Software, Interrupted

As consumers increasingly purchase sophisticated smartphones such as the iPhone, BlackBerry, and Droid, they are developing expectations for how these phones allow contacts, calendars, e-mail, and social networks to remain in sync across all their devices.

One of the big challenges is that users don't always maintain the same source of inputting data--they switch from browser to desktop application to smartphone as their data access and entry point, introducing many variables into the data chain. And data integrity will only get more complicated as more applications become browser-based and keep no local data storage.

Most enterprise users have a local store in addition to the cloud storage, something that I still find puzzling from the T-mobile Sidekick outage, where consumer data that should have been in multiple locations (or at least present on the device) was thought to be lost.

The most common sync services are not provided directly by the mobile operator. Generally this is a good thing, as the more you can dis-intermediate the carrier, the more control you have over your data. But because the sync services are provided by others--notably Microsoft, Google, and Apple--you end up locked-in to their data structures as well as whatever privacy and data management issues that might arise in relation to advertising or other usage of your information.

Today, you can fairly easily sync your mobile device with most common online e-mail and PIM services although the BlackBerry, Droid, and the iPhone differ in their approaches--or at least in the visibility of how they work. For example, you can sync with Gmail and other services on the iPhone, but it rather perversely requires the Microsoft ActiveSync protocol.

By controlling the address book, Google and Apple effectively lock-in users to their sync service, leaving the carriers and devices to be easily replaced (minus the cancellation charges.) The user would barely notice the difference, aside from the sticker on his phone that says AT&T or Verizon.

Mobile operators do not want to cede control of the address book to Google or Apple, but they are late to the game and do not yet have sync solutions of their own. As a result, they are scrambling to add this functionality, but building a sync solution that works with all different devices and email services is no easy task, thanks to the widespread problem of device fragmentation in the industry.

One option is to deploy a white label solution, like the open mobile cloud sync offered by Funambol. Funambol CEO Fabrizio Capobianco told me the company has been approached by many of the top mobile operators, with several of them looking to setup sync services for their customers. They all recognize the issue, and according to Capobianco can turn to Funambol as a way to quickly bring a high-quality solution to market.

With all the different players in mobile sync, users will begin to question who owns their data. Enterprise users, in particular, should have privacy concerns about trusting their data to someone else. In the case of Android users, there is a growing anti-Google sentiment, and if Google already owns your email, calendar, and search queries, do you really want them to own your phone contacts as well?

The cost benefits of virtualization are well-documented, allowing enterprises to significantly reduce the space and electrical power required to run data centers and streamline the management of an ever-growing number of servers.

Virtualization also provides means for expedient scalability. Given today's economic climate and cost-cutting mandates, it is not surprising that analyst firm Gartner recently predicted that 50 percent of workloads will run inside virtual machines by 2012.

What many organizations fail to understand, according to Amir Ben-Efraim, CEO of virtualization security provider Altor Networks, is that collapsing multiple servers into a single one with several virtual machines inside eliminates all firewall, intrusion detection, and other protections in existence. Physical security measures literally become "blind" to traffic between VMs, since they are no longer in the data path.

This echoes comments made by Gartner analyst Neil MacDonald, who wrote in a recent presentation titled "Securing the Next-Generation Virtual Data Center" (subscription required), that "most virtual machines you deploy will be less secure than the physical systems they replace," and that "virtualization will radically change how you secure and manage computing environments."

VMware recently launched a partner program to help ISVs develop solutions certified as "VMsafe." VMsafe provides API sharing through a secure container, enabling partner companies to access virtual environments. This virtual security technology provides fine-grained visibility over virtual-machine resources, including monitoring every aspect of the system with the ability to address previously undetectable viruses, rootkits, and malware before they can infect a system.

I spoke to Ben-Efraim to better understand the issues around VM security and for what users should be on the lookout. According to him, there are two common approaches that use existing methods to secure virtual-network traffic: using VLANs to separate and control communication between VMs; and taking software-based firewalls and running them as agents on each VM. Unfortunately, both of these approaches fall short.

VLAN segmentation extends the notion of LAN resource segmentation to include VMs. The approach essentially requires that VMs, which can naturally be grouped (i.e. by function or user base), be isolated from other VMs by use of virtual switches and routing (i.e. the human resources VLAN contains HR-serving VMs). However, VLAN segmentation is not a permanent solution to securing environments because of networking complexities, performance degradation, and security limitations of the approach, Ben-Efraim said.

... Read more

Most businesses seek competitive advantage through some kind of change. Whether they want to beat the competition to market with a new service or introduce new product categories, disruption is the norm.

The challenge in today's IT-centric world is that every one of those disruptions requires a software change, introducing the potential for downtime and lost revenue.

