Podcast: Play in new window | Download

General Counsel
CBS Interactive, Inc.
235 Second Street
San Francisco, CA 94105
415/344.2000

I called you about this but you didn’t return my call. Your CNet TV site has been stealing my work.

Try a search on “CNet” and “NerdTV” and you’ll find many of my NerdTV my shows, complete with their Creative Commons attributions at the end prohibiting their use on commercial sites. CNet TV is a commercial site because it carries advertising.

Why does your professional media operation feel the need to rip off my work?

Here’s my Google search:

Here’s a sample CNet page. Notice the Blackberry ad.  There are other ads.

I don’t know how long this has been going on but stop it immediately.

These shows and NerdTV season 2 will appear in the fall on a site that actually asked permission to use them.

Take them down now.

Note — As of  Sunday evening July 3rd Cnet appears to have taken down the NerdTV videos.

Podcast: Play in new window | Download

Security gate from Startown Rd.

In a few days we’ll be leaving Carolina, possibly forever. Following the recent death of my father-in-law — our reason for coming here in the first place — Silicon Valley calls once more. But before leaving town I was determined to scope out that $1 billion Apple data center in Maiden, NC. So I drove over, took some pictures, and talked to folks at the convenience store down the road. My conclusions from this unscientific research is that the giant Apple facility is mainly empty. It’s a huge building filled more or less with nothing and why Apple built it that way frankly escapes me. Maybe it’s just a shot across the bow of Google and its $650 million data center in South Carolina.

The place is certainly locked down. There’s a security gate on Startown Road and not much else to see. Apple has built a tall earthen berm around the entire site and planted trees atop that. The only way I could find to see the data center from ground level was from the Baptist cemetery next door. All that’s visible is the top of a huge white building and a couple of big tanks that may hold cooling water or, more likely, diesel fuel for emergency power generators.

Not much to see

I parked across from the main gate for an hour during the middle of the day and one pickup truck entered the facility.

It’s not that Apple has so little to do at the new data center which, after all, is supposed to be the center of iCloud and iTunes activity, updating all those Macs, iPhones, and iPads while serving video and audio to more than 200 million devices in all. That job isn’t trivial, but how much square footage does it actually take to do?

For comparison purposes, I looked at IBM’s Special Events Web Service (the gang that used to do the Olympics). They have 2000 square feet in three different data centers. They have a couple of racks of cache servers that handle over 95 percent of the actual work. Behind the cache servers are three racks containing about 50 1U linux servers setup in a cluster. These manage all the transaction work and anything that leaks through the cache servers.

Maybe the Olympics isn’t a good comparison, but where IBM has 2000 square feet, Apple has one million square feet — 500 times as much.

According to the Internet Movie Database there are about 700,000 movies in existence, excluding porn. Most movies will fit (in DVD form) in 4.7 gigabytes. Do the math and you get 3290 terabytes, which is a big number but not that big. Most data centers serving media files would cache about 10 percent for optimum performance. That’s 329 terabytes. Knowing a good percentage of movies aren’t worth the film they were printed on, you can probably come up with a 50 terabyte caching design and be able to serve anything anyone would want to see. Fifty terabytes of cache servers can fit into a couple of racks.

When planning a data center each rack requires about six square feet of floor space. But for the sake of discussion let’s make that 10 square feet to allow for non-server areas in the building. One million square feet divided by 10 square feet per rack means 100,000 racks could be constructed in the Apple facility. That’s 7.2 million 1U servers unless the racks are built extra-high, in which case there could be more than 7.2million servers.

Remember that between the 3290 terabytes of disk storage, 329 terabytes of cache and all associated servers, load balancers, etc. we’re talking at most 20 racks to serve every movie ever made. Now increase that by a factor of 10 because I probably blew a calculation somewhere. Now increase that by another factor of 10 because Apple may want to serve not only all our movies but all our TV shows, too. That brings us to 2,000 racks — two percent of the capacity of Apple’s data center.

Are you beginning to get my drift here?

Now Google isn’t Apple. Google is continually indexing the whole darned Internet, runs the biggest e-mail service, and many other services, not to mention all those ads. You can see how Google would require lots of data storage and servers to handle it. By now Google must have over a million servers and a very elegant way to manage them. But even Google’s million servers would require only 13.9 percent of Apple’s data center capacity.

