Archive for News

Redress apps for Cloud – Netflix

Adrian Cockroft of Netflix (and a former eBay colleague) recently described his journey to run Netflix services off of a public cloud, effectively and efficiently.

Along with Alex Stamos’ security talk that I profiled in the previous same-title blog, Adrian’s talk is easily the best public account of Cloud enterprise “pathfinding” that I have come across in a long long while. From different angles, both talks reach the conclusion that it’s better to re-architect the whole thing rather than tinkering with it. Both talks bear no hype, frills, or inflated expectations.

Adrian goes on to list the “undifferentiated lifting” that is left for Netflix to do and should come instead off-the-shelf from the Cloud portfolio of services:

  • middle-tier load balancing
  • caching
  • encryption services (I’d imagine he means key management services in general)
  • distributed application management (a tough nut to crack, this one!)

which we will hopefully see soon in Clouds near us. Thank you for sharing, Adrian!!

Leave a Comment

Sports that scale: Soccer

I’m a huge fan of football round kind. Every four years, I take the time to follow the FIFA World Cup and keep tags on nearly all the 32 teams that start off.

The FIFA tournament funnels large, geographically disperse audiences onto relatively few events (if compared to more spread-out calendars like the Olympics’). We are barely mid-way and am already seeing the World Cup matches making “dents” to our e-commerce traffic traces, starting with the national-level traces. Their W shape clearly marks the first half of a match (traffic is significantly depressed for 45 minutes), then the interval (traffic way, way up), and the second half (traffic down again for some 45 minutes more). Italy was the country showing the most pronounced dents among the ones that I surveyed (but no more of that, given their early toss out). The colleagues in the NOC must be aware of this happening and tease these symptoms apart from, say, a problem with backbone routers.

As the tournament progresses, those dents surface from a national-level to a super-national level (e.g., pan-European level). Eventually, they will make an appearance in the world-wide roll-up of all traces once semi-finals or finals take place. That will be the pulse of a planet. This year only, let’s call it the WWWzela effect :)

It’s interesting to debate whether these dents in the traces will be more or less pronounced compared to 4 years back. Several factors tip my expectations up or down:

(+) increasingly, Internet access is a commodity and overall traffic grows at a good clip year over year, worldwide;
(+) online content has grown manifold too, giving folks more reasons to be online before/after a match (e.g., sports commentaries, friends and family chats, etc.);
(+) the application bias is more significant, meaning that (say) social web features and e-commerce features will exhibit different levels of perturbation before/during/after match;
(-) compliments of wifi, smartphones, etc., more audiences are untethered and can now multi-task effectively during a match;
(-) DVRs, VOD, web video services are making tape-delay more practical than ever, thus eroding synchronization effects around any timed event.

Now, for another scaling dimension…

Some eleven basketball courts or so can be tiled over a soccer pitch. Yet, there is a single referee in a pro soccer match vs. three referees in a NBA match. Isn’t this a blatant scaling anomaly? Yes, it surely sounds like, though it’s basketball that got it wrong! As Ed Felten aptly puts it, the soccer rules are designed to scale way down and give any amateurs’ team the thrill of playing a match with precisely the same rules that the pros use. Nowhere is this more evident than in Brazil, where I can easily see legions of footballers of all ages and skillsets totally at ease with football’s minimalist prerequisites and ways to officiate a match.  There will always be blatant mistakes by referees (oops, I just saw one today morning). In absence of malice and conspiracy, they will even out, despite the immediate heartburns. That’s pretty good scaling to me.

Leave a Comment

StubHub goes Mobile

This week, we unveiled the latest installment in the collection of iPhone/iPad applications by eBay Inc.: the StubHub app. Kudos to my colleagues. They didn’t limit themselves to the traditional purchase flow, like: search event, select seats, buy tickets. Instead, they raised the bar higher in several ways:

  1. I scroll through the list of events near my current location
  2. Alternately, I can correlate the performers in my iPod list with upcoming local events
  3. I share event news and ticket availability on Facebook or Twitter
  4. I get a map to the nearest FedEx/Kinko offices in case I need to print tickets on my way to the event

Great mash-ups. What a terrific tricorder the iPhone turns into for all the night owls out there. Live long and prosper (and do take the time to enjoy those events).

Leave a Comment

Living scale

Today is a white stone day for microbiologists, science, and all of us. Craig Venter and team have successfully created a new species “whose parent is the computer” (in Venter’s words). Their fabricated cells are capable of continuous self-replication and have already replicated several billion times. It is quite a new benchmark for a man-made scale out. This breakthrough ushers us in a new era much like the invention of steam engines and silicon chips did.

Around 2005 0r 2006, I met some microbiologists at a Grid Computing meeting. In a chat over dinner, they told us that in five years or so we would be hearing of some folks playing jr. God in a lab. Were they right!

Like the Manhattan project scientists found out at their time, with power come responsibilities. Today’s breakthrough is due to stir up some strong debate around bioethics.

NOTE: This week’s Economist issue has a great op-ed, a briefing article, and a cool cover too.

Leave a Comment

Identity Abuzz: OAuth

The community that concerns with Identity in the Web has had a very hectic month of April. Identity is the bedrock foundation of anything social – think 3rd-party value-add services rooted on the social graph that any one of the Twitter, Facebook, Linkedin, etc. expose and promote access to. Among various events, I single out Facebook’s F8 event as the catalyst for several announcements and specs that came out this month.

The emerging OAuth protocol is one of the most interesting sights in the Identosphere. OAuth enables 3rd party access to web resources without propagating or sharing passwords. It has been likened to a valet key, in that resource owners can delegate access along with an envelope of authorized actions.

