 Thank you, right? So I'll be talking about cloud computing now cloud computing has been a pretty hot topic for the last little while in our industry But of course it does come with some problems. It brings you it makes things more efficient and it makes things more flexible But it but in the end if we want to make sure that the cloud the internet is open There's a few things we need to do. We've just seen that we need to fix the RP layer It's very important. I'm going to talk about the layer above that So let's look at these problems right privacy is the obvious problem It's all around the media So I'm not going to talk about this one. You can look any sort of tech publication and you'll hear lots about this one I'm more interested into this problem the problem of autonomy of control What does it mean to you as a user when the the software that you use to To do stuff on your data the software that you use to do your work every day is no longer under your control There is no longer free software So in particular so what so what I want to talk about really is sort of an approach to bring freedom back into the cloud now let's look for example at what it means for Your service provider to be running free software on their servers Does it better? What sort of freedoms does it give you? Well, it's not clear because Of course on a regular computer on the laptop on desktop We have a pretty good idea of what it means for software to be free What sort of things you get out of this for if we look at a license like the GPL? We have a fairly good understanding of what it means right in very simple terms It means that if you if you give the software to someone else give them a copy and he's to come with source code and the same sort of conditions so the same requirements and freedoms But if we look at the case of a service provider Using free software on their servers and you accessing this It's slightly different and the difference is that the trigger for the GPL for the reciprocal clause of the GPL is on the copy and When you're using a web service, you're not actually making a copy You're providing some input for this service and you're getting some output But you're not making a copy so the G so the GPL would never kick in right you don't have to buy Doesn't have to buy source code a couple of people have Thought about this problem and came up with a solution to bring back the idea of copy left the Specifical nature of the GPL to the cloud world and that is a new license that they call the a ferro GPL Now the a ferro GPL is Almost exactly the same as the GPL except for one very important difference, which is this If you put something under the ferro GPL and a user modifies it then they must give The source code to anybody who uses the the service over the internet Which means that if you modify the software you can't keep your modifications closed You need to release them if user if users request them What does that look like in practice? Well, here's an example of a piece of software that is under the a GPL And releases source code. This is from status net and Basically, what they do is they put a link to the license and the footer of their pages And I put a link to the source code as well So it's not too onerous if you if you if you do it right this way Right, so okay, we've got a couple of tools We've got a an entirely free software service stack. We've got a new license that has a copy left Component to it. We have free browsers and we have sexy web 2.0 frameworks Where do we start? It turns out that a number of people have already started Working towards this free client and what they've done is they've taken a number of proprietary services One by one and started providing free alternatives Here's a couple. Twitter has a free software replacement called identical. How many people know identical? Okay, quite a few people GitHub has get orious in the fair blogger has a number of products including wordpress branchable The project hosting sites like source forge and Google code There's a there's an AGP like one called launchpad, which Ubuntu uses in funds Survey monkey has line survey Google maps open-street maps, etc. Last a family revamp delicious cuddle Facebook might have something that replaces it someday and other critical services there Now I was looking for a small one because I was Trying to get started with this and figured out that you know the very first one and I do I wanted to be pretty small So I started looking around for for services that were not free software It was quite useful out there, and I picked gravitar How many people use gravitar or are there any application I have an account of gravitar? Okay, a couple of people So for those of you who don't know what gravitar is is it's simply a website where you create an account You upload your photo, and then you sign it to your email address And what happens after you've done this is that all of a sudden on the whole bunch of websites on the internet? you'll see your photo and The way they do this for example on the on this site on Olo They don't actually allow you to upload your own photo What they do instead is they just take your email address, and then they'll go fetch the photo from gravitar directly And so you upload your photo once and it shows up all over the web if you want to change your photo You just change it on one website and it changes all over which means that if you want your photo to appear next To a comment that you put on someone else's blog well if they're using gravitar Then it will appear automatically you don't have to upload your photo all over the place it's quite a cool system and The the API for the developers is really really simple here's how it works You take the email address as entered by the user You lowercase it You take an md5 son of it You turn that into a URL you probably see where that's going you stick that into an image tag and That's it. That's all you need to do does