«
»

You Can’t Trust the Cloud

Ning has proven why you can’t trust your web site (or web application to the cloud). Just listen to Ning’s Gina Bianchini:

We’re not discontinuing the Red Light District because we no longer believe in the freedom to create your own social network for anything as long as it’s legal. We do. Practically though, supporting adult networks no longer makes sense. Here is what we’ve seen in practice to date with respect to adult social networks on Ning:

Adult social networks don’t pull their own weight. Specifically, they require other social networks to work harder because they don’t generate enough advertising or premium service revenue to cover their costs. Plus, our ad partners aren’t big fans of the adult networks and therefore require us to identify adult networks or risk our healthy advertising revenue. We don’t want to be in the policing business and, unchecked, that’s where this is heading.

In other words, Ning just decided to cut off people who’d built sites on top of their platforms, because, hey, they felt like it. The pornography just wasn’t as profitable as they expected.

This isn’t the first time this has happened either. FaceBook and Apple have also shut down useful and popular applications because they just didn’t like them. The only safe and sensible course for anyone running a web site/web application/blog is:

  1. Own your own domain name.
  2. Own your own servers.
  3. Own your software (or use standard open source software).
  4. You can use a hosting service if you like, but keep a regular, complete, offsite backup.
  5. Be ready to move ISPs at any time for any reason. Even if you don’t piss off your cloud provider, technical and business failures can and do shut down dependent customers.

Under no circumstances should you build any serious application on top of a vendor owned and controlled platform be it Ning, Amazon S3, Google AppEngine, FaceBook, the iPhone AppStore, MySpace, or anything similar. The companies that own these platforms can and will pull the rug out from under you when it’s convenient or profitable for them to do so.

Don’t believe me? Have you actually read their terms of service? For example, here’s one of several juicy bits from Amazon’s terms of service:

We may suspend your right and license to use any or all Paid Services (and any associated Amazon Properties) other than Amazon FPS and Amazon DevPay, or terminate this Agreement in its entirety (and, accordingly, cease providing all Services to you), for any reason or for no reason, at our discretion at any time by providing you sixty (60) days’ advance notice in accordance with the notice provisions set forth in Section 15 below.

Well, at least you get 60 days notice before they shut you off, right? Nope. Another section of the terms of service allows Amazon to unilaterally change the terms with only 15 days notice, including the section that requires them to give you 60 days notice. And in fact, if you read a little closer, they can do it with zero days notice, simply by redefining their acceptable use policy. And I’m using the term “notice” very loosely. They aren’t actually required to tell you that they’ve changed the terms of service.

Want to negotiate something different? Call them up and offer to pay for a contract in which they accept liability for their failures. Wait a few minutes for the laughter to die down before they hang up the phone.

Amazon is of course not at all unique. I could have picked any of the services mentioned above and found similar.

Perhaps some hackers are working in a garage right now to develop a fully open source cloud platform that enables you to backup and migrate all your data to servers you or someone else control at any time. I look forward to seeing it. However, until those hackers release their work, you’re better off sticking with the tried and true LAMP stack. Traditional payware like Oracle, Perforce, and Microsoft Office had lock-in issues, but at least you controlled the software. Vendors couldn’t (usually) shut you down just because they decided your app no longer fit their business model. Cloud vendors can, and you have little to no recourse when they do.

First they came for the pornographers, and I did not speak up because I was not a pornographer. Then they came for the terrorist sympathizers, and I did not speak up because I wasn’t a terrorist sympathizer. Then they came for the hackers, and I didn’t speak up because I wasn’t a hacker. Then they came for me, and there was no one left to speak up.

«
»

This entry was posted on Wednesday, December 3rd, 2008 at 9:38 PM and is filed under Web Development. You can follow any responses to this entry through the Atom feed. You can skip to the end and make a comment. Pinging is currently not allowed.

6 Responses to “You Can’t Trust the Cloud”

  1. John Cowan Says:
    December 3rd, 2008 at 11:32 PM

    “Vendors couldn’t (usually) shut you down just because they decided your app no longer fit their business model.”

