Planet OFSET

To content | To menu | To search

Tag - English

Entries feed - Comments feed

Monday, October 10 2011

Consumers Don't Own Computers "Designed for Windows 8", and They Go to Landfills Earlier (Side Effects of "Trusted Computing")

Some computer manufacturers will force you
to "trust" Windows 8 only, disallowing you to
do usb-booting or cdrom-booting of other operating systems Microsoft Windows 8 alpha is released and downloadable. But no, I am not recommending it. Nor am I denouncing it in favor of GNU/Linux (well, not in this article anyway). What you should be aware of and concerned about as a consumer is those machines labeled as "Designed for Windows 8". Much more so if you care about the environmental and humanitarian problems caused by e-wastes, for these machines do end up much earlier as e-wastes than the ordinary machines manufactured now.

Machines labeled as "Designed for Windows 8" have to support UEFI。 UEFI is said to have many nice features, which I am not knowledgeable about and will not discuss. But I can assure you that one of those features is a downright hoax, scam, and lie. The "secure boot" feature in UEFI is claimed to make your computer more secure by disallowing intrusions from untrusted sources. This and certain other features in UEFI are important elements of Trusted Computing, a mechanism advocated by Microsoft and other big IT companies. The claim is that booting a computer from an untrusted source (such as a tux usb key which has applications in tourism, education, environment preservation, LOHAS, and ethics) is a security threat and should be avoided.

There is just one tiny problem: it's not you, the consumer, who gets to decide who is to trust. The propaganda claims that the consumers are too dumb (well, ok, actually phrased in a much more polite way.) to make their own decisions about whom to trust. ("Microsoft or Chao-Kuei?") Software booting from an untrusted source may contain rootkit, for example, which would gain absolute control of your computer. The real, unsaid intention, however, is to prevent consumers from using alternative players and readers on alternative operating systems to circumvent the human-right infringing and infamous Digital Rights Management. If the big IT companies let you decide whom to trust, then they cannot trust you as a DRM-abiding consumer. With the secure booting mechanism in UEFI, the IT companies finally can trust that you will not be able to ask your computer to do what is best in your interest, for example exercising your fair use right and other rights requested in the digital consumer bill of right.

Ironically, history shows that one of the most famous rootkit invasions was not performed by individual bloggers and GNU/Linux lovers like me who have to build reader trust by behaving well and telling truth, but rather by big companies who can repeatedly abuse consumers and yet successfully keep them buying. In 2005, Sony BMG invaded consumer computers. The lovely music CD that consumers buy play nicely in CD players or DVD players. But it hijacks your Windows if you play it on a Windows computer. This creepy behavior was exposed on the Internet and caused protests. Sony BMG's Global Digital Business President responded, "Most people, I think, don't even know what a rootkit is, so why should they care about it?" But the most interesting part is the reactions of Microsoft and Anti-virus companies. What would you do if you were Microsoft and if Sony invaded your customers' computer? I would definitely provide security update and then also advise against buying these CD's or even sue Sony, depending on how nice I wanted to be with Sony. But Microsoft did nothing for several months. Nor did most big-name anti-virus companies. These are the companies who take your money, vouch to "make your computer more secure", and assure you that you can "trust" them.

Even more ironical is the ensuing fairuse4wm event in 2006, in which Microsoft behaved exactly the opposite. The newly upgraded windows media player employed DRM measures and suddenly deprived users of their backup right. Someone with the ID of viodentia wrote and shared on the Internet a piece of software called fairuse4wm to restore the users fair use rights. This time Microsoft swiftly produced "security updates" to disable fairuse4wm within 10 days. Viodentia updated fairuse4wm to circumvent Microsoft's updates, and Microsoft produced further security updates to disable it, ... and so on. Whom do Microsoft's "security updates" serve and which of viodentia and Microsoft is more trust-worthy?

From DRM to Trusted Computing to DMCA anti-circumvention History has shown that some of the big IT companies unitedly decided not to trust you. So who would you, consumer, trust? Oh, I am sorry. I should not address this question to you, for it is not you who get to choose whom to trust. I should ask computer manufacturers who enforce trusted computing for you. And for sure we all know that Microsoft is the only party for any consumer to place trust in -- according to the manufacturers. "We decide for you whom to trust." That's the real meaning of trusted computing. And the "secure boot" feature of UEFI, which is "Designed for Windows 8", is one of its pieces. To learn more about trusted computing, you can read the EFF article. My article "DRM and Other Forces Overriding the Three Laws of Robotics" ( English, French, Spanish), my paper "1984 in the Making: Stealthy Invasion of Consumer Rights and Privacy by ICT Corporations" and my novelette in Chinese explain the relationship among DRM, Trusted Computing, and DMCA. It's also summarized in the picture to the right. Search for "windows 8 linux" for recent controversy about Microsoft enforcing UEFI on manufacturers.

To be more precise, it is not true that secure boot precludes other operating systems in principle. If the hardware manufacturer is willing to certify some minor OS, this lucky minor OS can also boot from a "designed for windows 8" computer. Still, the decision is for the hardware manufacture, not you, to make. Finally, some manufacturers may decide to allow the buyers to optionally disable the secure boot feature of UEFI. It is this last category of future computers that we will recommend everyone to buy -- not only because you would want to be a wise consumer but also because it prevents worsening of the environmental and humanitarian problems caused by e-wastes.

As explained in the e-waste part of the censored 4-part iPhone game "phone story", the discarded electronics either end up in landfills or exported to developing countries for "recycling", which in fact employ methods that are harmful to both human health and the environment. Unfortunately the business strategy of planned obsolescence meant to increase the profits of the big IT companies further intensifies this process at the extra cost of the planet and its inhabitants. It's bad enough when phone companies pursue their profits with little regard to the planet, but it adds insults to injury when the computer manufacturers do this without even really increasing their own profits.

You see, you may not care about GNU/Linux, but people like Helios devoted to refurbishing recycled computers for the disadvantaged choose GNU/Linux over outdated or pirated Windows for good reasons -- it makes the recycled computers greener, cleaner, more Ethical, and more educational. With manufacturer-enforced secure boot, these computers would go to the landfills or "recycling" centers instead of going to the disadvantaged because Helios and other people who care would not be allowed to install GNU/Linux for them. And the hardware manufacturers don't even make more money because of these extra, unnecessary harms done to the disadvantaged and to the planet, if profit-making is ever a justifiable excuse for irresponsible manufacturing behaviors! These disadvantaged people are not going to buy new computers because they cannot get refurbished computers.

What can you do to help? Grab (perhaps with the help of you Linux friend) some live Linux CD from distrowatch, and maybe additionally create a live usb from it. Demand to boot the live CD or live usb before purchasing your next computer. Make sure that it is some minor Linux distribution, not just the store-suggested Linux distribution, that successfully boots. It's not about denouncing big brand Linux versions. It's about making sure that you get to decide whom to trust your computer security to. Show the computer guys in the store this article if necessary and insist on buying a computer that allow the buyers to disable the secure boot feature of UEFI. You don't need to love or use or even learn GNU/Linux if software freedom do not appeal to you. You can simply use it as a tool for testing the computer and discard it afterwards (though it would be a pity). Please do this for the planet, for the disadvantaged, for the society, if not for yourself as a wise consumer who knows to claim his/her full ownership of the purchased computer and basic user rights.

