An open letter to the CAcert.org board and members

This is an open letter to the CAcert.org board and membership (including my fellow 20-30 official "Association Members" (copied) as well as the 150,000 or so account holders we effectively represent) concerning recent events that could affect the ongoing viability of the organisation. Bearing in mind that this is an organisation built on trust, I implore you to follow my example in exercising extreme caution when we are called to necessarily intervene in resolving the deadlock. Despite claims to the contrary there is no urgency and the last thing we need now is an Iran style election (whether or not legitimate, perception is everything).

The Problem

It appears (from my perspective as an outsider, albeit with the benefit of various insider accounts) that the board has split into two factions. On one hand we have the "old school" who have been on the board for a while (some would say too long) and the other "reformist(s)" who seek change, yesterday. They are now on a crash course that will invariably result in the loss of committed contributors, or worse, loss of trust from the community. In any case a confrontation poses a serious risk to the organisation's future, and with it the community's access to an alernative to commercial certification authorities.

In requesting and receiving the official member list as well as proposing a number of new members (who are presumably sympathetic to their position and will vote for any motion they submit) it was already clear that plans were afoot for a "coup d'état". Now that an SGM has been proposed to "get this over with" complete with a clear agenda there is absolutely no doubt about it:

1. Acceptance of new members. (E.Schwob, A.Bürki, I.Grigg)
2. Vote that the committee of management no longer enjoys the confidence of the members.
3. Vote that the committee is hereby removed from office and election of a committee shall immediately follow adoption of this resolution.
4. Election of a new committee of management. 

It is no wonder that the existing board feel they are under attack - they effectively are - and given the "soonest this could be done is in 7 days" they are no doubt starting to feel the pressure. I don't buy it. Yes, the auditor recently resigned and yes we will eventually need to get the audit back on track, but right now the number one issue is restoring stability to an unstable structure and minimising collateral damage. This needs to be done slowly and carefully and those promoting panic are perhaps deserving of the suspicion they have raised.

It is not my intent to start (yet another) discussion, rather to propose a safe and sensible way forward that will ensure CAcert's ongoing viability while protecting our most valuable asset: the trust of the community. Should the SGM proceed as planned (whether or not it is successful) I will be the first to admit that the trust is lost.

The Solution

The very first thing we need to do is expand the membership base by one or two orders of magnitude, as Patrick explains:

Increasing the number of members, will increase the stability of your organization. It is more difficult to try a Coup d'Etat or a revolution when you have to convince 200 voting members than 20. On the other hand, major changes will be slower for the same reason.

Any structure with a broad base is far more stable than the top heavy structure we have today (the subversion of which requires a mere THREE new members to be proposed at SGM!).

The two main obstacles to becoming a member today are:

• A convoluted process requiring a "personally known" proposer and seconder as well as an explicit vote from the committee
• A token USD10 annual fee, the proceeds of which (around €200) are a drop in the ocean

Fortunately the committee has the power to require "some other amount" (including zero) at least until such time as the organisation's rules can be updated accordingly (see CAcertIncorporated and the Associations Incorporation Act for more details). Accordingly the membership fees for 2009/2010 should be immediately suspended as members are far more important than money right now.

The process for becoming a member should also be streamlined, if not completely overhauled. Surely I'm not the only one who considers it ironic that an open, community driven organisation should in fact be closed. Building the broadest possible membership base offers the best protection against attacks like this (and yes, I consider this an attack and urge the attackers to back off while the structure is stabilised). Associations are typically limited by guarantee - which means that becoming a member involves a commitment to pay a certain (usually token) amount in the event that the organisation should be would up (as opposed to companies limited by shares, where the liability is limited to the value of the shares themselves). People are far more likely to agree to this than reach into their own pockets (even if only due to laziness) so this change alone should make a huge difference.

The invitation to become a member should then be extended to some (e.g. assurers, assured, active cert holders, etc.) or all of the existing users, whose membership applications should be processed as efficiently as possible. Ideally this would be able to be done online as [an optional] part of the signup process (perhaps relying on Australia's Electronic Transactions Act to capture electronic signatures) but for now the rules require writing or digitally signed email. A temporary "pipeline" consisting of one or more dedicated proposers and seconders could be set up, processing digitally signed applications from members as they arrive. The proposer and seconder requirement (who must be "personally known" to the applicant) should be eventually dropped and the "default deny" committee vote be dropped or replaced with a "default accept" [after 7 days?] veto. In any case only those with an existing interest in CAcert (e.g. a user account) will be eligible at this time so there is little risk of outsider influence.