So what is Apple doing with such a big building? I can’t imagine a workload that would need even a tenth of that data center.

Maybe they are building for the future, you say.

That’s crazy. Remember Moore’s Law? As time passes all of those Apple racks will be filled with new computers that are faster and have more memory and with storage systems that hold more, too. The square footage requirements are, in fact, likely to stay about the same for the foreseeable future, absent some quantum expansion of Apple’s services.

For that matter, what servers is Apple using, anyway? Certainly not the now discontinued xServes. That alone may be the reason why they’ve made the facility so difficult to see, not wanting to boost any competitor by admitting Apple is a customer.

So here’s my guess: I think it’s a joke. The building is a near-empty facility built primarily to intimidate Apple competitors. And so far it seems to be working.

Podcast: Play in new window | Download

Death Star

I’ve been thinking about Apple’s App Store and the industry paradigm shift it represents. Apple loves to change the game like this, simultaneously unseating previously entrenched adversaries while building for itself a defensible system for the future. The trick to making it work is to not appear to be too greedy and I think Apple is accomplishing that. They are greedy, of course, but as Fernando used to say, “It is better to look good than to feel (or be?) good.”

Apple’s original App store was for the iPhone — a portable and for the most part cloud based method of distributing and updating iPhone apps. This was followed by Apple’s App Store for OS X, which did much the same for Macs. Both are being extended fully into the cloud next month with the release of OS X 10.7. For users the App Store lowers the cost of applications, keeps them updated and synced, and allows their deployment across several computers. For Apple, the App Store destroys shrink wrapped software, eliminates product serial numbers, vanquishes piracy, and punishes competitors like Adobe.

Software goes from being a box of bits to a cloud of electrons. Remember Larry Ellison railing against the box of bits metaphor in my show Nerds 2.01: A Brief History of the Internet? That was back in 1998. None of us, even Larry, knew it would take 13 years for that vision to be realized.

With the App Store prices are lower because costs are lower, but also because Apple wants prices lower to gain market share for both its devices and the associated ecosystem. That’s an important but little recognized part of this paradigm shift. The old question used to be whether Apple was a hardware company that sold software or a software company that packaged its products in hardware. The new reality is that Apple is an ecosystem in which hardware and software are important but then so is the cloud that lies behind both.

At the same time that the App Store allows you to run one $299 copy of the new Final Cut X on all your computers, it becomes nearly impossible to pirate that software without first hacking Apple’s data center in North Carolina. This is huge and its effects will be profound, keeping legit customers honest at little cost while pushing pirates toward other solutions, especially Open Source.

But what about Adobe or Microsoft or Symantec? They can sell their software through Apple’s store, accepting lower prices and sharing 30 percent of the money with Apple. Or they can stick with serial numbers and piracy. Or they can roll their own app stores, but in doing so forgo the power of the Apple ID or risk infringing Apple IP by somehow reverse engineering it.

It’s a tour du force that will have painful consequences for competitive products like Adobe’s Creative Suite. Apple to Adobe: we win, you lose.

Podcast: Play in new window | Download

We’ve been away for a few days celebrating Fallon’s fifth birthday in Orlando where the preferred destination has shifted from Disney to Universal Studios, source of all things Harry Potter. While we were away, IBM celebrated its 100th birthday by claiming, among other things, to have invented the personal computer, soiling the legacy of Ed Roberts and pissing-off all real geeks in the process. Here’s a video in which you’ll see IBM’s VP of Innovation innovating his way to this completely bogus claim at the 2:37 milepost.

This sin shall not go unpunished.

Among his milestones IBM’s VP of Innovation completely forgets to mention the company having helped automate the Third Reich.

And while IBM was celebrating other noteworthy achievements, a reader pointed out to me what he thought was an IBM data breach:

“My wife and I are Health Net customers. A month or so ago we received a letter from Health Net saying that their contractor, IBM, had been hacked and that our medical records including SS# had been stolen… You can imagine how I feel about it. I’m in favor of the bin Laden treatment for the hackers and serious bitch slapping for everyone else concerned, from the pointy haired managers to the OS pukes who have refused to create secure systems despite knowing how to do it. The people who have resisted IPv6, which provides authentication, over the last decade are another good target for serious bitch slapping. Someone said that the primary reason the computer industry advances is ridicule of second rate technology. Ridicule of insecure systems and networks is desperately needed.”

