

Ask HN: Free Software in the Cloud? - zacharypinter

I've had an idea in the back of my mind for a while and would love to hear some feedback. It seems like the free software movement has yet to address the move to cloud computing. I love the reliability and availability of web services like remember the milk and dropbox, but constantly find myself wanting to add small features here and there. Of course, that's the limitation of SaaS. You don't have the source and you can't make improvements.<p>So, what would it take to make a scalable, cloud environment for open source software? I assume the three key ingredients would be:<p>* Distributed File System (all data public, private data gets encrypted)<p>* Sandboxed Map Reduce<p>* Public keys as account identifiers<p>Any additional tools should be able to be built on top of those three. The idea would be that people could contribute CPU and Storage resources to signed versions of applications they like. Since all the data is public, somebody else could fork an application and still have access to all its files (and the files of other users). If a fork gains enough popularity, then people will dedicate their CPU/Storage to it instead.<p>Any thoughts? Are there any loopholes or security issues I'm missing that would make this unfeasible?
======
SwellJoe
Perhaps you and I should talk. We're working on something in this direction at
the moment, based in part on our existing systems and cloud management tools.

But, because we don't see an immediate way for it to pay for itself (and the
investors we've floated the idea vaguely before aren't too interested at this
particular moment in history), we're being a bit cautious about actually
deploying...but there is a long history of corporations, governments and
schools donating mirrors for Open Source file service...no good reason why
they shouldn't do the same for cloud-based Open Source services.

The existing tools generally are somewhat less oriented towards sandboxing
than they would need to be for this to be feasible today, but it's definitely
not an unimaginable future. Trust in widely distributed filesystems is also a
problem that isn't entirely covered by existing tools; though the techniques
for insuring trust are obviously well-known and understood by a small set of
developers.

But, if you assume a distributed VCS as the starting point (git is, I suppose
already capable of verifying itself and its contributors), a distributed
trustworthy key/value (Tokyo Cabinet or similar with contributor signatures
built in) as the configuration source, and distributed trustworthy map reduce
and relational databases as the data store, it'd begin to look like something
usable.

It introduces problems that current web services and even cloud hosting
services don't have to solve, though, which is potentially untrusted machines
being part of the cloud and holding the data. Going fully distributed means
you don't have any single source for trust information. And, key signing
parties are so 1991. I'm not sure exactly how to solve that one. It's not
impossible, it's just one of those problems that I don't see an immediate
solution for. Short-term, perhaps a single trusted source for keys would be an
acceptable solution until a network of key-signing entities could spring up.
Alternatively, traditional SSL certs could be used with the usual crappy
process of issuing them.

------
wmf
Check out <http://autonomo.us/> where there has been a lot of similar
discussion.

