Cloud and Data Security

Dear Readers,

Some of you remember about our past problems with Sourceforge, which take possession of an early version of FreeAnalysis Schema Designer and reject us from their forge, based on a unilateral request from an unknow us based claimer (in 2007). It was a nice experience for us, without heavy consequences because the project was just starting and we had backup of the code. At that time, I read some of the Us law in terms of data acquisition and was surprised to learn that if I upload a file on a French server, but this server is mirrored in Us (without my permission or any warning) … then, Us server owns the data. So, we moved to a French based provider, and we have no problems anymore.

I wont talk about facebook and its set of privacy issues (their are a lot, but its the game if you want to make your life public), but rather concentrate on this news about Andromede, the French cloud to compete with Us based cloud (sorry, article is in French). Well, competition is always nice … but appart from this news and the remembrance about the Us patriot act, there is another comment, especially in Bi : when we are talking about data security on the cloud, we think “security of access” … we simply forget that on some cloud, we don’t own the data anymore once they are uploaded … its like changing the locker of your door, without beeing aware you don’t own your house anymore !

Have Fun !


SourceForge is a non sens

Well, I just wanted to write some comments about our SourceForge experience, knowing that I won’t write a lot because this forge has no more any interest to my eyes.

As an OpenSource editor, we’ve made our first experience on code delivery on SourceForge. Beginning was OK, and we get immediate success for FreeAnalysis due to the forge position and Pentaho’s presence on it. But after some months, we were just not abble to know who was using our package, who was getting access to the code, and some integrists or competitors claimed to have deep access to source code, without any guaranty or even knowing their name and the purpose of their request. And unfortunatly SourceForge is encouraging those people, in the name of being “Open”. Others may say “this is Open Source” … no sorry, this is not “Open Source” when someone can come in your house, take everything and leave in 5 secondes without even bringing support on your code.

What about intellectual property and R&D investment ? Nothing, they just don’t care ! What kind of support did we get in our discussion with SourceForge ? Nothing … strange position for a forge that claim to be a place for developers ! And when we decided to leave this forge, they just let old package available, so that some users may still use those “so old” packages forever … what is the kind of respect for users to let those people use old packages ? I have read that SourceForge has 1’900 open requests … this is a good representation of the situation …

There are so many projects available on Sourceforge, but most of the news platform behave the same : they simply publish non usabble code (so simple with SVN). So what is better : leaving or letting people think that “they can” … but “they can’t” ?

We will take our time to move to another forge. This first experience was interesting, but now we are looking for more (more features, more security, more support). Many other forges such as GForge or Javaforge may be good places to give access to our packages. By now, we just setup an HTTP server to have “FreeAnalysis 1.0 RC2” available for everyone who cares about it.

Have Fun,