Discussion on:

Cloud computing is 'stupidity' says GNU guru Richard Stallman

Being the cynical type -- some might say, paranoid, when it comes to my info out there on the interwebs -- I tend toward Stallman's view. Is this just technical Luddite thinking? What's the best use of cloud computing?

I tend to be more in tune with Linus Torvalds than Richard Stallman, but I do agree with him o this one.

The points also hold up seporate from the idealogy.

- "The Cloud" is a marketing term to rebrand the well known and ages old centralized computing through dumb/thin clients. Saas, Cloud Computing.. nothing new.. just a fresh colour of makeup on the same old Kate Moss in the marketing brochure.

- "The Cloud" suddenly includes anything that is hip and trendy making use of more than static html; as if it's suddenly new to use PHP and java.

- The versioning of the part of the internet reached through the http protocol alone is enough to drive one nuts.. oh, that's just tired Web 1.0.. so last decade.. we're on too web 2.0 now.. but wait.. is it web 3.0 coming out now? Same damn network, samn protocol.. more bloated websites and layers of dynamic objects with less actual content.

- using remotely hosted applications for work with your data limits you to what the provider decides to offer and when your network connection is active. More data transfer for your ISP to bill you for. More advertising blocks for your software provider to get paid for.

- remotely hosted applications never work as well as real programs. My work productivity is cut in half because my local analysis tool was replaced by a webapp tool. Nothing like getting half way through a database request and recieving a "server is not responding" error that chews your long list of form selections. And if your browser has issues, like crashing from memory leaks daily, your only premoting the issue by placing more required use and resource weight on it.

- storing your data remotely, especially with google, makes your data there data. It goes into the Google databases for them to do what they like with. The EULA even states as much. Sell your data to third parties for whatever analysis needs when time get's tough; sure. Want to profile someone down to friends, communications and now personal data documents; google can help with that. It's just another subtle way of letting people volunteer for further loss of privacy.

I still maintain that it makes some sense in a business limited to within the company network. IT can manage the core applications and update them even more easily than with a good client node software management system. The data belongs to the business so it should be centralized where Info Sec can maintain controls on it and backups for disaster recovery. There are issues with webapps within a company still too as mentioned above. But.. use of webapps outside of a company and the company's data is madness. I've had it with webmail let alone the rest of the crap that keeps turning up.

Yeah.. RMS gets a number of things right on this one.

is enough to make one balk at that option .. when it comes to critical services.

anything from your internet connection to the 'cloud computing' service provider services go down (network,DB etc).. you are screwed.

it is a full time job keeping your end of the line up and running smoothly ... placing that much blind trust in another company doesn't seem logical


Edited for clarity

Your post was as clear an argument against "cloud computing" as I have seen yet.

I'm glad to know I'm still making sense though.

Neon brought it out pretty well.

I was in a 'fog' about cloud computing previously, as the term seems to change from blog to blog, company to company (although the main idea stays the same).

Personally, I am not planning on getting Office SW only when I have an Internet connection. -- Although I do utilize photobucket quite often...

INSECURITY in Cloud computing, by DEFAULT.
The twits designing the "web apps" refuse to REQUIRE ssl, so every bit of your CONFIDENTIAL data is being sent in plain text type packets with no security at all. anyone with a packet sniffer in the right place can steal everything you send and receive for the work session.

I do enjoy the site very much even with the 404 issues but I still notice the lack of ssl on the member's login form every time I visit.

Like you say Jaqui, the other dynamic websites aka webapps, Saas or whatever buzword is preferable have insecurity by default. That's a mighty long unenrypted wire going off into never never land.

We just opened email for internal staff and testing on one of the servers I care for and I wouldn't even consider it until we where sure both pop and smtp only accepted encrypted connections. I can't control the traffic between servers but I wasn't going to let client nodes connect without some protection required.

I propose ssl for EVERYTHING.

no non ssl content at all.
make sure there is no garbage associated with the site connection.

I pop open ye' old C&A in the background if I'm working from a Windows boot or on a secondary machine and ARP my workstation intetnionally. If C&A easily pulls any passwords off the network while I go over the server I'm testing then I list those as bugs and fix them before the next test. If C&A doesn't suck any passwords off the wire, I move on to more robust tests.

Non of my machines at home communicate through plaintext prots though Samba is required for some machines. Short of having an in house VPN layer over my wire layer, it's pretty good but an ongoing process. For client's, I know the extreme so I can judge what is a valid level of paranoia for them. Unfortunately, I have some people hitting my webserver that require http but everything else is https, ftps, pops, smtps. TLS.. I love ya..

Go CPU, Go!
Not very Green. Someone could calculate the
hit in terms of energy cost and carbon
footprint.

Not that I disagree in principle.

