Over the last two weeks, I saw two talks. One was from RMS, yes THE Richard Stallman. The other was a panel of industry professionals on Cloud Computing, with representatives from Universities, Google, Microsoft and Amazon.
I found Stallman’s talk inspiring. I think he’s failry bat-shit, but honestly, he’s an extreme force for good in the universe, a needed extremist, if you will. I find his idealism and his adherence to principles rather refreshing, when so many times people put cost, as in bottom line, ahead of all else. One thing he said which stuck with me was basically, “When discussing free software with people, many are unwilling to be inconvenienced at all, in which case they’ve assigned a value of 0 to freedom.” It basically comes down to how much control of your stuff is worth to you.
One thing, I’ve come to realize over the years, and it’s something I keep coming back to every time I’m let down by a 3rd party: No one cares about your stuff as much as you do. This leads to all sorts of life decisions. I maintain my own cars, this way I keep the safety of myself and my family in my hands. I run GNU/Linux everywhere that is reasonable in my house, because my data and usage habits are not available to highest bidder. As a family, we made a decision for my wife to stay home with the kids instead of going back to work. All of these decisions lead back to my previous statement. As such, Stallman’s message rings true with me at a fundamental level.
When listening to the Cloud Computing Panel, I found myself getting more and more frustrated on a couple of points. Overall, there was a condescending attitude towards folks who had not yet drunk the Cloud Kool-Aid — aside from that, they talked about Security and Control. Basically, it came down to, “Just trust us”, but that’s the fundamental problem isn’t? A commercial for profit entity cannot be inherently trusted. Their purpose is generate revenue and profit. They are restricted in what they do to you, the customer, based on the contracts involved. In most cases, they have better lawyers than you who are writing those contracts. Based on this, how can anyone place unwavering trust in a business?
On the Security front, they talked about how physically secure their Data Centers are. An anecdote explained how even the COO of Some Company couldn’t get access into the place because he didn’t have the proper clearance. Honestly, anyone can lock a door and hire some rent-a-cops to keep people out, it just rang really hollow as a measure of awesomeness. They also spoke about data security of having the backups automatically done, (but be sure you clicked the right button in their interface), where as maybe your local people aren’t doing back-ups right. So, we’re suppose to trust that your people are doing backups right, but mine aren’t? Why? Enterprise Backup has been commitidized for a while now, if your people aren’t doing it right, you need new people. Regardless, no one is immune to a failure on this front: http://gmailblog.blogspot.com/2011/02/gmail-back-soon-for-everyone.html
What was more telling, however, was what they didn’t say. They didn’t talk about surface area exposure. They didn’t talk about the size of the target they represent, with the minor aside that as a multi-user platform from the start it was designed to be secure from the start — whatever that means. Most importantly, they didn’t talk about protection from Government and Law Enforcement Agencies, which if you’re not aware can be a sticky subject. Just because Vendor A distributes your data around the world to keep it safe in case of hardware failure, that data, due to it’s physical location can be subject to *very* different legal statuses depending on the country in which it’s housed. Honestly, this is one area where housing your own data trumps what any 3rd party vendor can offer hands-down on a couple of points. 1) No one is getting at any of my data without a warrant, do I have that guarantee from them? 2) Assuming someone is going to get at my data, I’m guaranteed to know about it and can take appropriate legal measures as early as possible. ** NSA and Chinese hacker groups not-with standing, but there are no guarantees with the vendor there either.
On the control front, they came up a little short for me as well. What almost everyone on the research side is worried about are the elastic costs involved. Having a “reserved instance” is a way to hedge that, but running a VPS is not revolutionary — and I can get one from any number of providers with a very straight-forward pricing structure, something for which AWS many times comes up short. Also, it doesn’t actually use cloud compute cycles for what their good for — which is scaling out dynamically to handle burst loads. They talked about all the granular controls you can have, and it turns out to be a lot of administrative overhead to get everything setup properly. For folks who have a grant and have X amount of dollars to spend, it still makes sense for them to spend some % of their grant on a (perhaps) beefy box that they own. They know the cost of that box and they have exclusive use to it. This is especially true for a research endeavor where your compute needs are only vaguely estimated at the outset
For those of you who don’t live in this world, the analogy is such: Do I make a capital investment in buying a house, which I then have for my exclusive use, or do I rent rooms in a building? I can have a different number of rooms each day, depending on my needs, which are new and varied each day.
Let’s be honest, renting time on some else’s systems is nothing new. This was the paradigm of computing basically until the micro-computer revolution of the 1980’s and PC revolution 90’s wrested control away from monolithic computing companies. It is the hard-won victory of control and ownership that the Cloud movement is asking us to give up. Don’t forget to pay your bill at the end of the month for the privilege.