Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy

RMS and Clipperz Promoting Freedom In the Cloud 156

mbarulli writes "Clipperz and Richard Stallman recently launched a joint call for action to bring freedom and privacy to web applications. 'The benefits of web apps are many, but quite often users lose their freedom to study, modify and discuss the source code that powers those web apps. Furthermore, we are forced to trust third parties with our data (bookmarks, text documents, chat transcripts, financial info ... and now health records!) that no longer resides on our hard disks, but are stored somewhere in the cloud.' Clipperz and RMS urge web developers to adopt the new AGPL license and build their applications using a 'zero-knowledge architecture,' a framework for web services that has been derived from Clipperz online password manager. A smooth path toward web apps based on free software that know nothing about you and your data."
This discussion has been archived. No new comments can be posted.

RMS and Clipperz Promoting Freedom In the Cloud

Comments Filter:
  • Hear hear ! (Score:5, Interesting)

    by silentcoder ( 1241496 ) on Monday June 30, 2008 @10:22AM (#24001267)

    Especially when one considers the evergrowing warnings about google products and sites like facebook (which makes its money out of selling private information to advertisers without even making an attempt at disguising the fact) - we need, in this age of web-apps, to push for greater openness in their design.

    It's no longer just about the source code, it's about every single aspect of our lives. Dr. Phill may get hits from doing shows about how people misrepresent themselves online - but the fact that his investigators are able to find out enough about a person to 'figure out the lies' just tell you how dangerous the system already is - and that is third parties, imagine the true power that applications like facebook or Yahoo! mail holds... it's scary.

    On the other hand, most people could care so little about their privacy these days... one may go so far as to suggest that those who do not care, do not deserve it.

    For the rest of us, why not contribute a bit to changing the picture - is there even one solid social networking tool out there that is built on open source ?

    • by Anonymous Brave Guy ( 457657 ) on Monday June 30, 2008 @11:19AM (#24002359)

      ...don't give it to them.

      Social networking sites are fundamentally about sharing data. Lots of people, particularly the younger generation, forget this in their desire to play with the latest fad (which, like the one before it, will probably move on in a year or two). But, surprising as it may seem, you don't have to give your complete life story to someone else by joining Facebook, or to post your intimate secrets for the whole world to see on LiveJournal, or to give a minute-by-minute commentary on what you're doing, or to put those slightly dubious looking photos up on a public photo gallery.

      I don't see how it would help if someone running a social networking site that collects all your data chose to share the source code. The source code is irrelevant: they still have your data. This is a simple privacy issue, and nothing to do with RMS-style rights to change source code.

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        Even if I don't give them my data, other people will. What's to stop my friends/enemies from posting pictures of me online? With my name in the tag?

        • What's to stop my friends/enemies from posting pictures of me online?

          This might sound weird, but, how about you yourself?

        • Re: (Score:3, Interesting)

          That's a very fair point (and, in fact, the reason I personally left Facebook very soon after joining it).

          But in most cases, it's harder for friends to tag you etc. if you don't have an active account yourself.

          (As an aside, providing such personal information about others without their consent is pretty clearly illegal in some places, as is storing it by the social networking site.)

        • Re: (Score:3, Funny)

          by zacronos ( 937891 )
          Clearly, the solution to this problem is to have the US government develop sophisticated face-recognition software, then build a centralized database of people who opt-out of having their pictures posted online. The Internet will be continually spidered, and any time a picture online is found to match the identity of someone in the database, the website will get a takedown notice, and the opt-out person in the picture will also be contacted (since their contact information would of course be in the opt-out
        • Don't give them any pictures then and don't let them take any. Or wait...here's a radical idea...ask them nicely to not post pictures of you online. If they are really your friends they'll respect that.

    • by laffer1 ( 701823 )

      It's not just developing the software, it's attracting the users from facebook and other sites to an open source site. Also, consider that you've still got to offer more to get people to stick with your site rather than the thousands of clones that can popup because it is open source.

      It's a real problem for computer geeks to guess what popular teenage girls want to use. Hell, I couldn't figure them out when I was in high school. :)

      You also mentioned figuring out the lies. I'm never sure how much info

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      facebook (which makes its money out of selling private information to advertisers without even making an attempt at disguising the fact)

      I keep hearing this on Slashdot, but I have yet to hear of any proof that Facebook is selling profile information without consent. If they are not disguising the fact, then why is it that their privacy policy explicitly prohibits selling information without consent? Either provide some proof, or I'll just have to assume that these accusations are nothing but FUD.

  • Actually (Score:2, Troll)

    by DaedalusHKX ( 660194 )

    If it turns out to help enable a product (the ideology of it isn't all that bad either, at least not as outlined in The Cathedral and the Bazaar) as good as the ones that the GPL helped to shape, it will be worth it.

    It all remains to be seen, glad to see someone out there is actually getting things done in the software/web arena. Anyways, I'm off to pursue other things today. Won't be around to answer the usual deluge of angry replies.

    • Re: (Score:3, Insightful)

      by Yvanhoe ( 564877 )
      I think that a new license is a really bad idea. Fragmentation is not what you want in the OSS world. There are already enough problems between Sun's licence, GPLv2, GPLv3, Mozilla's, etc... to add a new license with new restrictions.

      You don't need a license. You need a "EFF approved" stamp.
      • You don't need a license. You need a "EFF approved" stamp.