Change control and the associated risk mitigation is a big problem that every large organization faces. Last year, the London Stock Exchange crashed during a software change and was down for more than seven hours, costing traders millions, if not billions of dollars in lost business. This year we've had high profile outages at Salesforce.com, Twitter, and Amazon's EC2, among others, affecting tens of millions of people.

No company is immune to this type of risk and companies that want to stay on the leading edge need to embrace these changes in order to stay competitive.

Coverity, a software integrity firm perhaps best known for its SCAN project of open-source software sponsored by the Department of Homeland Security thinks it has the preventive medicine to help organizations avoid the inevitable errors, defects, and failures that software change can introduce.

The company's latest release, Coverity 5, promises to mitigate the business risk of software changes across an organization's entire software portfolio. It claims this is the first product that lets developers automatically map and identify how a single defect impacts multiple code bases, projects, and products. Through a unified defect management interface, it also can help organizations review, prioritize and triage their C/C++, Java and C# defects in a single work flow.

This approach lets an organization quickly answer five key questions of software change management:

1. How do I find defects introduced by changes?
2. How do I know the severity of new defects?
3. How do I know the impact to my code, my projects, my products?
4. How do I fix them fast?
5. How do I know I fixed them?

Today, market opportunities are changing faster than businesses can deliver. When your organization changes software, how quickly can answer the five questions above?

The Tennessee Valley Authority is the nation's largest public power provider serving approximately 9 million consumers in seven southeastern states. The organization also happens to be a big supporter of open-source projects, including Hadoop, a tool designed for deep analysis and transformation of very large data sets.

Earlier this year, the Tennessee Valley Authority (TVA) announced that it open sourced its data system used to collect data from smart grid devices called Phasor measurement units (PMUs). The data collection system is known in the industry as a Super Phasor Data Concentrator (SuperPDC), which can be used to determine the health of a power grid.

The open-source version of the SuperPDC is now called the "OpenPDC." I spoke to both Ritchie Carroll (RC), the project's creator, and Josh Patterson (JP), the person responsible for introducing Hadoop to the project, to discuss what the OpenPDC is and why TVA turned to Hadoop in building the system.

What sort of data volumes are you working with?
RC: Currently there is around 20 TB of archived data, we expect this to grow quickly as a result of the SmartGrid stimulus funding which includes the addition of 850 phasor measurement devices. This may well grow the archive to half a Petabyte within the next few years.

How is this data currently captured and managed? Is any data discarded?
JP: Data is collected directly from field devices at 30 times per second. This data is then time-aligned and processed in real-time--all data gets captured into a binary data file as time-series data for mass processing by Hadoop.

RC: No data is currently discarded, if we get to the point of needing to discard data because of cost--this will be a decision based on weighed importance of collected data. It is likely the data around major events will never be deleted because it will always be valuable for future student researchers. There is also value in being able to go back in time and look for newly discovered event signatures to see how long they might have been occurring.

... Read more

Microsoft released on Thursday a new position paper, "Privacy in the Cloud Computing Era: A Microsoft Perspective," that includes information about the remote storage and processing of personal information.

Privacy and security concerns continue to be a primary argument that cloud naysayers use against storing data and applications on the Internet. Big IT vendors and service providers like Microsoft and Hewlett-Packard will sooner or later be forced to take the cloud seriously or risk missing out on the whole next wave of IT consumption. And their large enterprise customers will expect them to offer cloud services with the appropriate levels of privacy and security measures in line with their business needs.

The interesting thing about this paper is that Microsoft takes surprisingly minimal responsibility for the data it will manage:

... Read more

IBM on Wednesday announced a program designed to help educators and students pursue cloud-computing initiatives and better take advantage of collaboration technology in their studies.

The IBM Cloud Academy, announced at the Educause annual conference, includes a global roster of educational institutions as initial participants. Educause is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology.

IBM will provide the cloud-based infrastructure for the program, with some basic collaboration tools available at the outset. IBM's LotusLive service provides the basis for the new offering. Participants will immediately be able to do some very basic tactical functions on the new system:

• Create working groups on areas of interest to the education industry
• "Jam" on new innovations for clouds in education-related areas with IBM developers
• Work jointly on technical projects across institutions
• Share research findings and exchange new research ideas

Shared research across universities and other higher-learning institutions remains a vital part of technological innovation, but many programs don't have formal tool sets in place. Cloud services are a logical place to run these types of programs, especially as international groups need immediate access to data from their partners.

... Read more

Amazon.com this week rolled out an interesting new feature that allows Amazon Associate members to broadcast links to Amazon products via their Twitter accounts.

Amazon Associates is the partner program the company uses as part of its affiliate advertising programs, allowing customers to make money advertising Amazon products.

