Wednesday, June 26, 2013

Thoughts on the NSA scandal

They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
-- Benjamin Franklin

The very word "secrecy" is repugnant in a free and open society...
-- John F Kennedy

I've been reading a lot about the NSA and the disclosures relating to it of late, and I have some thoughts on the situation, as those who know me might expect. As always with me, nothing is simple, and I am not going to give you a two line TL;DR synopsis. Read it if you care, and if you don't, well, then don't.

On Edward Snowden

Everything in the media about Snowden - his background, education, girlfriend, behavior, where he is, and so on - is a side show. Yes, he broke the law. But whistleblowers do that all the time, trying to raise attention about things that violate their principles.

Is he a criminal? Probably.

Is he a traitor? Maybe.

Is what he has done wrong? Not in my mind. You may feel differently.

Should be punished? Answering that is beyond my pay grade, though my gut says "no".

What is important - really important - is what he's exposed. Most of us knew - or at least suspected - it was going on to some degree, but the documents Snowden has released help shed light on programs that have been hidden for far too long. That is a good and necessary thing, and for that I thank him.

And that is all I am going to say about Snowden himself.

The Problem

Going back decades, but really gaining momentum after 9/11, we - as a nation - have run in fear. Fear of communists. Fear of the Soviet Union. Fear of terrorists. Fear of China. Fear of gays. Fear of the opposing political party. Fear of the other, of the different. Fear, pure and simple.

And after 9/11, it became possible for any lawmaker, of any stripe, to pass just about any law, no matter how restrictive or silly, by claiming it would help "secure the homeland" or improve national security. Fear is a powerful motivator.

And so we've become slaves to our fear, and make far too many decisions based on it.

The intelligence community is the major beneficiary of all of that fear, and (of course) the money all those new laws have made available. We used to have (and sometimes worry about) only a military industrial-complex. Now we have an intelligence-industrial complex. It's a huge beast of a system, employing tens of thousands, and consuming vast amounts of money that often cannot be tracked at all. Someday we're going to be appalled at what the NSA is paying for toilet seats, but up until very recently it's all been black budgets and a complete lack of detail about what they are doing. The recent leaks have shone a small amount of light into the system, and the results are, to me, rather scary.

What we know seems to include:
  • A president who ran for office espousing openness and transparency, but who has changed his tune and now runs a horrifically tight lipped and closed administration, particularly on national security.
  • Lax - or nonexistent - oversight of these programs by congress and the courts that are supposed to oversee them.
  • Agencies operating on secret interpretations of laws that are (and were) controversial. In one case, I have read speculation that the NSA is allowed to collect and record the contents of all the calls and emails it wants because that isn't the actual "intercept" the law prohibits without a warrant. In this interpretation the "intercept" only happens if some agent actually listens to a call or reads an email. Whether that is really true or not, I cannot say, but given the nature of the disclosures to date, it seems entirely plausible.
  • There are few obvious safeguards in place to assure these programs aren't (and won't be) abused, and certainly no proof that abuse hasn't already occurred. In fact one article I've read documented abuse of these programs recently, including capturing the calls of a certain senator from Illinois long before he began his presidential run.
  • There is no assurance these programs are actually useful. The head of the NSA recently said these programs had helped avoid over 50 acts of terrorism, but there is no way to verify that. And, on the rare occasion in the past six months when I have read actual research by journalists into claims of the benefits of NSA style intelligence gathering as they relate to specific incidents, they have all be debunked. In other words, in all the cases I have seen where an attack was thwarted by signals intelligence, the claims have been proven false, and the actual intelligence that did the job was collected in other ways.
  • The head of the NSA has lied to congress - and thus to the people of the US - about the nature of these programs. Don't take my word for it, though. Google him up - General James Clapper - watch him tell congress, in answer to a direct question, that the NSA is not collecting data on millions of Americans. Then read about the court order requiring Verizon to turn over call metadata for every call on their network. He lied, plain and simple. How can a person who does that be trusted with anything? How can a system that encourages that be trusted with anything?
  • And if you're not an American, it appears the NSA can do whatever they want with the data they collect on you: record your calls and listen to them, search your email, save it all forever. And all with no consequences. Isn't the USA just a shining beacon of truth and justice?
The NSA PR machine would probably tell you I am mistaken in all of these claims, but they will offer no proof. Proof would imply exposure, and that is inherently bad in their minds. I disagree. I think it is possible to tell the citizens of the US what the NSA - and any other agencies working in similar ways - are doing, at least in broad strokes - in our name, clearly and succinctly, without risking agents or compromising techniques. They won't do it, of course, but they could. If they did, however, they would have to deal with the backlash, and that might be a bit of political problem.