Tuesday, August 23 2011

Designing Government ICT Strategies that Benefit from the Internet

internet phenomenon map A national government can choose to design its ICT strategy to flow along with or against the forces and phenomena of the Internet. (See picture "internet phenomenon map" for details) To give some examples, a government setting up policies and formulating regulations may find itself facing dilemma such as:

  1. government transparency vs national secret
  2. government transparency vs citizen privacy
  3. use value (and cultural value) vs sale value [of digital contents]
  4. freedom of speech vs protection of minors

There can be compromises or even agreeable solutions if non-ICT measures are employed, but in most situations the underlying ICT solution by itself will likely lean towards one direction or the other. In fact it almost always lean towards freeing information. Many failure stories of DRM and censorship provide good examples. Choosing to favor the free flow of information as much as possible in setting up national ICT strategies will more likely put a country on the winning side in the new world of attention economy. The following are some suggestions to achieve this, some non-technology suggestions to ameliorate part of its undesirable effects such as causing loss of privacy, and some other reminders regarding the design of a national ICT policy. regarding the design of a national ICT policy.

  1. Madating the use of open file formats and open protocols is essential for data to be retained for a long time, for software components to be replaceable with competitive or new alternatives, and for there to be true competition in the market.
  2. Free/Libre/Open Source Software or their proprietary derivatives (such as Apple's iOS) are the choice of technology in both the top supercomputer market and the mobile market. Only the desktop markets in developed countries are burdened with a legacy choice of platform. Choosing FLOSS or at least mandating a comparison before a proprietary solution is adopted can be an important factor in helping developing countries to leapfrog.
  3. The knowledge of SEO (search engine optimization) can be a natural incentive for the public (in particular the small businesses owners) to learn the importance of searching and of being visible on the Internet.
  4. Thinking from users' point of view is more productive than thinking exclusively from digital content (e-books/music/software/...) producers' point of view. Exposing math/physics/chemistry teachers to drgeo, gnuplot, maxima, ghemical, etc., for example, is much more productive than thinking of helping the ICT industry itself making money by way of cloud computing. A society in which the electricity companies make a lot of profits is certainly not a society that greatly benefits from electricity.
  5. Exposing students to free software and free culture helps future citizens to recognize the power of collaboration, transparency, and ultimately the power of the Internet.
  6. The debates between network neutrality and deep packet inspection (DPI) lies beneath many other debates.
  7. The attention economy as explained in Michael Goldhaber's article is the key for scholars and policy makers to understand many social phenomena brought about by the Internet.
  8. Stanford Law professor Lawrence Lessig's suggestion regarding regulation of spam and porn is not perfect but is a better compromise than no regulation and a far better compromise than DPI. In general, "code is law" is a must-read for law makers (though I don't think many read it, and that's why Internet laws in many countries are badly made).
  9. Citizens need be educated about the fact that there can hardly be any privacy on the Internet. Privacy might be protected if citizens are consciously thinking about it before they put any personal information on the Internet in the first place.

By the way, the strategy and planning game of lincity (or its modern successor lincity NG) might provide lots of insights for politicians of any country, many of whom can't think far enough into the future. Might a country turn out to be more competitive if it include this game (or some other similar strategy games) in its politics degree curriculum ? :-)

Sunday, August 14 2011

Graphviz+Jessyink as a Latex-Style Potential Alternative to Prezi and Mindmap Presentations (How to Beat MS PowerPoint)

network phenomenon map For those of us who prefer spending more time with content than visual effects and prefer fiddling with texts than mouse/button/graphics, graphviz and jessyink could be a latex-style potential alternative to Prezi and Mindmap presentations -- if a few improvements are made. Please click on the picture and then use arrow keys to navigate thru the "slides".

Having blogged and given speeches (mostly in Traditional Chinese) a lot about FLOSS, open file formats, any browser campaign, free culture, and government transparency, I come to see a big picture of how the Internet is transforming our society. So I drew this picture: "the Internet Phenomenon Map" and wish to make it into the presentation "slides" for my future talks. I would love to talk about the content of this picture, but for this post we will concentrate on the technicalities of its creation.

So I begin by creating a source file to be processed by graphviz. (I update the dot source file frequently, but don't update the following files, so there may be some major layout discrepency that doesn't hurt the explanations.) But I'd like to have it in two languages. So I concatenate the English text and the Chinese text together as the node names (I should have used labels instead but that's a minor issue) and use "#" as a separator between the two languages. To generate the English version of the background picture, I remove the Chinese part of the strings, feed it to the dot command of graphviz to generate the raw svg, and use a small perl script ds2tp to massage the output:

perl -pe 's/#[^"]*"/"/g' | dot -Tsvg > 1.svg
perl -pe 's#</g>#</g>\n#' 1.svg | perl ds2tp > net-pheno-map.en.svg

The "background" svg file net-pheno-map.en.svg is then converted into png by Inkscape and further into jpg by ImageMagick (to be used as a background). Finally, I open inkscape again and:

  1. create a new file
  2. "jessyink: install"
  3. import the background jpg
  4. create a few rectangles
  5. "jessyink: view" to tag the order of the rectangles
  6. save as net-pheno-jbm.en.svg, the "slides" linked to at the beginning of this post.

I did this on mepis 11 with inkscape 0.48. Note that the default jessyink does not work. I had to remove the /usr/share/inkscape/extensions/jessyInk* files and decompress the file downloaded from the official site. For details of using jessyink, please read Tim Teatro's tutorial.

a failed version: displayed as stair-case text in inkscape The following are a few suggestions to the graphviz team and inkscape team. I apologize for not filing official and separate bug reports and/or feature requests due to my laziness. I hope this blog post proves to be useful to the FLOSS community nontheless. First comes some bug reports:

  1. You can see that the relative positions between the background image and the rectangle "view" boxes are not exactly consistent between firefox and inkscape.
  2. Somehow applying jessyink to the original svg file net-pheno-map.en.svg produces an svg file without special effect. That's why I resorted to producing the jpeg file as a background image to be imported again in a new jessyink-svg file.
  3. Originally I used a slightly longer script to generate the background svg file net-pheno-nocr.en.svg. This file pack several "tspan" tags into a single textPath tag and is slightly more concise than the successful one (which has multiple textPath tags each containing tspan tags). However, in inkscape it displays in a staircase manner -- much like how text files with line feed (\n) but without carriage return (\r) displayes in DOS. Or windows. Whatever. It displays ok in firefox 4.0.1. I didn't study the svg spec, but it seems that the way firefox renders it makes more sense to an end user.

