
Who Does That Server Really Serve? - ilandsman
https://www.gnu.org/philosophy/who-does-that-server-really-serve.html
======
jacquesm
Wow, what a lot of hate for RMS in this thread. All I know for sure is that I
wouldn't be writing this on the machine I'm using here without him, and a ton
of hardware in this house would spontaneously stop working if every line of
code he had an (indirect) hand in or influence on disappeared. I'm pretty
grateful for that.

Of course you could say the same about Edison or Maxwell, but that's roughly
the right magnitude. Hating on Stallman as a person is not very elegant,
hating him for the wrong reasons (at a glance, I spot: jealousy,
misunderstanding, claims of irrelevancy and so on) is not productive either.

If you're going to criticize criticize the particulars of the linked article
rather than the man. Thanks.

On topic: In case you didn't get it: the article (rightly) identifies
software-as-a-service as a threat to open source, it allows companies that in
the past would have shipped binaries and would have been compelled by the GPL
to release their sources to do an end-run around all this so they can charge
you for their software without ever having to release anything. That's a valid
point and plenty of examples exist in the world today.

How serious this is is not for me to say but I do note an ever increasing
trend towards lock-in and a more asymmetric internet which seems to draw a
line between the 'haves' (the owners of infrastructure and services) and the
'have nots' (the users, smaller businesses). Ever larger chunks of a business
operation are running on hardware and software even the business owners have
no control over, stuff they couldn't keep alive even if their business
depended on it. This sort of inter-dependency is exactly what we should be
trying to avoid because it means that you are simply no longer in control,
either because you don't have access to _all_ the code that powers your
business or because your code is only a minor extension to a bunch of black
box code that you can not review or inspect on a machine that might be running
all kinds of nefarious stuff besides what you think it is doing and that might
come back to bite you one day.

~~~
pmoriarty
Software as a Service is a huge threat to Free software in particular, and
Open Source in general.

This is why I release all my own software under the AGPL.[1][2]

I also try to avoid using SaaS as much as possible. But this is going to
remain very difficult until fully decentralized, peer-to-peer communication
networks become widespread.

As long as centralized forums like HN, centralized mail services like GMail,
and centralized social networks like Facebook dominate, it's going to be hard
for you to keep your data out of their hands without refusing to participate
in electronic communication at all. While any sort of data, from email to TCP
packets, flows from your own machine through others outside your control, this
will remain the case.

Complete freedom will require complete isolation. Anything less will be a
compromise. Everyone will have to determine where they draw the line for
themselves.

[1] -
[https://en.wikipedia.org/wiki/Affero_General_Public_License](https://en.wikipedia.org/wiki/Affero_General_Public_License)

[2] -
[https://www.gnu.org/licenses/agpl-3.0.html](https://www.gnu.org/licenses/agpl-3.0.html)

~~~
jacquesm
This should be periodically reposted or sticky somehow:

[http://www.fourmilab.ch/documents/digital-
imprimatur/](http://www.fourmilab.ch/documents/digital-imprimatur/)

John Walker was pretty prescient when he wrote that.

(and in case you don't know who he is: he founded Autodesk).

------
geofft
I don't really like this argument. (This is a bit different from saying that I
disagree.) There's a tradeoff here, and it's more than a cliche in this
particular case.

The same argument would imply that you shouldn't do computing on VPSes or
similar services that other people own. This might be strictly true, but the
alternative for lots of people is that they just won't be doing that
computing. At least with free software, we can say that it's usually
monetarily cheaper than proprietary software. Buying and running your own
server is much more expensive than running an EC2 box for pennies per hour. A
lot of people's first introduction to free operating systems, these days,
tends to be on a remote server instead of their personal computer. I don't
think we should halt that.

The same argument would imply that you shouldn't use the email or shell
account from your university, and you should self-host. While I actually do
believe that to some extent, I get the feeling that Richard doesn't.