        But how are we supposed to trust them without the source code? Sure the EFF is a great organization, but being an organization, it is prone to corruption. If we all could view the source code we would have the same thing without relying on an organization. Also, if we just had an EFF approved stamp, rather then a license, and assuming that meant that there would be no source code available, fragmentation wouldn't be an issue as in any one of those licenses you can view the source code, the only differen

        • Re: (Score:2, Insightful)

          by Yvanhoe ( 564877 )
          You have the license, it is called GPL. Its role is to give rights to the user, not to guarantee some properties of the program. For this, you have certifications and stamps.
        • But how are we supposed to trust them without the source code?

          Um...how can you trust that the source code you get is what they are running? With a desktop app you can compile and use that version. You can't really use your own version of Amazon of Google. If they REALLY wanted to look GNU approved they could just put links to code that is old and does not have any nasty stuff in it.

          As a side note as web developer a lot of web code is like hot dogs. Just enjoy it and try not to think of what it's made

      • I don't think you can really be 'fragmented' in regards to licenses.. you can fork a program enough to kill it, but if 10 different programs have 10 different code licenses, they can all be just fine.

        True software freedom includes the freedom to write your own license of choosing.

  • Or Not (Score:2, Interesting)

    by Anonymous Coward

    Sorry...I just don't see why I should lose my job writing web applications that will then be released under the AGPL so you guys can "look" at them. My company doesn't sell the info...heck, we don't have a ton of users, but it pays the bills.

    Unless you guys want to pay to see the source code, this just turns me off any of the GPL variants more. I'm a fan of BSD - do what the heck you want with it (we've released code that way).

    • Re: (Score:3, Insightful)

      by topham ( 32406 )

      People don't get it.

      Software Developers need to eat too.
      There is no way I would release anything under 'AGPL' or even 'GPL' if it was important to my core business. How am I supposed to pay for a roof over my head!?

      • Re:Or Not (Score:5, Insightful)

        by morgan_greywolf ( 835522 ) * on Monday June 30, 2008 @10:31AM (#24001475) Homepage Journal

        There is no way I would release anything under 'AGPL' or even 'GPL' if it was important to my core business. How am I supposed to pay for a roof over my head!?

        Somebody's got to support all that AGPL and GPL code, right?

        • This is what amazes me when people bring up the 'but how do I eat?' argument - someone always responds with 'support it!', which means that I have to now produce two different products to bring in money - the product itself, and the support product to charge money for.

          I'm sorry, but I'm a developer, I hate people.
      • Re:Or Not (Score:4, Insightful)

        by Darkness404 ( 1287218 ) on Monday June 30, 2008 @10:34AM (#24001531)
        Hmmm... there are a ton of ways. Number 1: develop in-house software, it can be free and you get $$$ for it. Number 2: Sell support like Red Hat does. Number 3: Put *gasp* ads for your web apps like Google does but release them under an open source license. There you go, 3 ways to make money without sacrificing freedom.
        • by Lennie ( 16154 )

          4. the original answer, if I'm not mistaken, is 80% of all developed software is custom software. If you have a contract from a customer to create something, you create it for them, you GPL it, they get the source. They could take the software to someone else, when they ever get a conflict with you. That's what the GPL is for, provide freedom to the end-users.

          • by murdocj ( 543661 )

            If you create it for one particular customer, typically the customer paid for it and owns it, no need for GPL. In some cases if you think you can turn the code into a generic product you can license it back from the customer and resell it. Either way, GPL doesn't come into the picture.

      • Re: (Score:3, Insightful)

        by dkf ( 304284 )

        How am I supposed to pay for a roof over my head!?

        Make it so furiously complicated to configure in a useful way that nobody ever actually wants to use the code without paying you for support and/or hosting.

      • Re:Or Not (Score:4, Insightful)

        People don't get it.

        Software Developers need to eat too.
        There is no way I would release anything under 'AGPL' or even 'GPL' if it was important to my core business. How am I supposed to pay for a roof over my head!?

        Maybe by RENTING developer hours for the same price as the code being "sold"? Just because the source is available doesn't make making changes easy. Go ahead, try to fork the Linux kernel and see if you don't end up with something unstable. You need to hire professionals for that. Why would a web application be different?

        Selling software is going the way of the dinosaur. You can embrace the new business model of customizing F/OSS, or follow SCO. Your choice.

      • Re: (Score:3, Funny)

        Exactly. It's not like anyone at RedHat gets paid or anything.
      • Re:Or Not (Score:5, Insightful)

        by Cajun Hell ( 725246 ) on Monday June 30, 2008 @11:31AM (#24002623) Homepage Journal

        There is no way I would release anything under 'AGPL' or even 'GPL' if it was important to my core business.

        The point of licenses such as this, isn't to serve the developer; it's to serve the user. You have to look at it from that point of view, in order to understand it. Look at it as a user, and AGPL software is attractive and valuable.

        As a user, the question is: how do you get such valuable software?

        Answer that question, and then you'll see the developers' incentive. As a developer, the reason you would consider writing code with this license, is that someone who wants the software, would be paying you to. Getting paid is your core business.

        That doesn't happen, though, until users begin to recognize the value of GPLed software. Thus, RMS preaches.