Here are a few feature requests that could make graphviz and jessyink to be an interesting alternative to prezi that appeal to people with the vim/regexp/grep/sed/awk/perl mindset (like me). It would be nice if

  1. there is a gettext-like capability in graphviz so that a graphs in different langages can be created from the same .dot file (with language sections, or plus language files);
  2. edge text can be specified to flow along the path in graphviz, with multi-line text support;
  3. every svg object, or at least every group is automatically treated as a view;
  4. the relationship among views is tree-like instead of linear;
  5. additionally, the user can optionally assign one or more customized linear orderings of views each representing a series of slides for a separate talk;
  6. the relationship among views and the linear order(s) can be defined in graphviz source file;
  7. there is an overview mode displaying the tree of views within a slide just like what we already have now for the entire set of slides -- the "index slide" displaying the list of slides within a jessyink file;
  8. change of views can be triggered by clicking on an object, a group, or a manually defined view;
  9. ESC or some other key takes us to the "parent view" in the view hierarchy;
  10. the gesture of defining a rectangle by drawing its diagonal dynamically creates a view and immediately takes us there;

With these features and whatever other more ingenious ones the FLOSS community come up with thru further discussions, I am sure few sane mind in the future would insist on using MS Powerpoint for presentation. For me, the only other attractive alternative to this combination would be the Anti PowerPoint Party's suggestions.

Tuesday, November 30 2010

Why and How I Join the Cloud Hype, and So Can You, Free Culture Amigos!

For those of us who have been using GNU/Linux, full-steam cloud computing began with ssh -X or VNC long time ago. For those of us who have contributed to Wikipedia or OpenClipArt or OpenStreetMap, the real benefit of cloud computing lies in the web 2.0 / read-write / prosumer / Pro-Am culture that emphasizes transparency, democracy, freedom of speech, collaboration, etc. Yet recent hypes smelling suspiciously of more-than-proper commercial interest seem to mislead the general public away from the true values of cloud computing and into expensive products that might lock in users. Lacking an exact and precise source of confusion to debunk the hype, I suggest that fellow advocates of the free culture movement jump on the cloud bandwagon and compete with the hype generator(s?) for the seat behind the steering wheel, popularizing the free culture concepts during the competition, as a peaceful way of fighting the cloud hypes.

In response to readers' suggestion to look at the cloud hype, I first wrote in May about Microsoft and Taiwan government's collaboration to invest 2.4*10^10 NT dollars smelling badly of corporate greed exploiting public ignorance while feeding on government resources. Seeing that the hype in Taiwan grows stronger and stronger each day, I wrote two blog articles in Chinese ( SaaS and PaaS history) and received some attention. Then I pasted the blog articles into a paper and presented it in one of the many academic cloud conferences. Later I read Carla Schroder's piece Keep Your Cloud, I'm a Customer Not a Consumer and realized that the extensive hype is not limited to Taiwan alone. So I decided that the paper is worth translating into English (with slight modifications), as: "A Brief History of Cloud Computing (Before the Commercial Hype) and Purchasing Suggestions".

Just like solar energy can be used to create a cooling system to combat the heat it brings about, or the greed and lack of trust of a scam artist group can be turned against itself, so can we turn the cloud hype into something productive and make it benefit the society.

  1. Let's write a whole bunch of academic papers (which usually I am not fond of doing) and blog posts talking about the success stories of deploying FLOSS such as all kinds of wikis and CMS like Joomla/Drupal/Wordpress/Xoops/..., but using cloud computing jargons.
  2. Let's talk about repeated exploits on old IE's as a problem of flying into the cloud without safety measures.
  3. Let's talk about the importance of remix culture, why creative commons licenses help, why software patents hurt, etc. in light of cloud computing's superior work flow model.
  4. Let's talk about network neutrality, government transparency, citizen journalism, etc. from the viewpoint of a society heavily dependent on cloud computing.
  5. ...

In fact, I even volunteered to organize a session devoted to "Cloud Technology and the Society" (English draft) in an upcoming academic conference to be held in March or April 2011, an academic endeavor which I usually shun. Like those whose motives are selling more "cloud software", we can also appoint ourselves as cloud experts. Unlike them, we do have solid experiences of actually using cloud in a collaborative way to share with the confused public. As Microsoft and other interest groups engage in selling their software products as cloud computing's technical solutions, so should we engage in selling the collaborative experiences of the Wikipedia project and the likes as cloud computing's social advantages. And then let the confused public decide which flight towards the cloud looks safer, more convincing, and more economical.

A Brief History of Cloud Computing (Before the Commercial Hype) and Purchasing Suggestions

Chao-Kuei Hung

Associate Professor
Information Management Department
Chaoyang University of Technology


(Taiwan) Government is about to invest 800M US dollars to promote the cloud technology and expect to create an industry worthy of 30B US dollars in value. Yet one of the advantages of cloud computing is saving money. So how do these figures make sense? Who stand on the paying side of the 30B US dollars? University professors are not just partners of the commercial sector. They must not forget that they are also employees of their Universities who may be the purchasing party, and that they are also educators. University professors need to investigate the cloud computing trend or hype from a consumers' point of view. This article summarizes a brief history of the cloud computing before the commercial hype, and provides suggestions about buying wisely. Cloud computing is intimately related to the "small pieces loosely coupled" phenomenon of the web 2.0 trend. Observations show that many enterprizes, organizations, and universities have rigid working flows and administration cultures that go against transparency, democracy, and loose coupling, which are essential features of a successful cloud computing deployment. We suggest that the success of a cloud computing deployment lies not so much in buying expensive products as in changing the working flow and administration culture.

keywords: cloud computing, wiki, transparency, flattening, web 2.0, read-write web.

A Brief History of SaaS

Telnet is the earliest SaaS (Software as a Service). Its development started in 1969 and finalized in 1983. It is equivalent to the all-text version of VNC (see below). Some computer geeks are used to browsing using lynx, reading/writing mails using mutt (or pine or elm), editing text files using vim, ... For these people, telnet is the most complete cloud computing solution that put all application software in remote servers.