To be fair to Big Blue, it appears their system wasn’t hacked in the manner we’ve been discussing lately and IPv6 had nothing to do with it. Rather, in March IBM discovered nine disk drives were physically missing from the Health Net data center it runs in Rancho Cordova, CA. The drives contained personal and health data on 1.9 million of Health Net’s six million customers.

We’ve grown so unsensitized to these data losses that 1.9 million doesn’t seem a very big number anymore. And this particular data loss, since it doesn’t involve some invisible hand reaching through the wire, seems somehow less invasive. That surely must have been the way Health Net felt about it, given this particularly callous sentence from their press release about the loss: “While the investigation continues, Health Net has made the decision out of an abundance of caution to notify the individuals whose information is on the drives.”

Doesn’t this imply that Health Net believes that informing us of the loss of our medical data is optional?

Time for all you HIPAA lawyers out there to tell us what right we have to know when our personal health data has been stolen. Was Health Net just trying to spin this story in a smarmy direction or do they actually have no obligation to tell us?

As for IBM, this loss happened on their watch so what did they do about it? HealthNet outsourced its IT to IBM. IBM outsourcing involves a long check list of things to do to each server to lock it down and make it easier to support. IBM techs install support tools like antivirus and backup. Since they inherit network and application designs from the customer, IBM doesn’t guarantee they are hack proof.

Did you know that? I didn’t.

IBM tries to find problems, I’m told, bring them to everyone’s attention and they try to fix them. Sometimes a problem can’t be fixed or won’t be fixed in which case IBM writes a “risk letter” documenting Big Blue’s concerns and the business risks to the customer.

That’s what is supposed to happen. What really happens is usually a bit different. These days most IBM contracts are under funded to the point of being irresponsible. There may not be time or funding to do basics like securing the servers. With offshoring on top of outsourcing, very inexperienced people in foreign locations are doing much of the support work remotely.

But you can’t blame the physical theft of nine disk drives in Rancho Cordova on an entry-level support guy in Pakistan. This story appeared in Computerworld back in March and then quickly disappeared. I’d like to know what the Hell happened? Wouldn’t you?

As far as I can tell IBM never said a word on the subject.

Podcast: Play in new window | Download

Twenty years ago, when I was writing Accidental Empires, my book about the PC industry, I included near the beginning a little rant about how good engineers were incapable of lying, because their work relied on Terminal A being positive and not negative and if they lied about such things then nothing would ever work. That was before I learned much about data security, where apparently lying is part of the game. Well, based on recent events at RSA, Lockheed Martin, and other places, I think lying should not be part of the game.

Was there a break-in? Was data stolen? Was there an unencrypted database of SecureID seeds and serial numbers? All we can say at best is that we don’t really know. And in some quarters that is supposed to make us feel more secure because it means the bad guys are equally clueless. Except they aren’t, because they broke-in, they stole data, they knew what the data was good for while we — including SecureID customers it seems — are still mainly in the dark.

A lot of this is marketing — a combination of “we are invincible” and “be afraid, be very afraid.” But a lot of it is intended also to keep us locked-in to certain technologies. To this point most data security systems have been proprietary and secret. If an algorithm appears in public it escaped, was stolen, or reverse-engineered. Why should such architectural secrecy even be required if those 1024- or 2048-bit codes really would take a thousand years to crack? Isn’t the encryption, combined with a hard limit on login attempts, good enough?

Good question.

Alas, the answer is “no.” There are several reasons for this but the largest  by far is that the U.S. government does not want us to have really secure networks. The government is more interested in snooping in on the rest of the world’s insecure networks. The U.S. consumer can take the occasional security hit, our spy chiefs rationalize, if it means our government can snoop global traffic.

This is National Security, remember, which means ethical and common sense rules are suspended without question.

RSA, Cisco, Microsoft and many other companies have allowed the U.S. government to breach their designs. Don’t blame the companies, though: if they didn’t play along in the U.S. they would go to jail. Build a really good 4096-bit AES key service and watch the Justice Department introduce themselves to you, too.