Personally, I think we've overreacted to 9/11. It was, of course, a horrible tragedy. But what we have done in response is either entirely reactive - looking for things that were done before, so now we're patting down little old ladies and making everyone remove their shoes at airports - or is so secret that we cannot talk about it under any circumstances.

Well I am sick of it all. The introductory quotes I gave are spot on. Just how much liberty should we be giving up? And just how much secrecy should we tolerate? The answers aren't necessarily obvious, but if we cannot discuss these issues, we're giving in, and creating what amounts to a police state in the process. America, the police state. How does that sound? Or how about: "Come to America for the freedom, stay for the monitoring."

They Can Watch Me - I Have Nothing To Hide

I have heard that argument from so many people over the years. It's practically an invitation: please, government (or company), feel free to read my email and listen to my phone conversations. Go ahead and track my movements even. I don't mind, because I am a law abiding citizen and I have nothing to hide. Only the bad guys have something to hide, so go get 'em!

I have two responses:

First, you may have nothing to hide now, but will that always be true? What if you're the one who discovers a crime on the part of those in power? Shouldn't you be able to protect yourself from discovery while you figure out how best to do something about it? Alternatively, maybe your tastes change at some point and you don't want the government knowing about some little habit you've picked up. Maybe it's just a fascination with subversive literature. Maybe you're a historian and you start digging into an event in the past which the current administration wants to keep buried, or sees in a different light than you do. Isn't it possible you might want to hide something, someday? Legitimately? If you cannot imagine that, I submit you're not trying hard enough.

Secondly - and more insidiously - a giant database of call records and similar data can - at the very least - be used to make most anyone look bad in hindsight. If you have interacted with me personally, for example, that makes a connection. And if this (or some future) administration decides this blog post is a problem, you could be looked at with suspicion. And who else have you talked to? Are you certain that every last one of them is a perfectly upstanding citizen, free from any possibility of shame or recrimination? That NSA database of phone call data - combined with a simple reverse phone directory to get at names - can be used to find any number of disreputable people we might have associated with. And five years from now, we won't remember the details, so we'll have a very hard time defending ourselves, if we're even given the opportunity.

The most repressive regimes in the world would love to have the kinds of data the NSA has admitted it is "accidentally" collecting about US citizens right now. Think about that for a minute. You know it's true.

On Our Elected Representatives

President Obama ran promising greater transparency in government. At the Whitehouse website, as I write this, you can find a page about Transparency and Open Government where you can read this opening paragraph:
My Administration is committed to creating an unprecedented level of openness in Government. We will work together to ensure the public trust and establish a system of transparency, public participation, and collaboration. Openness will strengthen our democracy and promote efficiency and effectiveness in Government.
I call "bullshit". The Obama administration has been just as bad as - and possibly worse than - the previous administration on transparency. We continue to have a government that stamps things "secret" just for fun, and anything to do with national security is inescapably hidden. The NSA programs have only grown under his watch, and the Patriot Act - a bad law that never should have been passed in the first place - has been extended.

It didn't have to be that way. With a simple presidential directive and a few hours of work on the part of a few key people, the broad outlines of the major programs the NSA is undertaking could be released, and we could have a conversation based on real data, not suppositions, rumors, and leaked documents.

Yes, the terrorists might learn some things not to do - maybe - but remember that Bin Laden was only interacting with others via courier when we finally found him. No satellite phones, no cell phones... just people. And email encryption is a reality already. Don't you think maybe the bad guys already have a pretty good idea about this sort of thing? If they are using unencrypted text in gmail to talk amongst themselves, perhaps they are dumber than we give them credit for.

On the other hand, we the people - the ones paying the bills and electing the leaders - would probably learn a lot. Remember rendition and secret prisons? How about waterboarding and government sanctioned torture? Destabilizing foreign governments? Assassination attempts? All in our name. And now we can ad near universal spying and cyber espionage/warfare (even against our allies) to the list.

And if we're outraged by those disclosures, well, then maybe putting these programs in place was wrong, or the ways in which they are implemented need to be changed. That's part of democracy. But maybe the President - and the rest of our government - has forgotten about that.