In view of telnet's security concerns, Tatu Ylönen developed in 1995 ssh, a protocol encrypted from end to end. Later versions of ssh has the X Forwarding feature capable of forwarding any GUI application from the cloud to the local machine. An ssh -X user is the earliest, most complete cloud user. There is no single cloud technology that fundamentally surpasses ssh -X. For example, collaboratively editing the same text file using ssh -X is not that different from a wiki. The write and talk commands in the 20th century is a fundamental form of instant messagengers (which are also SaaS). Of course the newer forms of SaaS have more features. For example, wiki as a partial replacement for Microsoft Word have additional features such as history, version comparison, and self-registration. But it does not show that wiki has any technically fundamental improvement over ssh -X. Any advanced feature proposed by cloud providers can be realized by writing a "localized version" of an application and "cloudified" by ssh -X in principle. The author believes that the most significant value of introducing cloud computing for an organization is building a new working culture -- the web 2.0 wiki culture (or read-write web culture, or the prosumer culture). Yet for an organization not ready yet to deal with the huge challenge of "changing work culture", the ssh -X way of realizing cloud computing is not only cost-saving and efforts-saving, but also provides the following advantages:

  1. This is the most mature SaaS with the richest set of applications. Every existing application can be a service for the ssh -X SaaS solution.
  2. Maturity also results in better security.
  3. Existing and familiar file formats can be used, which is important in terms of long term document preservation and hence organization sustainability without depending on the good will or even the existence of specific software company.
  4. It is easy to use simple scripts written in existing scripting languages to extend or even mashup the existing SaaS services.
  5. When there is a need to develop new applications, existing single-machine API (Application Programming Interface) are PaaS. Programmers need not waste time learning newly developed proprietary API that have not stood the test and scrutiny of the netizens.

It is quite convenient for various versions of Linux, BSD, Mac OSX, .... to use ssh -X. MS Windows users need to install an X Window Server (yes, the software running at the local machine is called the X server whereas the piece running in the cloud is the X client) such as Xming X Server. VNC developed in 1999, on the other hand, lets users of any operating systems to use each other's desktop (provided they exchange passwords). For security concerns, it is suggested to go through an ssh tunnel. There are also SaaS applications based on VNC such as iTalc, a software screen broadcasting tool. The earliest similar technology on MS Windows is RDP appearing in 1998.

As we advance into the www age, the most popular SaaS that emphasize the web 2.0 read-write culture is wiki. Next to wiki are the Content Management Systems. Google using these words along with "comparison", one can find a plethora of existing software such as Xoops, Joomla, and Drupal, which can serve as a basis for SaaS. At one point there was a trend of "webalizing" all applications. If an organization was wise enough to choose one of these FLOSS (Free/Libre/Open Source Software) alternatives to build their own private cloud for SaaS (which are terms that didn't exist back then of course) instead of writing their own using proprietary technologies, it would have not only saved money but also enjoyed these benefits:

  1. These widely used systems tend to be more secure than customized proprietary systems because the former have much wider audiences.
  2. These services welcome any browser.
  3. For systems that are to be accessed by outsiders, these solutions are better than proprietary solutions in terms of search engine optimization.
  4. New features can be implemented as plugins or extensions.
  5. Various systems for personnel, purchasing, stock management, announcement, ... can be loosely integrated. Every employee needs only one account (instead of one for each system).
  6. Learn once, and use it everywhere. Employees need not learn various different kinds of web systems.

Successful Joomla sites and Drupal sites abound. And then contrast these with organizations that bought expensive proprietary tools and spent extensive human resources, only to build self-defeating sites or information systems (Chinese) and drive themselves into self-censorship about security problems (Chinese) when the only version of browser (IE 6) that they serve are shown to have serious security problems. People who know about SEO choose these FLOSS to build their SaaS as private clouds not mainly because of price but mainly because of many other technical reasoning.

Many more cloud applications have already been in wide use before the commercial hypes, such as:

  1. file sharing: nfs developed by Sun at around 1984, and smb developed by Microsoft based on IBM's product (which is known as "network neighborhood" in layman terms, and which is not quite a mature cloud product because it is limited to local area networks);
  2. webmail services;
  3. word processing: gratis, ad-sponsored, and paying wiki services, google doc, ...;
  4. online maps, online translation, online photo albums, ...

Each and everyone of the above SaaS supports clients from any operating systems including various versions of Windows, Linux, and MacOS. Why is this important? The story of proprietary information systems locked into a particular version of IE vs the open source CMS should be an important lesson for us. MS Windows is without doubt the most popular desktop systems today, but it is not so easy to predict which operating system will dominate the market five years from now. In a world where the smart phones are becoming ever important and where Windows does not compete well in the smart phone market, the wisest thing for technology purchasers to do is neither discarding Windows immediately nor ignoring other operating systems completely, but rather to take care of clients of all operating systems accessing the cloud.

Incidentally, most of the above SaaS has a Free/Libre/Open Source Software solution except the online map. Open Street Map is not yet competitive with googlemaps whereas replacing google doc with wiki might cost some formatting control details. Each of the other services can be setup using FLOSS. There is even an xrdp as an alternative to Microsoft's rdp. Why is this important? Setting up a private cloud using proprietary technology requires complicated licensing calculations based on the number of clients connecting to the cloud service, a problem which is absent in FLOSS solutions. For an organization planning to buy ready-to-use cloud services, the scalability and reliability features would be much more worth the cost than the SaaS software licensing price.

Finally, the social networking tools such as twitter, plurk, and facebook are all examples of SaaS. Once again, we see that the challenge for an organization to deploy cloud computing lies more in the change of administration/working culture than in buying advanced software. It is hard to imagine how an organization can benefit from buying/renting expensive SaaS software if they have not successfully used these gratis cloud services (or an even older cloud tool -- blogs) to advertise themselves.

A Brief History of PaaS

Remote Procesure Call appearing in RFC 707 around 1976 is probably the earliest PaaS. The author as a PhD student in Computer Science witnessed the popularity of Sun RPC. NFS as described in the SaaS section is based on Sun RPC. Microsoft RPC / DCOM continued along this line but was not widely used, possibly because it is too complicated and also because it was not open in the beginning. On the other hand Sun RPC evolved into ONC RPC which is still used even today, mostly for migrating old applications based on the old RPC to new environments.

The second wave of PaaS began in 1998 as XML-RPC when http and xml became mature. This open protocol collaboratively developed by UserLand Software and Microsoft evolved into SOAP (Simple Object Access Protocol).

Around 2000, REST (Representational State Transfer) appeared in response to SOAP's complexity. It is more a design style than a standard. Instead of invoking complicated XML structure to define a protocol, it treats a simple URL as a way to "call" or "retrieve" a remote resource. Apparently REST is gradually replacing SOAP as the most popular way of providing PaaS. [1, 2, 3] This is consistent with the "small pieces loosely joined" trend of the Web 2.0 / read-write web culture. AJAX technology appears to be the best compliment to the REST style as prominently demonstrated by google maps.

One PaaS by itself is hardly interesting at all. For an end user, only SaaS is truly useful. Yet there would be (probably more than one) SaaS implementation if an PaaS turns out to be useful/interesting. There is no point in buying a complicated PaaS product, only to hire a programmer to develop SaaS on it. For an PaaS application to be interesting and worth of monetary and/or human power investment, it usually means mashing up two or more PaaS into an SaaS. Mashing up google maps with google calendar (Chinese) is a simple example. ProgrammableWeb collects a directory of freely available PaaS's, and their mashups. It was built around Oct 2005 according to the way back machine. (But of course the term "PaaS" did not yet exist back then.) Every PaaS programmer should know of this site, which grew from a 26x26 matrix to a huge collection of more than 2000 PaaS's and 5000 mashups. S/he should also know of Google Maps Mania, which reports interesting google maps mashups and which can be seen as one column (or one row) from ProgrammableWeb's collection.