        The "viral" aspect of GPL is related to this, and gives a second incentive for you, the developer, to create GPLed software. If someone wants some software that almost already exists, where most of the software has already been written (e.g. Linux or the GIMP or something like that), then you might be able to give a lower bid (and win the contract) by modifying such software instead of writing it from scratch. In that case, the GPL constrains you to release your new code under GPL. Everyone wins: you get paid, and more GPL software exists.

        But yes, without someone paying you for your time, you'd have little other incentive to do this, other than altruism. Strangely, a lot of GPL software is still being produced by altruism, but don't be fooled: not all of it is. There are programmers at IBM, Novell, and Red Hat who are getting paychecks for this stuff.

        I think it comes down to what your core business is. Is it to produce an IP asset (a copyrighted product that only you can sell)? Or is it to work for money? Traditionally, the first scenario is where the real money is. Bill Gates didn't make his fortune by collecting paychecks.

        But if RMS and his like can convince people that GPLed software is valuable, the second model may increase in viability, and perhaps at the expense of the first. Why should I buy a product instead of hiring someone to modify a nearly-done free product for me?

        • Re: (Score:3, Insightful)

          by mr_matticus ( 928346 )

          Why should I buy a product instead of hiring someone to modify a nearly-done free product for me?

          For the same reasons you buy anything as opposed to hiring someone to make it.

          1. It's cheaper.
          2. It's ready now, off the shelf.
          3. It's convenient--you don't have to draw up labor contracts or develop specs.
          4. You don't care, in that particular situation, how it works or that it's the perfectly suited product. You just want it to perform a function and move on with your life.

          Software is a tool. It is not a movement. Trying to "kill" alternatives is just as greedy and absurd as the people you malign. If t

          • 2. It's ready now, off the shelf.

            Unless it isn't. And that's usually the case. Every programmer in the world, is employed based on the premise that whatever's on the shelves, isn't quite what people want.

    • Re: (Score:3, Insightful)

      "...Unless you guys want to pay to see the source code, this just turns me off any of the GPL variants more..."

      Richard Stallman and his GPL fans want to force everything to be open and public, yet at the same time is pushing Clipperz for keeping things private. Sounds like RS and his FSF fanbase have a bit of bipolar personality disorder.

    • Who said you should lose your job? I don't know what your application does, but if someone seeing the source code is going to cause you to lose your job, that's a pretty bad situation to be in.

      Why would it be different if people had to pay to see it?

  • <sarcasm>
    First they want to put Microsoft out of business and now Google!

    Why, it's un-American!
    </sarcasm>

    Yep. Open source works with the web, too. I can imagine a world where different applications could be built from pieces and parts that might even be hosted on different, random sites.

    Imagine the possibilities.

    • Re: (Score:2, Insightful)

      I'll stick with BSD/Apache. The possibilities are just as great (and have been undergoing implementation for years, as a matter of fact) and they won't undercut my ability to make money programming.

    • The issue is that, unlike client software which uses the user's computer to run, web-based software requires your computer (server) to run. Unless someone's willing to give away hosting for free, I'll have to charge at least a token amount to cover my bandwidth costs.

  • If... (Score:3, Insightful)

    by Anonymous Coward on Monday June 30, 2008 @10:27AM (#24001383)

    ...you don't trust something, then don't use it.

    Simple, really.

  • by plasmacutter ( 901737 ) on Monday June 30, 2008 @10:28AM (#24001399)

    Internet privacy laws are needed. Good luck in this climate, a week from now our loyal OPPOSITION party here in the us is going to sell our fourth amendment rights down the river.

    The new FISA bill will stop the "illegal" domestic spying all right.. by making it legal and allowing it to continue.

    No more "illegal" spying! hurray?

    • Re: (Score:2, Flamebait)

      by sm62704 ( 957197 )

      Good luck in this climate, a week from now our loyal OPPOSITION party here in the us is going to sell our fourth amendment rights down the river

      I used to believe we had fourth amendments rights until last summer, when mine were violated twice [slashdot.org], once on Memorial Day of all days.

      In a plutocracy such as ours, only the rich have rights. You can't lose what you never had.

      • by all5n ( 1239664 )

        Yeah, its 100% the opposition party thats doing it.

        The ones in power are helpless to do anything about it. After all, they are just victims. /sarc off

        Come on, learn to think for yourself instead of reverting to groupthink on everything that has to do with politics.

    • Re: (Score:3, Insightful)

      by quanticle ( 843097 )

      The real catch with Internet privacy law (well, all Internet law, really) is that the Internet is a global system. If I don't like your country's privacy laws, I'll host my system somewhere else.

      • which brings us to the other side of this coin... that they created the stasi in places like sweden, which are monitoring all communications which cross their border, then signed a few "information sharing" treaties.

    • The idea behind Clipperz's "zero-knowledge" systems is to limit privacy concerns by limiting what data the web server even has. If the web server does not have your data (in a readable, unencrypted form), then it does not matter what privacy legislation is or is not in effect, especially considering, as another poster pointed out, that the internet is global and there could be several country's laws affecting any given transaction.
  • by pongo000 ( 97357 ) on Monday June 30, 2008 @10:32AM (#24001489)

    ...I'm reminded of the sorry attempt by the US Government to introduce its version of DRM known as the "Clipper Chip [epic.org]." The F/OSS community isn't known for its attention-grabbing project names (think Gimp here), so this comes as no surprise. Still, am I the only one who, upon first sight, related "Clipperz" and "Clipper Chip"? Is this the best moniker the Cesares could come up with?

