A Service as a Software Substitute (SaaSS) is unjust like proprietary software
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 542 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/61936 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 2023399 / 542
2
5
10
14
15
16
22
24
27
29
31
36
43
48
56
63
74
78
83
87
89
95
96
99
104
106
107
117
119
121
122
125
126
128
130
132
134
135
136
141
143
146
148
152
155
157
159
161
165
166
168
170
173
176
180
181
185
191
194
196
197
198
199
206
207
209
210
211
212
216
219
220
227
228
229
231
232
233
236
250
252
256
258
260
263
264
267
271
273
275
276
278
282
286
292
293
298
299
300
302
312
316
321
322
324
339
341
342
343
344
351
352
354
355
356
357
359
369
370
372
373
376
378
379
380
382
383
387
390
394
395
401
405
406
410
411
413
415
416
421
426
430
437
438
440
441
443
444
445
446
448
449
450
451
458
464
468
472
475
476
479
481
493
494
498
499
502
509
513
516
517
520
522
524
525
531
534
535
537
538
541
00:00
Nominal numberWhiteboardSystem callModal logicEmailMessage passingConnected spaceSoftware as a service2 (number)Different (Kate Ryan album)WebsiteComputerWeb serviceServer (computing)Digital photographyInternetworkingBitTelecommunicationMathematicsQuicksortDatabaseSpeech synthesisInformationSoftwareComputer programFreewareSubstitute goodOrder (biology)BackupComputerElectronic mailing listComputer fileLocal ringInformation privacyRevision controlLatent heatQuery languageMereologyFlickrResultantPoint (geometry)Lecture/Conference
08:02
Group actionSoftware bugQuicksortBitServer (computing)ComputerEmailSoftwareSoftware developerWeb serviceImage resolutionType theoryRevision controlSource codeProjective planeDigitale VideotechnikSelf-organizationFreewareAreaComputer programProxy serverFunctional (mathematics)CodeContinuous integrationQuery languageVirtual machineField (computer science)Modulare ProgrammierungSystem callForm (programming)Arithmetic meanDatabaseVirtualizationMereologyLine (geometry)Multiplication signTelecommunicationElectronic mailing listNormal (geometry)DebuggerRepository (publishing)Differenz <Mathematik>Level (video gaming)Formal languageLecture/Conference
15:58
Server (computing)Web serviceSource codeComputer programSoftwareCodeForm (programming)Complex (psychology)BitQuicksortOperator (mathematics)Condition numberGoodness of fitOperating systemOpen sourceInteractive televisionDifferent (Kate Ryan album)1 (number)ComputerExecution unitLatent heatSearch engine (computing)DatabaseFreewareBusiness modelCovering spaceTerm (mathematics)NumberMereologyFocus (optics)Lecture/Conference
23:55
Program flowchart
Transcript: English(auto-generated)
00:05
I just have to mention that our board has put out a recruitment call, a call for nominations. We're trying to expand our board. So if you go to FSF.org, it'll be the top news item. It's something I just want to plug before I get started.
00:20
We also host another conference in a month. You'll see some information about that, too. So my talk is about SAS, and that stands for public speaking. It takes just a minute, you know.
00:44
A service as a software substitute. And what that means is when you run a service, when you use a service, and you use it to substitute for your own computing. And that's a little abstract, so it's best if I give an example.
01:04
And the one I like to give is a photo editing service. So say you go to a website, you upload a photo, you tell it you want to turn it black and white. And you click a button, it does it, and then you click download and you've got your photo. Well, that computation done on the server is something that you should control with a program,
01:28
with a free photo editing program like GIMP. And so when you use a service like that, you give away your software freedom in a very similar way to using a proprietary program on your computer.
01:42
But in some ways it's even worse, because the server operator, it's automatically spyware. It has all your data, and it automatically has a back door to make changes at any time. So in some ways, even worse than proprietary software.
02:02
So I want to talk about, that's sort of the basic case, but I'm going to assume you understand software freedom a bit. So I'm going to go into some more other cases. So let's talk about first some basic examples of when something is not SaaS.