Purchasing Suggestions aboud PaaS

The following are purchasing suggestions aboud SaaS based on the author's own experiences and historical analysis.

Most small and medium-size businesses don't need PaaS. If SaaS is like a ready-to-serve meal, PaaS is like one piece of a kitchen recipe. It takes cooking (programming) efforts to turn one or a bunch of PaaS's into something edible. For most SMB, it makes much more sense to simply use existing free SaaS such as wiki, google doc, or CMS (especially the FLOSS ones).

Of all businesses and/or organizations that could benefit from PaaS, few are ready to challenge their own working culture and successfully deploy PaaS. Take rss mashup (Chinese) as an example. It can be very useful for a University. Each department or office can have its own bulletin board manifested as an rss feed, and the home page of the University can have a mashup of all these rss feeds. Each rss being a REST example, this is the simplest form of PaaS mashup and requires hardly any coding. Each department or office can go one step further and make good use of tags if they use blogging systems in place of existing complex information systems (which are, sadly, typical in Taiwan). A student could subscribe to the "workstudy" tag of the mashup so that s/he can focus on all announcements related to workstudy opportunities regardless of its source . Yet most universities' long history of building centralized and integrated information systems for the past one or two decades has also built an administration culture that runs completely against the "small pieces loosely joined" trend of the internet. Such suggestion probably seems quite foreign, if not outright ridiculous, to the administration.

Of all businesses and/or organizations that are capable of changing their working culture and thereby successfully deploying PaaS, most will use PaaS on the client side (calling side) of PaaS. For example, I was on the client side (calling side) of PaaS in the google map - google calendar mashup example. Besides, this kind of mashup requires IT staff of certain level of programming capability. Moreover, it is wise to make use of mature, popular, and public PaaS interfaces listed in ProgrammableWeb rather than some obscure proprietary PaaS's for long term considerations. These organizations have no need to purchase PaaS products.

Those that can benefit from the **server side** of a PaaS don't need to buy PaaS products. These businesses and/or organizations should have a group of engineers who are more familiar with cloud technology, in particular REST+AJAX, than the author is. If they find existing cloud tools (such as hadoop of apache) not entirely suitable to their purposes, it makes much more sense to develop extensions/modules/plugins for existing FLOSS frameworks than buying some obscure proprietary PaaS product. A whole army of international developers are there for one to consult. By the way, it is interesting to note the kind of business that can benefit from the **server side** of a PaaS. If the business is also its only user from the **client side**, then very likely there are already FLOSS solutions that can directly provide a ready-cooked SaaS. A PaaS provider is meaningful probably only if it is listed in ProgrammableWeb. Yet that entails providing these services to arbitrary clients on the internet. In this case, note that each client (calling side) of a PaaS is a web site in its own right, which means that each client has its own set of clients! Two corollaries follow. Firstly, advertisement/visibility would be an important element of the businesses of this PaaS provider. Secondly, not too many businesses are capable of doing this. This PaaS provider would be some kind of internet company. PaaS provided by Plurk and Twitter for bloggers to embed into their sites are concrete examples of this situation. For a business to go this far, they must have a much better understanding of attention economy and cloud computing than the author and most professors. In other words, this is not a typical SMB cloud buyer.


IaaS (Infrastructure as a Service) is not discussed in this paper. Products at this level need to provide scalability and reliability, which do have associated physical costs that are absent in SaaS and PaaS. Besides, it has a relatively simpler history. There is less controversy around it from a consumer's point of view.

The SaaS and PaaS solutions presented in this paper may not be unique nor the best suitable to your organization. Nor is this paper meant to invalidate all non-gratis public cloud subscription services and non-gratis private cloud setup services. Yet organizations are highly advised to ask their IT staff to take note of these existing gratis solutions listed in this paper before making unreasonable investment in suspicious cloud products. Deploying some of these existing gratis solutions can serve as low-cost experiments for the organization, and as a yardstick against which more costly products can be compared.

Office software is the easiest to understand and easiest to perceive the difference when an organization goes cloud. It so happens that we are at the cross road of replacing .doc files with something new. The road of least resistence is of course remaining with .doc file if an organization is not yet ready to think about long term document preservation. On the other hand, if an organization decides to make a change, going .odt is certainly a much better alternative than going .docx, which is under patent threats. There is however a third alternative. If one thinks about it, MS Word is the most used software other than the browser and is certainly most worthy of going cloud. But wiki and/or google doc is exactly what the cloud version of word looks like. The Wikipedia project uses mediawiki as the cloud collaboration tool for its contributors. It does not have fancy formatting or annoying flash, and yet it enjoys extremely high traffic. This global project is the most successful large experiment of "using wiki as the cloud version of Office" and it demonstrates how a well-coordinated web 2.0 working culture can achieve natural search engine optimization. In a university for example, many administrative tasks can be greatly simplified if Office software and complicated "information systems" are partially replaced by wiki. Think about scheduling a meeting with students, preparing meeting agenda, gathering faculty publication statistics, etc.

The lack of wiki adoption in universities shows that most universities are not yet prepared to change their working culture / administration culture even for the simplest, the most effective, and the least expensive cloud technology. It is hardly persuasive at all for professors who have no experiences in using wiki to participate in developing and selling less influential and yet more expensive cloud products. A university professor should be more than a partner for software companies. S/he should exercise academic integrity in choosing the best cloud technology for her/his employer -- university -- which costs little and brings about real values in the web 2.0 read-write internet age.

Sunday, June 6 2010

Human Rights Eroding in the Name of Copyright Protection

(submitted to Taiwan Branch of The Association of World Citizens.)

Human rights are gradually eroding at several fronts as international interest groups lobby and pressure governments all over the globe to "protect copyright" using big-brother-like information and communication technologies (ICT).

Microsoft's WAT component for Windows 7 validates a user's computer, every 90 days, against its constantly updated database. The motivation looks innocent -- it's just a technical measure deployed against potential piracy. After all, people who respect Microsoft's copyright have no need to worry, right? Yet Microsoft's track record of disrespecting users' fair use right (g: "fairuse4wm controversy") and disrespecting users' will not to upgrade (g: "windows stealthy update") indeed provide reasons for us to be worried. Imagine that a world-wide government installs tiny robots at everybody's home, constantly watching for wrong-doings of your family. And the software of the robots can be remotely upgraded by the government whether you like it or not. If we can accept WAT, we can certainly also accept such invasion of human right and privacy by the government.

Apple's customers cannot exercise their rights over their own physical properties -- the iPhones for which they have paid Apple. Apple forbids its customers to install software programs other than those provided by Apple's iTunes App Store. (g: "eff jailbreak") Imagine buying a house and being forbidden to put any furniture into it except those explicitly allowed by the construction company. If we can accept Apple's control over its customers, we can certainly also accept such invasion of human right by the construction company.