And even if you do end up self-hosting everything, chances are you won't be
responding to security issues as quickly as a full-time team of professionals
on call. At that point, anyone who wants to take your freedom can do so. This
doesn't seem like a win.

I appreciate the goal, but we have a long way to go to the day when this
becomes the right advice.

~~~
nullc
At a minimum you should know what you're getting into.

Imagine that that server is controlled by your worst enemy.

Still okay with using it? If so thats good evidence that you can just go
ahead. If not, ... well, it gets harder because how do you know your worst
enemy doesn't or won't gain control of it? (What? your worst enemy is the
neighbour's chihuahua and Amazon doesn't hire dogs?)

WRT the costs there, I'm not sure that really follows. At least on the high
end EC2 is phenomenally expensive if your load is predictable, it's
interesting when you can't predict it. The large high cpu instances basically
pay for the hardware in a couple months worth of use. Small instances are low
performing to the point that a $35 quad core arm or $50 atom device is
competitive. Surely there are cases where EC2 is cheaper, but "not computing
at all" sounds like an exaggeration.

~~~
Turing_Machine
"Small instances are low performing to the point that a $35 quad core arm or
$50 atom device is competitive"

You're forgetting the "Amazon data center connectivity", "can scale up or down
at will", and "someone else's problem if the hardware fails" parts. Those
things are not free.

~~~
ldng
Yes but sometimes cheaper than cloud provider make you think.

IMHO, it' a bell curve. Before a certain point and past another threshold the
"cloud" is more expansive than it's worth. Adapting your application/system to
a IaaS or a PaaS model isn't free either.

------
tzs
> Do your text editing with your copy of a free text editor such as GNU Emacs
> or a free word processor. Do your photo editing with your copy of free
> software such as GIMP. What if there is no free program available? A
> proprietary program or SaaSS would take away your freedom, so you shouldn't
> use those. You can contribute your time or your money to development of a
> free replacement.

There are many kinds of freedom.

If I'm spending hours or days trying to get some inadequate free program to
accomplish some task I need, or trying to work around the lack of a free
program in that area at all, when there is a proprietary program that will
quickly accomplish my task, NOT using the proprietary program takes away
freedom. It enslaves me to spending hours on that task when I could be doing
something I would enjoy more.

If it is a task that will be ongoing as opposed to a one shot, and so I might
have some concern about getting locked into something, freedom maximizing
would probably involve a mixed approach: use the proprietary tool, and toss in
some monetary support toward some free software project working in that area.

~~~
vipstarry
In the case of Stallman's free software, the most important of freedoms are
four specific forms: The freedom to run the program as you wish, for any
purpose (freedom 0). The freedom to study how the program works, and change it
so it does your computing as you wish (freedom 1). The freedom to redistribute
copies so you can help your neighbor (freedom 2). The freedom to distribute
copies of your modified versions to others (freedom 3).

The "freedom to get things done quickly" is a shallow freedom that leads users
into a life of helpless servitude and social division. The reason this happens
is because there are many people who write proprietary software which will
help users do powerful things but the software will also have various
restrictions that result in helpless servitude and social division. Stallman
teaches that users who choose to accept these proprietary software with the
restrictions cannot live in freedom as users are forbidden to control the
proprietary software, the control over the software belongs to the owner of
the proprietary software.

------
spion
> Thus, SaaSS is equivalent to running proprietary software with spyware and a
> universal back door.

I actually agreed with the article up to that point, but this is wheasel-
wording and kinda dishonest. Microsoft's backdoor is universal as it has
access to your entire system. The described SaaSS backdoor isn't universal -
it only pertains to that particular service and no other services (or non-
services) can be affected. Thus, given the previous definition of the word, it
is not "universal"

This wheasel-wording only detracts from the point being made and may alienate
people who would normally agree.

~~~
zifnab06
I've always disliked Richard Stallman's views on software. While open source
is great, its a terrible business model. Closed source has its place - and not
all of it is inherently evil.

