[kwlug-disc] Linuxaria: Open Source Has Taken over the Software Industry

B.S. bs27975 at yahoo.ca
Sun Mar 13 16:10:53 EDT 2016 

>________________________________
> From: Russell McOrmond <russellmcormond at gmail.com>
>To: KWLUG discussion <kwlug-disc at kwlug.org> 
>Sent: Sunday, March 13, 2016 2:39 PM
>Subject: Re: [kwlug-disc] Linuxaria: Open Source Has Taken over the Software    Industry
> 
>
>On Sun, Mar 13, 2016 at 1:03 PM, B.S. <bs27975 at yahoo.ca> wrote:
>
>
>>Interesting. Thanks for the post.
>>
>>I expect then, that this is merely an extension of what they did with Outlook -> outlook.com. To the rest of the desktop apps / ecosystem.
>>
>>However, Russell ... I can't align two things in your post: (1) "I will be very happy when the concept of a desktop computer disappears"; (2) "can pry my camcorder, computer, home theatre, or portable media player from my cold dead hands!"
>>
>>Never mind that as soon as {whatever} is hosted, particularly on a U.S. server, the very concepts of privacy, security, and confidentiality, go straight out the window.
>>
>
>
>I expanded my thoughts into a blog posting on http://mcormond.blogspot.ca if anyone interested...
>
>
>
>

>The two won't seem aligned as I don't consider the physical location of the device to be what determines questions of who owns/controls it.

I believe this, in and of itself, is erroneous. And what I mean / what went through my mind in reading your note, is that cloud storage, in any mass repository / facility, particularly if the vendor is providing the service to multiple clients, is that the use of such facilities will be subject to their TOS. Inevitably, such end up being 'Best effort; not liable; sorry about your luck if something goes south.' Be this home phone TOS, credit card agreements, use of google, you name it. Never mind the rules inherent to mere existence, when domiciled in, say, the U.S. Never mind that, after the fact, didn't read it, not reasonable, never mind not enforceable - by then it's done. Even the mere request for an apple back door, after the fact, is demonstrative. Successful or not, request or no, we can be assured that the data has been through the ringer already.

Thus, it seems to me, the only way to manage one's own data to one's own principles and satisfaction, and be explicitly aware when one's own TOS have been violated, is to stay off the cloud. As soon as the bits land at some 3rd party, all bets are off.

  >Example:
>
>
>  An iOS device is a vendor controlled platform as much as Google Apps for Business is.  In the case of Google Apps people *perceive* the relationship more clearly (IE: that their data/etc is in someone elses control) than in the iOS scenario (which is equally in someone elses control).
>
>

>  I can hire a cloud service where I manage the entire software stack and can secure it in ways that is simply not done with all but an insignificant few desktop computers.   While my computing is in the cloud, even within the USA, I can still have the stack protect my security and privacy better than all but an insignificant number of desktop users are.

Yes, but what we're talking about here is general attitude towards cloud. I don't expect many will so manage the entire software stack. The majority of users will still not be so covered.

In essence, you're also pointing out that we all need to do a better job with desktop computers, too. Never mind ... inherently, organizations want to centralize data, if only for backup purposes. Begging the question of how well those backups are themselves cared for. Or, as e-mail may no longer be deleted, the eventual penetration of such black holes. (By whom, when, where, and will we know? Years, and many miles between, later.)

If your stack resides on a U.S. server, or, I suspect, if the bits even pass through, you are not so covered - no matter what you, yourself, do. The vendor will be required to, and will, hand over your stuff, without your consent, at the mere whiff of the Patriot Act. Granted, you may have encrypted it, but they will decrypt it, eventually, if sufficiently motivated.

The worst part of all of this ... the cost of counter action after the fact. Legal action is prohibitively expensive. i.e. If you're penetrated (and the first rule of security is physical security - e.g. that vendor handing over your data, regardless of your own wishes), you're done.

>  I believe that as more of the proprietary industry moves into the cloud that there is a greater possibility that what remains in the hands of citizens has an opportunity to be more owner controlled.  We need to move to a world where the excuses that opponents to ownership have for attacking our rights are tossed out.   This started with nonsensical ideas around copyright infringement (the NII stuff leading to the DMCA, etc), and is now being pushed by some parts of the surveillance establishment (FBI, etc).  The theme is the same: citizens can't be trusted with having control of their own computers, and thus technology vendors must have that control.  It has always been nonsense, but some technology vendors (worst being Apple) have pushed this agenda forward as it benefits them in anti-competitive and other ways.

You make me thing of .mp3's, where the content is actually degraded versions of what one owns. And such has become normal, the degraded version becomes the norm, and what we actually purchase. (.mp3's being lossy compressed versions of the originals.)

>(At the least, we are all not doing a good enough job explaining why this matters / big brother WILL put such to use for unexpected, unforeseen, and unpalatable uses, and by then it will be too late. I do not understand why more people, and every average person, aren't more concerned about that. e.g. per news items, even one's in flight meal choices will be filed with the U.S. government when one books a flight.)
>

>  I believe we are doing a poorer job than I suspect you think we are.  The fact that people are fearful of "the cloud" and blindly trust the non-owner locked device in their pocket -- and I include a lot of active members of the technology sector in this -- suggests we have a huge problem to deal with.

I take your point, but I also think you are missing one aspect. Most trust as you say, because they think their data doesn't matter. A phone contact list or log is just a phone contact list or log. What they are missing is the nefarious ways in which data mining would deleterious make use of their data after the fact. So that terrorist called you, did they? (Never mind it was a misdial. Or a case of mistaken identity of the caller. Both are still after the fact of any awareness or investigation, and the consequences thereof.) For some reason, medical costs and issues seem nebulously connected here.

Never mind racial profiling, which seems to engender a hue and cry - what the heck do we think big data is. To think profiling isn't going on, on more aspects than we can dream of, is fantasy. As would be that we would ever be able to stop it. Other than by never permitting it to be in anyone else's hands, or collected, in the first place.

>   The fact some people are only worried about the governments of a few countries, rather than also worrying about the private sector and non-governmental political and/or religious entities also suggests they aren't looking as closely at the issue as they should.

Perhaps 'corporate espionage' is a term not connected in that context often enough. Never mind 'marketing'.

To me it's not about countries, it's about 3rd parties, of any stripe. Their agenda will never be your (one's) agenda. And once you're on the cloud, they have access, and all bets are off.

More information about the kwlug-disc mailing list