    • Re: (Score:3, Informative)

      by pongo000 ( 97357 )

      Well, looks like I have to eat some crow on this one...from the Clipperz general FAQ:

      But then we liked the fact that "clipperZ" sounds like an hacker/anarchist jargon word. To us, it makes fun of the whole original clipper chip concept.

      Sorry about that...move along, nothing to see here...

    • I kept thinking clipper chip as well. So seeing RMS next to clipper chip kind of made my brain hurt.

  • by adnonsense ( 826530 ) on Monday June 30, 2008 @10:33AM (#24001507) Homepage Journal
    Sounds like an open-source version of MySpace (:evilgrin:).
  • Sorry, guys (Score:1, Informative)

    by sm62704 ( 957197 )

    I can't bring myself to read an article with "cloud" in it unless it's about weather, flying, or sunshine. There is no cloud.

    I sure as hell hope it wasn't Stallman who used that ugly yuppified buzzword. Any time you hear one of these incredibly stupid, meaningless buzzwords you know for certain that the word's user is completely ignorant of the subject he is talking about and wants you to think you are the ignorant one.

    • Re:Sorry, guys (Score:5, Informative)

      by value_added ( 719364 ) on Monday June 30, 2008 @10:51AM (#24001847)

      Any time you hear one of these incredibly stupid, meaningless buzzwords you know for certain that the word's user is completely ignorant of the subject he is talking about and wants you to think you are the ignorant one.

      Normally I'd tend to agree, but I'm afraid you're wrong in this case. From the Wiki cloud [wikipedia.org] article:

      The term Cloud Computing derives from the common depiction in most technology architecture diagrams, of the Internet or IP availability, using an illustration of a cloud. Cloud computing gained attention in 2007 as it became a popular solution to the problem of horizontal scalability.

      If you're unfamiliar with a typical network diagram looks like, the illustration in this Wiki article [wikipedia.org] should make things clearer.

      • by sm62704 ( 957197 )

        Yes, I'm familiar with the diagram you reference. It doesn't make it any more valid, but instead backs up my point. PHBs (people who knew little or nothing about the subject) took it literally and ran with it.

    • Re: (Score:1, Funny)

      by Anonymous Coward

      What are your feelings toward spoons?

    • I can't bring myself to read an article with "cloud" in it unless it's about weather, flying, or sunshine. There is no cloud.

      I sure as hell hope it wasn't Stallman who used that ugly yuppified buzzword.

      Whenever you talk security and encryption, you're very likely to make diagrams of Alice, Bob, and "the cloud". What's so yuppified about that? This very message arrived to Slashdot through "the cloud".

      • by sm62704 ( 957197 )

        There's nothing wrong with using a cloudlike thing to represent a network. What's stupid is taking that abstraction and treating it as if it were a concrete representation instead of an abstraction. Why would you say "cloud computing" when "network computing" is accurate? Why say "the cloud" when you mean "the network?" The only two reasons would be ignorance, and obfuscation for the ignorants.

        It's like "thinking outside the box", which originally meant thinking about how a customer used a product instead o

    • ugly yuppified buzzword

      Yuppie is a buzzword for "young upwardly-mobile professional"

      Any time you hear one of these incredibly stupid, meaningless buzzwords you know for certain that the word's user is completely ignorant of the subject he is talking about and wants you to think you are the ignorant one.

      Indeed.

  • Great ideas! (Score:3, Interesting)

    by MarkWatson ( 189759 ) on Monday June 30, 2008 @10:36AM (#24001573) Homepage

    There is the usual problem of developers actually making living working on open source projects, but it can work. I have been working on a project that I will probably release as free for non-commercial use, pay a license fee for commercial use, and release the source code. I would like to use the AGPL, but I do need some income from my project and (A)GPL with alternative license options may not do this for me.

    I really like the ideas of "zero-knowledge web apps" and I thin that I will convert my little kbdocs.com demo to use the "zero-knowledge" ideas - if for a learning exercise.

  • by SamP2 ( 1097897 ) on Monday June 30, 2008 @10:38AM (#24001607)

    How do we know that the app we use indeed came from the source they say it did?

    With desktop app, one could compile and take an MD5, or just compile and compare to the binaries distributed, or just not use the binaries at all and compile from source for their own use.

    With a web app, even if we had the source, we'd still be connecting to a 3-rd party HTTP server, and there is really no way to verify how the "real" program is run.

    • that i my thought. how can you be certain that the app your running is the same one that was compiled with the source available.

      Personally I am waiting for someone to give me my own personal cloud. I like the concepts but I want the data stored on my own server that I control. that I can connect to with any device I choose.

    • by apathy maybe ( 922212 ) on Monday June 30, 2008 @10:55AM (#24001921) Homepage Journal

      When I provide code on my website, I link to a program which displays the code on the screen.

      Using the program, you can look at any file (apart from ones that are either in a black-list, such as "settings.php", or ones that have a bit of text at the start "don't show this") any time.

      If it gets updated, you can always get the latest version.

      Of course, yes, there isn't any real way to make sure that EvilCorp doesn't fuck around and show different code to what is actually being run. But considering you can't update that code on EvilCorp's websever, there isn't anything you can do about it.