Once we have a significantly larger membership base (at least 100 members but ideally more like 200-2000) we can proceed to an orderly election of a new board with each candidate providing a concise explanation of their experience and why they (individually) should be selected as representatives. The resulting board would likely be a mix of the two factions (who would hopefully have agreed to work together) as well as some "new blood".

I hope that you will agree that this is the best way forward and that those of you who have offered support to the revolutionary(s) reconsider in the presence of this far safer alternative. Should they press on with the SGM I for one will be voting against the motions (and encourage you to do the same), not because I don't agree "it's time for change" but because of the way it has been effected.

Thanks for your time and attention,

Sam

Read full history - An open letter to the CAcert.org board and members

CloudBurst Trademarked?

It's no secret that "CloudBurst" is one of my least favourite cloud computing buzzwords. Its intended meaning is something like when you run out of room in your own datacenters you can "CloudBurst" into a public service like EC2. Not only is that somewhat the pipedream today (you want an enterprise app to do what?), but it is a significant deviation from the real world meaning of the term which according to Wikipedia is:

A cloudburst is an extreme form of rainfall, sometimes mixed with hail and thunder, which normally lasts no longer than a few minutes but is capable of creating minor flood conditions.

Fortunately it seems I may not have to put up with it for much longer because the guys at Ythos (a "Technology and Business Development Consultancy") have gone and registered it with the USPTO (Trademark #77736577).

That said, it seems the USPTO have learnt some lessons from last year's "cloud computing" trademark debacle, citing Dell's ill-fated trademark in denying Q-Layer^W Sun^W Oracle's application for NephOS. They should probably deny this one too, but I'm saying that through gritted teeth and would be quite happy to see it removed from the public lexicon.

Update: Interestingly LogMeIn, Inc. got in a scuffle over the trademark a few years back but unfortunately it was "Abandoned after an inter partes decision by the Trademark Trial and Appeal Board."

Read full history - CloudBurst Trademarked?

The Intercloud is a global cloud of clouds

 Few of us will dispute that:

The Internet is a global network of networks

So it logically follows that:

The Intercloud is a global cloud of clouds

It's amazing to think that the Internet kept us busy for two decades or so just by delivering the ability to pass messsages between any two (or more) clients, and to consider all the things we've managed to achieve with this seemingly simple advance. It seems only yesterday I had one of the first private Internet connections in Australia (courtesy DIALix - the country's first commercial ISP) and was able to communicate with others around the globe (in real-time courtesy [y]talk - responsiveness we still haven't managed to faithfully replicate with today's instant messaging networks!). But now it's time to take the Internet to the next level.

While the servers scaled up as the masses poured in it wasn't long before we reached a glass ceiling - clearly vertical scalability wasn't the way forward. Sure you can build big machines (after all, mainframes and minicomputers were fresh in our minds) but it's like driving a boat - after a certain point you'll use an order of magnitude more fuel to go only a fraction faster (think of the cost of big iron vs commodity white boxes).

By now I was a university sysadmin and the dot-com bust was still a few years away. Officially I was busy setting up Aurema's Share II (since acquired by Citrix) on a pair of SGI Origin servers so as UNSW's Maths Department and the Australian Graduate School of Management (AGSM) could "fair share" the hardware they'd purchased together. Unofficially I was experimenting with making ~150 overpowered but under-used Pentium-II workstations appear as one (using Debian GNU/Linux, bpbatch aka Rembo aka IBM Tivoli and tools like PVM). I knew which approach I preferred but unfortunately the machines lived out their lives idling as X terminals and I went to work on dot-coms and the Sydney 2000 Olympics.

Enter Google, Amazon and others (e.g. the entire grid community) who worked out how to make horizontal scalability work properly with toys like BigTable (A Distributed Storage System for Structured Data) and MapReduce (Simplified Data Processing on Large Clusters). It was finally possible to build services that could scale endlessly, allowing these pioneers to innovate without looking over their shoulders after becoming victims of their own success. We know how that worked out for them (after all the world only needs five computers, right?) - today we have computing powerhouses sprinkled around the Internet run by companies like Google and Amazon while everyone else is playing musical chairs and hoping they won't wind up without a seat.

To use the electricity grid analogy, the Internet is like the grid itself - that is, the network of wires and power stations that connect everything together. One can poke electrons in one side and know ekectrons will pop out the other, even if various links are severed. Indeed that's all we've needed for email, instant messaging, media streaming and of course the web itself. The problem is that a grid without power stations isn't so interesting. Useful, yes, but certainly not exploiting the technology to the fullest extent possible. Enter cloud computing with various cloud providers (and the underlying Internet) forming the Intercloud.

