Slashdot Mirror
RMS and Clipperz Promoting Freedom In the Cloud
mbarulli writes "Clipperz and Richard Stallman recently launched a joint call for action to bring freedom and privacy to web applications. 'The benefits of web apps are many, but quite often users lose their freedom to study, modify and discuss the source code that powers those web apps. Furthermore, we are forced to trust third parties with our data (bookmarks, text documents, chat transcripts, financial info ... and now health records!) that no longer resides on our hard disks, but are stored somewhere in the cloud.' Clipperz and RMS urge web developers to adopt the new AGPL license and build their applications using a 'zero-knowledge architecture,' a framework for web services that has been derived from Clipperz online password manager. A smooth path toward web apps based on free software that know nothing about you and your data."
Especially when one considers the evergrowing warnings about google products and sites like facebook (which makes its money out of selling private information to advertisers without even making an attempt at disguising the fact) - we need, in this age of web-apps, to push for greater openness in their design.
It's no longer just about the source code, it's about every single aspect of our lives. Dr. Phill may get hits from doing shows about how people misrepresent themselves online - but the fact that his investigators are able to find out enough about a person to 'figure out the lies' just tell you how dangerous the system already is - and that is third parties, imagine the true power that applications like facebook or Yahoo! mail holds... it's scary.
On the other hand, most people could care so little about their privacy these days... one may go so far as to suggest that those who do not care, do not deserve it.
For the rest of us, why not contribute a bit to changing the picture - is there even one solid social networking tool out there that is built on open source ?
Unicode killed the ASCII-art *
If it turns out to help enable a product (the ideology of it isn't all that bad either, at least not as outlined in The Cathedral and the Bazaar) as good as the ones that the GPL helped to shape, it will be worth it.
It all remains to be seen, glad to see someone out there is actually getting things done in the software/web arena. Anyways, I'm off to pursue other things today. Won't be around to answer the usual deluge of angry replies.
" What luck for rulers that men do not think" - Adolf Hitler
did they shave his fucking hippy beard? Does anyone know his face looks like? WHAT IS RMS HIDING?
Do you even lift?
These aren't the 'roids you're looking for.
Sorry...I just don't see why I should lose my job writing web applications that will then be released under the AGPL so you guys can "look" at them. My company doesn't sell the info...heck, we don't have a ton of users, but it pays the bills.
Unless you guys want to pay to see the source code, this just turns me off any of the GPL variants more. I'm a fan of BSD - do what the heck you want with it (we've released code that way).
<sarcasm>
First they want to put Microsoft out of business and now Google!
Why, it's un-American!
</sarcasm>
Yep. Open source works with the web, too. I can imagine a world where different applications could be built from pieces and parts that might even be hosted on different, random sites.
Imagine the possibilities.
My blog
...you don't trust something, then don't use it.
Simple, really.
Internet privacy laws are needed. Good luck in this climate, a week from now our loyal OPPOSITION party here in the us is going to sell our fourth amendment rights down the river.
The new FISA bill will stop the "illegal" domestic spying all right.. by making it legal and allowing it to continue.
No more "illegal" spying! hurray?
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
...I'm reminded of the sorry attempt by the US Government to introduce its version of DRM known as the "Clipper Chip." The F/OSS community isn't known for its attention-grabbing project names (think Gimp here), so this comes as no surprise. Still, am I the only one who, upon first sight, related "Clipperz" and "Clipper Chip"? Is this the best moniker the Cesares could come up with?
Sounds like an open-source version of MySpace (:evilgrin:).
I can't bring myself to read an article with "cloud" in it unless it's about weather, flying, or sunshine. There is no cloud.
I sure as hell hope it wasn't Stallman who used that ugly yuppified buzzword. Any time you hear one of these incredibly stupid, meaningless buzzwords you know for certain that the word's user is completely ignorant of the subject he is talking about and wants you to think you are the ignorant one.
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
There is the usual problem of developers actually making living working on open source projects, but it can work. I have been working on a project that I will probably release as free for non-commercial use, pay a license fee for commercial use, and release the source code. I would like to use the AGPL, but I do need some income from my project and (A)GPL with alternative license options may not do this for me.
I really like the ideas of "zero-knowledge web apps" and I thin that I will convert my little kbdocs.com demo to use the "zero-knowledge" ideas - if for a learning exercise.
How do we know that the app we use indeed came from the source they say it did?
With desktop app, one could compile and take an MD5, or just compile and compare to the binaries distributed, or just not use the binaries at all and compile from source for their own use.
With a web app, even if we had the source, we'd still be connecting to a 3-rd party HTTP server, and there is really no way to verify how the "real" program is run.
Can we get a 'buzzwordbingo' tag over here please?
You know the score
Indeed we do. You scored -1, troll.
And you seem to have a long list of -1 posts. You do know that slashdot post scores are not the same as golf scores, right?
Damn MS Office cartoon character, always in the way. Just let me do my work is all I ask...
If he's promoting freedom in clouds, maybe he's been hanging out with this annoying character?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
As it currently stands, information and user paths through an e-commerce site is essentially free marketing data that brick and mortar store pay handsomely for in the form of user groups and surveys. Unless legislation mandates it, I wouldn't expect many dot coms to adopt this policy towards cookies, etc.