Amazon's Kindle e-book has a piece of software that not only sends user's information back to Amazon but also sends Amazon's commands to Kindle whenever the user connects to its online bookstore WhisperNet. What commands have been sent? Instructions to delete books (with a corresponding refund), for example, in the name of Amazon's respect for the publisher's copyright. (g: "kindle Orwell") Imagine that the Big Brother collects everyone's reading habits and notes as well as deleting any books/articles/forwarded emails that he deems "ungood" and harmful to the society. If we can accept Kindle's remote removal of already-purchased books, we can certainly also accept such invasion of human right and privacy by the Big Brother. Speaking of Big Brother, the books deleted happen to be George Orwell's "1984" and "Animal Farms".

The blu-ray discs employ a complicated but vulnerable DRM (digital rights/restrictions management) encryption system called AACS as a measure of copyright protection. A user who has lawfully bought such a disc and who uses a less popular operating system such as GNU/Linux will receive no supports as to how to play the disc on her system. So such users collaborate to help each other play blu-ray discs on their computers. When a user posted a 16-byte number beginning with "09 F9" on a news site Digg, the AACS Licensing Administrator demanded Digg to take it down. (g: "09 F9 controversy" also search for "09 F9" images) Imagine that a publisher sells you books whose printed words are only readable when you wear their special glasses. You figure out how to bypass this restriction and share your knowledge on the internet, and then the publisher harasses you and the internet forum with legal threats. If we can accept AACS LA's censorship of such a short number, we can certainly also accept such censorship of speech by the publisher.

Can we accept all of this? We already do, even happily paying for the privilege of possessing these beautiful golden handcuffs and diamond leg irons. The Universities are largely silent about these incidents and the damages to human rights that they bring. They have left the education business to the creators of these technologies, and the latter have, through advertisement and propaganda, focused on teaching consumers about the enjoyable aspects of these technologies while leaving out the inconvenient aspects about their conflict with human rights.

drm 'security' model In fact the majority of the ICT professors may have even given up their academic integrity by remaining silent to the DRM scam artists' global-scale endeavors. In a normal security model, the information flowing from A to B is assumed to be exposed to the interception of eavesdroppers. An important rule "Kerckhoffs' principle" states that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. Yet the DRM "security model" treats the receiver of the information (the consumer) as one and the same as the eavesdropper. This necessarily requires the DRM system to give up the Kerckhoffs' principle, thereby rendering it breakable regardless of the technology it employs. (g: "Kerckhoffs drm" and "obscurity drm")

In non-technical terms, the DRM supporters know that the system is destined to be broken and yet they mislead the copyright holders to believe that their work can be "protected" by DRM. The ICT professors largely remain silent. To save their destined embarrassment, the DRM supporters went along to pressure the USA government to pass human-right-invading laws such as DMCA (Digital Millennium Copyright Act), and then to force its variants in the form of ACTA (Anti-Counterfeiting Trade Act) upon other governments. (g: "eff dmca" and "acta secret") The net effect is that these broken technologies along with their supporting laws can be used by these ICT companies to play the role of the Big Brother in George Orwell's dystopia "1984" (only more efficiently), to censor speech for example, while failing to deliver their promise of copyright protection.

We as a free society have to challenge this trend of erosion if we care about privacy, physical property right, freedom of speech, and other human rights in general. All this happens due to lack of public awareness. Interestingly, the best tool we have against this suffocating trend also happens to be an ICT artifact -- the Internet. By disseminating online (and offline) the above stories, facts, and search keywords, we can bring the public to be aware of what basic rights they are giving up as they purchase DRM-infected technologies. By disseminating online (and offline) the ideas about creative commons, free culture, and attention economy (each of which requires at least an entire article to discuss), we can bring the public to be aware of the new possibilities and benefits for the society as well as for each individual writer/artist/creator if s/he chooses to share her/his creative works with the world instead of guarding them as "intellectual properties". Hopefully we can not only stop the erosion of human rights but also empower digital consumers to take advantage of the read-write nature of the web 2.0 world, becoming an informed, dignified, and influential prosumer.

* Note: 'g: "abc xyz" ' means 'please google "abc xyz" (without the quotes)'.

Saturday, May 22 2010

Calling FS Community for Help in Debuking Cloud Hype

Recently in Taiwan, there is an unsubstantiated hype around cloud computing which claims to be able to produce one trillion (10^12) dollars worth of output value with 24 billion (2.4*10^10) dollars investment from the government. (Numbers are in NT dollars.) I am not completely against cloud computing; but such numbers are ridiculous when most of my colleagues (ICT professors) can't even take good advantage of wiki. It smells badly of corporate greed exploiting public ignorance while feeding on government resources. The most intriguing part is that it does not seem to come from google, the first cloud company one would think of. The major force behind the hypes seems to come from some much bigger company based at Redmond, which does not look like a cloud company to me. Thus I write an article (see link at end) for the general public to understand cloud computing using wiki as an example.

I need the your help to polish the points made here. I trust my FS fellows, both in terms of knowledge and good will, much better than the ICT (Information and Computer Technology) professors in Taiwan who might come forward as self-appointed cloud specialists. In fact I expect that this article might eventually be challenged by the latter group since it will help the consumers see the absurdity of such extreme costs in a technology that was claimed to save people money. It is also a good opportunity to introduce wiki as both a piece of FS and a successful way for the FS community, and free culture community in general, to cooperate globally. An additional benefit is to leverage the cloud hype against Microsoft's Office 2010, which might otherwise force docx's way into the public through their ignorance.

So please bear with me. I will switch to the boring mode for the non-FS, non-ICT-trained readers in the main article "Wiki As an Example to Demystify Cloud Computing"

Wiki As an Example to Demystify Cloud Computing

(FLOSS friends: please see "Calling FS Community for Help in Debuking Cloud Hype")

Cloud computing is supposed to save you money and make things easier for your business/organization. If a self-proclaimed cloud computing provider tries to sell you some expensive and fancy new technology that requires a lot of training on your employees, then be alerted that this may just be a hoax. Try partially replacing MS Word and Frontpage with wiki before buying any cloud solutions. Wiki is a minuscule, and yet most used form of cloud computing. It takes more cultural changes than monetary investment to introduce cloud computing into your organization/business. You can forget about cloud computing if your employees cannot get accustomed to this new culture of transparency, participation, and democracy.

1. Transparency is Required to Enjoy the Benefits of Cloud Computing

Cloud computing is about having someone out there taking care of your computing needs for your business/organization. Take word processing, the ubiquitous computing task in all offices, for example. You and some officemates would like to be able to use each of your Microsoft Word smoothly. You would like someone else to take care of such troubles as crashes, software upgrades, backups, viruses and other malware. You might even want him/her to take care of hardware upgrades and power consumptions. The ICT department may have already been sending people to help you with the above issues all the time. Yet that poor single computer wizard Joe Hacker has difficulty attending to the requests of the dozen of you and your officemates. Now that many things can be done over the network, can't we just share one copy of Microsoft Word in Joe Hacker's computer, so that he takes care of just one system and each of us happily using an uncrashable computer whose sole purpose is to hook one onto the network? That's the basic idea of cloud computing.