Farther down the chain we have a few senators who may or may not have been briefed on these things in some detail. Just how much they know is, of course, unclear. Some of them have missed the briefings entirely. Others have come to the conclusion that the intelligence system is worth every penny we throw in its direction, and that everything the NSA says is true. My own senators have both let me down on this. It appears they think anything and everything is allowed in the name of national security, and I simply do not agree.

I recently read a claim from a Senator that the problem with the system is that it employs too many contractors, as if government employees wouldn't give secrets away. I can only laugh. Benjamin Franklin had another quote that applies here: "Three people can keep a secret if two of them are dead." Note that Franklin doesn't mention who these people might work for. And just in case you think the fact that the NSA related leaks came from a contractor justifies the claim, I have one name for you: Bradley Manning. Private First Class Bradley Manning, in fact. He's the US soldier - definitely a government employee - who passed a treasure trove of classified material to Wikileaks. That government paycheck really saved us in that case, didn't it?

The real problem is actually very simple. It's people. They can't keep secrets, no matter who they work for.

And the only real fix is not to have secrets. The less we classify and withhold, the easier it is for everyone to do their jobs, and the harder it is for someone to break these laws, or surprise others with revelations.

I will be writing my Senators, my Representative, and the President to express my extreme displeasure with the state of our security apparatus. And I suspect I will be voting differently come the next election as well.

I note, however, that with very few exceptions, both of the major parties are filled with people in the pockets of the intelligence industry. If you think you can just switch your vote to the other big party and cause change, you're fooling yourself. You'll have to look much farther than that.

Summary

Imagine for a moment that we're all rats in a maze. In this scenario the NSA is the guy running the experiments and watching from above, with video cameras and digital tape recorders. He can hear just about anything you say, if he wants to, and see just about everything you do. Sometimes you can hide in a tunnel for a minute or two, but the NSA guy knows when you went into that tunnel, when you come out, what you took with you, and everyone you met while you were in there. And if your personal maze happens to be overseas, the NSA guy is actively recording everything you say and do just because he can. And watching and reading it later, trying to determine if you're the right kind of rat or not.

Is that the kind of world you want to live in?

If not, I suggest you tell your elected representatives about it, loudly and clearly. A big backlash is about the only tool we have to change things at this point. A small backlash will only get the noisy ones watched more closely, and eventually their friends will be tarred with the same brush when these systems are misused by those in power.

All of these intelligence gathering systems are begging to be abused. If not by the current administration and people in charge, by those that replace them in the coming years. We will all suffer, and the McCarthy hearings will look like a cakewalk in comparison.

References:

I've read a lot of articles focusing on these issues in the past few weeks. The list below is roughly in time order, and contains links to articles I found interesting, or that I bookmarked for one reason or another. It is far from a complete list of my research, which it would be difficult for me to regenerate at this point, though - and I say this fully understanding the irony - the NSA could probably tell you what I've read in a matter of minutes if they wanted to. There are a lot more articles to read if you dig. Feel free, if you don't mind building a track record on the web that the NSA will be able to follow, of course.
And one from December 2005, still shockingly relevant now:

Sunday, June 23, 2013

Much Ado About Nothing

TL;DR: go see Much Ado About Nothing.  Really.  Just do it.  Great movie.

Joss Whedon - who created enough of the modern American TV canon that I am starting to think of him as the Shakespeare of my generation, though I am certain he would disagree with that characterization - has done it again.

This time he's created a movie from a play by the original Shakespeare, and he's done it very well.  He cast a bunch of people you will recognize if you know his work, and they clearly have a great time.

Put simply, Much Ado About Nothing is great.  Amy Acker and Alexis Denisof have great chemistry as Beatrice and Benedick, and their acting is superb.

So, honestly, just go see it.  You'll have a great time.

Thursday, June 20, 2013

Yellow Jackets: Scourge of the Earth, or something...

I started to do some mowing and tree trimming on Tuesday. I am trimming up a bunch of trees along the road I live on, as well as mow a field. It all belongs to a neighbor who doesn't mind if I do the work. In fact, I've been mowing this field for him for several years now - to the benefit of us both - and I am finally trying to trim up the trees so they don't rip my face off when I mow under them. And to reduce the ladder fuels as well.

I had been working on to the very first tree on my neighbor's side of the property line for maybe 20 minutes when I felt a sharp pain in my right hip. Inside the pocket. It hurt. A lot.

No sign of the critter, but it had all the hallmarks of a yellow jacket sting. Only then did I note the nest in the ground, not three feet from where I was standing. Grrr.

