More About VMWare’s CloudFoundry

Andy Oram at O’Reilly Radar does a much better job of explaining not only what the announcement of CloudFoundry is about, but fills in some critical background. I clearly have been thinking that infrastructure as a service is interchangeable with platform as a service. OpenStack, which I mentioned, falls into the infrastructure space providing

an emulation of bare metal where you run an appliance (which you may need to build up yourself) combining an operating system, application, and related services such as DNS, firewall, and a database.

VMWare’s existing offers already fit into this space as does AWS. As he points out, the platform space is far less standardized, so CloudFoundry could help catalyze better portability between providers who offer support for different frameworks, like some of the ones mentioned in the announcement (e.g. Spring, Node.js).

CloudFoundry is not directly comparable to the minimal emulation offerings from the likes of OpenStack and Amazon but rather is more comparable to Google App Engine though apparently more committed to offering frameworks as is rather than versions tweaked to work with unusual or non-standard components, like Google’s Big Table. The promise in supporting existing components as is lies in fostering the same sort of portability that has been improving in the infrastructure space.

Oram’s piece doesn’t clarify where and how CloudFoundry will be open beyond offering support on day one for any number of open source platform pieces. All the same, if you’ve been struggling to make sense of the not entirely clear terminology, his post is well worth a read.

What VMware’s Cloud Foundry announcement is about, O’Reilly Radar

Quick Security Alerts for Week Ending 10/31/2010

feeds | grep links > Promiscuous Android Apps, Virgin Media Throttling P2P, Maverick Meerkat Approaches Release, and More

feeds | grep links > More Open Cloud Computing, More API’s for Mozilla JetPack, Diaspora to Release Next Month, and More

feeds | grep links > Why Privacy Isn’t Dead, H.264 Royalty Waiver Extended Again, and More

  • Why privacy is not dead
    Many of the people I follow online re-posted the link to this brief article by danah boyd on Technology Review about how our implementation of privacy in networked systems needs to evolve. Much of what she says resonates with what I was trying to say in my podcast rant about complex privacy and privacy controls. Hopefully more people will pay attention to a researcher whose focus is in this area than did to my muddled rantings. If you struggled to understand what I was trying to communicate in my own rant, please read this post by boyd.
  • A new coalition forms to offer self-service private cloud
  • MPEG-LA extends royalty fee period for H.264
    The H was one of several sites to have this news. Its still a little unclear exactly when the new waiver period ends, what exactly “end of the license period” means in practical terms. Regardless, this is only for players, not for encoders. By comparison, Google’s patent grants for WebM make both ends of video, production and consumption, free as in beer and liberty. There is also nothing stopping the MPEG-LA from changing terms on new licenses, even if existing licenses are still in some royalty-free grace period. Chris Foresman at Ars Technica clarifies that the waiver of royalties only covers free internet streaming, excluding for-pay video and other uses.
  • Police extend detention of e-voting critic

feeds | grep links > Mobile Cloud, Name Changes and Reputation, Joke Patents at Sun, and More

  • Building a cloud out of smart phones
    Advancing beyond theory, a group of international researchers have cobbled together a proof of concept out of a dozen or so cell phones and a dedicated router. As Technology Review explains, this mobile phone based cloud is capable of driving one fairly typical distributed algorithm, map/reduce. I have to agree with the article that the rational for this, beyond the obvious clever hack value, is a bit lacking, even the possibility of moving computing back towards data, potentially cutting down on message passing. If there is a killer use for the idea, I’m sure someone will find it.
  • danah boyd criticizes Schmidt’s name change idea
    She makes good points on both deflating the implied ease of changing your name and on how reputation is likely to persist through a simple discontinuity such as tweaking the label on all your personal data online. She acknowledges that it is hard to make predictions about how reputation will evolve in practice and how much we may be able to affect it. Mostly she questions what it isn’t we don’t know about Schmidt’s recently expressed opinions both here and on the end of privacy. I like that she gives him the benefit of the doubt, suggesting there might be some puzzle piece we don’t have that could complete a rational synthesis of his opinions.
  • Sun engineers held a contest for goofiest patents
  • Vimeo releases new embeddable HTML5 player
  • Pirate Party strikes hosting deal with Wikileaks
  • All electrical data storage could deliver eight fold improvement in density

Open Stack Launches

Via Hacker News, Rackspace and NASA have opened up much of the components they’ve been using to run their large scale swarms of virtual machines under the auspices of the new Open Stack project. A few companies in the space of offering virtualization as a service have made some noises comparable to Open Stack but few have committed this fully to the idea.

Say what you will about the fully buzz-compliant term, cloud computing, using virtualization to help scale large scale service computing has gained a lot of traction in recent years. Most affordable and useful offerings carry a significant risk of lock-in. It has always seemed to me that there was a powerful need for some sort of open standard to allow users to port between public clouds and even run their own instances at whatever scale makes sense, all without introducing any disruptions into higher level applications.

Open Stack also comes with the quality I tend to respect most with open source projects and standards, that of being standard through heavy, shared use. Opening up what Rackspace, NASA and the other couple of dozen companies that have signed on are doing seems like a natural next step rather than a pure marketing ploy. That being said, it is still pretty early days for this particular effort, despite investments prior to opening things up. With a full Launchpad instance backing the effort though they are certainly putting their money where their mouth is, so to speak.

The whole stack is being made available under the Apache 2.0 license which is a respectable choice for balancing open collaboration and courting businesses that might like to use or even innovate upon this effort. I hope that the open availability of this project opens up a much wider market of compatible and competing cloud providers such that prices for the average individual come down to encourage more experimentation with running private instances of services that are otherwise way too consolidated, like Twitter and Facebook.