that see if you are so on your site You have photos for your users that are hosted somewhere else and they get pulled in by the browsers directly So it's quite simple Okay, so got some tools a service to replace What's next well obviously when you start a free software project the very first thing you have to do is to pick a name So I pick this name from Libra which stands for Liberty and I came up with a little logo as well So the next thing I did was to look for inspiration at other free network services projects other AGPL projects And the one that's funny the most was status net now status net is the software that powers identical The Twitter replacement so I didn't cause their service that is net as a native software that runs it And they did a couple of things right the the the one thing that inspired me actually and specifically in identity I was was this bug here Ticket number d4, which says that if a user doesn't have a photo in identical Identical should default to looking at gravitar for a photo And so I decided to that I would fix this bug but not using gravitar and so Specifically the things that inspired me with status net were things like they decided to replace Twitter, but to not do they did not Get so sort of put the burden on themselves to do everything the Twitter does they decided to do the core set of features Twitter does and to drop a couple of things and so I'm going to do the same thing There's a few things in gravitar that I don't feel are as important as the other ones So I'll just concentrate on the other things But perhaps the the most useful insight from status net was how they integrated into the existing world That they were trying to replace how did they integrate with Twitter now? They did this to two things using the same API and By being a Twitter client themselves What does it mean to use the same API? Well, it means that Basically it for all of the existing Twitter clients that are out there on mobile phones desktops, etc All they need to do really only need to change in their code to support identical is this They just need to change the base URL everything will work the same. That's really easy to port your software to identical What does it mean to be a Twitter client? Well identical actually is a Twitter client so they can post to Twitter which means that I the so this this message was posted on Twitter and But I actually typed it in identical and so in practice what that means is that You don't have to wait until all of your friends have switched to identical before you didn't move yourself You can start posting to identical and still keep feeding the information back to your friends on Twitter So quite a clever idea I'm basically going to do the same thing so I'm going to use the same API and Libertad is also a gravatar client Same API means that if you're already using gravatar application, that's all you need to change Right just a base URL again. It uses the same API In terms of being a gravatar client what this means in this case is that if Libertad doesn't have a photo itself. It's going to redirect to gravatar Now the clever thing about this is that right from launch Libertad has always had more images than gravatar Because it has access to all of gravatar's images so it works quite well in practice Now okay, so that was about how to replace the service how to Clone the most important features and so on how about making it better Well, of course it is free software, so it's inherently better It comes with freedom But it also has a number of features that that that gravatar doesn't have I think a most important one is federation by DNS Now the idea here is that if you control a domain name For example, my important catalyst site he has kill us up that don't NZ You should be able to specify exactly how people are getting pictures where they get their pictures from for your domain So for any kettleence employee with an email address that countless that never NZ They should go to that URL avatars a catalyst that never NZ and that says exposed in DNS through an SRP record Which is what is used for service discovery? So for example, if you want to discover some the company's LDAP server SIP server something like that This is typically a kind of records that you would use Got a couple more ideas, maybe using creative common licenses the ability to license your avatar images Liberator already supports more hash algorithms So if you're concerned that MD5 is not strong enough to protect your users privacy in just you shop to 256 Another idea had was to have RSS feeds for changes in profile photos And another neat one is the automatic photo import or so when you create an account on the bar at our It will pull in your gravitar image immediately or your identity image So that you don't even have so if you want to switch leave our thoughts really easy You don't even have to re-upload your photos that gets taken care of automatically, right? So what does it look like? I? Will attempt to do a life demo Now the wireless is a little bit slow, but hopefully it will work so this is the main page and Just a regular login thing Now the first thing you do is you upload a new photo And I'll just upload this one Sorry Possibly yes, so let's just crop it to be like this and do this And you can upload more than one photo as well if you want So you can have different photos with different email addresses So I'm just not absolutely use the auto crop here And then the next thing is you add your email addresses now I've actually cheated and added one here, but what happens is when you type in your email address It will send an email to you with a confirmation link to make sure that you actually own that email address and That link will look like this And I've just been kicked out Picked off the wireless. Oh, yeah, we're back So this is the automatic importer in action say it found two images and if I check them they'll get imported This case. I don't