There are a lot of problems with this proposal.
Before we even start worrying about privacy with respect to web apps, we have to worry about making web apps work within the existing technical constraints. There are serious technical problems with adapting the browser and the web to make web apps. Try google's web-app office suite, for example. It implements a tiny fraction of the functionality of a traditional word processor and spreadsheet, and its performance is just plain unacceptable, especially in the spreadsheet. Http, the browser, javascript, and w3c standards simply were not designed for this type of task, and it's not at all clear that they can be adapted to it. That means that if we ever do get something like the experience they're talking about in the article, it will probably be based on an entirely different design, and it's going to be hard to work out the privacy issues without knowing the technical and financial implications of that new design.
The paradigm they're talking about is one in which users get a service from someone running a rack full of servers. For instance, if I write a letter in my web-app word-processor, somewhere there's got to be a server that's storing my document. The person running the service needs to pay their elecric bill. How are they going to do it? Well, they could make their users look at ads, but that won't work if the app is really user-modifiable, because someone will come out with a version that doesn't show the ads. They could charge the user a monthly fee, but that won't work, because the article proposes to set up the service so that the provider knows absolutely nothing about the user, not even his username.
One big reason this won't work is that a web app consists of two separate pieces of code: one that runs on the server, and one that runs on the client. I wouldn't call it open source if I get to modify 50% of the code, but not the other 50%. Another problem is that part of the allure of web apps is that they require zero configuration, and can be invisibly upgraded at any time. It's hard to see how you'd maintain that benefit while having users run a forked version of the client-side code. What happens when the provider wants to modify the server-side code in a way that breaks compatibility with the forked client-side code?
Find free books.
Write add-ons for the major free browsers (Mozilla, Webkit, ...) that implement the Stallman's solution.
The vortigaunts from Half-Life 2 comes to mind.
I am really tired of hearing from a guy who's main means of making a living is talking (and for which he makes a good living), telling me to work for free. I don't listen to the Tony Robinsons either... blah blah blah, try working instead of jawing for a living before you tell me I shouldn't be able to make money off what I produce. Talk is cheap.
He makes a good living telling people to give away their work so we can't pay our rent. In fact, I would bet he really doesn't have to work another day in his life. He is another version of Tony Robinson motivational speaker. Yes, Stallman wrote some programs before, but I doubt if there is anything really new he has done lately and he doesn't even make his main living from that anyway. He forgets that there are people who do make their main living from software development. I get paid for what I do because most other people cannot or won't do software development on their own. The majority of people can't or won't program computer applications. Why should I give away my work so that others who are too lazy or not intelligent enough to do it themselves, or are working on things that I can buy from them, can take it and take away my ability to eat. I understand the paradigm of selling support for the application you develop and give away for free. But that only works for large apps that are far too complex for even a small group of people to branch and modify. Many web sites and web apps are not so complex, aside from a few like Joomla. If everyone and their dog has your code for building a web site, your market share is killed and you are not going to be able to sell enough support... i.e. you are not going to be able to make a living.
I don't mind sharing tips and help people on forums if they show they are really stumped and not asking for a free ride. And I think that open source is pretty good in some respects but admire the BSD and Apache licenses far more than the GPL. To my mind they are really open source: 'Here is my code, do ANYTHING you want with it... use it, modify it, give it away, sell it, include your modifications, give away your modifications, hide your modifications, give away parts of your code, whatever you want... it is an open license.'
-- I ignore anonymous replies to my comments and postings.
yea! Yet another license to confuse/restrict people.
Good thing i don't acknowledge any of them.
---- Booth was a patriot ----
...don't give it to them.
Social networking sites are fundamentally about sharing data. Lots of people, particularly the younger generation, forget this in their desire to play with the latest fad (which, like the one before it, will probably move on in a year or two). But, surprising as it may seem, you don't have to give your complete life story to someone else by joining Facebook, or to post your intimate secrets for the whole world to see on LiveJournal, or to give a minute-by-minute commentary on what you're doing, or to put those slightly dubious looking photos up on a public photo gallery.
I don't see how it would help if someone running a social networking site that collects all your data chose to share the source code. The source code is irrelevant: they still have your data. This is a simple privacy issue, and nothing to do with RMS-style rights to change source code.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Richard Stallman is continuing his campaign to open source anything with digital logic. Today web apps, tomorrow home appliances. Tune in at 10 for the local news spot. Film at 11. Ninja attack at 2am during the late night show.
There are many single sign on systems out there. Why do we need another new one that nobody uses???
Greed is the root of all evil.
You can design an application to work this way, but can the casual user really know? It seems like the web app's virtue of "easily updatable" is also the danger of easily compromised, as happened with Hushmail.
With Free Software software that is loaded from the client machine, it is often vetted for conflicts of interest by both Open Source developers and the distribution maintainers (who can choose between competing forks if a developer does a bad thing). Not that distro maintainers are infallible (as illustrated by the Debian SSL snafu), but protecting the integrity is at least part of their agenda, so it's not necessarily foolish for the casual user to delegate some trust to them. But if you're downloading javascript direct from the publisher, there's no "check" against subversion. There's no one watching your back to assure that the app is really "zero knowledge."
