diff options
Diffstat (limited to 'talermerchantdemos/blog/articles/scrap1_33.html')
-rw-r--r-- | talermerchantdemos/blog/articles/scrap1_33.html | 536 |
1 files changed, 0 insertions, 536 deletions
diff --git a/talermerchantdemos/blog/articles/scrap1_33.html b/talermerchantdemos/blog/articles/scrap1_33.html deleted file mode 100644 index 4b82800..0000000 --- a/talermerchantdemos/blog/articles/scrap1_33.html +++ /dev/null @@ -1,536 +0,0 @@ -<!-- This is the second edition of Free Software, Free Society: Selected Essays of Richard M. Stallman. - -Free Software Foundation - -51 Franklin Street, Fifth Floor - -Boston, MA 02110-1335 -Copyright C 2002, 2010 Free Software Foundation, Inc. -Verbatim copying and distribution of this entire book are permitted -worldwide, without royalty, in any medium, provided this notice is -preserved. Permission is granted to copy and distribute translations -of this book from the original English into another language provided -the translation has been approved by the Free Software Foundation and -the copyright notice and this permission notice are preserved on all -copies. - -ISBN 978-0-9831592-0-9 -Cover design by Rob Myers. - -Cover photograph by Peter Hinely. - --> - - - <a name="Who-Does-That-Server-Really-Serve_003f"> - </a> - <h1 class="chapter"> - 33. Who Does That Server Really Serve? - </h1> - <a name="index-Software-as-a-Service-_0028SaaS_0029-_0028see-also-SaaS_0029"> - </a> - <a name="Background_003a-How-Proprietary-Software-Takes-Away-Your-Freedom"> - </a> - <h3 class="subheading"> - Background: How Proprietary Software Takes Away Your Freedom - </h3> - <a name="index-spyware"> - </a> - <a name="index-SaaS_002c-as-distinguished-from-proprietary-software"> - </a> - <a name="index-proprietary-software_002c-as-distinguished-from-SaaS"> - </a> - <p> - Digital technology can give you freedom; it can also take your freedom -away. The first threat to our control over our computing came from - <em> - proprietary software - </em> - : software that the users cannot control -because the - <a name="index-ownership_002c-and-users_0027-freedom-2"> - </a> - owner (a company such as - <a name="index-Apple-_0028see-also-DRM_0029-2"> - </a> - Apple or Microsoft) controls -it. The owner often takes advantage of this unjust power by inserting -malicious features such as spyware, back doors, and - <a name="index-DRM_002c-call-it-_0060_0060Digital-Restrictions-Management_0027_0027-4"> - </a> - Digital -Restrictions Management (DRM) (referred to as “Digital Rights -Management” in their propaganda). - </p> - <p> - Our solution to this problem is developing - <em> - free software - </em> - and -rejecting proprietary software. Free software means that you, as a -user, have four essential freedoms: (0) to run the program as you -wish, (1) to study and change the source code so it does what you -wish, (2) to redistribute exact copies, and (3) to -redistribute copies of your modified versions. (See “The Free -Software Definition,”.) - </p> - <p> - With free software, we, the users, take back control of our -computing. Proprietary software still exists, but we can exclude it -from our lives and many of us have done so. However, we now face a -new threat to our control over our computing: Software as a Service. -For our freedom’s sake, we have to reject that too. - </p> - <a name="How-Software-as-a-Service-Takes-Away-Your-Freedom"> - </a> - <h3 class="subheading"> - How Software as a Service Takes Away Your Freedom - </h3> - <p> - Software as a Service (SaaS) means that someone sets up a network -server that does certain computing tasks—running spreadsheets, -word processing, translating text into another language, -etc.—then invites users to do their computing on that server. -Users send their data to the server, which does their computing on the -data thus provided, then sends the results back or acts on them -directly. - </p> - <p> - These servers wrest control from the users even more inexorably -than proprietary software. With proprietary software, users typically -get an executable file but not the source code. That makes it hard -for programmers to study the code that is running, so it’s hard to -determine what the program really does, and hard to change it. - </p> - <p> - With SaaS, the users do not have even the executable file: it is on -the server, where the users can’t see or touch it. Thus it is -impossible for them to ascertain what it really does, and impossible -to change it. - </p> - <p> - Furthermore, SaaS automatically leads to harmful consequences -equivalent to the malicious features of certain proprietary software. -For instance, some proprietary programs are “spyware”: the -program sends out data about users’ computing activities. Microsoft - <a name="index-Windows_002c-SaaS-and"> - </a> - Windows sends information about users’ activities to Microsoft. - <a