One problem with this arrangement is that Joe Hacker might look at, make a copy of, or even modify your word document as he pleases. If you take care not to put anything revealing your privacy and if Joe Hacker is loyal to your business -- not to some other company -- then this wouldn't be a problem for you. From your boss's perspective, however, there is an additional requirement that there be nothing s/he wants to hide from Joe Hacker that anyone of the dozen of you work on. In other words, the cloud computing arrangement requires transparency, at least within your own business/organization. If anyone has anything to hide from Joe Hacker, this something cannot be put into the cloud.

If Joe Hacker is not an employee of your business but instead that of a cloud solution provider, then your (and your boss's) best bet is to strictly remind yourself that only documents which you don't mind sharing with the world are put into the cloud. Joe Hacker, or more likely his employer, will of course promise you that (1) he will not look at your document and (2) he will keep it safe from the reach of anyone else, and therefore you don't need the above provisions. Now, you may choose to trust their promises, but I would rather not. Even if Joe Hacker's employer is Google or Microsoft. Especially Microsoft. Search for "windows phone home" or "windows stealthy update" to learn the history of Microsoft's respects (or the lack thereof) for your privacy and will. Also search for "KB971033 controversy" and "who owns your computer". That does not mean that you cannot turn to Microsoft as a cloud provider. It just means that you shouldn't trust secret documents to Microsoft's cloud. Or any other company's cloud.

2. Wiki is a Minuscule and Least Expensive Form of Cloud Computing

But google doc does exactly what we we have been describing. Google doc is word processing manifested as cloud computing. If you care more about the content and substance than the appearance of documents (I do), you will go one step further and think of wiki instead. My friends and I use these two kinds of cloud computing services alternately all the time. We organize a Free/Libre/Open Source conference using wiki. Wiki is word processing minus bells and whistles and manifested as cloud computing.

Both google doc and wiki offer an additional important advantage over Microsoft Word, among other cloud computing benefits: the possibility to cooperatively edit a document. It saves a lot of e-mail exchanges. I will stop praising them right here because I find it ridiculous for a business to subscribe to the cloud computing hype when the majority of their employees have no idea what benefits and improvements in communication this minuscule, least expensive, and most used form of cloud computing could bring them. If your business ever considers going cloud, start your experiments by encouraging your employees to use wiki, and then come back to finish reading this article. By the end of this article, you will be better prepared to cut through the cloud marketing hype and to make sensible negotiations and choices with the cloud provider.

* * * * *

Now that you know what a wiki is and how it works after using it for weeks if not months, you are ready to understand the cloud-related terms in Wikipedia with the help of your wiki experience.

3. Sharing the Control and Cost among Whom?

The first question is: Who are to share one installation of the wiki?

  1. If your business hosts its own wiki, you are using a private cloud. You keep full control and responsibility of your data and hardware (and software, if you use a Free/Libre/Open Source version of wiki).
  2. If your business and several other friendly and trust-worthy businesses and/or organizations share one installation of the wiki, you are using a community cloud. Your control and responsibility over the resources (data, hardware, software) are shared with your community.
  3. If you use an existing outside wiki service like wikia, wikidot, or wikispaces, you are using a public cloud.

As you go from private clouds towards public clouds:

  1. The benefit of cost reduction becomes marginal. By how much percentage does it save your company's ICT expenditures when all of your n employees share the cost of wiki server and the efforts of Joe Hacker? By how much additional percentage does it save when your company share it with m other companies?
  2. The privacy concerns grows.
  3. The autonomy diminishes.

Also, the benefits of full control and autonomy that a FLOSS installation provides reaches only as far as a (friendly) community cloud. With a public cloud, you will never enjoy the benefit of FLOSS.

If I were the boss of a for-profit business, I would certainly go for private clouds, and trust the servers only to my own employees, which means that I don't need a cloud provider at all. If I sit on the board of directors of an NPO (indeed I do), I will recommend deploying a private cloud or sharing a community cloud with sister organizations depending on whether we have an ICT employee to take care of the server. Public cloud is also possible since the transparency requirement is typically something worth striving for for an NPO anyway, although it's not very impressive to see the additional marginal cost it can save us.

4. How Much Extra Resources to Commit and Extra Freedom to Exercise?

The second important question is: how much do you bother to commit extra resources to utilize the cloud and exercise extra freedom that the cloud provides?

If you are contented with what wiki (or google docs) alone provides, then SaaS, Software as a Service is good enough for you. It requires the least of your intervention and gives you the least amount of tweaking freedom.

If you need to and are willing to write programs to collect information from your existing wiki pages, then PaaS, Platform as a Service may help you. Or it may not. Firstly, you must know by now that there are many choices of free wikis. Some may just fits your need without requiring you to code at all. Secondly, if you organize your wiki well enough, writing javascripts to collect data is far more economical (in terms of hiring capable programmers, for example) than deploying PaaS, which incurs not only the direct cost of buying proprietary solutions but also that of finding programmers who are familiar with its proprietary platform technology in a niche market. Please send your technical guy to study Google Maps Mania to see what a 0-buying cost and popular PaaS can do for you beyond SaaS (which would be plain old google maps in this case). The following questions should be answered before seriously considering PaaS:

  1. Does your organization really need to invent such new mashups of your wiki on a regular basis? If you just need one or two extra mashups that existing SaaS cannot provide, then you are better off to hire a programmer for once and write a new app for you to simply install as an SaaS component. In this case, a private cloud and/or community cloud lets you install it, but a public cloud does not.
  2. Can the PaaS you are going to buy beat, or come close to googlemaps API (application programming interface) in price ($0) and popularity? A popular PaaS such as googlemaps API attracts programmers world-wide and therefore is easier for you to find help.

In short, I strongly doubt that any organization would ever need a PaaS solution, however cheap it is. You simply don't have the expertise to make any sensible use of PaaS if this article is not too boring for you. Maybe a research team in the computer science department of a university might make some use of it. But then they should be able to build their own PaaS in the first place. I personally have some limited experiences utilizing PaaS such as mixing rss feeds and including google maps and google calendar into my page. These are examples of utilizing PaaS. Yet I don't write too many codes nor do I buy any codes even then, since I was able to find existing libraries (SimplePie in this case) from the internet, due to the open nature of the platform (in this case rss specifications). If what I did was too much for you, then any PaaS would be too much for you.

Finally, an IaaS is basically just a fancy way of refering to virtual private servers. You enjoy full freedom of doing almost anything to it, and losing pretty much all the claimed reduction of management headache that the mysterious "cloud" would bring you beyond what a virtual private server already could.