~~~
gaius
Stallmans ideas on economics make sense when you factor in his $1m grant from
the MacArthur foundation, another $1m from the Takeda foundation, and tenure
at MIT. If you have all that sure, give software away for free!

~~~
maxlybbert
I've heard speeches by Stallman where he mentions he has enough money that he
no longer has to work, but as others have already said (1) he started working
full time on GNU before he received that money (and supported himself by
selling free software and prioritizing requests by people who sent him money),
and (2) he doesn't live an incredibly opulent life, even factoring in the free
travel.

~~~
pmoriarty
It doesn't take long for "free" travel to become more of a burden than a
benefit, even if you don't consider the hassles of going through customs,
immigration, and security lines at airports.

------
Mz
Whether you agree with his stated goals/values or not, Stallman does us all a
service by elucidating these issues. Because code and the constructs he talks
about are "virtual" entities, it isn't readily apparent to most people what
the actual consequences are of where and how and why things are done the way
they are done. People often think these details don't matter, but they do.
They think they don't matter largely because they don't understand how x thing
leads to y consequence. Stallman does understand those relationships.

I myself struggle with the question of how I can put something out into the
world such that it is freely available to theoretically anyone while also
finding a way to pay my own bills. Writing code is not a big part of what I
want to do. It is, in fact, probably a fairly small part of what I want to do.
But it is a similar problem space. And few other people are writing anything
that elucidates for me the details of why this stuff matters, how it matters,
what the exact consequences are and so on. I find that very helpful in
thinking through my own problem space.

So I will just briefly thank him here (not that I expect him to read this). I
read a biography about him some months ago and that was a real step forward
for me in my thinking through some of my own challenges. Thank you, Mr.
Stallman.

------
percept
Funny, I've been listening to the podcast right now:

[http://bootstrapped.fm/bootstrapped-episode-35-hate-the-
saas...](http://bootstrapped.fm/bootstrapped-episode-35-hate-the-saas/)

------
Yawnoc2
Stallman is basically saying that it's unethical to outsource a software
function that it's possible to run on-premises, which is just... a losing
argument. Any given user can decide whether the (almost purely abstract)
"freedom" of running free software one's own server outweighs the convenience
of, say, not having to administer a mail server. I'm not sure what free
software buys you versus hosted software with good data export features.

~~~
nullc
He's saying it has ethical implications.

Making that decision in an informed way starts with having some idea of what
you're giving up.

In the case of SaaSS, you're often not sure what you're giving up precisely
because the operation of the server is so opaque to you. E.g. is the server
copying all your email to a hostile foreign government? The operator /says/ it
isn't.

Indeed, it can be a bit abstract-- but many other important tradeoffs we weigh
also involve abstract implications or effects at a distance.

~~~
dasil003
I have huge respect for Stallman and I understand his argument, but he's still
stuck in a 1980s mentality where everyone on a computer had to have some level
of expertise with actually _running_ software.

The fact is that many people today are incapable of even installing an
application on a proprietary desktop OS, much less utilizing the freedom of
software they control. 10 years ago I was building websites for people at
$1000-$5000 a pop, all with open source software. They have all the benefits
of free software available to them, but you know what they don't have? Anyone
to maintain their software for a reasonable price. I've been directing them to
SaaS providers for a long time because frankly it makes no sense to pay me 100
times as much to a software professional in order to realize this freedom.

Obviously Stallman would say that there's no inherent reason that you can't
have a reasonably priced service based on free software, just like there's no
reason you can't charge for shrinkwrapped free software. However the mechanics
and cost savings of SaaS make this much much more difficult to conceive, and
frankly I don't see how it will ever make sense for the laymen who make up the
vast vast majority of computer users today.