Consider the recent billoreilly.com case- 200+ passwords, stored in cleartext on the server were collected after the admin interface was compromised.
How can you be certain the cloud provider:
1. Has good security practices (that really are good practices and not industry/group-think blather).
2. Faithfully adheres to those practices?
Seems you are putting way too much faith in an organizaiton whose primary job in a half-dozen months will be to increase profits and reduce costs in order to satisfy shareholders.

trusting a service provider you most likely will never meet?

with your business' confidential and mission critical data?

absolutely insane

You also have no one to hold accountable except for yourself when the data is compromised. Then you can explain how wonderful that cloud computing idea was to the lady handing out unemployment checks.

I think for the first time ever, I read one of your posts and agreed 100%

Nice analysis. Nice post.

It doesn't matter what the jargon of the day is or how much spin anyone puts on something, businesses have to make decisions based on business reasons.

I appreciate the peer review. Some of your posts have been pretty dead on as of late also.

I'm a graduate student working on a term project, and I work two part-time jobs on a very irregular schedule. It is very convenient to me to be able to work on my project from anywhere that I have a computer and web access. I have no qualms at all about using Google Docs and Box.net to store my documents. If I were running a business, that would be a different thing entirely.

Buy a thumb drive and use PortableApps.

http://portableapps.com/

Why give up your data to anyone if you don't have to?

With PortableApps all you need is a PC, you don't even need an Internet connection.

...he compared much of the computing world to the fashion industry. The reality is that for the most part, we already have most of the capability, power and clothing that we need. So in order to keep the business running, the ?industry? needs to keep changing the ?fashion? to something new, and then convince the decision makers that it?s cool and that we should swap out our technical wardrobes.

Fashion has a talent for reinventing what was hot two years previous with a slightly updated twist.

In one case, it's like F1 racing, the couture "pushing the limits" eventually filters down to the practical fashions.. or vehicle extremes that filter down to consumer cars.

In the other, it's continual reinvention of the what was in fashion before.

In the case of technology, how many times has centralized computing through dumb/thin clients come back into fashion? It was all about mainframes. Then distributed computing on desktops was "in". We start talking about centralizing business computing back to the server.Now the advertisers tell us how hype it is to be part of the centralized computing over Internet.

hehe.. I think the comparison to fashion is rather accurate now that I think about it.

Windows is the can't alter outfit, Linux is the outfit with removable buttons, zippers, etc and Apple is the Armani?

He, he, he!

I'd have called Linux the matching fashion pieces available seporately. Now you have me thinking:

Windows = packaged three piece suite from the store

Linux = fashion pieces from the little old gentalman suite maker over in the little italy district

osX = the packaged three piece fashion forward suites primarily available from the vendor directly but with a few third party shops like Moores carrying them.

(eesh.. I know way to much about this fashion stuff for a straite guy who's style is best viewd by radio. )

I have read several articles on the "Cloud Computing" hype.

And that seems to be what it is. Again, it is coming from those infamous "somebodies-who-need-to-create-a-new-genre-based-on-existing-solid-technology" for the sole purpose of, (...and I will probably get a few heated responses from this...), MONEY.

From all that I have read, this CC does not make any sense whatsoever. And I swear, if my PHB even asks me to look into it......

I'll ask him does he want the "bubble-memory" expansion pack.....

Footnote: Bubble Memory is/was a proprietary "thing-a-ma-gizmo" from the then venerable AT&T Bell Telephone Laboratories.

My favorite Dilbert on this topic:

http://dilbert.com/strips/comic/1995-11-17/

Example - who actually needs two CPU cores in
a desktop? Yes its better than increasing the
CPU clock indefinitely - but very few
programs actually are written to be
multithreaded or with multiprocessor support.

Back in my EE days my boss used to joke about
how the percentage of gain in calculation
speed declines quickly as you add processors.
I've heard that with SMP the second processor
only adds 40% additional calculation power -
for the same electrical input.

At an average of four VM per core, I can make use of the full Q6600.

In my view, anywhere you loose control, is a potential for trouble. End of story.

Where Mr Stallman differs, is he comes right out and says it. Refreshing? You bet it is.

What's the best use of cloud computing? Um; Um; Um; I'll come back to you next century when I've thought of something!

It reminds me of banks giving out credit cards and house/business loans to illegals without social security numbers and yet citizens have to have soc. sec. to get credit - could that be the mentality that helped cause the credit crisis? Nothing on the net could ever be secure and reliability could never be trusted so I wonder...

have something I agree wih Stallman on.

Even Stallman recommends using proprietary software and hardware drivers when no alternative is available. But, if a free alternative is available and does what you need...

I agree with him on that one too though I'm more a Torvalds/Raymond type myself.

Stallman is the one who wants to make proprietary hardware drivers a violation of the license and prohibit their use on GNU-Linux at all. Torvanlds is the one who says a driver is good, it's better if it's open source but any driver is better than no driver.