So who invented the term? Who knows. Who cares. I didn't (I'm not even the first to say it's a "cloud of clouds") but I have been using it pretty much since I first started talking about cloud computing and I've heard others like Rich Miller using it too... it was first mentioned in the press (outside of Trend Micro's "InterCloud" security service) back in 2007 in Head in the clouds? Welcome to the future:

Although vendors talk as though there is only one Internet cloud each vendor will be running its own set of data centres that customers can use to access Internet-based information and resources which may complicate matters

Cisco have been busy popularising the term lately, presenting a "blueprint" and whipping up A Hitchhiker's Guide to the Inter-Cloud that unsurprisingly focuses on private cloud and finds a place for their Unified Computing System. Gartner have been getting in on the action too and it seems likely that before long a bunch of other people will as well.

Although I think it's got a snowflake's chance in hell of displacing the Internet moniker, it may be useful for framing discussions about cloud computing interoperability and unlike many of the other terms that have popped up may actually serve some purpose (surely IBM of all people should know that whenever someone says "CloudBurst" $GOD kills a kitten).

If we're to realise the full value of cloud computing it will be by loosely coupled "aggregation" (as distinct from integration) of various offerings rather than putting all our eggs in one basket with a single provider. We don't expect Microsoft to provide the best software for every task (hence products like Adobe Photoshop and Autodesk's AutoCAD) so why expect less heterogeneity in the cloud?

Read full history - The Intercloud is a global cloud of clouds

"as a Service" moniker considered harmful (IOW: Say NO to *aaS!)

This is a humble (possibly overdue) call for the community to start thinking about adopting sensible cloud computing nomenclature - it's going to happen eventually anyway so we may as well get started now.

While toiling away putting lines on the road for cloud computing at 3am on a weekday (which is to say, writing cloud standards) I saw something which nearly made me lose my beer via my nose: a straight-faced proposal for the community to adopt "Data Storage as a Service (DaaS)" as the "formal term" for what we currently call "Cloud Storage" (courtesy SNIA's "Cloud Storage" technical working group no less). Perhaps they missed the memo (or nobody bothered to write it), but I doubt I'm the first to observe the "as a Service (aaS)" moniker has done its job and is now well past its use by date.

Sure, yesterday we used to buy software, platforms and infrastructure as products, but you never saw anyone advertising "Software as a Product", "Platform as a Product" or "Infrastructure as a Product" now, did you? It sounds silly because it is. We used to buy electricity as a product too you know (in the form of a generator) but now it's just plain old electricity. I can hardly imagine Thomas Edison standing on Pearl Street, NY trumpeting "Electricity as a Service", but it's hard not to conjure up the same image when hearing vendors sprouting off about it.

Fortunately there's a simple solution - just drop the superfluous "as a" which is sandwiched in the middle and optionally add a dash of cloud to taste (all lowercase where possible per CMOS, and resist the urge to abbreviate):

• "Software as a Service" becomes [cloud] software services
• "Platform as a Service" becomes [cloud] platform services
• "Infrastructure as a Service" becomes [cloud] infrastructure services

We'll know we've been successful when cloud fades off into the background (it's already optional above), and even more so when it's not necessary to differentiate between products and services (that is, when it's just "software", "platform" and "infrastructure" again because nobody in their right mind would use products when better/faster/cheaper services are available).

Anyway before I hit the hay, here's what I had to say on the proposal (which as it turns out has more serious problems in the form of existing registered trademarks):

Morning all,

First, congratulations for promptly getting some deliverables out the door.

Please though, for the love of $GOD, find a more sensible name for it than "Data Storage as a Service (DaaS)".

I'm sure I'm not the only one here who's had enough of all the unnecessary *aaS and to that end propose the following transitions as the technology matures (we'll know we've been successful when the "cloud" moniker fades away):

• Software as a Service -> cloud software services -> cloud software -> software
• Platform as a Service -> cloud platform services -> cloud platform -> platform
• Infrastructure as a Service -> cloud infrastructure services -> cloud infrastructure -> infrastructure
  

For storage then it would go something like:

• Data Storage as a Service -> cloud storage services -> cloud storage -> storage
  

I have solid basis for this too, from my Sanity as a service: marketing gone mad post last year:

DaaS is a hive of activity too - AServer will tell you it stands for Datacenter as a Service™ but Q-Layer already tried that. Too bad for Desktone who are on the road to registering Desktops as a Service™

The A-Server guys are having another crack at the trademark after abandoning the first one, and have been told that Desktone already beat them to it. In any case, for many it means "Data as a Service" in reference to the actual data itself (think Amazon Public Data Sets).

Hope this helps avoid some trouble down the road,

Sam

Now please, go forth and do your bit to make the world a better place.

Read full history - "as a Service" moniker considered harmful (IOW: Say NO to *aaS!)