The cloud of spies

Microsoft is not hiding the sad and cruel truth: you’re not safe from being spied when you put your data in the cloud.

Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities.

via Microsoft admits Patriot Act can access EU-based cloud data | ZDNet.

“Bump” and your data go to the cloud

When investigating the design of the FreedomBox app to exchange keys and establish trust between two people I looked at how the Bump App for iPhone and Android solves the issue. From their FAQ:

Q: How does Bump work?

A: There are two parts to Bump: the app running on your device and a smart matching algorithm running on our servers in the cloud. The app on your phone uses the phone’s sensors to literally “feel” the bump, and it sends that info up to the cloud. The matching algorithm listens to the bumps from phones around the world and pairs up phones that felt the same bump. Then we just route information between the two phones in each pair.

So, when you collide two phones with the same app, the data are encrypted and sent to their cloud for matching. No bluetooth, no complicated QRcode. Smart. I don’t think we can we use the same mechanism for FreedomBox, though.

via | Bump Technologies, Inc..

MediaGoblin project brings GNU into the cloud

GNU MediaGoblin is a new software project that will enable people to publish, share and distribute their photos, video and other media in the cloud. Think of it as mix of social sites like Flickr, YouTube, DeviantArt or Facebook but better. Being a GNU project, it respects users freedom will be licensed under the GNU Affero General Public License and federated using OStatus. Like Status.net and Identi.ca, you’ll be able to run your instance of MediaGoblin and still be able to follow your friends across different domains.

It’s good to see the GNU project lead the way in cloud computing and provide an example of how to do social web applications right, respecting users freedom. Just like the FSF took the lead in the late ’80s redefining the operating systems with GNU, there is a need to experimenting with code while keeping moral leadership. As Simon Phipps wrote, the cloud is here to stay so we better learn fast how to transport the principles that worked for servers and desktop computers to cloud and mobile.

The team developing MediaGoblin has a long series of success: Chris Webber and Will Kahn-Greene, both longtime Miro contributors, are leading the Development Team. Matt Lee and Rob Myers from FooCorp, the makers of GNU FM (the software that powers Libre.fm) and GNU social, are providing infrastructure. Deb Nicholson, founder of the Women’s Caucus, is helping with community outreach.

Good luck to all of them: I hope to see working code soon.

via GNU MediaGoblin: GNU MEDIAGOBLIN: FREE AND DECENTRALIZED MEDIA SHARING IN DEVELOPMENT.

Why free software applications are a priority on mobile platforms (not device drivers)

Bradley wrote about mobile software freedom, a field that I’m obviously deep into because of my work at Funambol. His quite long article Musings on Software Freedom for Mobile Devices contains an analysis of the situation, which mobile platforms are more freedom-promising and why (in short: Maemo/Moblin merged as Meego and Android/Linux). I only disagree with Bradley on the priorities he sets. He says:

The challenging and more urgent work is to replace lower-level proprietary components on these systems with FLOSS alternatives,

I don’t think that device drivers are really the first problem the free software movement needs to tackle. I believe that the most important issue is to have good applications, with superb usability and that are innovative in order to attract users, fast. Some of the tactics used in the GNU project will need to be adapted to the speed of mobile, while others are not applicable.

Stallman’s project started in a time when PCs were slowly becoming relevant in society. It took almost 10 years before they were cheap enough to be in the bedrooms of young, smart programmers for them to easily contribute to the project. GNU also started developing applications first, and it took almost 10 years to start working on kernel and device drivers. The early adopters of GNU were highly skilled users, in a world with few computers with a clearly winning platform (the standard/commoditized platform IBM/Intel x86). Stallman and the whole free software movement had a lot of time to develop a nice free-as-in-freedom operating system and applications on standardized hardware. They also had the Unix design to follow: how the system had to look was pretty clear, it only had to be ‘better’.

Compare those first ten years and the quantity of computers in the ’80s/’90s to today’s speed and the quantity of mobile devices in everybody’s pocket (not just in developed countries), without a clear plan to follow(like Unix was for GNU): the game is radically more challenging. Take Google’s G1 as an example: it’s only one year old but its operating system version is obsolete (and customers are complaining). With users changing phone every 18 months in the US, the lifecycle of a free driver is too short to justify the effort.

