"... the standards should enable easy and complete data and service portability, and a high degree of interoperability between cloud services, in order to increase rather than limit competitiveness."
Come on HN, let's help the EU. Anyone got any great ideas? Because I don't even understand the question, much less what the answer would be.
Edit: notice how everyone is just "assuming" what they mean. The problem is not well defined.
I think they mean it should be easier to migrate from one operator to another. I am not familiar with the difficulty of that since I don't use any cloud services.
There's been some work over the last 4 or so years on producing cloud abstractions to enable a multi-cloud approach (effectively trying to provide a sensible API that can work independently of a particular cloud provider). Projects like OCCI http://en.wikipedia.org/wiki/Open_Cloud_Computing_Interface have published documents on how this would look
Personally my take is that the proposed abstractions are too low level to be of genuine use as an abstraction layer across cloud providers - but I'm biased in that I was involved in the research and development of a higher-level abstraction that provided something closer towards a PaaS approach - roughly equivalent to provisioning an instance (with disks and networking as required) and configuring it with puppet (this was back in in 2007 though).
The general attitude I've got from cloud providers when I spoke to them is that small providers like the idea of standards (reduces barrier to picking up their service) and big providers have no motivation to allow such mobility or multi-cloud use.
Personally my take is that the proposed abstractions are too low level to be of genuine use as an abstraction layer across cloud providers
Yeah, what vagrant has been able to acomplish so far is an example of this. There are many features that only work on some providers, usually just VirtualBox, and the AWS support is largely limited to controlling instances (vs configuring them).
I think it'll get there eventually, but there's not a lot of motivation/incentive from the established players.
Not to be reductive but isn't IMAP the protocol to use for that? Although I don't fancy the idea of legislating that e-mail providers must use IMAP (and if I picked a mail provider without it I'm assuming they'd have a compelling security feature or something...)
Some webmail services, notable hotmail, do not offer an IMAP interface. That service is exclusively a premium option, which is required if you ever want to transfer your emails away from their service. I actually done such transfer once, which felt eerily like paying a ransom.
Thankfully, gmail do not keep your emails hostages like that, and users can transfer their property away into a private servers if they ever get tired of the constant spying-for-profit.
My understanding is that Outlook.com (which I think is their rebranding of hotmail?) supports IMAP at no additional cost starting this year (although take that with a grain of salt, I'm pretty sure I remember hearing about that but I don't use the service myself)
I think the parent was suggesting a consumer-friendly method of that -- for example Gmail.com would provide a button that lets the user download a single file, and Outlook.com would accept such a file.
Yeah, that's why I was wary of being reductive/dismissive - but there's a lot to be said for a protocol that exists and has traction (and where the quirks are known). Although you could probably say (quite reasonably) that some Mbox variant would meet that definition also. I certainly wouldn't object to such a thing!
Is the EU parliament really the body we want setting standards for interoperability? Things like this typically result in unintentional externalities that cost providers money and impose compliance burdens that are quickly out of date.
I appreciate the sentiment regarding security and interoperability, and they might be able to declare their intention to procure only systems that meet X standards, but I hope they refrain from broader impositions on commercial users and cloud providers.
NSA articles aside, I see businesses fleeing regulatory burdens faster than the possibility of surveillance.
Yes, and the problem with having to support these approaches is it limits the ability of a provider to innovate when it has a model that doesn't fit the abstraction of the API (e.g. look at the speed of innovation at AWS, standards bodies would have a tough time keeping up with that)
This is a bold move, and much more significant than some attempt at standardisation that probably won't work.
It will make it more expensive to hire a VM, probably, and I wonder if there will indeed be any benefit (given that cloud providers will have to start vetting and inspecting the source code on the VMs people are running - potentially taking away all the benefits of programmatic instance deployment.)
Oh great, the useless bunch who brought you the cookie law will now take on cloud interoperability. And UN, another highly effective institution, will take on spying. I feel safer already.
Does anyone here really believes that any of this is going to make a measurable, positive difference in a regular Internet user's life? That somehow more government meddling is a cure for government meddling? Weren't European spy agencies cooperating with the Americans?
It's yet another power grab of the "no crisis should go to waste" kind.
They are also the same group that brought us usb charging for all phones (or at least throw around enough threats like this one for manufactures to start using usb cords for charging for the more pedant among you).
Hah, phone manufacturers, agreeing on a standard instead of gouging people by selling expensive chargers!
I think that there was a draft EU directive to standardize on mini-usb, but it was scrapped after manufacturers voluntarily complied. Apple argued that their usb cable to lightning/doc connecter (which can charge from any usb charger/port/etc.) was required for analog speaker docs and the like, and the EU let it pass.
Unfortunately, scores of people here on HN and elsewhere believe in those acts.
