Comments on: Open Source in the Cloud http://www.linuxloop.com/news/2008/07/16/open-source-in-the-cloud/ Keeping you in the loop with up-to-date Linux news. Tue, 02 Dec 2008 23:22:39 +0000 http://wordpress.org/?v=2.6.5 By: David Claughton http://www.linuxloop.com/news/2008/07/16/open-source-in-the-cloud/#comment-9441 David Claughton Fri, 18 Jul 2008 20:29:53 +0000 http://www.linuxloop.com/news/?p=365#comment-9441 Well, IANAL, but the CPAL section 3 is headed "Distribution Obligations" and although it talks about "making available" executables and source code, I suspect it would be easy for someone to make the case that this is only talking about distribution and not remote access. Well, IANAL, but the CPAL section 3 is headed “Distribution Obligations” and although it talks about “making available” executables and source code, I suspect it would be easy for someone to make the case that this is only talking about distribution and not remote access.

]]> By: Tara Kelly http://www.linuxloop.com/news/2008/07/16/open-source-in-the-cloud/#comment-9417 Tara Kelly Fri, 18 Jul 2008 14:06:58 +0000 http://www.linuxloop.com/news/?p=365#comment-9417 As far as I know, the AGPL addresses the issue of code availability for web-services. As far as I know, the AGPL addresses the issue of code availability for web-services.

]]> By: InTheLoop http://www.linuxloop.com/news/2008/07/16/open-source-in-the-cloud/#comment-9370 InTheLoop Fri, 18 Jul 2008 00:50:32 +0000 http://www.linuxloop.com/news/?p=365#comment-9370 David Claughton - That is really interested. I assume that you are talking mostly about the GPL in this case. I know Reddit choose the Common Public Attribution License (which they say is a modified version of the Mozilla license. Any idea if that has the same issue? Source for Reddit license info: http://blog.reddit.com/2008/06/reddit-goes-open-source.html David Claughton - That is really interested. I assume that you are talking mostly about the GPL in this case. I know Reddit choose the Common Public Attribution License (which they say is a modified version of the Mozilla license. Any idea if that has the same issue?

Source for Reddit license info:
http://blog.reddit.com/2008/06/reddit-goes-open-source.html

]]> By: David Claughton http://www.linuxloop.com/news/2008/07/16/open-source-in-the-cloud/#comment-9356 David Claughton Thu, 17 Jul 2008 20:37:04 +0000 http://www.linuxloop.com/news/?p=365#comment-9356 > anything based on, for example, the Reddit code must be released back as open-source, assuming the original code was released under a GPL-like license that requires this Yes, but there's a problem wrt web-based apps - you only need to make the source to your changes available if you distribute the application - but putting it on a web server and allowing remote access is not considered the same as distribution. As cloud computing becomes more popular this is potentially going to become a hot issue. > anything based on, for example, the Reddit code must be released back as open-source, assuming the original code was released under a GPL-like license that requires this

Yes, but there’s a problem wrt web-based apps - you only need to make the source to your changes available if you distribute the application - but putting it on a web server and allowing remote access is not considered the same as distribution.

As cloud computing becomes more popular this is potentially going to become a hot issue.

]]> By: Tara Kelly http://www.linuxloop.com/news/2008/07/16/open-source-in-the-cloud/#comment-9338 Tara Kelly Thu, 17 Jul 2008 15:35:17 +0000 http://www.linuxloop.com/news/?p=365#comment-9338 > "Done correctly, it should be completely possible to encrypt the data before it leaves the client’s computer" Yes. The pattern is called Host-Proof Hosting (http://ajaxpatterns.org/Host-Proof_Hosting). It requires that all data is encrypted before leaving the browser. The encryption key should never be sent to the server. Since the encryption happens in client-side Javascript, all the code is actually present in the browser and can be reviewed, and the calls to the server can be watched in the DOM in real-time. That said, the code review would need to be done every single time the application was loaded so as to make sure that nothing had changed in the meantime. There's an ongoing discussion about this right now, and if/how we can overcome it. For anyone looking to build their own HPH application, we've just released a MIT/LGPL library here: http://code.google.com/p/passpack/ > “Done correctly, it should be completely possible to encrypt the data before it leaves the client’s computer”

Yes. The pattern is called Host-Proof Hosting (http://ajaxpatterns.org/Host-Proof_Hosting). It requires that all data is encrypted before leaving the browser. The encryption key should never be sent to the server.

Since the encryption happens in client-side Javascript, all the code is actually present in the browser and can be reviewed, and the calls to the server can be watched in the DOM in real-time. That said, the code review would need to be done every single time the application was loaded so as to make sure that nothing had changed in the meantime.

There’s an ongoing discussion about this right now, and if/how we can overcome it.

For anyone looking to build their own HPH application, we’ve just released a MIT/LGPL library here: http://code.google.com/p/passpack/

]]>