On the other hand there are many applications that need to be liberated, like social applications that respect freedom in the cloud, mobile email client that don’t suck, mobile music players with stores that are not defective-by-design. And many more need still need to be imagined.  Developer’s focus should be on what appears in freedom-giving mobile applications markets: we made the application market concept popular (apt-get repository anyone?), now we need to move to mobile and to fill them with good and free applications first. Device drivers can come at later stage, eventually after hardware manufacturers will have battled each other to the death and one winner will emerge (like it happened with x86).

Eben Moglen’s Freedom in the Cloud Talk

I watched Eben’s speech but now I can quote it too thanks to the transcript done by the friends at Software Freedom Law Center. Talking about the problems of the cloud services, Eben hits Facebook hard with his rhetoric:

The human race has susceptibility to harm but Mr. Zuckerberg has attained an unenviable record. He has done more harm to the human race than anybody else his age. Because he harnessed Friday night, that is, ‘Everybody needs to to get laid,’ and turned into a structure for degenerating the integrity of human personality and he has to remarkable extent succeeded with a very poor deal, namely ‘I will give you free web-hosting and some PHP doodads and you get spying for free all the time’. And it works.  How could that have happened? There was no architectural reason. Facebook is the web with, ‘I keep all the logs, how do you feel about that.’ It’s a terrarium for what it feels like to live in a Panopticon built out of web parts. And it shouldn’t be allowed. That’s a very poor way to deliver those services. They are grossly overpriced at ‘spying all the time’, they are not technically innovative. They depend on an architecture subject to misuse and the business model that supports them is misuse. There isn’t any other business model for them. This is bad. I’m not suggesting it should be illegal. It should be obsolete. We’re technologists we should fix it.

As Nicole says, Facebook is Internet for the lazy people that don’t know or want to setup a blog on their own and learn how to use search, RSS or even email. And there are many of those.

So what do we need? We need a really good web server that you can put in your pocket and plug in any place. It shouldn’t be any larger than the charger for your cellphone. You should be able to plug it into any power jack in the world or sync it up with any wi-fi router that happens to be in this neighborhood […]
This is stuff we’ve got. We need to put it together … I’m not talking about stuff that’s hard for us. We need to make a free software distribution guys.[…]
Great social networking, updates automatically, software so strong you couldn’t knock it over if you kicked it, and you know what, you get ‘no spying’ for free. We can do that …

A small, personal, portable device, connected to the Internet with a simple and easy way to receive updates via a push mechanism and sync data between different sources. Something similar to what Funambol’s CEO said in Five Reasons To Care About Mobile Cloud Computing and I sketched earlier thoughts about the same topic. We’re facing interesting and busy times ahead.

Read there rest of Highlights of Eben Moglen’s Freedom in the Cloud Talk – Software Freedom Law Center.

The cost of monopoly in the cloud

Reading of the latest cyber attacks against South Korea and USA digital systems, I remembered a rather old post from Gen Kanai @Mozilla, the cost of a monoculture. It’s about monopoly, government decisions and security in the cloud.

[South Korea] is also a unique monoculture where 99.9% of all the computer users are on Microsoft Windows.

The post tells what is happening in the country since the South Korean government decided that the whole digital infrastructure of the nation would have to depend on non standard technology and ended up with only one IT supplier. That was a really bad choice that may have made the whole country vulnerable to become a base for large scale cyber attacks.

Whether or not South Korean computers will be destroyed today (it seems that they are), the point that should be clear is that the ‘cloud’ is not a virtual environment, but it’s part of everybody’s life. Government decisions on technical issues have tremendous impact and real open standards should be mandated. With so many more mobile phones than computers, the mobile cloud must have its own standards in order to avoid monopoly and the cost associated with it. If you’re interested in the discussion about mobile cloud come to the free BoF session at OSCON2009.

via Mozilla in Asia » Blog Archive » the cost of monoculture.

Locked devices, GPLv3 and the path to mobile freedom

iPhone lockedIn a recent discussion with friends I realized that tivoization is a sub-optimal world to describe the problem that the Free Software community has with freedom being controlled by those that control the hardware.  The word clearly targets one specific company, so the problem gets somewhat reduced in scope. The real issue is not limited to companies exploiting the hard work of free developers, removing with hardware constraints the very freedom that developers wanted to grant to all users. There is more than that, and this is especially visible in the mobile environment.