Stallman is a gem of the computing world, and I would never say anything bad
about his ideology, but the primary battle that needs to be fought today is
about _data ownership_ , not software freedom. The latter still matters, but
only for the computing elites (ie. programmers, sysadmins, etc), the former is
what is increasingly going to affect everyone going forward.

~~~
slowmovintarget
Yes.

Arguing that paying someone to run the software for you is unethical is like
arguing that paying for a well-prepared meal in a restaurant is unethical. You
should source all the ingredients and prepare them in your own kitchen.

Except we're paying for the expertise of the chef. In the case of SaaS we're
paying for not maintaining our own data center, system administration costs,
operations costs, monitoring and security.

But the chef might not use clean food! People will get sick, the chef's
reputation will suffer, and he'll go out of business.

As you say, the question is data ownership. Turning that toward the analogy,
how do we verify data security such that reputation is affected? Make ethical
behavior valuable (reputation) and businesses will behave ethically.

~~~
vipstarry
Freedom means having control over your own life. If you use a program to carry
out activities in your life, your freedom depends on your having control over
the program. Nonfree software encourages users to surrender control over their
computing to someone else and this is the exact same situation in SAAS. SAAS
is not controlled by the user but some other person. This is unethical because
this causes an unjust form of power over the user. Users who partake in SAAS
or proprietary software do not get all four freedoms of free software that all
users need to have freedom. Now if you feel that you don't need all four
freedoms of free software, then so be it but beware, your computing will not
belong to your hands but it will belong to the hands of other people (who
don't necessarily have your best interest in mind).

In a restaurant, there is no unjust power over the customer. In a restaurant,
a customer can order some dishes and order the dishes to be prepared a
particular way. When the customer gets the meal, the customer is free to do
things such as add more things to the food, take the food away for later
eating or share the food with friends or even resell the food to anybody. In
the case of SAAS, similar freedoms are not available to the user. Users are
forbidden to study and modify how the service operates, and users are
forbidden to share the computing service with other people. Control over the
service belongs to the SAAS company and not the user.

~~~
dasil003
Way to repeat the mantra without engaging in the actual argument _at all_.

~~~
vipstarry
I repeat the mantra because I thought it engaged the ideas of the ethics of
SAAS and in food service. Would you care to present a counterargument to what
I've presented.

~~~
slowmovintarget
If I understand your position, and that of the FSF, rightly then you believe
it is both unethical to provide, and unethical to use hosted software that
does not carry the AGPL.

I would submit that a SaaS provider could not ethically allow modifications to
their running software. So let's exclude that from the discussion.

What if a provider only ran software licensed with the AGPL? It wouldn't fix
anything. The license requires accessing a download of the source. How can a
customer verify the version of the software is the same as the version of the
download, i.e. check for a violation of the license? Short of having access to
the operating system on the servers, the customer cannot. No reasonable
service provider would allow such access, and no reasonable customer would
accept that other customers, including, possibly, competitors, had such
access.

You can push the problem around all you like (every customer has their own
server with OS-level access, but what about the DB?). It will always end up
being cost prohibitive to run a service.

Also, under the AGPL the point is for any user of the system to be able to
host and run their own instance. Meaning that any innovations must be given
away. Conversely, if the software can only run in the context of the
provider's data store, the problem of data ownership is not resolved.

Do I want the keys to the OS on my home computer. Darn right. At work, do I
want the keys to Amazon's virtualization layer? Heck no, I don't want those
headaches. It's what I'm paying them for.

Stallman's position also fails to address the ethics of contract law. What
makes Free Software ethics superior to ethics of contracts?

~~~
quadrangle
"The ethics of contracts" Gah. Ugh. Wha.

Anyway, to be clear: Stallman actually says that breaking your promise, i.e.
breaking a contract is not cool, so you shouldn't ever accept a contract that
requires you to give up essential freedoms. He does not advocate breaking
contracts, he argues about which contract terms are ethical or unethical. He
doesn't say break the unethical ones, he says don't accept them in the first
place.

And you could run hosted software that does something that involves networking
fundamentally, such as a chat service, and it would not be SaaSS. And you
could run any software under a permissive license and still provide the code
as though it were AGPL. AGPL isn't a requirement for being ethical, it just
helps stop people from being unethical (but they could choose to be ethical
regardless).