02:23
So when somebody else is inherently involved in the activity, that's kind of usually a good giveaway. So communication service is an example. Say I want to send you a message across the internet. We need some intermediary to route that message.
02:42
It's just I don't have a direct connection to everybody else. So somebody has to provide a service to do that. It's necessary. Another good example is publication. So I give you some data. I send you an email. I say, you can publish it.
03:00
Well, there's nothing wrong with you doing that versus me doing that. It's just publishing information. Now, some websites offer multiple services, or they call it one service, but it has many different use cases, and some are SaaS and some aren't.
03:20
So let me digress just for a second. This SaaS has nothing to do with the SaaS with two S's. It was kind of meant to be a bad pun, and it didn't work out that great. But just know that when I'm saying SaaS, I'm talking about this SaaS with the three S's,
03:40
and you just have to understand by context. So as I was saying, some services have multiple use cases. Some are SaaS, some aren't. An example would be the website Flickr. It's meant to share photos, publication, not SaaS, but then it also has photo editing features. That is SaaS, as I talked about.
04:03
So let's move on to another example, a backup service. So a backup service is something people often like to run themselves. So you think, well, is it SaaS? Is it not? Well, if the point of the backup service
04:21
is to give you back your files exactly as you gave it to them, then it's not SaaS, because there's no computation there that you should control if you're only hoping to get back the exact same data that you gave it. The result wouldn't be any different. Now, you may want to run that backup service for reasons other than SaaS.
04:41
Maybe you think it's more reliable. Maybe you think you have some privacy there. And that's one of the complications with SaaS and services in general, is that there are other concerns besides SaaS that are often very important to people. So it makes it a little difficult to talk about. That's part of the reason I'm talking about it today.
05:03
Now, how about the case of a database service, for example, a SQL database service? Well, in this case, SQL queries are actually complex computation.
05:21
There's huge manuals for them. Exactly how they work matters to the people using it. They want specific database programs. They care about what the version is running. They care about how that computation is run. So yes, it would be a SaaS if it's a database service. But then think about contrast, a backup service, and a database service.
05:46
So say you use a database service, but you use it like a backup service. You just dump some data into a single table, and you just retrieve that table. Well, then you're using it like a backup service, and suddenly it's not SaaS anymore.
06:02
So what we have to think about is the primary purpose of how you're using the service. And when I say primary purpose, that brings me to a secondary purpose.
06:21
Well, it's not really a secondary purpose that I want to talk about, but let me bring up another example. Say you upload some files to your backup service. And then you say to the backup service, what files do I have? And the backup service returns you a list of files sorted alphabetically.
06:44
Well, if you have a list of files on your computer and you wanted it sorted, well, that would be something you would want to do on your computer. You'd want to run the sorting algorithm, something you should control. How it's sorted definitely matters to you. That's your computation.
07:01
But then when the backup service does it, well, it has to tell you those files, and it has to sort them somehow. It has to give you to them in some sorted order. So in this case, it's doing computation that is what I call incidental computing.
07:22
It's not your primary purpose. Your purpose is just to find out what files are on the backup service. Incidentally, there has to be some computing done in that process, which happens to also be like computing you would do on your own computer if you were running locally. But it's not the primary purpose of using that service, so it wouldn't be SaaS.
07:44
Another way to call it was ancillary computing. And so when you pick apart a service and its use cases, this is one way to narrow down the issue to whether something is SaaS or is not SaaS.
08:01
Now, for another more complicated example, I've been talking about the computing of an individual person. But groups can come together for a common purpose, form an organization or a project, and then they use a server to collaborate with each other. And an example of this would be like Wikipedia,
08:23
which runs, well, MediaWiki and Wikipedia and groups who run MediaWiki. Now, that service has features like document editing, diffing documents, conflict resolution.
08:42
Those are the type of computing, if you were working on your own, something you would want to control on your computer, but because you're working collaboratively with a group, you could say it's the group's computing.
09:02
It's the group, and that group should be able to control its own computing by running its own server and the software on it. So you could say when you join in with that group, you're a member of that group, and you're collaborating and doing that group's computing, so you can use those sort of features together.