Anyway, I'm not gonna repeat the usual libertarian 'crap', I just want to add, that the justification of regulation governments enjoy is what makes them possible to eventually go a litte bit 'over the edge' like the recent Snowden scandal.
I've been hoping for years that the EU will eventually mandate that a service must be obliged to delete on request - irretrievably, not by merely flagging it as "deleted" - any data held about a given individual.
To me, this is a natural part of the concept of privacy. I can have momentary privacy: the assurance that nobody is currently watching through my window, listening to my phone calls, or reading my emails as I send them. But there's no assurance of future privacy if we don't have the right to destroy our old data, wherever it may be held.
When people provide an entity with information, they're doing so under the framework provided by current legislation regarding privacy and freedom of information. If these rules are subject to change - through new anti-terror legislation, for example - their information may become accessible in ways that they did not expect when it was originally provided.
I don't think it's possible to maintain any real sense of privacy while this remains the case. How can your data be considered private when it can be opened up for inspection at a later date, under a different regime? There's currently no way to participate in a connected economy without giving away your future right to privacy.
Edit: and the reason I've been hoping the EU will do this is that, realistically, nobody else will.
Oh goodie goo, another mandatory standard by the people who brought us the EBICS bank standard, which is a freakishly complex reinvention of SFTP.
With EBICS, you transmit a bank command file by encrypting, encoding and wrapping it as CDATA into an XML file and then repeating the process. You have to use different kinds of wrapper files with different kinds of intricacies for each type of file you might upload to your bank.
The whole specification is 200 pages, and all it does is transfer files.
I dont reallt care if facebook tracks me through iframes or if google tracks me through analytics.
I volunteered to go to a website, that volunteered to use that service. I can choose not to visit the source sites or the associate ones.
The problem I see with all of this "the governments - or - some government - or - the UN - needs to protect our privacy!!!"
Against whom? Facebook? Google?
How about GOVERNMENTS. If you ask me, any sort of nefarious behaviour commited by web companies are most likely the product of a larger, coercive form of behaviour starting from the government.
I volunteered to go to a website, that volunteered to use that service. I can choose not to visit the source sites or the associate ones.
How do you know those sites have those trackers before visiting them? The only way to "opt-out" of the sites with such trackers is to stop using the web entirely.
Against whom? Facebook? Google?
How about GOVERNMENTS.
Actually, yes. In the (European) country I live in, public organizations have been prevented from invading privacy (e.g. setting CCTV cameras) by our national data protection commission.
If you ask me, any sort of nefarious behaviour commited by web companies are most likely the product of a larger, coercive form of behaviour starting from the government.
How is web analytics and personal data mining a product of State spying? And even if it is, how is it justifiable on that basis?
> How do you know those sites have those trackers before visiting them? The only way to "opt-out" of the sites with such trackers is to stop using the web entirely.
iframes going to facebook, scripts going to google-analytics.com/ga.js, etc mixed with knowledge about what these elements do (facebook iframe article, obvious in regards to analytics, etc).
> In the (European) country I live in, public organizations have been prevented from invading privacy (e.g. setting CCTV cameras) by our national data protection commission.
So public organizations are prevented from data gathering from themselves? Well that solves that problem. I'm sure if the NSA comes out and says they'll start enforcing protection against spying that some would even believe them!
> How is web analytics and personal data mining a product of State spying?
I'm not saying it is! I have no problem with facebook or google. I don't use facebook, and use google only to the extent I am comfortable with. Never have these companies used this information, some exploitable, to exploit me. They want me to use their services.
On the inverse, could you explain to me in your own words why this legislation is necessary?
36 comments
[ 4.9 ms ] story [ 36.7 ms ] threadCome on HN, let's help the EU. Anyone got any great ideas? Because I don't even understand the question, much less what the answer would be.
Edit: notice how everyone is just "assuming" what they mean. The problem is not well defined.
How would you ensure service portability between Google App Engine (runs software, no access to the OS), AWS (Linux VMs) and Azure (Windows VMs)?
But portability between, AWS, Google Compute, Azure, Rackspace, Softlayer, Nephoscale, Linode, Digital Ocean, etc would be quite beneficial.
Personally my take is that the proposed abstractions are too low level to be of genuine use as an abstraction layer across cloud providers - but I'm biased in that I was involved in the research and development of a higher-level abstraction that provided something closer towards a PaaS approach - roughly equivalent to provisioning an instance (with disks and networking as required) and configuring it with puppet (this was back in in 2007 though).
The general attitude I've got from cloud providers when I spoke to them is that small providers like the idea of standards (reduces barrier to picking up their service) and big providers have no motivation to allow such mobility or multi-cloud use.
Yeah, what vagrant has been able to acomplish so far is an example of this. There are many features that only work on some providers, usually just VirtualBox, and the AWS support is largely limited to controlling instances (vs configuring them).