------
thibauts
OR you choose to delegate the burden of running and maintaining this software
to someone that will do it in a more cost-effective way than you ever could.

~~~
nullc
Or could close their "beta" you were depending on without notice, could lose
your data, could leak it, could give unexplainable corrupt results and leave
you looking like a fraud, etc.

There are a lot of opportunities to trade off short term ease for tail risk,
and thats a bit hazardous. RMS would probably argue that while you should have
the freedom to do such a thing, you really shouldn't both because of the harms
to you not being justified if you don't overemphasize the near term, and also
because of systemic effects like losing solidarity with other people who would
prefer to make another decision( _).

[_e.g. many people who choose to run their own small mail filters find them
regularly invisibly black holded by major mail services due to overactive
spamfiltering.]

~~~
jschwartzi
> Or could close their "beta" you were depending on without notice, could lose
> your data, could leak it, could give unexplainable corrupt results and leave
> you looking like a fraud, etc.

I don't have to use SaaS to have these results. I've seen in-house efforts
with the same risks. The difference, in my mind, is that with SaaS, the
provider has some significant incentives to do a good job. The software is
their specialty, and the developer will lose money if you stop using it
because their software ends up costing you money. There's much less risk of
internal company politics saddling you with a useless or dangerous system. On
the contrary, I've seen "self-hosted" company projects promised in response to
proposals to use SaaS, and they were usually promised to achieve some
political goal rather than being a serious attempt to compete. Because it's an
internal project which doesn't generate revenue, it's very easy for the
company to promise something and then not deliver, as there's no money tied to
it.

Having seen this multiple times, I'm much more inclined to use SaaS. Tail
risks don't cost nearly as much money over the mid term as the risk of company
politics derailing an otherwise laudable goal.

------
mark_l_watson
I admire Stallman. He is someone who really made a difference. That said, I
find myself slightly disagreeing with him on web services:

It seems like in most cases the criticism of web services mostly are in loss
of privacy and digital security. On the other hand to me the point of the
(A)GPL is ensuring that computer users have the right to inspect and modify
the software running on their own systems.

I understand that there is some overlap: using free software is likely (I
think) to increase one's privacy and digital security.

------
paulhauggis
To be honest, this is one of the results of accepted and encouraged copyright
infringement over the past 15 years.

By taking away the rights of the copyright holders (IE: copying software
freely without permission), they were forced to come up with something that
can't be copied: software-as-a-service.

------
alexdowad
I love the part where he says that "Cloud computing" = "Be a sucker". LOL

------
markbnj
The ethics of Stallman's arguments don't matter in the least, and they never
have. He's like a guy in 1905 trying to get people to keep using horses. He's
been on the wrong side of history for so long that you can no longer even
detect that there was a history to be on the wrong side of: he just floats out
there in his own strange little bubble of ideals. You have to respect his
dedication to those ideas, but there isn't much relevancy left.

~~~
logn
He's been on the right side of history and the rest of us have been on the
wrong side. I think the Snowden leaks solidify that view. After Microsoft
Windows how could you disagree with him on concerns of proprietary software
lock-in? And he's been spot-on as far as privacy goes: worried about the cloud
long before anyone else, and concerned about cell-phone surveillance before it
was hip. The mere existence of GNU licenses has done enormous good for the
world, and Linux is proof. Linux didn't take off because of his ethics, so
you're right in that regard, but his ethics are responsible for the things
that people like about free software.

And this being hacker news, you have to admire the great hack that is the GPL.

~~~
WorldWideWayne
History says that despite the fact that these "wrongs" have taken place, that
people largely do not care. So, what does it mean to be "wrong"? Likewise, if
a tree falls in the forest and nobody is there...does it really matter?

I could also argue that Linux is generally holding the world back. Just like
wrong and right...this whole thing is a matter of opinion and point of view.
There are simply no absolutes to measure against.