need them. So I'll just do this Right. So now I've got a confirmed email address. I can assign photo to it like this and Now if we look This is a little tool that I wrote to Simulate someone using the bar in the application So if you weren't someone's blog and that blog software used to have just happened to use the bar I thought this is what you would see so Look up here Just clear up the cash So there we go. Um, so this This is the hash the md5 hash of my email address and if we look here This is the URL that Like a blog type of software would put on their page to display my picture Now it does support HTTPS as well if you have if you're running over HTTPS you should use This URL instead because otherwise you'll have browser warnings And So let's look at another one one that I haven't yet added to my liberal tie accounts So what this one does here? You look here here for your wireless to work but basically this one is is a different picture because it's coming from the other time so liberal It doesn't have a photo for that email address. It doesn't automatic redirect grab a time It doesn't redirect shall one and shall 256 because the gravitar doesn't support those ones Now finally, I'll just cancel that one Here's another installation of liberal time. Now. This is using the Federation stuff. This is the the avatar server for my employer and I'll just log into this one Now in this one, you can't you obviously can't create new accounts. There's an LDAP plug-in. So All the employees had access to this one and so I've already assigned a photo for this one So let's have a look at a user. So again simulating a blog software that would Right spelling looks good So this is what they would see they would so they would see the image as Certificate catalyst server here and there you go That's what they would put in the htnl because they would do SRV look up beforehand now For the catalyst server as you can see the HTTPS stuff is going straight to liberator instead. That is because If we do a DNS look up here the the catalyst server only exposes a Only gives a avatar server for HTTP not HTTPS so HTTPS just goes to to the regular service And if I do I made a title here Then what we're going to see is obviously a missing avatar But as you can see the because it's a custom installation for cabler stuff net They can choose exactly what picture to use when when a photo is not found for one of their employees Which we see here The last thing I want to point out is this little option here permanently delete your account. I Think this is really when you when you're starting to replace Services with free software once I think it's really important to pay attention to privacy and things like that and We kicked off the wireless again, but anyways, this does delete your account entirely And it leaves no traces of you in the database So I think it's really important to build services like this that allow people to exit gracefully Go back to this So what does the software look like? What you've seen was Django application where you can log in to upload your photos, etc Then what happens after your photo is uploaded is it gets saved straight to this? With the the hash as the following So basically all of what the application is doing is serving static files from this directly There's a there's a mod rewrite component to it as well because you can do certain things like Specified that if the image isn't found you want this image instead to be used as a default stuff like that But in other words the high traffic site is entirely static and The dynamic side of things is is the low traffic one because people don't update their photos very often But the photo gets requested a lot more than it gets updated Now it is a little bit more complicated than this Because there's an extra step for a skill be scalability purposes Which is that the Django application uses a gearman queue to put all of the slow operations of things like crop resize optimizing images using JPEG up to many of TPNG Those things take a bit more time so that queue is there to make sure that only one of these operations happens at once Obviously that becomes a bottleneck. It's really easy to scale it up and just add workers to the queue So what's next? Well, I mean the project started a few months ago but I've got lots of ideas of what to do next and specifically what I want to work on there is mirrors so Basically, it's just a bunch of static files served by Apache So it will be really easy to distribute that across the world and just do it like a twice-daddy arcing or something like that And then sort of scale the service up from there another thing that I'll do is to have a plugin for icky wicky which is blogging a free software blogging platform which has a commercial hosting site called branchable and Vengeable guys are keen to give it a go and and sort of try that for real with a few users and so on Then I want to create a service for devian developers to so that will be another hosted instance of Libertad just like the catalyst one So basically, you know, when you go to the branchable blog that talk with comments from devian developers, you'll see the photo pop up things like that And if you want to get involved those heaps of stuff that can be done This this is just a couple of ideas that there is a thing in gravatar called web at ours Which is kind of a cool idea if you if the picture is missing for someone instead of always showing The same little icon for missing people you can have a little sort of random looking patterns of lines and colors That is the same for a given hash, but it's different for different hashes So basically you can see visually That there are different people talking about stuff even though the picture doesn't show up and you can also associate the same The message is coming from the same person Visually give it this thing now. I'm not quite sure how to do this But if anybody is keen on doing this, that