Comments on: Open Source in the Cloud http://www.linuxloop.com/2008/07/16/open-source-in-the-cloud/ Linux news, Ubuntu news, open-source software reviews, and Ubuntu tutorials Fri, 12 Mar 2010 15:32:17 -0800 http://wordpress.org/?v=2.9.2 hourly 1 By: David Claughton http://www.linuxloop.com/2008/07/16/open-source-in-the-cloud/comment-page-1/#comment-1201 David Claughton Fri, 18 Jul 2008 20:29:53 +0000 http://www.linuxloop.com/news/?p=365#comment-1201 Well, IANAL, but the CPAL section 3 is headed "Distribution Obligations" and although it talks about "making available" executables and source code, I suspect it would be easy for someone to make the case that this is only talking about distribution and not remote access. Well, IANAL, but the CPAL section 3 is headed “Distribution Obligations” and although it talks about “making available” executables and source code, I suspect it would be easy for someone to make the case that this is only talking about distribution and not remote access.

]]> By: Tara Kelly http://www.linuxloop.com/2008/07/16/open-source-in-the-cloud/comment-page-1/#comment-1199 Tara Kelly Fri, 18 Jul 2008 14:06:58 +0000 http://www.linuxloop.com/news/?p=365#comment-1199 As far as I know, the AGPL addresses the issue of code availability for web-services. As far as I know, the AGPL addresses the issue of code availability for web-services.

]]> By: InTheLoop http://www.linuxloop.com/2008/07/16/open-source-in-the-cloud/comment-page-1/#comment-1203 InTheLoop Fri, 18 Jul 2008 00:50:32 +0000 http://www.linuxloop.com/news/?p=365#comment-1203 David Claughton - That is really interested. I assume that you are talking mostly about the GPL in this case. I know Reddit choose the Common Public Attribution License (which they say is a modified version of the Mozilla license. Any idea if that has the same issue? Source for Reddit license info: http://blog.reddit.com/2008/06/reddit-goes-open-source.html David Claughton – That is really interested. I assume that you are talking mostly about the GPL in this case. I know Reddit choose the Common Public Attribution License (which they say is a modified version of the Mozilla license. Any idea if that has the same issue?

Source for Reddit license info:
http://blog.reddit.com/2008/06/reddit-goes-open-source.html

]]> By: David Claughton http://www.linuxloop.com/2008/07/16/open-source-in-the-cloud/comment-page-1/#comment-1202 David Claughton Thu, 17 Jul 2008 20:37:04 +0000 http://www.linuxloop.com/news/?p=365#comment-1202 > anything based on, for example, the Reddit code must be released back as open-source, assuming the original code was released under a GPL-like license that requires this Yes, but there's a problem wrt web-based apps - you only need to make the source to your changes available if you distribute the application - but putting it on a web server and allowing remote access is not considered the same as distribution. As cloud computing becomes more popular this is potentially going to become a hot issue. > anything based on, for example, the Reddit code must be released back as open-source, assuming the original code was released under a GPL-like license that requires this

Yes, but there’s a problem wrt web-based apps – you only need to make the source to your changes available if you distribute the application – but putting it on a web server and allowing remote access is not considered the same as distribution.

As cloud computing becomes more popular this is potentially going to become a hot issue.

]]> By: Tara Kelly http://www.linuxloop.com/2008/07/16/open-source-in-the-cloud/comment-page-1/#comment-1200 Tara Kelly Thu, 17 Jul 2008 15:35:17 +0000 http://www.linuxloop.com/news/?p=365#comment-1200 > "Done correctly, it should be completely possible to encrypt the data before it leaves the client’s computer" Yes. The pattern is called Host-Proof Hosting (http://ajaxpatterns.org/Host-Proof_Hosting). It requires that all data is encrypted before leaving the browser. The encryption key should never be sent to the server. Since the encryption happens in client-side Javascript, all the code is actually present in the browser and can be reviewed, and the calls to the server can be watched in the DOM in real-time. That said, the code review would need to be done every single time the application was loaded so as to make sure that nothing had changed in the meantime. There's an ongoing discussion about this right now, and if/how we can overcome it. For anyone looking to build their own HPH application, we've just released a MIT/LGPL library here: http://code.google.com/p/passpack/ > “Done correctly, it should be completely possible to encrypt the data before it leaves the client’s computer”

Yes. The pattern is called Host-Proof Hosting (http://ajaxpatterns.org/Host-Proof_Hosting). It requires that all data is encrypted before leaving the browser. The encryption key should never be sent to the server.

Since the encryption happens in client-side Javascript, all the code is actually present in the browser and can be reviewed, and the calls to the server can be watched in the DOM in real-time. That said, the code review would need to be done every single time the application was loaded so as to make sure that nothing had changed in the meantime.

There’s an ongoing discussion about this right now, and if/how we can overcome it.

For anyone looking to build their own HPH application, we’ve just released a MIT/LGPL library here: http://code.google.com/p/passpack/

]]>