      With AGPL, you can run the code on /your/ websever.

      (The only trouble with the GNU AGPL that I can tell (that is, v3, not v2), is that it explicitly allows mixing with GPL code, and then the entire program is GPL, not AGPL. I personally think it should be the other way around. But meh.)

      • (The only trouble with the GNU AGPL that I can tell (that is, v3, not v2), is that it explicitly allows mixing with GPL code, and then the entire program is GPL, not AGPL. I personally think it should be the other way around. But meh.)

        Wouldn't work. The AGPL (which, by the way, is by no means a new license) includes conditions that are not in the GPL, and the GPL prevents you from imposing conditions not present in it. You can't release code saying 'if you link this code against code from someone else then their code comes under my license' because if you could I would release a copy of the identity function with a clause saying 'anything linked with this code comes under the MIT license,' link it with every piece of code I used, and f

    • by Tom ( 822 )

      How do we know that the app we use indeed came from the source they say it did?

      You don't.

      However, you do know that their competitor X is providing the same service, using the same source, and if you have any trust issues, you can go there, or run the stuff on your own server.

      On a desktop you have a little bit more assurance, but only in theory. If a powerful adversary wants to hit you, then you can't trust your md5 program, you can't trust your compiler, your operating system, your BIOS or even your CPU.

      In the vast majority of cases, Free Software isn't really looked at by so many peo

  • Damn MS Office cartoon character, always in the way. Just let me do my work is all I ask...

    If he's promoting freedom in clouds, maybe he's been hanging out with this annoying character [wikipedia.org]?
  • by bcrowell ( 177657 ) on Monday June 30, 2008 @10:56AM (#24001947) Homepage

    There are a lot of problems with this proposal.

    Before we even start worrying about privacy with respect to web apps, we have to worry about making web apps work within the existing technical constraints. There are serious technical problems with adapting the browser and the web to make web apps. Try google's web-app office suite, for example. It implements a tiny fraction of the functionality of a traditional word processor and spreadsheet, and its performance is just plain unacceptable, especially in the spreadsheet. Http, the browser, javascript, and w3c standards simply were not designed for this type of task, and it's not at all clear that they can be adapted to it. That means that if we ever do get something like the experience they're talking about in the article, it will probably be based on an entirely different design, and it's going to be hard to work out the privacy issues without knowing the technical and financial implications of that new design.

    The paradigm they're talking about is one in which users get a service from someone running a rack full of servers. For instance, if I write a letter in my web-app word-processor, somewhere there's got to be a server that's storing my document. The person running the service needs to pay their elecric bill. How are they going to do it? Well, they could make their users look at ads, but that won't work if the app is really user-modifiable, because someone will come out with a version that doesn't show the ads. They could charge the user a monthly fee, but that won't work, because the article proposes to set up the service so that the provider knows absolutely nothing about the user, not even his username.

    Stallman suggests to add a feature to the browser allowing a user to say: "When you get URL X, use the Javascript from URL Y as if it came from URL X." If the user does invoke this feature, he can run his copy of the Javascript and still being able to exchange data with the server hosting the web application.

    One big reason this won't work is that a web app consists of two separate pieces of code: one that runs on the server, and one that runs on the client. I wouldn't call it open source if I get to modify 50% of the code, but not the other 50%. Another problem is that part of the allure of web apps is that they require zero configuration, and can be invisibly upgraded at any time. It's hard to see how you'd maintain that benefit while having users run a forked version of the client-side code. What happens when the provider wants to modify the server-side code in a way that breaks compatibility with the forked client-side code?

    • Re: (Score:3, Insightful)

      The paradigm they're talking about is one in which users get a service from someone running a rack full of servers. For instance, if I write a letter in my web-app word-processor, somewhere there's got to be a server that's storing my document. The person running the service needs to pay their elecric bill. How are they going to do it?

      Well, first off, with an open infrastructure, that service could be run on YOUR server, in which case, you pay your own bills. But even if it's on someone else's...

      Well, they could make their users look at ads, but that won't work if the app is really user-modifiable, because someone will come out with a version that doesn't show the ads.

      Right, but the ad-free version will not run itself. You'll either have to host it on your own server or find some other company willing to support an ad-free version by some other means.

      They could charge the user a monthly fee, but that won't work, because the article proposes to set up the service so that the provider knows absolutely nothing about the user, not even his username.

      You can set up a funding scheme with where the application doesn't keep user information. For example, you could have a third-party subscription broker that ge

      • Well, first off, with an open infrastructure, that service could be run on YOUR server, in which case, you pay your own bills.

        The problem with this solution is that it eliminates some of the main reasons that people are interested in web apps. One reason is that you don't need to do any work to set up and maintain an application on your own computer. For the typical user, setting up a service on a server is significantly more difficult than just installing an app on their own machine. For organizations, t

    • Stallman suggests to add a feature to the browser allowing a user to say: "When you get URL X, use the Javascript from URL Y as if it came from URL X." If the user does invoke this feature, he can run his copy of the Javascript and still being able to exchange data with the server hosting the web application.

      One big reason this won't work is that a web app consists of two separate pieces of code: one that runs on the server, and one that runs on the client. I wouldn't call it open source if I get to modify 50% of the code, but not the other 50%.

      The AGPL already covers this and requires that the source to the server-side code be made available.