The feds are so comfortable in this ethically-challenged landscape in large part because they are also the largest single employer… on both sides. One in four U.S. hackers is an FBI informer, according to The Guardian. The FBI and Secret Service have used the threat of prison to create an army of informers among online criminals.

While security dudes tend to speak in terms of black or white hats, it seems to me that nearly all hats are in varying shades of gray.

Yet there is good news, too, because IPv6 and Open Source are beginning to close some of those security doors that have been improperly propped open. The Open Source community is building business models that may finally put some security in data security.

The U.S. government is a big supporter of IPv6, yet the National Security Agency isn’t.  Cisco best practices for three-letter agencies, I’m told, include disabling IPv6 services. From the government’s perspective, their need to “manage” (their term, not mine — I would have said “control”) is greater than their need to engineer clean solutions. IPv6 is messy because it violates many existing management models.

The key winners are going to be those companies that embrace IPv6 as a competitive advantage. IPv6-ready outfits in the U.S. include Google, AT&T, and Verizon. Yahoo and Comcast still have work to do. Apple has been ready for years.

Some readers will question why I appear to be promoting the undermining of U.S. intelligence interests. Why would I promote real data security if what we have now is working so well for our spy agencies?

I’m not a spy, for one thing, but if I was a spy and trying to keep my secrets secret I wouldn’t buy any of these products. I’d roll my own, which is what I think most governments have long done. So the really deep dark secrets were probably always out of reach, meaning most low-hanging fruit is simple commercial data like the 125+ million credit card numbers stolen so far this year from Sony, alone.

If the NSA needs my credit card information let them show me why. I think they don’t need it.

We’ve created a culture of self-perpetuating paranoia in military-industrial data security by building systems that are deliberately compromised then arguing that draconian measures are required to defend these holes we’ve made ourselves. This helps the unquestioned three-letter agencies maintain political power, doing little or nothing to increase national security, while at the same time compromising personal security for all of us.

There is no excuse for bad engineering.

Podcast: Play in new window | Download

Apple’s announcements yesterday about OS X 10.7 pricing (cheap), upgrading (easy), iOS 5, and iCloud storage, syncing, and media service can all be viewed as increasing ease of use, but from the perspective of Apple CEO Steve Jobs they perform an even more vital function — killing Microsoft.

Here is the money line from Jobs yesterday: “We’re going to demote the PC and the Mac to just be a device – just like an iPad, an iPhone or an iPod Touch. We’re going to move the hub of your digital life to the cloud.”

Just like they used to say at Sun Microsystems, the network is the computer. Or we could go even further and say our data is the computer.

This redefines digital incumbency. The incumbent platform today is Windows because it is in Windows machines that nearly all of our data and our ability to use that data have been trapped. But the Apple announcement changes all that. Suddenly the competition isn’t about platforms at all, but about data, with that data being crunched on a variety of platforms through the use of cheap downloaded apps.

What this requires from Apple is a bold move that Microsoft would never make: Jobs is going to sacrifice the Macintosh in order to kill Windows. He isn’t beating Windows, he’s making Windows inconsequential.

Having been shown the way by Apple, I expect Google to shortly do the same thing, adding automated backup, synchronization and migration to Android and Chrome.

Both companies will be grabbing for data, claiming territory, and leaving Microsoft alone to defend a desktop that will soon cease to exist.

And what happens once all our data is in that iCloud, is there any easy way to get it back out? Nope. It’s in there forever and we are captive customers — trapped more completely than Microsoft ever imagined.

Apple and Google will compete like crazy for our data because once they have it we’ll be their customers forever.

This transition will take at most two hardware generations and we’re talking mobile generations, which means three years, total.

With no mobile market share to speak of and Windows 8 not due until 2013, Microsoft is likely to be too late to the party, with much of Redmond’s market cap transplanted eventually to Apple and Google.

Some will say this is unlikely because of Microsoft’s grip on enterprise sales, but consumers have been leading the IT market for the last decade and the mobile transition will only accelerate this trend.

The quicker Microsoft can turn itself into IBM the better for Redmond, because that appears to be their only chance.