name="index-Windows-Media-Player-_0028see-also-both-DRM-and-treacherous-computing_0029-1"> - </a> - Windows Media Player and - <a name="index-RealPlayer-_0028see-also-DRM_0029"> - </a> - RealPlayer report what each user watches or -listens to. - </p> - <p> - Unlike proprietary software, SaaS does not require covert code to -obtain the user’s data. Instead, users must send their data to the -server in order to use it. This has the same effect as spyware: the -server operator gets the data. He gets it with no special effort, by -the nature of SaaS. - </p> - <a name="index-proprietary-software_002c-spying-on-users"> - </a> - <p> - Some proprietary programs can mistreat users under remote command. -For instance, - <a name="index-Windows_002c-SaaS-and-1"> - </a> - Windows has a back door with which Microsoft can -forcibly change any software on the machine. The - <a name="index-Amazon-1"> - </a> - Amazon - <a name="index-Kindle-_0028see-also-Swindle_0029-1"> - </a> - Kindle e-book -reader (whose name suggests it’s intended to burn people’s books) has -an Orwellian back door that Amazon used in 2009 -to remotely delete Kindle copies of - <a name="index-Orwell_002c-George-1"> - </a> - Orwell’s books - <a name="index-1984_002c-George-Orwell-1"> - </a> - <cite> - 1984 - </cite> - and - <a name="index-Animal-Farm_002c-George-Orwell"> - </a> - <cite> - Animal Farm - </cite> - which the users had purchased from Amazon. - <a href="#FOOT49" name="DOCF49"> - (49) - </a> - </p> - <p> - SaaS inherently gives the server operator the power to change the -software in use, or the users’ data being operated on. Once again, no -special code is needed to do this. - </p> - <p> - Thus, SaaS is equivalent to total spyware and a gaping wide back -door, and gives the server operator unjust power over the user. We -can’t accept that. - <a name="index-spyware-1"> - </a> - </p> - <a name="Untangling-the-SaaS-Issue-from-the-Proprietary-Software-Issue"> - </a> - <h3 class="subheading"> - Untangling the SaaS Issue from the Proprietary Software Issue - </h3> - <p> - SaaS and proprietary software lead to similar harmful results, but -the causal mechanisms are different. With proprietary software, the -cause is that you have and use a copy which is difficult or illegal to -change. With SaaS, the cause is that you use a copy you don’t -have. - </p> - <p> - These two issues are often confused, and not only by accident. Web -developers use the vague term “web application” to lump -the server software together with programs run on your machine in your -browser. Some web pages install nontrivial or even large - <a name="index-JavaScript"> - </a> - JavaScript -programs temporarily into your browser without informing -you. When these JavaScript -programs are nonfree, they are as bad as any other nonfree -software. Here, however, we are concerned with the problem of the -server software itself. - </p> - <a name="index-ownership_002c-servers-and-software"> - </a> - <p> - Many free software supporters assume that the problem of SaaS will -be solved by developing free software for servers. For the server -operator’s sake, the programs on the server had better be free; if -they are proprietary, their owners have power over the server. That’s -unfair to the operator, and doesn’t help you at all. But if the -programs on the server are free, that doesn’t protect you - <em> - as the -server’s user - </em> - from the effects of SaaS. They give freedom to the -operator, but not to you. - </p> - <p> - Releasing the server software source code does benefit the -community: suitably skilled users can set up similar servers, perhaps -changing the software. But none of these servers would give you -control over computing you do on it, unless it’s - <em> - your - </em> - server. -The rest would all be SaaS. SaaS always subjects you to the power of -the server operator, and the only remedy is, - <em> - Don’t use SaaS! - </em> - Don’t use someone else’s server to do your own computing on data -provided by you. - <a name="index-SaaS_002c-as-distinguished-from-proprietary-software-1"> - </a> - <a name="index-proprietary-software_002c-as-distinguished-from-SaaS-1"> - </a> - </p> - <a name="Distinguishing-SaaS-from-Other-Network-Services"> - </a> - <h3 class="subheading"> - Distinguishing SaaS from Other Network Services - </h3> - <a name="index-SaaS_002c-as-distinguished-from-other-network-services"> - </a> - <p> - Does condemning SaaS mean rejecting all network servers? Not at -all. Most servers do not raise this issue, because the job you do -with them isn’t your own computing except in a trivial sense. - </p> - <p> - The original purpose of web servers wasn’t to do computing for you, -it was to publish information for you to access. Even today this is -what most web sites do, and it doesn’t pose the SaaS problem, because -accessing someone’s published information isn’t a matter