      Another problem is that part of the allure of web apps is that they require zero configuration, and can be invisibly upgraded at any time. It's hard to see how you'd maintain that benefit while having users run a forked version of the client-side code. What happens when the provider wants to modify the server-side code in a way that breaks compatibility with the forked client-side code?

      The same thing that happens if you make your own modifications to a traditional open source program. It's up to you to maintain your own branch and keep up with the upstream version. If you don't want to upgrade, you can stay on the current version. Likewise, for the web application case, you can run your own version of the web app and leave it pegged to the current version, ignoring the new versions.

      Hopef

      • Stallman suggests to add a feature to the browser allowing a user to say: "When you get URL X, use the Javascript from URL Y as if it came from URL X." If the user does invoke this feature, he can run his copy of the Javascript and still being able to exchange data with the server hosting the web application.

        One big reason this won't work is that a web app consists of two separate pieces of code: one that runs on the server, and one that runs on the client. I wouldn't call it open source if I get to modif

        • Stallman suggests to add a feature to the browser allowing a user to say: "When you get URL X, use the Javascript from URL Y as if it came from URL X." If the user does invoke this feature, he can run his copy of the Javascript and still being able to exchange data with the server hosting the web application.

          One big reason this won't work is that a web app consists of two separate pieces of code: one that runs on the server, and one that runs on the client. I wouldn't call it open source if I get to modify 50% of the code, but not the other 50%.

          The AGPL already covers this and requires that the source to the server-side code be made available.

          Implementing this sounds wildly impractical to me. Suppose I sign up with a service that makes a web app available to to me, and stores my data. At some point I decide I want to modify the behavior of the application by modifying the server-side code. So what do I do now? I sign up for a webhosting account for, say $40/mo. I configure the new server. I migrate all my files. I continue paying $40/mo indefinitely for the new server, and I continue maintaining my forked version of the application forever. Ouch -- this is nothing like the zero-cost, zero-configuration, zero-maintenance setup that was the original lure of the web app. In the world of ordinary open-source apps, the possibility of forking helps to keep users from getting abused or neglected by the developer. If the developer is thinking about changing the license, or making it into adware, or abandoning the software, or making it intro crippleware, or not providing bug fixes, or not making it compatible with new libraries and operating systems --- in all those situations, he knows that if he makes his users too unhappy, someone may fork the software and users may vote with their feet. The barrier to forking is pretty high, and it seldom happens, but the theoretical possibility is always there. In the setup proposed by the article, the barriers to forking are just way too high for it to be a plausible threat. Basically the forker not only has to start maintaining the fork, he also has to start up his own internet-based business to cover his new webhosting costs (or just eat the monthly cost of webhosting for the sole purpose of continuing to be able to run this one app).

          Honestly, I fail to see why this is so wildly different than modifying traditional offline programs. Sure, there's a burden of maintaining your own changes, but that's always the case. And sure, it's not for everyone, but most people don't tinker with their normal programs source either. Of those inclined, many people already have server space, and you're not going to have to pay $40/month unless you're looking to serve it to other people.

          Yes, it's more of a burden, but there are already plenty of websit

    • The paradigm they're talking about is one in which users get a service from someone running a rack full of servers. For instance, if I write a letter in my web-app word-processor, somewhere there's got to be a server that's storing my document. The person running the service needs to pay their elecric bill. How are they going to do it? Well, they could make their users look at ads, but that won't work if the app is really user-modifiable, because someone will come out with a version that doesn't show the ads. They could charge the user a monthly fee, but that won't work, because the article proposes to set up the service so that the provider knows absolutely nothing about the user, not even his username.

      There is a difference though. If the data is really securely encrypted, then it could be transferred to a server under someone else's control because it is not really sensitive. That is, you do not need a single entity capable of hosting the data of everyone who wants to use Clipperz-style applications. Some sort of load-balancing could be used involving mirroring data on other servers and distributing users among servers. Perhaps the main server could server just serve a checksum and a redirect.

      If the apps

  • Write add-ons for the major free browsers (Mozilla, Webkit, ...) that implement the Stallman's solution.

    The vortigaunts from Half-Life 2 comes to mind.

    • Write add-ons for the major free browsers (Mozilla, Webkit, ...) that implement the Stallman's solution.

      The vortigaunts from Half-Life 2 comes to mind.

      We have heard the words of The Stallman and his talk of The Free Source. The Vortiaguants praise The Stallman for the work he has done. He...

      Honestly, that's about the point when I shoot the friendly Vorgtiguant. (Not, dissing The Stallman, making a HL2 reference.)

  • by theshowmecanuck ( 703852 ) on Monday June 30, 2008 @11:02AM (#24002069) Journal

    I am really tired of hearing from a guy who's main means of making a living is talking [blogspot.com] (and for which he makes a good living), telling me to work for free. I don't listen to the Tony Robinsons either... blah blah blah, try working instead of jawing for a living before you tell me I shouldn't be able to make money off what I produce. Talk is cheap.