09:21
And this is a little bit hard to think about, because sometimes your computing versus a group's computing can get a little blurry sometimes, but it's important to realize and think about. So on to another example.
09:41
Think about bug tracking, a bug tracker. This is a very common piece of software that developers use. Now, one way that a bug tracker could work, or does work for some projects,
10:02
is they have a mailing list where they say, bugs go to this mailing list. So somebody sends an email to the mailing list saying, I have a bug, and somebody responds and says, yes, I agree, that's a bug. Or somebody says, no, I don't think so, and they discuss it. Well, this is just a form of communication and publication,
10:25
like a normal mailing list, and I wouldn't call that SAS. But consider a software like Bugzilla. Well, it doesn't work that way. It's especially with a larger project,
10:43
you customize it so that it has maybe even hundreds of fields. And the people who are administering it are doing complicated queries on all of the bugs,
11:01
running queries that will modify all the bugs, reassign them, and then it's starting to look like a database with a front end, a complicated database with a front end. And then I would call that SAS. And this, I think, brings up a little bit of a problem
11:21
in that it's very difficult to, a lot of software projects want complicated, sophisticated software for their project, but they don't necessarily have the means to run that software like a Bugzilla, because complicated software is complicated to run,
11:44
especially as a service. Because you have data, you have backups, you have all of the details of running complicated software. So in that case, it's like, are a lot of projects out there actually running SAS, giving up their freedom?
12:02
Well, yes, basically. But it's an area where we have a long way to go. And a good way to deal with that situation is for projects to come together in a larger project that is in their collective interests.
12:24
So some of the software I run, or I help run, like the GNU project, where many software packages come together, share the infrastructure that's going to be in all of their interests. And that way, they're doing a group computation together
12:43
for a bug tracker. But now this brings me to an example of GitHub. So when I think of GitHub, I look around at the GitHub service, and I think, there are a few features that are clearly SAS.
13:03
One, some obvious examples would be continuous integration. That's like they give you a virtual machine and say, run some code on your software. If the code that you're running is their code, then I guess that brings up another topic
13:21
of virtual machines, which are not SAS if you control them. And another feature of GitHub would be they have a feature to tell you which functions in two repositories are different. Well, clearly, that would be SAS, because it's parsing the language of the repositories.
13:44
It's doing a complicated function level diff on them. And then some other features, I think, would not be SAS, like simply publishing a Git repository. That's just a publication of information, not SAS.
14:02
And then their bug tracker, for example. I think in its basic form, it works very much like a simple form, like a mailing list that one person posts, another person replies. And I would call that just a communication service. But I'm not too familiar with all of the advanced features
14:22
of GitHub, but I get the suspicion that some of the, maybe, there might be some features of the bug tracker which go into the SAS area when it gets more complicated, when you're an advanced user of all of the features there. So I haven't picked apart every piece of GitHub, and it takes some time to do that analysis, which
14:42
I haven't done. But in general, this brings me to the next topic, is that, well, I don't know, how many minutes do I have left? You have? 10 more minutes. 10 minutes? Great. OK, so I think I'm done with some basic examples
15:02
of analyzing SAS or not, and I'm happy to talk to people because there sometimes aren't bright lines. And it's a little blurrier than with determining if a piece of software is free or not, but it's not like there isn't blurry lines in that either.
15:24
So I think it's just something we have to deal with. It's part of a lot of ethical issues, have their gray areas. And I just happen to be highlighting them. That's all. I don't think it's an inherent problem with SAS at all, with the concept of SAS.
15:41
So now I want to bring up one common misconception, is that a service which publishes some free source code that it says it's running means that the users of the service have software freedom. They don't. The users don't control that service. They can't tell it what program to run.
16:01
You can only do that with a program on a server you control or on your own computer. And there may be important code that it runs besides what's published. I mean, generally, servers are not publishing the operating system or other things. The first reason I gave is basically the fundamental one,
16:23
but some other ones are that. And of course, you can't ever be sure what somebody else's server is doing. You haven't installed the program. You can't be 100% sure. It's different than running your own code on a server you control.