of doing your -own computing. Neither is publishing your own materials via a blog -site or a microblogging service such as - <a name="index-Twitter"> - </a> - Twitter or - <a name="index-identi_002eca"> - </a> - identi.ca. The same goes for -communication not meant to be private, such as chat groups. Social -networking can extend into SaaS; however, at root it is just a method -of communication and publication, not SaaS. If you use the service -for minor editing of what you’re going to communicate, that is not a -significant issue. - </p> - <p> - Services such as search engines collect data from around the web -and let you examine it. Looking through their collection of data -isn’t your own computing in the usual sense—you didn’t provide -that collection—so using such a service to search the web is not -SaaS. (However, using someone else’s search engine to implement a -search facility for your own site - <em> - is - </em> - SaaS.) - </p> - <a name="index-SaaS_002c-e_002dcommerce-and"> - </a> - <a name="index-e_002dcommerce"> - </a> - <p> - E-commerce is not SaaS, because the computing isn’t solely yours; -rather, it is done jointly for you and another party. So there’s no -particular reason why you alone should expect to control that -computing. The real issue in e-commerce is whether you trust the -other party with your money and personal information. - </p> - <a name="index-SaaS_002c-joint-projects-and"> - </a> - <p> - Using a joint project’s servers isn’t SaaS because the computing -you do in this way isn’t yours personally. For instance, if you edit -pages on - <a name="index-Wikipedia-1"> - </a> - Wikipedia, you are not doing your own computing; rather, you -are collaborating in Wikipedia’s computing. - </p> - <p> - Wikipedia controls its own servers, but groups can face the problem -of SaaS if they do their group activities on someone else’s server. - <a name="index-SaaS_002c-development-hosting-sites-and"> - </a> - Fortunately, development hosting sites such as - <a name="index-SaaS_002c-Savannah-and"> - </a> - <a name="index-Savannah"> - </a> - Savannah and - <a name="index-SaaS_002c-SourceForge-and"> - </a> - <a name="index-SourceForge-1"> - </a> - SourceForge don’t pose the SaaS problem, because what groups do there -is mainly publication and public communication, rather than their own -private computing. - </p> - <a name="index-SaaS_002c-multiplayer-games"> - </a> - <a name="index-games_002c-SaaS-and-multiplayer"> - </a> - <p> - Multiplayer games are a group activity carried out on someone -else’s server, which makes them SaaS. But where the data involved is -just the state of play and the score, the worst wrong the operator -might commit is favoritism. You might well ignore that risk, since it -seems unlikely and very little is at stake. On the other hand, when -the game becomes more than just a game, the issue changes. - </p> - <a name="index-Google-Docs"> - </a> - <a name="index-SaaS_002c-Google-Docs-as-example-of"> - </a> - <p> - Which online services are SaaS? Google Docs is a clear example. -Its basic activity is editing, and Google encourages people to use it -for their own editing; this is SaaS. It offers the added feature of -collaborative editing, but adding participants doesn’t alter the fact -that editing on the server is SaaS. (In addition, Google Docs is -unacceptable because it installs a large nonfree - <a name="index-JavaScript-1"> - </a> - JavaScript program -into the users’ browsers.) If using a service for communication or -collaboration requires doing substantial parts of your own computing -with it too, that computing is SaaS even if the communication is -not. - </p> - <a name="index-SaaS_002c-sites-offering-multiple-services_002c-including"> - </a> - <p> - Some sites offer multiple services, and if one is not SaaS, another -may be SaaS. For instance, the main service of - <a name="index-Facebook"> - </a> - <a name="index-SaaS_002c-Facebook-and"> - </a> - Facebook is social -networking, and that is not SaaS; however, it supports third-party -applications, some of which may be SaaS. - <a name="index-Flickr"> - </a> - <a name="index-SaaS_002c-Flickr-and"> - </a> - Flickr’s main service is -distributing photos, which is not SaaS, but it also has features for -editing photos, which is SaaS. - </p> - <a name="index-SaaS_002c-publication_002dand_002dcommunication-sites-and"> - </a> - <p> - Some sites whose main service is publication and communication -extend it with “contact management”: keeping track of -people you have relationships with. Sending mail to those people for -you is not SaaS, but keeping track of your dealings with them, if -substantial, is SaaS. - </p> - <p> - If a service is not SaaS, that does not mean it is OK. There are -other bad things a service can do. For instance, Facebook distributes -video in Flash, which pressures users to run nonfree software, and it -gives users a misleading impression of privacy. Those are important -issues too, but this article’s concern is the issue of SaaS. - </p> - <a name="index-_0060_0060cloud-computing_002c_0027_0027-avoid-use-of-term-1"> - </a> - <a name="index-SaaS_002c-_0060_0060cloud-computing_0027_0027-obfuscating-problems-posed-by"> - </a> - <p> - The IT industry discourages users from considering these -distinctions. That’s what the buzzword “cloud computing” -is for. This term is so nebulous that it could refer to almost any -use of the Internet. It includes SaaS and it includes nearly -everything else. The term only lends itself to uselessly broad -statements. - </p> - <p> - The real meaning of “cloud computing” is to suggest a -devil-may-care approach towards your computing. It says, “Don’t -ask questions, just trust every business without hesitation. Don’t -worry about who controls your computing or who holds your data. Don’t -check for a hook hidden inside our service before you swallow -it.” In other words, “Think like a sucker.” I prefer -to avoid the term. - <a name="index-SaaS_002c-as-distinguished-from-other-network-services-1"> - </a> - </p> - <a name="Dealing-with-the-SaaS-Problem"> - </a> - <h3 class="subheading"> - Dealing with the SaaS Problem - </h3> - <a name="index-SaaS_002c-dealing-with-problem-of"> - </a> - <a name="index-call-to-action_002c-SaaS-threats"> - </a> - <p> - Only a small fraction of all web sites do SaaS; most don’t raise -the issue. But what should we do about the ones that raise it? - </p> - <p> - For the simple case, where you are doing your own computing on data in -your own hands, the solution is simple: use your own copy of a free -software application. Do your text editing with your copy of a free -text editor such as - <a name="index-Emacs_002c-GNU-8"> - </a> - <a name="index-GNU_002c-GNU-Emacs-8"> - </a> - GNU Emacs or a free word - <a name="index-processors-1"> - </a> - processor. Do your photo -editing with your copy of free software such as - <a name="index-GNU_002c-GIMP-1"> - </a> - <a name="index-GIMP-1"> - </a> - GIMP. - </p> - <p> - But what about collaborating with other individuals? It may be -hard to do this at present without using a server. If you use one, -don’t trust a server run by a company. A mere contract as a customer -is no protection unless you could detect a breach and could really -sue, and the company probably writes its contracts to permit a broad -range of abuses. Police can subpoena your data from the company with -less basis than required to subpoena them from you, supposing the -company doesn’t volunteer them like the US phone companies that -illegally wiretapped their customers for - <a name="index-Bush_002c-President-George-W_002e"> - </a> - Bush. If you must use a -server, use a server whose operators give you a basis for trust beyond -a mere commercial relationship. - </p> - <p> - However, on a longer time scale, we can create alternatives to -using servers. For instance, we can create a - <a name="index-peer_002dto_002dpeer-3"> - </a> - peer-to-peer program -through which collaborators can share data encrypted. The free -software community should develop distributed peer-to-peer -replacements for important “web applications.” It may be -wise to release them under GNU - <a name="index-GNU_002c-GNU-Affero-General-Public-License-_0028AGPL_0029-1"> - </a> - <a name="index-Affero-General-Public-License-_0028AGPL_0029_002c-GNU-1"> - </a> - Affero GPL, since -they are likely candidates for being converted into server-based -programs by someone else. The - <a name="index-GNU_002c-GNU-Project-8"> - </a> - GNU Project is looking -for volunteers to work on such replacements. We also invite other -free software projects to consider this issue in their design. - </p> - <p> - In the meantime, if a company invites you to use its server to do -your own computing tasks, don’t yield; don’t use SaaS. Don’t buy or -install “thin clients,” which are simply computers so weak -they make you do the real work on a server, unless you’re -going to use them with - <em> - your - </em> - server. Use a real -computer and keep your data there. Do your work with your own copy of -a free program, for your freedom’s sake. - <a name="index-call-to-action_002c-SaaS-threats-1"> - </a> - <a name="index-SaaS_002c-dealing-with-problem-of-1"> - </a> - <a name="index-Software-as-a-Service-_0028SaaS_0029-_0028see-also-SaaS_0029-1"> - </a> - </p> - <div class="footnote"> - <hr> - <h3> - Footnotes - </h3> - <h3> - <a href="#DOCF49" name="FOOT49"> - (49) - </a> - </h3> - <p> - Brad -Stone, “Amazon Erases Orwell Books from Kindle,” - <cite> - New York Times, - </cite> - 17 July 2009, sec. B1, - <a href="http://nytimes.com/2009/07/18/technology/companies/18amazon.html"> - http://nytimes.com/2009/07/18/technology/companies/18amazon.html - </a> - . - </p> - </hr> - </div> - <hr size="2"/> - |