    He makes a good living telling people to give away their work so we can't pay our rent. In fact, I would bet he really doesn't have to work another day in his life. He is another version of Tony Robinson motivational speaker. Yes, Stallman wrote some programs before, but I doubt if there is anything really new he has done lately and he doesn't even make his main living from that anyway. He forgets that there are people who do make their main living from software development. I get paid for what I do because most other people cannot or won't do software development on their own. The majority of people can't or won't program computer applications. Why should I give away my work so that others who are too lazy or not intelligent enough to do it themselves, or are working on things that I can buy from them, can take it and take away my ability to eat. I understand the paradigm of selling support for the application you develop and give away for free. But that only works for large apps that are far too complex for even a small group of people to branch and modify. Many web sites and web apps are not so complex, aside from a few like Joomla. If everyone and their dog has your code for building a web site, your market share is killed and you are not going to be able to sell enough support... i.e. you are not going to be able to make a living.

    I don't mind sharing tips and help people on forums if they show they are really stumped and not asking for a free ride. And I think that open source is pretty good in some respects but admire the BSD and Apache licenses far more than the GPL. To my mind they are really open source: 'Here is my code, do ANYTHING you want with it... use it, modify it, give it away, sell it, include your modifications, give away your modifications, hide your modifications, give away parts of your code, whatever you want... it is an open license.'

    • Tony Robbins Hungry !!!
    • You don't like the idea of giving away source code for free to people who are too lazy to do anything for themselves, so you prefer the BSD license over the GPL? That doesn't make any sense. The GPL expressly protects you from exploitation by the freeloaders you're complaining about. Please go back and read the terms of the licenses you're talking about.

    • If everyone and their dog has your code for building a web site, your market share is killed and you are not going to be able to sell enough support... i.e. you are not going to be able to make a living.

      I don't know. IBM makes a pretty good living off WebSphere and Tomcat, which are both open-source.

      I agree with your conclusion, but not your reasoning. The reason open-source web applications are unsustainable is not because one has to give away the source code for running those applications. No, they're unsustainable because, unlike client side applications, the costs of running a web application all fall onto the original developer.

      If I make a client application and release it under the GPL, the costs

    • Re: (Score:3, Funny)

      by bgat ( 123664 )

      Why should I give away my work?

      You don't.

      And after reading your rant, I urge you not to.

    • Re: (Score:2, Interesting)

      I am really tired of hearing from a guy who's main means of making a living is talking (and for which he makes a good living), telling me to work for free

      #1: Trolling. RMS _never_ stated that. Give me just one quote, just one, where he stated that. You cannot, because he never made such a claim.

      He makes a good living telling people to give away their work so we can't pay our rent.

      #2: Trolling variation on #1: he never said such a thing; in fact: he stated on several occasions that it is perfectly normal to sell your work; he thinks it is highly unethical NOT to ship the source code with the binaries, that's all.

      In fact, I would bet he really doesn't have to work another day in his life.

      #3: Ad hominem attack. The amount of money a person has in his bank account says nothing about the validity of his statements.

      Yes, Stallman wrote some programs before, but I doubt if there is anything really new he has done lately and he doesn't even make his main living from that anyway.

      #4: Ad h

    • by T.E.D. ( 34228 )

      (Replying rather than modding you down)

      I am really tired of hearing from a guy who's main means of making a living is talking [blogspot.com] (and for which he makes a good living), telling me to work for free.

      He's saying no such thing. Anyone using the GPL is quite free (in fact encouraged) to charge money for their services. What you aren't allowed to do is charge more money every time someone wants to use the friuts of your past labor.

      Note that the vast majority of working software engineers (myself inclu

  • yea! Yet another license to confuse/restrict people.

    Good thing i don't acknowledge any of them.

  • Richard Stallman is continuing his campaign to open source anything with digital logic. Today web apps, tomorrow home appliances. Tune in at 10 for the local news spot. Film at 11. Ninja attack at 2am during the late night show.

  • You can design an application to work this way, but can the casual user really know? It seems like the web app's virtue of "easily updatable" is also the danger of easily compromised, as happened with Hushmail.

    With Free Software software that is loaded from the client machine, it is often vetted for conflicts of interest by both Open Source developers and the distribution maintainers (who can choose between competing forks if a developer does a bad thing). Not that distro maintainers are infallible (as i

  • ... and another 100 rants from RMS.

  • by hyades1 ( 1149581 ) <hyades1@hotmail.com> on Monday June 30, 2008 @12:09PM (#24003289)

    You have to be a pretty trusting soul to put business-critical information or private health data under the control of complete strangers, and with security assurances that amount to little more than, "We keep everything strictly private that the US government doesn't want to see", and, "If we screw up, we promise not to screw up again until the next time".

    Thanks anyway. I'll keep my financial data, medical records and such a wee bit closer to home.

    • Re: (Score:3, Informative)

      You have to be a pretty trusting soul to put business-critical information or private health data under the control of complete strangers, and with security assurances that amount to little more than, "We keep everything strictly private that the US government doesn't want to see", and, "If we screw up, we promise not to screw up again until the next time".

      Go to a doctor recently? That's precisely how it works in the USA. The doctor's office keeps the records which they can and do share with your insurance company who can and do share them with a variety of other companies like big pharma. Sure its all 'regulated' by HIPAA but that's as much official cover to share your info as it is protection for your info. Hell, even if you want to pay cash you pretty much have to use a false identity if you want to protect your privacy.

      • I'm Canadian. We do things differently here.

        • I'm Canadian. We do things differently here.

          Really? So your doctor does not keep your records and share them with your insurance provider and anyone else with a plausible justification for access? You can get non-emergency anonymous treatment without having to lie about your identity?

