Ask HN: Free Software in the Cloud?
So, what would it take to make a scalable, cloud environment for open source software? I assume the three key ingredients would be:
* Distributed File System (all data public, private data gets encrypted)
* Sandboxed Map Reduce
* Public keys as account identifiers
Any additional tools should be able to be built on top of those three. The idea would be that people could contribute CPU and Storage resources to signed versions of applications they like. Since all the data is public, somebody else could fork an application and still have access to all its files (and the files of other users). If a fork gains enough popularity, then people will dedicate their CPU/Storage to it instead.
Any thoughts? Are there any loopholes or security issues I'm missing that would make this unfeasible?
2 comments
[ 2.7 ms ] story [ 18.9 ms ] threadBut, because we don't see an immediate way for it to pay for itself (and the investors we've floated the idea vaguely before aren't too interested at this particular moment in history), we're being a bit cautious about actually deploying...but there is a long history of corporations, governments and schools donating mirrors for Open Source file service...no good reason why they shouldn't do the same for cloud-based Open Source services.
The existing tools generally are somewhat less oriented towards sandboxing than they would need to be for this to be feasible today, but it's definitely not an unimaginable future. Trust in widely distributed filesystems is also a problem that isn't entirely covered by existing tools; though the techniques for insuring trust are obviously well-known and understood by a small set of developers.
But, if you assume a distributed VCS as the starting point (git is, I suppose already capable of verifying itself and its contributors), a distributed trustworthy key/value (Tokyo Cabinet or similar with contributor signatures built in) as the configuration source, and distributed trustworthy map reduce and relational databases as the data store, it'd begin to look like something usable.
It introduces problems that current web services and even cloud hosting services don't have to solve, though, which is potentially untrusted machines being part of the cloud and holding the data. Going fully distributed means you don't have any single source for trust information. And, key signing parties are so 1991. I'm not sure exactly how to solve that one. It's not impossible, it's just one of those problems that I don't see an immediate solution for. Short-term, perhaps a single trusted source for keys would be an acceptable solution until a network of key-signing entities could spring up. Alternatively, traditional SSL certs could be used with the usual crappy process of issuing them.