In the interest of disclosure, I am essentially a Rackspace customer. This very server is a VPS (virtual private server) I set up with Slicehost a couple of years ago. Slicehost has since been acquired by Rackspace. I have a further interest in as far as Open Stack may trickle into Slicehost and I may gain the ability to port my VPS should I ever feel the need to do so.

feeds | grep links > DoJ Fails to Report Wiretap Orders (Again), Ads with Cloud Printing, Ajax Library Targets Mobile Developers, and More

  • DoJ fails to report wiretaping activities to Congress, again
    Mike Masnick at Techdirt links through to some findings by Julian Sanchez that the Attorney General has failed for a period of some years to provide a report on the number of surveillance orders applied for by law enforcers. This report is meant to allow Congress to exercise proper oversight which has essentially just not happened for large swaths of the past decade. As Masnick goes on to explain, the DoJ has done this twice before, lapsing then dumping multiple years of data onto Congress effectively creating years of operation at a stretch where oversight was impossible.
  • HP experimenting with ad delivering on its cloud based printers
    Via Cory at Boing Boing, this Computerworld article has me very concerned. Automatically printing ads along with print jobs your submit over the net is very different from purely digital ads on web pages and email. A user of one of these printers is paying for consumables, most notably ridiculously over-priced ink. I don’t care if HP says their first test subjects didn’t mind, I have to imagine a majority of folks will be surprised, not sanguine, if not outright angry at the presumption.
  • ExtJS tries to harness developer outrage to fuel its new framework
    The Register has an announcement from the ExtJS folks, a dual license AJAX library, that they are launching a new project to compete with mobile apps by combining their library with a couple of others targeted at programming touch interfaces and vector graphics presumably including animation. I’ve worked with ExtJS in a professional capacity and I am not entirely impressed by this attention getting move. I won’t say the library is bad, it packs a lot of capabilities. However, I will say I don’t think it is any easier to program than the iOS or Android SDKs. If you want to target pure web applications using HTML5 at mobile devices, I am positive there are better options.
  • Inside Australia’s data retention proposal
  • Employee monitoring, when and why IT is expected to spy
    Via Slashdot.
  • More on issues, activism around filming police
  • VPNs not adequate to anonymize BitTorrent users

Cloud OS, Jolicloud, Still Thriving

Before Google weighed in with Chrome OS, several vendors were already experimenting with the idea of supremely lightweight operating systems that relied on a constant Internet connection to access remote services more so than local applications. Jolicloud was a very promising entrant in the space and Sarah Perez has an update on the state of that OS.

Perez explains that these latest changes are just the most current in a series of evolutions for Jolicloud. Previously they changed from Mozilla’s Prism to the open source branch of Google’s browser, Chromium, to furnish the system’s back end. This coincided with a commitment to HTML5 for its ability to better support rich web applications. Undoubtedly there is no coincidence to this pair of changes as WebKit still has a solid lead on HTML5 feature support over Mozilla’s Gecko.

The recent raft of changes are focused on usability, with a new launcher, and discovery, updating Jolicloud’s version of an app store. Looking at the screen shot, Perez’s comparison of the launcher to a smart phone seems apt. In particular, it reminds me strongly of Android’s drawer. The app store is clearly aimed at easing development targeted at the OS and through a partnership even addressing the question of where to host web applications.

I have expressed skepticism of web OSes in the past, especially Chrome OS’s extreme take on network only applications. Jolicloud, by comparison, makes a better compromise, offering local access to resources and supporting local versions of many popular applications. I imagine it would be a fun OS with which to play on a 3G capable netbook. I also hope the fact that it is still very much a going concern invites friendly competition with Google’s Android and Chrome OS developers and sparks further innovation with lightweight, non-traditional interfaces.

The Framing Issue with RMS on SaaS

I am seeing some thoughtful commentary on RMS’s latest essay on the SaaS problem and even had some friends ask for my opinion. In brief, what Stallman is objecting to is software that performs some operations of value on your behalf but denies you access to the source code, or even a binary, to exercise your freedom to modify the software’s operation. I’ll concede this is a troubling loophole for getting around copyleft but it is one that has been exploited for some time by software makers and service operators.

Personally, I think Stallman is bogging down too much in the particulars of where computation takes place and at whose behest. Computation is ephemeral, once complete what do you have to judge where the actual work took place? I put far more stock in the efforts of and even Google’s Data Liberation Front that are working to ensure the durable information that persists regardless of when and where computing takes place can be free.

I think this oversight also leads to Stallman giving collaboration focused network services too much of a free pass. The co-opting of my intensively cultivated social network shouldn’t be exempt from expectations of data and software freedom. I’ll concede that the problem begs far more difficult technical challenges, ones that simple adoption of the AGPL won’t easily solve.

I am all for free alternatives to what Stallman calls “SaaS”, a re-definion to laden the term with connotations similar to “proprietary” in his parlance. I am irked that he is doing this to a term already in use rather than suggesting a new, more evocative label. I guess I am just more moderate for thinking I shouldn’t have to work as a full blown sysadmin and run my own GPL/AGPL compatible copy of a service to exercise my freedom. I am not sure his vague thoughts on trusted operators and the implications that arise suggesting yet another web of trust make much more sense.

As long as I have the possibility of moving my data where I choose and strong expectations around trusted handling of my data, I consider that sufficiently free. Again, I am not suggesting that these problems are any easier to solve, but I think they are where we should be focusing our efforts first and foremost.