Associates can now simply click a link in the toolbar to send a link (replete with sales-y text) to Twitter as part of their shopping and selling experience. Amazon gets a sale, Twitter gets traffic, and the associate gets revenue share. What could possibly go wrong?

Linking to Amazon or other online retailers is obviously nothing new, though Amazon has been particularly successful in using its link networks for both sales and to garner higher Google rankings for organic advertising.

This new program does introduce an issue related to link fraud, where spammers and scammers leverage URL-shortening services for spam links. Currently there is no way to verify that the link you click actually goes to Amazon. It's a bit surprising that it decided to use an URL-shortener that it doesn't own, though I suppose the network effect of the URLs helps perpetuate the life of the links.

There is also a risk of nondisclosure wherein in Twitter users attempt to push products that offer some kind of gain to them that they don't clearly state to you. While I understand the argument for disclosure on blogs and media in general, Twitter remains a playground for people to post whatever they want. I highly doubt all the celebrities with accounts would bother wasting their precious time if they weren't posting for their own gain.

Interestingly, there is no mention of whether Twitter is an Amazon Associate, suggesting that Twitter won't see any of the revenue share. I'd like to think that they cut a deal that gives them a piece of the pie, but to date we haven't seen Twitter monetize itself too effectively.

Twitter is quickly becoming the flash news vehicle for everything from news alerts to product placement. And based on a very quick review of my Bitly account, Twitter users just love to click on links. But, I still have to wonder if Twitter will ever get beyond its current role as a marketing tool?

As much as Twitter is a powerful communication and social application, it's a relatively simple Web app. As part of a new contest sponsored by Engine Yard, Ruby on Rails developers are going to turn Twitter into their own application server.

The contest asks developers to program the "Worst App Server Technology Ever" (Waste) using Twitter as the message bus. While much of the contest is being done tongue-in-cheek, it's actually an interesting use case to see if a service like Twitter can take the place of a more traditional message bus like IBM MQ series or AMQP (Advanced Message Queuing Protocol).

Contest participants register up to five Twitter handles and code the function that each would perform in a program. When the contest challenge is issued on November 12, participants will have to use at least 10 of the pre-designated Twitter handles (other than their own) as endpoints to perform functions on data sets located at unique URLs. All messages will work through a series of automated public Twitter replies.

This is somewhere between an application server, a social game, the "telephone game" and service-oriented architecture (SOA) where Twitter plays the role of the enterprise service bus and the Twitter API is the broker between data sources. SOA relies on services exposing their functionality other applications and services can read to understand how to utilize those services. In this case, Twitter can be used as an application server in the cloud. (Take that buzzword bingo players.)

The funny thing is that as absurd and comical as this sounded when the Engine Yard guys told me about it, I've started to think about this as a way to possibly achieve a real technological breakthrough. And while I don't think that Twitter will be the "cloud bus," I do think that there is a lot to be learned from applying this type of constraint to a data flow process.

Engine Yard VP of marketing Michael Mullany told me that the contest shows how developers can leverage a relatively straightforward platform in innovative ways. But it's also another example of an interesting marketing effort to use Twitter as the vehicle for one's own benefit. Also, in true open source fashion, developers wind up building new applications based on code written by their peers.

Let's hope Twitter can handle the attention and developers are not greeted by the ever-lurking fail whale. You can check out the contest and learn more details at Engineyard.com

I attended the Virtual Goods Summit on Friday and walked away struggling to figure what topics might be interesting to write about. My net takeaway is that not much has changed in the year that I've been writing about social gaming and virtual goods, with the exception of two facts:

1. Virtual good providers are being lauded as the next big thing to replace advertising
2. There's something weird going on with the ads and offers that have taken over the more traditional banner advertising role

There is no question that virtual goods have become an integral part of social network revenue streams. And the mainstream media has finally started to catch on.

But, I didn't realize the oddities of the way users are being monetized until I attended the event and saw the heavy emphasis not just on monetizing users but on doing so in a way that was transparent and non-intrusive. Theoretically, it's a good idea, but in practice, many of the "offer" providers are purposely or inadvertently running Ponzi schemes.

TechCrunch's Michael Arrington arrived at my second point above and took the theory much further with data that shows many social gaming offers and advertising practices amount to little more than a complicated scam that gets people in the door for free only to take advantage of their lack of understanding of what they've technically agreed to in the various offers.

In short, these games try to get people to pay cash for in game currency so they can level up faster and have a better overall experience. Which is fine. But for users who won't pay cash, a wide variety of "offers" are available where they can get in-game currency in exchange for lead gen-type offers. Most of these offers are bad for consumers because it confusingly gets them to pay far more for in-game currency than if they just paid cash (there are notable exceptions, but the scammy stuff tends to crowd out the legitimate offers). And it's also bad for legitimate advertisers.

... Read more