Dueling dinasaurs - the Cloud edition

Dueling Dinosaurs

A few months back while talking about setting networking technical standards, one of the networking statesmen told me Dave Clark's dueling dinosaurs story as a metaphor on timing as a critical factor. In this version, the best time to set the standard is when the core technical requirements have been worked out but the commercial interests have not yet been deeply entrenched.



In other words, if the core requirements have not yet been worked out, the standard is liable to be in poor quality which impedes its proliferation. On the other hand, when there is significantly commercial entrenchment before a given standard is set, there is every business incentive to bias the standard which will fracture the industry.

Clash of the cloud dinosaurs

Just read the economist article about how two interests groups are fighting over Cloud Computing standards. In short, one group who already have a meaningful footprint in the Cloud space are happy with what they do. The opposing group are proposing standards on interoperability that allows users to easily switch between services.

--
It is a comfort to know that even in the ever changing world of technology, some things don't.

===
P@P

Relational Software's Pitch

An archeological find

I was doing some research on Oracle. Specifically, I was trying to understand how the world transitioned from hierarchical database to relational database. It turned out that circa 1983 Oracle was handing out their stories when their name changed from its 1977 name as Relational Software to Oracle.

This is an archeological find on the earlier days of commercial relational database.


How did Relational/Oracle do it?

According to this 1983 document, the value proposition for relational database is that it can be manipulated by non-technical users. So, instead of waiting days on database administrators and programmers to produce the information, an user can construct a query and get the data in a matter of minutes/hours.

Ultimately, however, the key economic/business driver is that it is easier for corporations to build up huge amount of data than to hire and train database specialists. In this context, relational database and the SQL language make the data much more valuable to the business operators.

Looking for the fundamental economic shift

With perfect hindsight, Oracle was clearly right.

At a deeper level, however, relational database fundamentally changed the economics of database from a high-end specialty tool to something that is a common utility in almost all aspects of our digital life today.

The more relevant question is then, what technology is fundamentally changing the economics of how we do things today?

===
P@P

How to catch a spy

Source: Plame vs. Whitehouse

For those of you who do not remember, Valerie Plame was working for CIA as an undercover agent and the Whitehouse leaked her CIA identify in 2003. With her cover identify blown, she left CIA in 2005.

In 2007, she published a memoir "Fair Game: My Life as a Spy, My Betrayal by the White House". CIA intervened and redacted (blacked out) "sensitive" information in the published book.

A page of the redacted Fair Game


How to catch a spy, the PARC way

A PARC team has developed a machine learning engine that is able to use contextual information that may not be sensitive by itself but in aggregate provides strong inference on what the missing information should be.

The Plame book is a perfect test case because, although the book has been redacted, the actual information is available in other public sources. In other words, we can run the book through the engine and see what kind of inference the engine can tell us and check it against the known answers.

Test case: where was her first assignment?

So, we fed the available and seemingly innocuous description on the location (redacted) of her first assignment such as "Europe, chaotic, outdoor café, traffic, summer heat" into the software.

Lo and behold, the engine comes back with Greece as the most probable answer which was indeed the case.

--
How would you use this software engine beyond figuring out if your censors are good enough? Conversely, how would you use the output of this engine? How about removing sensitive medical information in unstructured format? Or, finding that smoking gun in the mountain of data and emails in a legal case? This is an instance where tireless software with perfect memory to a large corpus of information is a better solution than the best trained/paid human attention any day.

Let me know how you would use this capability. For the most interesting idea(s), maybe I can get you a copy of the software engine to play with.

Look forward to hearing from you.

===
P@P

Cloud Computing and Security

Cloud Computing and PARC

Cloud Computing is hot - now that is a truism for the technology world today.

Beyond the hype of processing xTb of data in 24 hours by EC2 or Azure and the alphabet soup of cloud solutions, a bit of good ole' fashioned investigation seems to be important to figure out how it actually impacts the technology landscape.

In other words, PARC's Security team is intrigued after the Security Workshop.

PARC Security's Cloud Computing Offer

If you are a practitioner in the cloud computing space, we would love to hear from you. Here is a brief description of what we are doing:

==
PARC is investigating cloud computing security as a potential research area. Knowledge of current practices, use cases, and problems with regards to cloud computing security would be very helpful for this investigation. We hope to understand the actual security issues in the new world of cloud computing.
==

As for being the discovery process, we will share consolidated/anonymized information with you at the end of the study.

Please drop me a note if you wish to participate.

===
P@P

Third fire alarm

Fire! Again!

What's up with this! A third accidental fire alarm in as many months. Seems like we are on a roll. Or, there is a minor conspiracy that I am not aware of.

While waiting in the emergency area, I did have a chance to strike up a conversation about PARC during the 1989 Loma Prieta earthquake, a.k.a. the World Series Quake. Back then, people were using car radios to get updates on the status.

If it were to happen today, I wonder if the cell phone towers would hold up during the quake and if the towers would be overwhelmed with calls. Maybe a distributed and ad-hoc networking backbone would be a more robust solution, although I think people used WiMax for the 2004 Tsunami in the Indian Ocean.

Yeah, back to work.

==
P@P

"1 second" Unix Party

Ad Hoc Networking Meeting

Was in a meeting discussing CAPE. Spirited discussion all around as always.

But, we had to wrap it up early because:

Party Time

==


Sent: Friday, February 13, 2009
Subject: 1234567890 day!

Happy 1234567890 day everyone!

Today at 3:31:30pm, the number of seconds since midnight, January 1, 1970 (not counting leap seconds)—otherwise known as unix time or posix time — becomes 1234567890.

Please join us in a 1-second party in the CSL bistro area at the appropriate moment.


==

Gosh, I am surrounded by geeks!

Brilliant!

===
P@P

Security Workshop

Security as an Enabler: Visions
Highlights of a Workshop sponsored by Fujitsu Laboratories and PARC

Key areas considered
* Data Loss Prevention (DLP)
* Reputation and Trust
* Malware and Fraud Detection

Homework Questions

Where does Cloud Computing fit? Because of the cooperative nature of cloud computing, frameworks and standards might be important here. In fact, the security problems for cloud computing are at this point is not well-defined.

Interplay of reputation, malware, and social networks. The phenomenon of malvertising seems to show that the problem cannot be solved by any one party. In other words, how can reputation and social networks be used to expose and combat malware?

P@P Workshop Notes

This was a highly interactive workshop that allowed academic, corporate practitioners, and researchers to challenge each other’s ideas and find areas of common interests.

The most fascinating story for me is on the development of the DLP market when people did not think such a need existed. Now DLP is one of the fastest growing segments in the security industry.

Drop me a note if you want a copy of the workshop’s output.

===
P@P