    ISPs can and do, however — they have the same kind of contracts of adhesion (take it or leave it) as cloud vendors, and assert the same rights to cut you off without warning with no reason given, and it’s not always practical to just switch to another ISP. Similarly, you don’t really own your domain names: they can and will be taken away from you if someone else wants them badly enough. Brick-and-mortar businesses aren’t any better off: they’re subject to arbitrary denial of licenses by bureaucracies. Any kind of company can be hammered by underselling or patent trolls or greedy landlords or early calls on loans.

    And what are you going to do in any of these cases? A written contract is only as good as the lawyers you can afford, and all these folks can afford more and better lawyers than you. You might be able to focus enough press or public attention to get something back, but you’re probably in bankruptcy by then. The best hope is to stay in the safe zone where you don’t have enough to be worth stealing from — or, of course, be big enough that you can do your own dirty work.

  2. Elliotte Rusty Harold Says:
    December 4th, 2008 at 9:29 AM

    The difference is that you can practically switch ISPs, as long as you’re only dependent on standard software such as PHP and MySQL. And while domain names can be lost, it’s non-trivial to do so. Furthermore, they can be replaced. The difficulty of being forced to switch to a completely different development platform and port existing content to it is orders of magnitude more challenging. It’s not at all the same thing.

    Finally, a properly written contract is worth more than the lawyers you can afford. There isn’t all that much difference between lawyers, but there’s a lot of difference between contracts. You don’t need the best lawyer. You need a competent, honest lawyer–I know, stop laughing. They do exist.–and a negotiated contract with terms you can live with. Fact is, you can get a better, non-adhesive contract with an ISP if you’re willing to pay for it. For instance, spammers have been writing pink contracts with ISPs for years.

    I do agree though that the best guarantee is not a contract but a free and vibrant market with many suppliers. As long as you can choose from many independent vendors, then practically the terms will work themselves out. If you don’t like what an ISP does, switch. In fact, it’s common to have two separate ISPs for mission critical apps so if one goes down for whatever reason, the other can pick up the slack. However when you’re locked in to one vendor because no one else can host your data and applications, then you’re hosed. The vendor gets to demand what they want of you, and can put you out of business at any time for any reason.

  3. Stefan Tilkov Says:
    December 5th, 2008 at 5:22 AM

    Even if you host everything yourself, you can very easily become dependent on Google for most of your traffic. The moment Google decides to drop you from their index, your site may end up without any (new) visitors.

  4. John Apps Says:
    December 5th, 2008 at 10:56 AM

    There is a larger question here than just the Cloud: contracts of the nature being described here are common, and have been for hundreds of years, in every walk of life. I cannot see what the difference is between the “Cloud” and, say, a bank, a contract with my landlord, you name it.

  5. Danny Says:
    December 5th, 2008 at 12:34 PM

    re. “Perhaps some hackers are working in a garage right now to develop a fully open source cloud platform that enables you to backup and migrate all your data to servers you or someone else control at any time” –

    Stepping back a little, the Web itself is one huge cloud platform. If you conform to the appropriate standards, your data is portable. Ok, that is only true up to a point, it depends a great deal upon how much business logic is hardcoded into your application. But right now an awful lot of this kind of logic is silo’d away in the database backend, and such stuff can be made significantly more portable using the Semantic Web tech – URIs, RDF, SPARQL and a sprinkling of OWL. If the app is more content-oriented, then you’d probably want more Atom/AtomPub than RDF/REST, but the same notion of using standards applies.
    Going back to platforms in the sense you mean, there are at least three beyond-garage-stage semweb systems out there – the Talis Platform, OpenLink Virtuoso and 1060 NetKernel (with the Jena libs).

    See also: Steve Pemberton’s talk, Why you should have a Website

  6. Arnon Rotem-Gal-Oz Says:
    December 5th, 2008 at 1:42 PM

    What we see is the first wave of cloud platforms just as we had the first wave of service providers etc. Things will get better when there will be more competition
    The vendors platforms weren’t open before we had enough competition either

    Arnon

Leave a Reply