ACROFAN

[OSS 2017 Boston] OpenStack Summit Boston Special Lecture - Edward Snowden, "We Want a Better World So We're Going to Build It"

Published : Tuesday, May 16, 2017, 1:41 pm
ACROFAN=Yong-Man Kwon | yongman.kwon@acrofan.com | SNS
The OpenStack Foundation hosted OpenStack Summit Boston at Hynes Convention Center in Boston, Massachusetts, USA, for 4 days from May 8 to 11, 2017. The OpenStack Summit, held twice a year, provides opportunities to plan cloud strategies and share knowledge about OpenStack cloud architecture and operations with thousands of experts and stakeholders from more than 60 countries attending.

The OpenStack Summit is organized to allow telecommunications companies, cloud managers, app developers, open-stack contributors, and IT industry leaders, who will construct the future of cloud computing, to share business cases and operational experiences, learn about new products in ecosystems, and participated in the actual workshop. Starting with keynote on May 8th, there will be a variety of programs such as 4-day conference with various themes, a forum for developers and operators, a marketplace where new products of the ecosystem are presented, and events for networking among participants.

At the OpenStack Summit, the OpenStack Foundation presented 'next generation private cloud environment' which can accommodate all sizes, and '3C' keywords including cost, capacity, and compliance, with the future direction of OpenStack. The summit also emphasized the connection with the overall cloud ecosystem, not only with the OpenStack, but also with 'Open-source Days' with various open-source projects with OpenStack. Meanwhile, the Summit's Super User Award was the first joint award to UKCloud and Paddy Power Betfair.

 
▲ As a special program, video interviews with Edward Snowden were conducted.

The last program of the keynote on the second day of OpenStack Summit Boston was the video interview of COO Mark Collier and Edward Snowden. He first mentioned that people thinks of Google's services or an infrastructure technology that is the basis of the Internet when imaging ‘cloud computing’. He also pointed out that it needs to be careful that a certain opinion becomes the basis of judgement without any movement. This is because the Internet is much bigger and wider than we face.

In IaaS, Google's services are great, but when future changes and controls are needed, its necessary influence are sometimes lost. Then, if users decided to change such as containerization, but the cost to the infrastructure does not belong to the user. About the inherent vulnerability that user cannot exert influence to the cloud services, which is investment, OpenStack is emphasized to allow more deeply understanding the configuration of each infrastructure layer, and not to let cloud subordinate to certain individuals or movements of a company as well as value that can be obtained through an open-source community.

Meanwhile, with regard to the toolset, he mentioned that NSA or CIA is basically based on Windows-based infrastructure but also have toolsets based on Linux-based, and the exposure called 'Very Aggressive GPL Violator' by Shadow Brokers or recently-released 'Vault 7' of CIA has been appeared. Moreover, from a journalistic point of view, various attempts to effectively return public information to the public through public disclosures of illegal activities are being done on an open-source basis. Typical examples are Tor and Tails, which emphasized privacy.

Tor project gives a little room for breathing in case of having a secret that cannot be told to anyone. As one of the major things covered by 'Freedom of the press foundation', he pointed out the expansion of efforts to build capabilities of open-source development so that anonymous sources can safely access to reporters. He also said that there is much interest in smartphones called "introspection engine" in open hardware. At the infrastructure level, he asked back about securing a way to know whether one's data is well protected at both legal and illegal part in the use of existing commercial services, and he noticed the threat at the layer level that users do not know.

As for the ethical aspects of the open-source community, there is no need to look government involvement and all information-related institutions bad. However, they technically think about the context of the meaning of their work. Basically, they do not work for governments, states, and corporations. They grounded technology upon the spirit of approaching people for guaranteed future of freedom more than.

Every system exists for the user, and is designed to hide nothing from the user and not to lie. Hiding something from the user is one of the biggest problems that can come up on a "closed-source" basis, allowing someone to think "why" about the problem if someone does not share source code. He pointed out that even Intel's Management Engine (ME) security problems could not anticipate the defects for this reason and change them correctly.

 
▲ It was able to see the views on freedom and democracy about the recent changes and events.

As for ethical duties, he mentioned how to provide more rights to users and whether it will revolutionize the existing power system may be empowering a little extreme action. Regarding how businesses and governments can protect people from them, he commented to take a set of 'chain of thoughts,' about how to protect people, into considerations, and to concern about how computers everywhere can protect the public and provide the value.

Regarding infrastructure protection methods about zero-day vulnerability attack, he said that it could be relieved although it is not a simple problem. With the introduction of memory-safe languages, using standards of coding and design, it will be possible to further reduce a series of vulnerabilities, and these might increase the 'cost' of attacks. Of course, however, the demand for such a method will continue. Open-source, on the other hand, can still have a bug, although many people are looking for the problems with the code. Nevertheless, compared to the closed-source model, it still has an advantage that the entire community can respond to it.

Next, he mentioned that it is hard to evaluate positives and negatives about the existing companies' models but from the user's point of view, it is not looked good as it has hard to effect. In addition, he emphasized that even if one has a private business and a system that allows for equal debate, an open-source model could be a better model.

Meanwhile, considering the recent position, he introduced as 'optimistic' basically. To begin with, he stated that, at present, we are standing at the crossroads in technical progress and facing a moral dilemma that we have not seen and could not ask. In the last century, atomic physicists, puzzling over how far they could go and find the laws of the universe, have found some new productive meanings such as today's Internet with energetic potential. Moreover, as the current problem, he pointed out that it is difficult to predict how behaved people who are aggressive and badly-behaved will use these findings.

In addition, he emphasized that it is significant to think about how we can mitigate these things now, and to avoid repeating the same mistakes in the future even though we cannot do anything about the things already gone. For instance, in mobile networks, bad standards such as SS7 (Signaling System No. 7), which has possibility of hijacking, have been applied, but the reality is that there is no enough technology to replace them. Hence, regarding technology construction, he stressed that it is necessary to fully consider the future as well as the present.

As for the views of the move to protectionism and nationalism around the world, he mentioned that “fear” is becoming a global political value in recent years in aspect of some major social movements. Opposition to all terrorism could bury alternatives, and it sometimes creates systemic vulnerabilities. What’s more, there are cases in which the traditional system of confirmation and balance in accordance with the Western-style democratic process have ‘failed’. It is also explained that the court is worried about the role of politically controversial cases such as remote monitoring even if they have no legal problems.

And this series of processes weakens the world’s link regarding the security guarantees for our rights, begins to fail the traditional system of human rights application and necessitates the development of a new system. At the same time, the old processes that have been maintained so far are now starting to fail, and the technical side is gradually showing a new way after this boundary. Moreover, in the development of the protocol system surrounding us, if someone can not personally access the Internet, he emphasized that this communication should be changed to a trustworthy Internet network that we pursue.

On top of that, “safety” and “trust” at this time mean protecting human rights. At the protocol and system level, “rights” cannot simply be given up due to convenience, and a better world means the more liberal world, not a faster diffusion of technology. And this is not only what we can do, but also what we must do, because the next generation must be able to enjoy the same rights.


Copyright © acrofan All Right Reserved


    Acrofan     |     Contact Us : guide@acrofan.com     |     Contents API : RSS

Copyright © Acrofan All Right Reserved