I think it'll get there eventually, but there's not a lot of motivation/incentive from the established players.
http://storagemadeeasy.com
Maybe legislate an easy way to download all my emails from gmail and upload them to outlook.com. Wouldn't that be very useful?
Thankfully, gmail do not keep your emails hostages like that, and users can transfer their property away into a private servers if they ever get tired of the constant spying-for-profit.
I appreciate the sentiment regarding security and interoperability, and they might be able to declare their intention to procure only systems that meet X standards, but I hope they refrain from broader impositions on commercial users and cloud providers.
NSA articles aside, I see businesses fleeing regulatory burdens faster than the possibility of surveillance.
This is a bold move, and much more significant than some attempt at standardisation that probably won't work.
It will make it more expensive to hire a VM, probably, and I wonder if there will indeed be any benefit (given that cloud providers will have to start vetting and inspecting the source code on the VMs people are running - potentially taking away all the benefits of programmatic instance deployment.)
Does anyone here really believes that any of this is going to make a measurable, positive difference in a regular Internet user's life? That somehow more government meddling is a cure for government meddling? Weren't European spy agencies cooperating with the Americans?
It's yet another power grab of the "no crisis should go to waste" kind.
I think that there was a draft EU directive to standardize on mini-usb, but it was scrapped after manufacturers voluntarily complied. Apple argued that their usb cable to lightning/doc connecter (which can charge from any usb charger/port/etc.) was required for analog speaker docs and the like, and the EU let it pass.
Anyway I found some info: http://www.engadget.com/topics/mobile/2009/02/15/eu-commissi... Looks like the European Commissioner scared them, then http://www.engadget.com/2010/12/29/european-standardization-... the phone manufacturers agreed to the standard, followed by the CEN-CENELEC and ETSI officially mandating the standard, followed by (most) phones actually coming out with micro-USB.
They include an adapter in Europe.
Anyway, I'm not gonna repeat the usual libertarian 'crap', I just want to add, that the justification of regulation governments enjoy is what makes them possible to eventually go a litte bit 'over the edge' like the recent Snowden scandal.
To me, this is a natural part of the concept of privacy. I can have momentary privacy: the assurance that nobody is currently watching through my window, listening to my phone calls, or reading my emails as I send them. But there's no assurance of future privacy if we don't have the right to destroy our old data, wherever it may be held.
When people provide an entity with information, they're doing so under the framework provided by current legislation regarding privacy and freedom of information. If these rules are subject to change - through new anti-terror legislation, for example - their information may become accessible in ways that they did not expect when it was originally provided.
I don't think it's possible to maintain any real sense of privacy while this remains the case. How can your data be considered private when it can be opened up for inspection at a later date, under a different regime? There's currently no way to participate in a connected economy without giving away your future right to privacy.
Edit: and the reason I've been hoping the EU will do this is that, realistically, nobody else will.
With EBICS, you transmit a bank command file by encrypting, encoding and wrapping it as CDATA into an XML file and then repeating the process. You have to use different kinds of wrapper files with different kinds of intricacies for each type of file you might upload to your bank.
The whole specification is 200 pages, and all it does is transfer files.
I volunteered to go to a website, that volunteered to use that service. I can choose not to visit the source sites or the associate ones.
The problem I see with all of this "the governments - or - some government - or - the UN - needs to protect our privacy!!!"
Against whom? Facebook? Google?
How about GOVERNMENTS. If you ask me, any sort of nefarious behaviour commited by web companies are most likely the product of a larger, coercive form of behaviour starting from the government.
How do you know those sites have those trackers before visiting them? The only way to "opt-out" of the sites with such trackers is to stop using the web entirely.
Against whom? Facebook? Google?
How about GOVERNMENTS.
Actually, yes. In the (European) country I live in, public organizations have been prevented from invading privacy (e.g. setting CCTV cameras) by our national data protection commission.
If you ask me, any sort of nefarious behaviour commited by web companies are most likely the product of a larger, coercive form of behaviour starting from the government.
How is web analytics and personal data mining a product of State spying? And even if it is, how is it justifiable on that basis?
iframes going to facebook, scripts going to google-analytics.com/ga.js, etc mixed with knowledge about what these elements do (facebook iframe article, obvious in regards to analytics, etc).
> In the (European) country I live in, public organizations have been prevented from invading privacy (e.g. setting CCTV cameras) by our national data protection commission.
So public organizations are prevented from data gathering from themselves? Well that solves that problem. I'm sure if the NSA comes out and says they'll start enforcing protection against spying that some would even believe them!
> How is web analytics and personal data mining a product of State spying?
I'm not saying it is! I have no problem with facebook or google. I don't use facebook, and use google only to the extent I am comfortable with. Never have these companies used this information, some exploitable, to exploit me. They want me to use their services.
On the inverse, could you explain to me in your own words why this legislation is necessary?
Ask about discounts for HN readers.