Is cloud computing rubbish?

Here’s a pretty light-on-analysis piece quoting Richard Stallman and Larry Ellison’s skepticism and warnings about “cloud computing”. What’s going on here? Are these guys just too behind the times to “get it”?

As with anything, the devil is in the details; and this article is too lightweight to give the whole picture. A more nuanced analysis and report of what these two people are talking about would point out that their caution is all about trust – and mostly rooted in the warning not to store data in the “cloud”. Giving your data away to a third party is convenient, but is too likely to lead to long term grief; you have to trust that party to keep your data integral (backed up and accessible at all times), safe (good security from the outside), and secure (no access to your data from the inside, and no use of it for any purposes other than what you explicitly authorize). In truth, no existing web facility can claim to be better at this than keeping your own data on your own machines.

Richard Stallman is additionally making another point about cloud computing: as far as I understand him, it’s okay for you to use the cloud to perform computations if you’ve installed your own software there, but not reasonable to trust a cloud computer that someone else can put software on. In the end, that means really that any cloud computer can’t be trusted, even Amazon’s EC2, since Amazon’s emulator could be designed to allow them access to your running instance at any time. However, I’d guess that on a sliding scale of trust, their setup is more trustworthy than Google Apps (or Sun’s Project Caroline) where you create applications which are written to their libraries and APIs, without knowing exactly how those are implemented (and how they’re exposing your information to the world or to the application hosts). Google Apps is open source code, so you can run a version on your own computer; in this way, you could create your own cloud and trust it after auditing the code. However, you can’t trust Google to be running a version which is the same as what you could run at home, so even having the source code is not sufficient for trust.

I realize this is a lot more subtle than what the linked-to article is expressing. But even if my analysis is wrong, I hope I’ve inspired you to go read the source material and draw your own conclusion!