          • Re: (Score:3, Interesting)

            by hyades1 ( 1149581 )

            I don't know why I'd want "non-emergency anonymous treatment", but in the event that I couldn't get to my family doctor, I'd simply show my health card and be treated. In Ontario, the card carries my name, photograph and signature.

            In order to prevent the kind of "ID Creep" that has occurred in other cases (such as teenyboppers in video stores trying to demand your Social Insurance Number), the health card is not acceptable identification for any purpose except to confirm that I am a resident, and theref

            • Ontario's Personal Health Information Protection Act puts it like this: "Health care providers are not allowed to give your personal health information to people who do not provide you with health care, unless you specifically give them your permission".

              That's the law, and there are some pretty severe criminal penalties for disobeying it. Clear enough?

              Nope. I googled for that quotation and got no hits. If that was the literal law, I'm sure googled would have found it. Which leads me to believe that it is your interpretation of the law. Which leads me to believe that you left out all the loopholes. The same kinds of loopholes that HIPAA in the USA has as well.

              • Sorry, the quote is a doctor who looks after kids and was explaining your rights. This is the specific URL I took the quote from: http://www.aboutkidshealth.ca/News/Ontarios-new-privacy-law-and-its-impact-on-your-childs-care.aspx?articleID=8161&categoryID=news-poh2 [aboutkidshealth.ca]

                The Act is a law of the Province of Ontario. Look it up for yourself, if your research skills are up to the task. And please don't assume that we do things up here the way you do in the US. Your implication that I would "leave out all

                • And please don't assume that we do things up here the way you do in the US. Your implication that I would "leave out all the loopholes" is offensive.

                  Oh grow up. I believe you left out the loopholes BECAUSE YOU DIDN"T KNOW ANY BETTER. Not because you were being disingenuous. "You people live that way." Give me a break.

                  By the way, I was right, you were wrong. There are loopholes and they are big enough to drive a truck through. It looks like they've been farming out the privacy invasion to companies outside of the country and the Canadian courts have interpreted the letter of the law to permit it. Surprise. I guess you live that way too.

                  http://ww [privatech.ca]

                  • Since I don't know a lot of telepaths, you might consider upgrading your writing skills to the point where people can accept what's written rather than being expected to figure out what you meant to say.

                    You seem unable to grasp the basic fact underlying the situation: Private companies in Canada do not have the same financial incentive to get hold of personal medical information. What private operations there are provide services such as lab testing, elective surgery and such. They don't have to worry

                    • Kiss your mother with that mouth, do you? It's a cinch it wouldn't be a girlfriend, unless she's also a foul-mouthed cretin.

                      We'll leave your apparent failure to understand the origin of the term "loophole" for another occasion. In the mean time...um, "go forth and multiply".

  • You can just keep stuff like OpenOffice.org on a USB thumb drive, or be a real man and just take your whole operating system with you (Fedora on a USB thumb drive). Why anyone, or a business for that matter, would use Google apps or something, is beyond me.
  • AGPL is pointless (Score:4, Interesting)

    by harlows_monkeys ( 106428 ) on Monday June 30, 2008 @12:59PM (#24004153) Homepage

    I'm going to use US copyright law in this comment, but I believe other countries have similar provisions.

    US copyright law says that the owner of a particular copy of a program can make modifications to the program in order to adapt it for use on his machine, without violating copyright. The case law has interpreted this to include modifications beyond just what is necessary to make the program run--it includes adding features if those features are necessary for what you are trying to use the program for. See 17 USC 117 [cornell.edu] for the statute itself.

    Section 9 of AGPL says this:

    You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so.

    But what is modifying? That is defined in section 0:

    To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work.

    Because of 17 USC 117, and the interpretation of the scope of that in the case law, most use of AGPL software in a software as a service environment will NOT involve "modifying" the software as defined by AGPL, and you won't be required to make your changes available.

  • The Zero Knowledge idea is nice, but you have to somehow enforce that once your zero-knowledge app is loaded in the browser, and the user logs in, no other code can have access to its environment.

    In real world, practical terms this means no third-party toolbars or extensions, no Greasemonkey scripts, no third-party includes, no cross-site scripting attacks, no malware... good luck with that.

    I don't mean to imply that there is a better way to do it, because there isn't. I DO mean to imply that the Zero Knowl

  • GPL? Si. AGPL? No. (Score:4, Insightful)

    by Just Some Guy ( 3352 ) <kirk+slashdot@strauser.com> on Monday June 30, 2008 @01:13PM (#24004421) Homepage Journal

    The AGPL is easily ignored [honeypot.net], and frankly, its FSF-sanctioned existence pisses me off. It's one thing - a good thing! - to place Freedom-preserving restrictions on distribution. It's another thing altogether to put Freedom-removing restrictions on usage. For some reason, the FSF has endorsed the idea that hosting an application via the web is distribution, even if hosting that same application via a console session is merely usage.

    Actually, I'm pretty sure the reason is that GPLed software is well entrenched, and the FSF feels they have the leverage to begin forcing users to share changes even if they're not distributing them. Want to use Free software? Here are the new rules!

    That sucks. I'm a huge RMS fanboy, but I think the AGPL and the principles behind it are fundamentally broken and should be abandoned.

You are always doing something marginal when the boss drops by your desk.

Working...