I have been interested in OAuth for quite some time because it holds potential:

  • to stop to the password sprawl and make it less likely that passwords will be mishanded, either in users’ hands or in the back-end of some poorly managed IT or Clouds (as I observed here in the case of smartphones)
  • to curb phishing vectors by way of branded sign-in pages that the user is redirected to in a seamless user experience
  • to bring devices that are data-entry impaired (like my beloved Roku box) back into the fold of dependable authentication

The OAuth chronology goes like this:

  • Dec ‘07, OAuth 1.0 debuts
  • Vulns documented
  • June ‘09, OAuth 1.0a is introduced addressing vulns
  • Shortly afterwards, OAuth 1.0a implementations become available, chiefly Twitter’s
  • OAuth 1.0a is demonstrated on the iPhone platform, with applications like Flickit
  • May 2009, IETF OAuth Working Group is chartered in the IETF
  • November 2009, folks from Microsoft, Google and Yahoo introduce the OAuth Web Resource Authorization Protocol (WRAP) and contribute it to the IETF.  Chiefly, It standardizes on the creation and propagation of tokens over SSL (in lieu of signatures). Also, it codifies a number of use cases and roles. By far, I found this to be the best-written spec in the whole OAuth document series
  • April 2010, OAuth 1.1 becomes RFC 5849
  • April 2010, OAuth WRAP implementations are announced
  • April 2010, the first revision of the Oauth 2.0 Internet Draft is released; it builds upon both OAuth 1.0a and OAuth WRAP

I’m eager to see how OAuth will do vis a vis with these challenges:

  • Which impact: Will the OAuth protocol be universally implemented to the letter of the emerging IETF standard? Or will there be dialects, each producing an island of interoperability around a specific social graph like Twitter’s, Facebook’s,  Linkedin’s, etc.
  • Set proper expectations: OAuth will not rid us of phishing. There will still be rogue clients and exploits of the client callback URL. However, the risks will provably be contained to loosing the token in lieu of the password (the former being lower-grade security material than the latter)
  • Stand cross currents: XAuth (also announced in April!) and browser-specific solutions like Mozilla’s Account Manager pitch radically different solution points to the web identity challenge

I look forward to being at the Internet Identity unConference, May 17-19th, in Mtn View.

Leave a Comment

Toh, Skype Publishes Codecs

My former colleagues have chosen to publish SILK in an IETF Internet-Draft. I can only imagine how this new resolve must have stirred some discussion among stakeholders. My kudos for the final outcome!

Leave a Comment

Two Thousand Ten’s Turing to Thacker

I cannot think of a more deserving recipient of the ACM Turing award than Chuck Thacker. I was actually surprised that he hadn’t been considered before for this high recognition. I’ve been tuned to his brilliant work since the days that I’ve studied the Alto at school. I chronicled my 2008 visit to Chuck and his research team at MSR SV here.

NOTE. In truth, the award announced today is a 2009 award. The title’s allitteration was too good to pass on though…

Leave a Comment

Pay vision by PayPal

Although I’m not a big fan of video clips, there’s something that I really like in this video produced by my PayPal colleagues. It conveys a powerful vision. It does so in terms that are easy to relate to.

Clearly, these folks were not blindsided and timely anticipated a connected world that is no longer centered around the desktop/laptop experience. They spun the “Internet of Things” into a promising new vehicle for payments.

To walk their talk, they have put out some additional material on (no joke, what a great domain name this is) and announced a SDK that realizes a rich payment platform (formal unveiling at a conference in early November)

Leave a Comment

Internet’s Big Four-O

The Internet is a late-bloom gift from the 60s — the decade that gave us so many things in the way of technology innovations and social advances. It now feels as Kleinrock & C. were prescient of the 60s legacy and wanted to squeeze their pioneering proof of concept in, not too long past the moon shot and shortly before that wonder decade was over.

It took quite a long incubation before the Internet grew out of ARPA’s sugar daddy support (today, we got no patience for anything…). Back in the days, one could hardly think of the Internet as a global innovation engine. OK, you will end up with a better/cheaper version of SNA LU6.2, what else. It would have stayed within geekdom longer if it wasn’t for Sir TBL and the Mosaic browser. The Web was a sumptuous killer app and the wheel of innovation began spinning ‘round and ‘round to benefit just about every cause:

  1. New infrastructure build-outs
  2. Leading to faster/broader connectivity
  3. Making it a breeding ground for new applications
  4. Some of them reaching viral spread, network effect, etc. resulting in larger addressable markets
  5. Thus creating demand for more/different infrastructure

[ loop back to 1 ... ka-ching at every step ]

To celebrate Internet’s 40th in style, the latest spin of this virtuous wheel has brought us the unbundled wireless handheld. Take, for instance, community video applications running on top of open-source Android hosted on one of several smartphone hardware platforms, with choice between GSM cell and Wi-Fi connectivity. This was unthinkable just a few years ago. There’s no slowing down of the innovation wheel. Thank you, Internet.

Leave a Comment

Time for triple AES?

Today morning, I tuned to some concerning news in Bruce Schneier’s blog. Bruce writes about a new attack against 10-round AES-256. He defines it as impressive, practical, and more devastating attack that we have ever seen against AES.

Full AES-256 has 14 rounds, thus there still is some margin left … however, we also know that when there’s smoke there’s fire. Cryptography is an interesting science (and art). It would appear that AES with a 128-bit key is totally immune from these attacks and is as strong as ever. Uhm. I’ve heard that this is due to AES-256’s key schedule being ill-designed. The reason why is beyond me.

Rijndael (as it was called before being awarded the contest) was heralded as the transform for the new century. For the first time in ages, it featured a radical new design.  These research results are coming out way too soon. Concerned.

Leave a Comment