Almost all existing handsets require applications to be signed before they can be executed. Depending on the mobile platform, these signing keys can be cheap or expensive and given to all or only to selected people. All of them are personal and they’re not supposed to be shared with third party. GPLv3 and its sister licenses, Affero GPLv3 and Lesser GPLv3, require developers to release the full installation instructions which include the private keys to sign the application. This is not requested by the license only to the manufacturers of User Products, like the word tivoization seems to suggest, but to everybody distributing GPLv3 software on locked down devices, like iPhone or BlackBerry.

Free Software Developers that want to re-use or release new code under the GPLv3 licenses face a dilemma: decide not to support locked devices or circumvent the GPLv3 requirement to distribute the signing keys with an additional permission. Option one means that almost all of cell phone users out there (over 2 billion people in 2005) won’t get to know Mobile Free Software. Option 2 means surrendering to the power of AT&T, Verizon, Apple, Microsoft and the like. Funambol requires copyright assignment for all contributions, so it can distribute the source code of its mobile clients under the vanilla AGPLv3 license, and the binaries are under a different license. It’s a hack that works as long as developers trust the company not to breach the social contract and it has limitations.

On the other hand, the GPLv3 anti-lock provision is there to protect Free Software Users from the risk to be bullied by the network operators, since you can lose the warranty or be kicked out of the network if you run software that is not blessed by the gate keepers of the mobile cloud.

Is there a third option? Does relaxing the GPLv3 provision really mean surrendering to the powers of the telecom operators, who twist the arms of the proprietary manufacturers? How can the Free Software community change the broken rules dictated by the Evil Lords of the Wireless Cloud?

Mobile phone markets are designed to split our community

Apple’s iPhone biggest innovation is its mobile app store: for the first time it allowed installing software on the mobile device with the convenience of any modern GNU/Linux distribution. Like in Debian, Fedora, Ubuntu, installing software is just a matter of browsing a repository and click on a button. It’s such a good idea that now every mobile phone manufacturer has created its own mobile app store version. Nokia has Ovi Store, RIM/BlackBerry has App World, Android has its Market. I’m sure that more will come, also from the network operators.

Differently from GNU/Linux software repositories, though, these markets only allow non-free software. The manufacturers together with the network operators act as strict gatekeepers, allowing to reach the users only binaries signed with developers keys. Even if there are many free/libre software projects distributed on the mobile stores (Funambol, WordPress, and many other), the users cannot practically enjoy the freedom to modify the software autonomously because of tivoization.  So we have in our hands powerful computers, always connected to the network but its users are deprived of one significant freedom. The worst effect of these mobile stores is that they split our community, forcing free developers to choose between distributing their software while compromising their morality or not distribute at all.

Given the sad news about OpenMoko ceasing development of the new phone, it’s necessary to gather up and think of alternatives. Jailbreak and Cydia on iPhone is a start, and other phones will need similar liberation. But these are just short-term palliatives. In the long run, I hope we’ll have more OpenMoko-like devices, with full freedom attached.

Liberating the cloud one block at the time

simpson-cloudThe issue is how to bring the values of free software community to the cloud. According to reports from Southern California Linux Expo (SCALE), Bradley Kuhn‘s speech has addressed the issue.’  I hope he will include it in the next episodes of the Software Freedom Law Show, the interesting podcasts he runs with SFLC counsel Karen Sandler.

The problems of the cloud range from data ownership and portability to service interoperability and ultimately to software freedom. There is no simple solution, but building blocks to build a liberated cloud are available. Bradley mentioned Laconi.cat in his speech, for its federate microblogging service. I add Funambol to the pile because I believe it brings freedom to the other (often forgotten) cloud: the cell phone networks. With Funambol you own your data and you can take them with you, when you change operator or when you change device.’  I like the MobileWe marketing pitch for Funambol: freedom is a ‘we’ issue, not just a ‘me’. You can’t be free if you’re allowed to do what you want only in a limited space, like you are now if you buy the Pear meCell from DudeMobile. It’s like saying that a lion in a zoo is free, because he can move around as he wants … within the boundaries of the cage. A society made of non-free ‘me’ makes a non-free society. WE have to be free for the MEs to be free, too.