5. Conclusions

  1. You rarely need to code or to buy code. The internet is full of libre and gratis software which could be of great value to you. What's in great shortage is not code, but the awareness of their existence.
  2. A corollary to the above observation is that you hardly ever need PaaS.
  3. But if you ever did need PaaS, you certainly want either (A) an established, 0-cost public cloud whose API are published online by long-time web 2.0 companies such as google/yahoo/amazon/..., or (B) a 0-cost private cloud or community cloud whose API are again published online and whose setup requires only any capable technician familiar with existing server technologies.
  4. Taking also security/privacy concerns into consideration, the most sensible cloud solutions seem to be (A) SaaS deployed on a private cloud or community cloud (and (B) the aforementioned existing web 2.0 API if you are constantly inventing new services).
  5. Experiment with those 0-buying-cost, well-established, less hyped cloud examples before you make any serious investment into a self-proclaimed cloud provider. Google is the first company anyone would think of when asked of a cloud company. (For example, my wife answered google. Her job has nothing to do with ICT.) Google's services are popular and most of them cost $0. And yet you don't hear too much google bragging about its cloud products.
  6. Find your way to a cloud provider (who typically are too small to proclaim themselves to be a cloud provider). For example, a wiki service provider is really one of the least expensive and most useful cloud provider -- if you don't feel like setting up a wiki server yourself. Don't trust too much a self-proclaimed cloud provider that finds you, especially if they have a track record of selling problematic products that cost a lot.
  7. Last but not least important, going cloud requires a lot more cultural changes than monetary investment. Be prepared to embrace the new culture of transparency, participation, and democracy that cloud computing demands.

Further readings:

  1. Cloud hype is deafening – and will only get worse
  2. Don’t confuse SaaS with Cloud Computing,
  3. The top seven issues with Cloud Computing,
  4. Cloud Computing Inevitable? Not So Fast, Educator Says,
  5. Public vs Private Cloud Brouhaha: My Take

Tuesday, January 19 2010

The Likely Victims of This Year's BSA raid: Internet Cafe's and Other Computer Rental Businesses

Do you run a business that involves any form of computer rental such as internet cafe, for-profit computer training center, and/or hotel that provides computers for the convenience of the guests? Do you live in a country like Taiwan where BSA (Business Software Alliance) does yearly raid to small and medium businesses with the help of your government because they are pressured by, or have some inconvenient relationship with BSA? My guess is that BSA will target this new group of software "pirates" -- yes even if they have already paid for the first layer of the Microsoft taxes. But there is a way -- maybe even a much more profitable way -- out if you are willing to try diskless computers + mother tongue bootable usb keys.

Recently Microsoft quietly made it legal for businesses to rent Windows and/or Office. See for example Preston Gralla's "Windows and Microsoft Office rental: Much less than meets the eye" or Steven J. Vaughan-Nichols's "Windows goes rental". An MS Windows/Office user would be naive to read this as a good news -- especially if s/he runs a business that rents computers but has never bothered to read MS EULA (specifically, point 5).

For according to the EULA, all internet cafe's are illegal businesses -- you hear it right -- even if you have already paid for the licenses for all copies of Windows and Offices on your computers. The very act of renting it to your customers violates the EULA. So the right way to interpret MS's recent move is that: after paying MS the first time for each and every copy of your software, you can now become a legal business once you pay the second layer of the MS taxes for the privilege of renting it to your customers. How nice and charitable! Big applauses and touching music for the generous Emperor, please!

Maybe this is a good time to try a new, intimidation-free, more ethical, and more profitable alternative for your business. I will address specifically to internet cafe owners, but other computer rental businesses may also find similar opportunities using the same technology. (See the "usb boot" tag for more applications.) Consider allocating a portion of your computers to serve foreign visitors instead of the local kids playing online games. Remove their harddisks so that they are as easy to manage as a TV -- no viruses, no software crashes, no upgrades, only "power on" and "power off". Put a sign "Mother Tongue Internet Cafe" outside your business and also mark it on google maps with this term. Sell your customer a linux bootable usb key preloaded with his/her language(s), make a good profit while giving your customer a home-welcoming experience that s/he never has had elsewhere. Ask a local Linux business for technical help and share your profits with them. Then decide for yourself: which part of your business makes more sense? The windows machines with the two layers of taxes that do nothing to save you from the constant crashes and virus attacks, or the zero-management diskless machines plus the highly profitable usb key sales? Oh, yes, it is a good thing to distribute free software for a fee.

If your government truly cares about anti-piracy and also about promoting local economical activities such as tourism and a local computer industry, you should definitely explain the ideas in this article and the "internet mother tongue" article to them, maybe with the help of a local LUG (Linux User Group). We all linux users are eager to see which country is the first to tout about its friendliness towards foreigner visitors in this respect.

Sunday, October 11 2009

Please Advocate Mono to Your Employer

The mono debates [1 and 2] seem to refuse to die down. I have a proposal to settle this -- by voting. But not voting for or against mono. Let each of the voters puts his or her stake at her mouth (Please help me with a better phrase) in a symmetric way. So a mono advocate would vote by a blog post or something saying, "I, [insert your name here], recommend my employer, [insert your company's name here], to use software linked with Mono. I am willing to lose my job if my company ever gets threatened by or has to pay for the patent directly related to this library." (Again, phrasing help needed please.)

And a mono skeptic like me would vote, (by this very blog post by the way) saying, "I, Chao-Kuei Hung, recommend my employer, Chaoyang University of Technology, to use software linked with gtk and qt. I am willing to lose my job if my company ever gets threatened by or has to pay for the patent directly related to these libraries."

Now, the point is not that the assurance of a non-lawyer Chao-Kuei Hung counts at all. (In fact my Univ completely ignores my constant recommendations to use ODF for long term archiving considerations. They wouldn't even know what mono is.) And the point is not that anyone would care about me losing my job when the bad things about patents happen. The point is that the voter dares to bet his reputation for the software libraries that he considers safer in terms of legal threats. Nor is it important how much each voter's reputation counts. The more reputation a voter has, the more he risks, and the more credit/weight his votes would naturally carry. In other words, not all votes are equal.

The world at large can then have a good picture of how (legally) safe each of these groups -- the mono advocates, gtk advocates, and qt advocates -- really think and feel about what they advocate. Now of course, Microsoft employees and Novell employees don't count for the mono votes since their employers are the very ones whose patent shadow over mono worries the world. Similarly, [please help me fill in some company names here] employees don't count for the gtk votes, and [please help] employees don't count for the qt votes. There is nothing specific against these companies; their exclusion is simple logic. And one can vote for more than one library, as I did.

Hopefully from now on everyone will declare his/her vote before speaking about the mono issue, and this will become the most convincing way of advocating for any library -- mono or any alternatives.

Please comment about logic, feasibility, English grammar, spelling, etc. Personal attacks directing at Richard Stallman, Miguel de Icaza, Jo Shields, Pamela Jones, or any single person, will not be deleted. These comments will receive personalized taunts and ridicules with logic. (OK, I can't promise, but I will try my best.)