would be quite cool. I want to internationalize it as well We'd like to have localization in a couple languages as well for the Django applications If you're in Django guru, please come talk to me and you know if you were Came to improve the code quality and someone can do a code review Writing test suite is another thing that are to do list Graphic design CSS again come talk to me as it will be great to improve this If you have some servers and you have a bit of extra list space and you'd be wanting to run a mirror that'd be great Or if you had access to cheap SSL certificates currently where you first you pf's we're using CA certs Which doesn't work so well for a lot of people unfortunately and if you Don't want to do any of this that I still want to support a project Please just create an account today and upload your photo And that's pretty much it now. I'm happy to take questions And I would also like to know if you have any other ideas for Libertad things you'd like to see things we use in grata and would be cool to have Or if you think of other easy services to replace Now one thing that seems different to Twitter is that the way the open Twitter has been implemented is that for a user It seems that I currently be better off putting their account on gravity because it means that it would work on more websites They're their avatar will be available in more places than if they would put on your service because it doesn't have that push back to Gravitar in the same way that the that you get with Twitter Yeah, so I mean obviously you if you want if you want to your photo to view on sites that use gravitar and not Libertad then you should put it both And that way, you know you've got it there The idea is that like yes Unfortunately, we can't do sort of both ways You know, I do have a very cheap solution to this which is a grease monkey script To change the URLs and all the pages that I visit my browser, but obviously that's just for me to test it and but anyway, but it's the the idea is mostly that That this will be bootstrapped by other free software service projects that want to support this and support sort of freedom and Federated ideas, but yeah, that's not you know, don't we convince wordpress to actually do it? It's not going to show up everywhere So first of all, thanks because it's a very interesting example of how to subvert an existing web service adding both features and freedom So thanks. I have a question. So how do you imagine in the Final application that will need to use either gravitar or live avatar or whatever the interface for configuring Avatars are coming from I can imagine that you can for instance ask the administrator to specify the URL the basic URL from which the Avatar should be taken from that's a possibility and But and it would be also in line with the idea of having a kind of federation of the services But then the question is if you go that way The idea of falling back to grab at our to fetch an image become kind of obsolete because you no longer have a single Fallback service to which look for an avatar if it does not exist on Libra avatar or whatever Right. So so each each sites like for example, the chemist site Currently is configured to not fall back to go to our or Libra that and to just display the official chemist level because that you know, it's at that point it becomes a policy that It does what does the domain owner want, right? But it could easily just redirect to Libra time for example, and then there's no gravitar or whatever. So there's the option to do Either one of those So for that in the dark first possibly it might make sense to just redirect to the other service Yeah, so how does the DNS SRV actually work? Does it look up the SRV records on every domain name like if I enter a gmail.com? It looks the avatars dot underscore tcp.gmail.com and and isn't that really slow? Like if you make a request for an avatar on Libra avatar.org Isn't it going to be really slow waiting for the DNS to time out if it doesn't exist or has it work? Well, there's many things that they can be done then for that stuff Obviously the the the cool thing about about doing this in so this is how it works, right? You just do dig for it and then you can find the service The the cool thing about using DNS is that DNS is designed to be extremely cashable and it's this cash all the advice obviously with something like Gmail and hotmail or whatever which is probably going to be Half of the email addresses at least that you're going to encounter and add yahoo to that mix and if we do know that they're not That they don't have an SRV record and there's a really quick Hack that you put in there to just you know not do look up for these ones But yeah, I mean I'm part of the deploying this to branchable will be to see how well it scales And what else we need to do? Would it make sense for a big site to have their own sort of lightweight DNS resolver that has a very short time out for us I think that can maybe I don't know I'm looking forward to having a problem I've got a little idea I like to have all the little tools on the side as well to make a lot easier to Very the images and things like that and in that In that same vein maybe a little service to sync the avatar back up to WordPress I'll you know the way that say LinkedIn harvest all your email addresses out of your Gmail and they wouldn't like that And that's kind of power for the course and so it sounds like a good thing to do Yeah, so so there's a good pushing it back to your Google profile to your Facebook profile That's a web scraping or whatever it is to be able to check it quite easily by just you know Just doing a diff on the image or something like that. I'm trying to push it every time That's a very good idea I'm sure if you anyone wants to have a talk to you and France law afterwards they grab him for a check then So I'd say thank you to France offer talking to us today is a small token of a