So I backed off, made sure I wasn't about to die from anaphylactic shock, and kept working, just a bit farther away.

Maybe half an hour later I noted that the inside of my left elbow was starting to itch. Odd... no bites or stings or anything... just a consistent itch. Keep working.

Half an hour after that, though, my elbow is covered with small pustules and swollen up. And itches like mad. Grrr. Again.

Take a break. Wash the elbow clean and examine. No bite or sting marks that I can see. Slather on some topical antihistamine. Examine hip. Clear sting mark and minor swelling. Slather on some antihistamine there too. Start wondering...

Two years ago I was stung by a yellow jacket on my left elbow, just about where it is all swollen now. Could the new sting on my right hip cause the swelling on my left elbow?

The rest of the day goes along without additional excitement. That evening the elbow swelling recedes, but the hip swelling (and pain) increase, then decrease overnight, then increase again the following morning.

And continue increasing during the day. Grrr for a third time.

Finally, despite the fact that I am not obviously dying, I decide to go see a doctor. Mostly about whether the new sting could cause my left elbow to swell than about the swelling in my right hip.

And here's the takeaway from this blog post. Things I didn't know:
  • Less than 1% of people have an allergic reaction to bee stings. That means that unless it itches - or your neck swells up and you cannot breathe - antihistamines don't help. This makes sense in my case. The antihistamine did nothing at all for my hip. Maybe it helped the elbow, but then again maybe not. There is no way to be sure without extensive testing, which given the situation is something I would rather avoid.
  • The doctor says he has never seen an infected bee sting either, and he has seen hundreds of them over the years. That means antibiotics are wasted treatment for them too.
  • The swelling around a bee or yellow jacket sting is actually a reaction to the toxin the little blighter has pumped into your system. It can make your whole arm or leg swell up before it resolves itself, but there is nothing much you can do about it. Maybe some pain killers if it hurts too much, but all that stuff we were taught about allergic reactions and the like: wrong. Unless you're part of that tiny group that actually has one, or you're stung in the mouth.
  • There is no pattern to whether later stings are more or less bad than earlier stings. You never know.
  • Oh, and get the stinger out ASAP if the bee left one stuck in you. Don't worry about squeezing it, just pull the thing out to get it to stop injecting more toxin into your body.
So the doctor told me not to worry about the sting. It will work itself out just fine, and given I hadn't already gone into anaphylactic shock - and the sting site didn't itch - I didn't have an allergic reaction to it. Wait it out is all I can do. OK.

Beyond that, though, my question about whether the new sting could have caused the site of the old sting to swell up and itch was new to him. He didn't know the answer, but said he would try to look it up. It does happen in some cases with poison oak, he knew, so it is at least an interesting question. If I hear anything from him about it, I will share that.

This morning the swelling on my hip is down again. Maybe it will swell back up, maybe not. And the elbow is basically back to normal. Life goes on.

Finally, if anyone knows of a way to render yellow jackets completely extinct - wiped from the face of the earth - with no side effects, please share it. We live with skunks, spiders, bees, wasps, poison oak and maybe scorpions and rattlesnakes (though I haven't seen any of those in 21 years), but yellow jackets are definitely the worst. They all need to die. Now.

Tuesday, June 11, 2013

Richard Stallman Is Wrong About Cloud Computing, At Least In Some Ways

TL;DR: No matter what Richard Stallman may say, there is a place for cloud computing.

In an article in The Guardian, Richard Stallman calls using web based programs "worse than stupidity" and a trap to get people locked into proprietary systems.

Is he right?  In some ways, maybe, but as I see it, for the population in general, he's off base.

I'm probably not the right person to criticize.  I've only got about 20 years of programming behind me, mostly for companies no one has heard of.  I've worked for one ISP, one OS developer, and a bunch of other places.  I graduated with a CS degree long enough ago that OO was still a university concept, not actually in use in the field, and I never took to it for several reasons.  As it happens, I'm sick of all of that now, and would rather carve stone, but that doesn't matter.  I still do a lot of things on computers, using cloud computing of one sort or another, as well as some local computing power too.

Oh, and I know Stallman will never see this, which is just fine with me.  I'm a nobody in comparison, but I still think I have a valid point.

Stallman claims that cloud computing is all marketing hype.  But let's look at this a bit more deeply.

