lower bid (and win the contract) by modifying such software instead of writing it from scratch. In that case, the GPL constrains you to release your new code under GPL. Everyone wins: you get paid, and more GPL software exists.
But yes, without someone paying you for your time, you'd have little other incentive to do this, other than altruism. Strangely, a lot of GPL software is still being produced by altruism, but don't be fooled: not all of it is. There are programmers at IBM, Novell, and Red Hat who are getting paychecks for this stuff.
I think it comes down to what your core business is. Is it to produce an IP asset (a copyrighted product that only you can sell)? Or is it to work for money? Traditionally, the first scenario is where the real money is. Bill Gates didn't make his fortune by collecting paychecks.
But if RMS and his like can convince people that GPLed software is valuable, the second model may increase in viability, and perhaps at the expense of the first. Why should I buy a product instead of hiring someone to modify a nearly-done free product for me?
Re:ajax can't do it; server bills; forking code (Score:3, Insightful)
The paradigm they're talking about is one in which users get a service from someone running a rack full of servers. For instance, if I write a letter in my web-app word-processor, somewhere there's got to be a server that's storing my document. The person running the service needs to pay their elecric bill. How are they going to do it?
Well, first off, with an open infrastructure, that service could be run on YOUR server, in which case, you pay your own bills. But even if it's on someone else's...
Well, they could make their users look at ads, but that won't work if the app is really user-modifiable, because someone will come out with a version that doesn't show the ads.
Right, but the ad-free version will not run itself. You'll either have to host it on your own server or find some other company willing to support an ad-free version by some other means.
They could charge the user a monthly fee, but that won't work, because the article proposes to set up the service so that the provider knows absolutely nothing about the user, not even his username.
You can set up a funding scheme with where the application doesn't keep user information. For example, you could have a third-party subscription broker that generates cryptographic tokens that indicate you paid for service. It's like buying ride tickets an amusement part; none of the individual ride operators needs to know (or care) anything about your billing information.
"I've looked at Cloud from both sides now" (Score:5, Insightful)
You have to be a pretty trusting soul to put business-critical information or private health data under the control of complete strangers, and with security assurances that amount to little more than, "We keep everything strictly private that the US government doesn't want to see", and, "If we screw up, we promise not to screw up again until the next time".
Thanks anyway. I'll keep my financial data, medical records and such a wee bit closer to home.
Re:Or Not (Score:3, Insightful)
"...Unless you guys want to pay to see the source code, this just turns me off any of the GPL variants more..."
Richard Stallman and his GPL fans want to force everything to be open and public, yet at the same time is pushing Clipperz for keeping things private. Sounds like RS and his FSF fanbase have a bit of bipolar personality disorder.
GPL? Si. AGPL? No. (Score:4, Insightful)
The AGPL is easily ignored [honeypot.net], and frankly, its FSF-sanctioned existence pisses me off. It's one thing - a good thing! - to place Freedom-preserving restrictions on distribution. It's another thing altogether to put Freedom-removing restrictions on usage. For some reason, the FSF has endorsed the idea that hosting an application via the web is distribution, even if hosting that same application via a console session is merely usage.
Actually, I'm pretty sure the reason is that GPLed software is well entrenched, and the FSF feels they have the leverage to begin forcing users to share changes even if they're not distributing them. Want to use Free software? Here are the new rules!
That sucks. I'm a huge RMS fanboy, but I think the AGPL and the principles behind it are fundamentally broken and should be abandoned.
Re:Or Not (Score:3, Insightful)
Why should I buy a product instead of hiring someone to modify a nearly-done free product for me?
For the same reasons you buy anything as opposed to hiring someone to make it.
1. It's cheaper.
2. It's ready now, off the shelf.
3. It's convenient--you don't have to draw up labor contracts or develop specs.
4. You don't care, in that particular situation, how it works or that it's the perfectly suited product. You just want it to perform a function and move on with your life.
Software is a tool. It is not a movement. Trying to "kill" alternatives is just as greedy and absurd as the people you malign. If they want to release their product a different way, let them. You don't have to do it the same way. Open source is not always the answer.
Re:Hear hear ! (Score:2, Insightful)
facebook (which makes its money out of selling private information to advertisers without even making an attempt at disguising the fact)
I keep hearing this on Slashdot, but I have yet to hear of any proof that Facebook is selling profile information without consent. If they are not disguising the fact, then why is it that their privacy policy explicitly prohibits selling information without consent? Either provide some proof, or I'll just have to assume that these accusations are nothing but FUD.