I know Torvalds is very vocal on binaries in kernel space. I thought Stallman had also said that where no other option exists, use the proprietary option until one does exist. I know he'd like to see all software open but seems to remain within the limits of crossing line from ideology well into completely unrational.

It stuck in my mind because it was such a contrast and because it's a rather nice thing to mention to idealagogs that manage to even take Stallman's words to there literal extreme.

I could be completely wrong though. It's not like I agree with everything he premotes.

that Stallman did go to the extreme on it at some point. If I remember correctly the issue came up during the GPL v3 debates, and it was then that Stallman said no blobs in the kernel.

To which Torvalds said blobs are better than non functional hardware.

Though the point was and is moot in the context of the discussion, the kernel is under v2 of the gpl and will not migrate to v3, where blobs in the kernel would be a license violation.
[ and that is my number one complaint about the GNU-GPL, it's draconian stand on proprietary software. ]

is just another attempt to create a lock in on a customer. There has been no mention of open standards or data portibility. I can see Google promoting this as a new source of ad revenue, and as an off-hand shot at MS, but really, I don't see it working well for anyone.

Gmail does work very well.
People use it for business as well as
personal stuff. One non profit I am a member
of uses both Gmail/GoogleDocs and OpenOffice.
They are very leery to have their documents
be "owned" by Google. They purchase software
(Microsoft, Adobe) only as absolutely needed.
And use OpenOffice for the rest.

I think there will always be someone for whom
this is the right price point. The other
question is whether the license agreement for
corporate gmail / googledocs protects the
customer's IP. It may well do so.

a single point of failure will do just that - fail. if your business is dependent upon a cloud to serve up its applications, if that cloud goes down you go down. i understand that clouds have incredible redundancies - but even so the worst can, and will, happen.

The cloud doesn't even have to go down...
Just your connection to it. How many of us has had someone dig up a line to totally cut you off... Shoot Embarq lost 253 DS3 lines in Florida last Friday and I don't think it was back up til Sunday.
It cut us off with our outsourcer for a while until we got a backup running.

We have servers fail in house, power goes out, our internal routers and/or network fails too. Same problem, productivity stops.

If the argument is that you are hoping/trusting someone ELSE to get it up and running again vs internal staff, then maybe.

But, hopefully you have good SLAs in place.

Internally we can have some redundancies that help reduce the impact of an usage. Multiple DCs, replicating DFS, etc. Even spare hardware, UPSs and generators. And in most cases it is not everything just certain services. With that line cut it was everything.

And it was a matter of waiting on someone else to fix it. All we could really do was place a call.

I have never been happy with the situation but the decision was out of my hands.

It is a whole lot easier to tell people the we are down for an local area power failure can a T-1 cut in another state.

Kind of feel like I may have been venting a little.

Another thing I thought of though...
Look at Outlook compared to webmail(including OWA). With Outlook you can cache your e-mail so if you are cut off from the server you can still get to your older e-mails or contacts. With webmail if you can't get to the server, for whatever reason, your stuck.

I personally use my contacts very heavily and need them especially during an outage.

GMail can be used with POP/SMTP protocols instead of using it as a Webmail application. Your mail is stored on your computer, not on the GMail server. I use Thunderbird to retrieve my Email, but there are other mail clients available.

You can't control your email with gmail. You can't go back and see why an email didn't go out out. You can't check what happened with inbound mail. All you can do is resend. Not only that, your corporate email on gmail is privy to whatever google wants. If you read their TOS it guarantees you there are no guarantees to privacy or data protection. You also can't go back and do granular restores with gmail. What happens if someone loses a key piece of info in their email that pertains to a lawsuit? With exchange or any linux solution I can do a granular restore and get that person's mail back from xx/xx/xxxx. Even using gmail with outlook/thunderbird you are still dependant on an undependable local machine based solution. Important email belongs on a server setup professionally with a high quality data backup solution. Even if I wake up tomorrow and our building is a pile of smoking dust, thanks to proper DR plans I can be up and running faster than I can put people in temp offices. If local services are down I still have a fully functioning citywide WAN thanks to buried fiber and generators and it's business as usual, with no cloud needed. I just don't understand why people would use gmail in a corp based solution.

I use a personal gmail account and rename zip, exe and jpg files to use it for temp storage. For some reason, they always end up getting deleted after a month even though I try to save them.

incarnation of the same idea.
Even if it was secure (it isn't)
Even if it was robust (it isn't)

What possible advantage is there to the business that has your data, your meaningful infrastructure and your business processes in their control, to do anything but hold it to ransom. After all you will be completely out of options, aside from starting again.....

I don't care what the benefits of somebody holding my nuts are, I feel much more comfortable doing it myself. I know I'm going to be kind to them.

I don't think gg would hurt them