16:43
So for services that are not SAS, now I'm going to talk about this idea of publishing source code and think about the difference and the interaction between SAS and the publishing of service source code. So when we think about publishing service source code,
17:02
I think about the AGPL, which says you have to publish the source code if it's a service and to the users of it. And what we say is that the publishing of source code benefits the community so that they could use that source code.
17:22
That benefit is so important to people being able to use that code that it's worth mandating with the AGPL. And we recommend it for all software that is intended
17:40
to be run as a service. In fact, now, not thinking about the SAS issue, but just in general, if I encounter a service and I say, I think, would there be
18:00
any reason somebody else besides the server operator would want to run it? If there is, if there's a plausible case of that, I think, well, then are they publishing the source code? If they aren't, why not? I mean, why do they not want to benefit the community?
18:25
And another benefit that brings, I think the biggest one is if the service is working well, good. Maybe there's some fundamental services we all rely on, like DNS services.
18:42
But then if the service stops working, it adds conditions that people don't want to agree to, it adds, it changes. Well, then the publishing of source code is sort of an insurance policy that somebody else could
19:00
start up a new service and users could move over there. And that is so important that I think it's worth considering that in general for any service, which is separate than the SAS issue. And I think if we take a service like GitHub, I think that's obvious. Of course, people would want to run their own GitHub.
19:22
So we shouldn't accept a GitHub that doesn't have the service source code published. It's just foolish to subject yourself to the whims of that service operator without having some sort of insurance to go somewhere else, even if you
19:42
aren't using it in a SAS way. OK, so I'm going to move on to my next topic, which basically I think the SAS has not gotten enough attention in free software advocacy.
20:01
And why hasn't? I think there's lots of reasons. I talked a little bit about the complexity. I think SAS was far less common in the past. Nowadays, most services tend to require non-free software as a client, usually in the form of JavaScript.
20:21
And so services in general have caused a lot of problems for software freedom, other problems besides SAS. But like I said, I think SAS needs to get more attention because it's becoming more prevalent. Database services have, in the past few years, become very popular.
20:42
Before that, it was much more common to run your own database. A lot of people are relying on these services, which are SAS. And so I think one interesting historical reason for a lack of focus on SAS is that, well, it's
21:00
not part of the GPL. It's not part of any license. When the GPL was being drafted, the FSF had its lawyers try and think of a way to add in a provision against SAS, and they couldn't think of a way to do it. So they just didn't. And so when we say the GPL protects your freedom,
21:22
well, there's one little hidden asterisk there, as long as you don't give it away in a SAS. And I'd be curious to know some of the lawyers, maybe some lawyers here today, if they still think that's the case, if there's no way to have a SAS provision in a license. I'd be curious to what that is.
21:41
I mean, it's the one case, I think, of the FSF saying, here's an important issue. We couldn't write into the license. I haven't heard many people talk about how that could be done, maybe not covering all SAS, but some portion of it. I don't know. I'm not a lawyer, but I would love to hear from some.
22:04
So how can you give SAS more attention? I don't have all the answers. It's just a couple ideas. I think number one is just to simply call it out more. When a company has a SAS business model, just say, hey, their business model is SAS. That's taking away people's freedom. That's a very simple way.
22:23
Another idea I have is that there's this term self-hosting, which basically seems to cover the idea of SAS plus other things. It's the idea of services run yourself. And sometimes it's even expanded
22:40
to just non-services, SAS services that should be run on your own computer and not as a service at all and running themselves. And people call that self-hosting. So the idea of self-hosting covers SAS plus other things. So I think also advocating for self-hosting and saying self-hosting overlaps very well with software
23:04
freedom is a way that we can advocate against SAS without having to deal with the complexity of SAS itself, of explaining it fully. And I'm getting to the end of my talk here.
23:23
I think those are most of the ideas I want to share. I'd be happy to talk to people afterwards. And one shout out to a specific program, Gnu Units, which is a small SAS that many people use. They ask Google or a search engine to convert between Celsius or Fahrenheit. And there's a program you can do that
23:40
on your own computer called Gnu Units. So look it up. And that's all I've got. Thanks for your talk. Thank you very much.