If you have a computer at home, the chances are it runs Windows.  Alternatively, if you don't run Windows, it is most likely you're an Apple Mac user, and thus run MacOS.  If you fall into those categories, Stallman has no use for you.  Those are both proprietary operating systems and lock you into the same evils that cloud computing does.  You're screwed, by definition.

In terms of popularity, I think after that come tablets and smartphones.  Those generally run Android - which is open source - or IOS (from Apple) or Windows.  Let's just assume that Stallman hates anything from Apple and Microsoft - probably a good bet - and think about Android for a minute.

I have an Android phone, and I love it, but it is running an old version of the OS.  It's not even two years old but - despite promises to the contrary - both the manufacturer and mobile carrier have failed to update it.

Yes, technically, I could root the phone, back it up, and install the latest version of Android myself. But that takes time, risks turning the phone into a brick, and requires me to do all ongoing maintenance from there on out as well.  While I might eventually attempt it, most of the people who own smart phones aren't going to bother.  Too much trouble.   So, many people running Android are locked into an old, unsupported OS by a combination of their carrier and phone maker.  Stallman probably writes them all off to, if I had to guess, though he might claim the the companies involved are doing evil in the process.

So far, no matter which of the choices I've listed, you're very likely to be in a category that Stallman dislikes.

What does that leave?

In the personal and mobile computing world, that leaves Linux and the latest version of Android, the latter getting updated all the time and leaving more and more people behind as that happens.

So, what makes the few percent that actually run those systems - the ones Stallman might like - tick?  They're all serious geeks, for starters.  They know their tech and aren't afraid to mess with it.  It's fun to do so, in fact.

Let me give a different perspective on this: I run Linux at home and it requires real effort.  Here's an example:

Recently, Ubuntu discontinued support for the version of Linux I was using.  Their newest version no longer supports older CPUS - like the one found in my laptop - so it cannot run out of the box on it for me. It does run on my desktop, but it has a new UI that I really don't like, which completely changes the way I have to interact with the computer.  (I strongly prefer focus-follows-mouse, not click-to-focus, for various reasons, but the Unity UI makes that choice unavailable by default.  And there are behaviors in this UI that make no sense on a desktop, but since they are trying to create on UI that will also work on pad computers and smartphones, we're stuck with it.  In short, I think it stinks.)

And then there was the time that I had to wait a year for Linux to support a new motherboard, and the time Ubuntu changed to the open source graphics card driver too soon, and it didn't support my system, and getting printing to work was a pain, and I had about three choices for scanners that the manufacturer actually says support Linux, and when I did the recently required OS upgrade, the scanner stopped working and I had to go find 2 totally different things that were required to make it work and execute commands at the command line, as the superuser, to make things right again.  Really.

None of that is going to be easy to explain to most users.  Stallman would have no problem with it, and compared to most I had little trouble, but I am not about to make Linux support a brand new motherboard.  I have a lot of other things to do with my life.

Stallman might argue that I can change to another Linux vendor, and I did look around when Ubuntu unilaterally decided that non-PAE CPUs were so old that no one would care if they weren't supported anymore.  But I am not all that happy with anything I have seen so far.  Over the years I have used a number of Linux versions, and I have suffered from all kinds of problems with both hardware and software compatibility.  Thus far, Linux Mint runs on the laptop - despite being Ubuntu and Debian based - but I am not convinced that I want to run it on my desktop yet.  Too many unknowns.  I have no idea how that issue will shake out.

Looking at this objectively, Canonical - the makers of Ubuntu - have done their very best to both lock me into their system and piss me off about their hardware support changes.  They act just like a proprietary OS vendor in some ways.  And given past experience, most of the other Linux vendors I have used do the same.

So on the OS front just about everyone is going to have a problem.  Either Stallman won't approve of your OS (walled garden or crap) or, in the unlikely event that we happen to select something he approves of, we're in for a perpetual maintenance nightmare.  And I repeat: am fairly well versed in the technology.  My parents are never going to run Linux.  Never.  Way too complicated.

But let's think a bit more about the nature of the beast here.  The OS is only the start of the issue, and Stallman's real complaint - at least in that article - is about cloud computing, which goes beyond the OS and into the application arena.

For example, apparently Stallman doesn't like gmail.  Because it - and other webmail systems like it, one assumes - will lock their users into one solution, and put them at the mercy of Google (or Yahoo, or Microsoft, or whoever).

Perhaps, but...