Podcast: Play in new window | Download

A reader asked me to write tonight about the Health Information Technology for Economic and Clinical Health Act, which is about as far from something I would like to write about as I can imagine, but this is a full service blog so what the heck. The idea behind the law is laudable — standardized and accessible electronic health records to allow any doctor to know what they need to know in order to treat you. There’s even money to pay for it — $30 billion from the 2009 economic stimulus that you’d think would have been spent back in 2009, right? Silly us. Now here’s the problem: we’re going to go through that $30 billion and end up with nothing useful. There has to be a better way. And I’m going to tell you what it is.

But first a word from my reader:

“My number one annoyance is that hospitals are still extremely dumb,” he writes. “My wife has Lupus (and other disorders) and every single freaking time we go in they always have to know the same information and fill out the same damn paper forms. I expect more, a lot more from my doctors and the systems that support them. Why are we still dealing with paper and paying people to just duplicate that effort by typing it in? Wouldn’t it be much easier to say, ‘Here’s what we have on file for you (hands the patient a tablet computer). Please review it, update any medications with dosing as well as any allergies.’ Boom, you make the changes directly in their system, you’re not repeating that effort every time and this system would be completely standards based with every other system in production. Problem is, we have no standard and it should have been laid out before any of these EHR systems were built. I’m not talking about creating another FBI virtual case file waste of taxpayer cash, but these professionals know exactly what kind of information they gather and how it’s used. There is no excuse for today’s hospitals.”

So we passed a law, appropriated a lot of money, and are now implementing a medical records system that the National Academy of Sciences says in a recent 273-page report isn’t going to do the job.

This is not the first such negative report, either.

Yet still the project moves forward because, well, there’s that $30 billion we should have spent back in 2009 and if we don’t spend it, heck, Congress might just take it back.

Use it or lose it is not the proper motivation for this or any IT project.

Remember that more than 50 percent of major IT projects fail outright producing nothing, so the chances going into this were that it would fail. From what I have read that is already happening since the whole concept of interoperability — the basic purpose of the system — seems to have been lost.

It’s not like there aren’t any good medical record systems. Back in 2007 I visited the Mayo Clinic in Rochester, Minnesota specifically to learn about their medical records system that had already been in development for more than a century. Mayo built the first standardized medical records system anywhere on Earth using lots and lots of paper and had over decades refined it into an amazingly useful bit of analog technology. When I visited, the clinic was rapidly turning six million paper patient records into electrons in a way they were sure would quickly lead to saving lives simply because they’d finally be able to correlate treatments and outcomes over thousands of similar patients over many decades. Computers were everywhere and caregivers could instantly find any data they needed including X-ray images. Mayo had a good system and they were making it even better. Problem solved, right?

Maybe if we could first kill all the administrators.

Every hospital administrator has his or her own idea about how medical records should be kept. This has resulted in many different systems being developed with something less than 50 percent of those actually working successfully. But no matter how many systems failed they didn’t all fail and some are probably pretty darned good. I was certainly impressed with what I saw at Mayo.

So here’s what we do. First we stop. Whatever we have so far is crap, believe me, so let’s throw it away. It was insanity to start building a whole new records system when there were already systems in operation that were close to the objective.

We do this really stupid thing over and over in IT, which is we find something pretty good and say, “Let‘s build something like that.” Which means, if you think about it, “let’s take this functional model and attempt to emulate it with what has historically been less than a 50 percent success rate.”

I’m with stupid.

So we stop; we throw away the work we’ve already done; then we take a look at all the electronic medical records systems that are already up and running at scale. I’m sure there are at least a dozen of them running in various places around America. Our goal here is to pick the best of these systems. We don’t even have to be good at selecting because if we were to make a mistake and choose the second best or the third best system it would still be better than the disaster we’d likely build from scratch.

We figure out which is the best presently operating system in terms of functionality, reliability, ease of use, and any other criteria you’d like to add. Then we do something that is never done in IT. We take this off-the-shelf product, spend a little of that $30 billion to buy it outright, then give it to every hospital, clinic, and doctors’ office in America.

And that’s it. No R&D, no development — just pick the best and give it to everyone for free. And if there are problems here and there, well it is easier to fix a problem than it is to build a system.

Now for a really radical idea: just point Google at the problem and let them buy the system and run it.

They’ll make it ad-supported and therefore totally free to doctors and patients alike.

This isn’t brain surgery you know.