Ask HN: Free Software in the Cloud?

3 points by zacharypinter ↗ HN
I've had an idea in the back of my mind for a while and would love to hear some feedback. It seems like the free software movement has yet to address the move to cloud computing. I love the reliability and availability of web services like remember the milk and dropbox, but constantly find myself wanting to add small features here and there. Of course, that's the limitation of SaaS. You don't have the source and you can't make improvements.

So, what would it take to make a scalable, cloud environment for open source software? I assume the three key ingredients would be:

* Distributed File System (all data public, private data gets encrypted)

* Sandboxed Map Reduce

* Public keys as account identifiers

Any additional tools should be able to be built on top of those three. The idea would be that people could contribute CPU and Storage resources to signed versions of applications they like. Since all the data is public, somebody else could fork an application and still have access to all its files (and the files of other users). If a fork gains enough popularity, then people will dedicate their CPU/Storage to it instead.

Any thoughts? Are there any loopholes or security issues I'm missing that would make this unfeasible?

2 comments

[ 2.7 ms ] story [ 18.9 ms ] thread
Perhaps you and I should talk. We're working on something in this direction at the moment, based in part on our existing systems and cloud management tools.

But, because we don't see an immediate way for it to pay for itself (and the investors we've floated the idea vaguely before aren't too interested at this particular moment in history), we're being a bit cautious about actually deploying...but there is a long history of corporations, governments and schools donating mirrors for Open Source file service...no good reason why they shouldn't do the same for cloud-based Open Source services.

The existing tools generally are somewhat less oriented towards sandboxing than they would need to be for this to be feasible today, but it's definitely not an unimaginable future. Trust in widely distributed filesystems is also a problem that isn't entirely covered by existing tools; though the techniques for insuring trust are obviously well-known and understood by a small set of developers.

But, if you assume a distributed VCS as the starting point (git is, I suppose already capable of verifying itself and its contributors), a distributed trustworthy key/value (Tokyo Cabinet or similar with contributor signatures built in) as the configuration source, and distributed trustworthy map reduce and relational databases as the data store, it'd begin to look like something usable.

It introduces problems that current web services and even cloud hosting services don't have to solve, though, which is potentially untrusted machines being part of the cloud and holding the data. Going fully distributed means you don't have any single source for trust information. And, key signing parties are so 1991. I'm not sure exactly how to solve that one. It's not impossible, it's just one of those problems that I don't see an immediate solution for. Short-term, perhaps a single trusted source for keys would be an acceptable solution until a network of key-signing entities could spring up. Alternatively, traditional SSL certs could be used with the usual crappy process of issuing them.