I ran my own instance of sendmail for several years, so I could totally handle my own email.  It's a configuration nightmare.  Not fun.  No way is grandma going to do it.  And you have to update the software all the time to patch for security issues, and there are always things breaking in weird ways.  It is my belief that mail server administration is only for those who enjoy pain.

Beyond, that, though, come other issues.  If I run my own mail server at home, I've got no simple way to do something like have email that gets delivered to that home computer also be available on my Android phone when I am not at home.  I could setup a POP or IMAP server, I suppose, but then I have to have some way to make it visible to the outside world, when my ISP NATs everything by default.  Possible, maybe, but way too much trouble.  And not something my mother is ever going to want to understand.

Oh... maybe Stallman wants everyone to have their own server in a data center somewhere, with a public IP address.  That would let them run all of this server software in a simpler way, I suppose, but does grandma really want to do that?  Or maybe we should all be using virtual machines for this?  But wait... that's cloud computing.  Can't do that.

What else does using a webmail system get me?  Over the years I've had disks fail and lost everything on them.  So running my own email system means a very intensive backup system is required.  Gee... with webmail, someone else is backing things up, storing multiple copies, and generally making sure the hardware isn't going out of date or failing.  I'd call that a win.  They are also monitoring capacity and adding more (and faster) CPUs when they are needed.  Another thing I can avoid.

So, let's summarize: with gmail - or any of the other major webmail systems - I can read my email anywhere, it's backed up, and I don't have to do hardware or software maintenance on anything on the server side.  That adds value in my eyes.  But according to Stallman, it's all just there as marketing hype and to lock me into a particular service.  I guess the choice is obvious to him.

How about other software?

My various Linux installs come with LibreOffice (formerly Open Office, before Oracle did the nasty to Sun), and it's a fine office suite as these things go.  But sharing documents with others - and having edits done in just one place, rather than having to sync up everyone's changes, which is something I actually do - isn't easy with LibreOffice, just as it isn't easy with MS Office.   But Google's office apps - available via Google Drive - do a nice job of that.  And I never have to update the software.  They make my life easier, not harder.  And there are other office suite vendors as well, so I have choices.  And Google lets me export my data in a number of open formats.  So I am not really locked in at all.  Huh.  Interesting.

I also use the image manipulation program Gimp regularly, and while it is very powerful, it isn't as easy to use for some photo work as I have found some cloud photo software to be.  And again, there are many choices here.  And since images can be downloaded in common formats... no lock in.  Fascinating.

What does all of this mean?

For me - and I suspect for most of us - cloud computing provides real value in the form of simplicity.  Of course it is possible to pick a bad provider and/or get locked into something you cannot get out of, but as my examples above indicate, that is happening on the open source side as well.  Just how many times should the average user have to reinstall Linux until he gets a version that works for him?  And how much research should he have to do to keep it running?  (And never mind figuring out how to configure the nightmare that is sendmail.)

For Stallman - and those like him - running everything themselves on their own local hardware may be fine.  And I don't mind a bit if he does that.  In fact I hope that over time it gets easier for all of us to run this stuff ourselves if we want to.  But most of us aren't going to be able to master all of the knowledge needed to make these things run well, or even work at all in some cases.  Cloud computing can help simplify things for the end user immensely if all they need is an OS and an up to date browser.  That's a lot less to maintain, backup, and keep virus free.

On the business side things get a bit less clear, I admit.  But what some forms of cloud computing offer is hard to beat.  If your business grows, do you really want to have to add racks of servers yourself to support it?  Maybe, but perhaps you'd rather use Amazon's cloud services to deal with at least some of that.  If it saves you time and/or money, it might be worthwhile.

Are you locked in if you go that route?  Yes.  But you're just as locked in with any solution.  If you do it yourself you're locked into the OS you pick, the hardware you chose, the data center you lease space from (or the building you lease or own to build your own data center), and so on.  And when you go down the application route, you're locked into whatever you buy or build.

Lock in, to some degree, is a matter of fact, and no major change is simple when you think about these things.  None.

But if cloud computing means you can get more capacity quickly, when you need it, rather than waiting two weeks for the servers you need to arrive and get configured, that could be a real win for at least some businesses.  To discard it as all marketing hype is to miss the point.

I respect Richard Stallman for his principled stance, but in reality, things are a lot more complicated than he lets on.  There is a place for cloud computing - of various kinds - for both end users and businesses.  Of course there are tradeoffs - and even risks - but if he thinks that doing everything locally avoids those issues, his head is firmly planted in the sand.