How do I know the app is really using the SRP protocol today?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I'm sorry, anybody that dismisses this as paranoia is just wrong. If you've paid attention at all to all events that have occurred recently, you'd understand that our legislative and executive branches don't give a shit about constitutional protections, and the battle over a neutral internet is just beginning to be waged.
It's astonishing the ease with which our government invades our privacy; anybody else find it a bit ridiculous that Qwest was one of the few telecoms that denied the administration access to a ton of personal information from customers.
Keep it up RMS, you certainly have my attention
... and another 100 rants from RMS.
It's Linux, damnit! Pay no attention to renaming attempts by self-aggrandizing blowhards.
A GPL Tax?
/LabMonkey09
You have to be a pretty trusting soul to put business-critical information or private health data under the control of complete strangers, and with security assurances that amount to little more than, "We keep everything strictly private that the US government doesn't want to see", and, "If we screw up, we promise not to screw up again until the next time".
Thanks anyway. I'll keep my financial data, medical records and such a wee bit closer to home.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
You can just keep stuff like OpenOffice.org on a USB thumb drive, or be a real man and just take your whole operating system with you (Fedora on a USB thumb drive). Why anyone, or a business for that matter, would use Google apps or something, is beyond me.
I'm going to use US copyright law in this comment, but I believe other countries have similar provisions.
US copyright law says that the owner of a particular copy of a program can make modifications to the program in order to adapt it for use on his machine, without violating copyright. The case law has interpreted this to include modifications beyond just what is necessary to make the program run--it includes adding features if those features are necessary for what you are trying to use the program for. See 17 USC 117 for the statute itself.
Section 9 of AGPL says this:
But what is modifying? That is defined in section 0:
Because of 17 USC 117, and the interpretation of the scope of that in the case law, most use of AGPL software in a software as a service environment will NOT involve "modifying" the software as defined by AGPL, and you won't be required to make your changes available.
I guess you'd have to hit the ball with the back of the club while swinging backwards and get a hole in one. That would certainly deserve a -1!
"When information is power, privacy is freedom" - Jah-Wren Ryel
The Zero Knowledge idea is nice, but you have to somehow enforce that once your zero-knowledge app is loaded in the browser, and the user logs in, no other code can have access to its environment.
In real world, practical terms this means no third-party toolbars or extensions, no Greasemonkey scripts, no third-party includes, no cross-site scripting attacks, no malware... good luck with that.
I don't mean to imply that there is a better way to do it, because there isn't. I DO mean to imply that the Zero Knowledge process is going to give someone, somewhere a false sense of security, for which they may well be sorry.
The AGPL is easily ignored, and frankly, its FSF-sanctioned existence pisses me off. It's one thing - a good thing! - to place Freedom-preserving restrictions on distribution. It's another thing altogether to put Freedom-removing restrictions on usage. For some reason, the FSF has endorsed the idea that hosting an application via the web is distribution, even if hosting that same application via a console session is merely usage.
Actually, I'm pretty sure the reason is that GPLed software is well entrenched, and the FSF feels they have the leverage to begin forcing users to share changes even if they're not distributing them. Want to use Free software? Here are the new rules!
That sucks. I'm a huge RMS fanboy, but I think the AGPL and the principles behind it are fundamentally broken and should be abandoned.
Dewey, what part of this looks like authorities should be involved?
"For personal reasons, I do not browse the web from my computer. (I also have not net connection much of the time.) To look at page I send mail to a demon which runs wget and mails the page back to me. It is very efficient use of my time, but it is slow in real time." - Richard Stallman
Programmer? Shower? Shampoo?
I don't get it!
I think that a new license is a really bad idea. Fragmentation is not what you want in the OSS world.
You are not the first to remark on this problem. It was precisely for this reason that the AGPL v 3 and the GPL v 3 were designed compaible and that most GPL softwre is licensed under "version 2.0 or, at your choice, any later version". This together allows us to move to a pair of compatible licenses which really give us free software which can either be protected or not in the ASP environment.
by supporting the GPL v3 and the AGPL v3, you are allowing two different strands of free software to come together (those dealing with an ASP environment and the more traditional copyleft for user installed software).
RMS and Clipperz?
Does this mean he's getting a haircut?
using an illustration
there
And the data is stored "on multiple redundant servers across geographies for the safety of your data"
- where laws can vary and so privacy policies are plainly redundant.
One of the things that we really need is some system that implements a legal essential requirement for all databases to store data in encrypted format of at least so-and-so strength.
If not a legal requirement, at least a "competitive offering" by tools of economics.
This does not mean anything more than awareness actually, because there's no law against "unforeseen circumstances or acts of God or blah blah..." - far too many thing need to go right.
But a password and https isn't enough.
For example, see http://www.rsync.net/resources/notices/canary.txt
Hackers have long memories. It works both ways.
works for hire are by definition owned by customer, so no re-use, release, etc