Semi Pro

A rumor surfaced yesterday in Japan that Apple would by the end of the year introduce a radical new kind of Macintosh computer. That was it — new Mac, radical — yet dozens of sites ran with this non-information simply because Apple is a hot company and, who knows, it might be correct. In that same spirit, then, here’s my guess about what might be correct: I think Apple’s Macintosh Pro line of computers is dead.

Mac Pro’s are Apple’s big box PCs. They haven’t been refreshed since last summer and new models were expected this month with the new Minis, but for some reason the new Mac Pro’s failed to appear. Apple said nothing because, well, because Apple never says anything, instead relying on dopes like me to write non-stories like this one. But while the Mac pundits are generally still waiting for new Mac Pro’s to appear, I don’t think they are coming at all and will be replaced with a whole new approach toward high performance computing from Apple.  Maybe this is what the Japanese writers are picking up on.

Mac Pro’s were Apple’s most powerful computers, though the new Mac Mini I7 servers get pretty darned close, and that’s part of my point in making this prediction. Apple likes a simple product line and eliminating the Mac Pro’s, just as Apple last year dropped its xServe line, would certainly simplify things.

Dropping xServe, an Apple move that was wildly unpopular in some IT quarters, was I suspect some sort of Steve and Larry each bargaining with the Devil thing in which Apple steered even more clearly away from the enterprise in exchange for who knows what from Oracle/Sun. But I think dropping the Mac Pro, if it indeed happens, is a very different move intended to simplify the computer line while boosting the display line.

Mac Pro’s are dinosaurs in many respects. That big beautiful aluminum case with its clever air ducting is eight years old and enormous compared to most PCs. It exists primarily to allow users to pack their Macs with extra drives and third-party graphics cards for high-end gaming. But Apple is changing its whole approach to storage, presumably moving as much of it as possible to that big North Carolina data center.  Apple hates foreign cards (or indeed cards at all) installed in its machines. And then there’s those new 10 gigabit-per-second dual-channel Thunderbolt ports; where do they come in?

I expect Apple to move to a modular architecture where the building blocks for high performance computers are generally Mac Minis. Start with a new Mini or with a Thunderbolt iMac and expand both storage and processing by adding a stack of up to five more Thunderbolt-connected Minis. A maxed-out system would have six I7 processors with 24 cores, 24 gigabytes of DDR RAM (expandable to 96 GB!) and at least six terabytes of storage.  And at $6000, it would be half the price of an equivalently tricked-out Mac Pro.

Yeah, but what about the Graphics Processing Units (GPUs)?  What real gamer wants to be limited to the somewhat lame integrated Intel graphics found in the Mac Mini line?  That’s where the displays come in.

Apple’s Cinema Displays, while still lovely, have fallen way down the price-performance curve. They are too darned expensive for what you get. But Apple can hardly be a PC company without displays. They need to either (shudder) start to compete on price or more likely find us a new flavor of Kool-Aid, which I think we’ll see in upcoming Apple Thunderbolt displays.

There are only two Light Peak displays on the market right now.  I use the term Light Peak, which is what Thunderbolt is called in the non-Apple world, because while one display comes from Apple the other is from Sony and uses a different connector. I think that Sony display gives us a hint to Apple’s plan, because the Sony screen features an integrated GPU.   The new Apple Thunderbolt display may include a GPU, too, but nobody seems to know.

There are good reasons to put the GPU in the display. All those zillions of calculations, after all, are being performed specifically to drive the display. And putting the the GPU inside the screen allows the highest possible bandwidth connection between video memory and display pixels. In some ways putting the GPU in the screen may actually make the screen cheaper to build at such a high performance level.  Whether that is true or not, I am sure it is what Apple will tell us.

When Apple announces a 27-inch or 30-inch Retina Display, you can bet it will have an integrated GPU.

POW! Apple will be back in the business of selling $3000 displays and Hollywood, New York, and San Francisco will be back in the business of buying them. Mac Minis will become the Boeing 737 of performance computers. And Apple can at that point probably drive enough connections on its own to create a vibrant market for third-party Thunderbolt accessories.

Or I’m wrong.

Maybe the Japanese will know.

Google is the youngest of these companies and has probably the smallest patent portfolio, most of which isn’t mobile or telecom related. This puts Google and Android at a legal disadvantage and explains the 45 patent infringement suits that one analyst says Google in presently facing in the mobile area alone.

Google would have preferred to win the auction, but with the consortium sitting on more than $100 billion in cash, the outcome came down to determination, not resources. Google stayed in it only long enough to make sure of the consortium’s intentions and to make the purchase more painful for them, if that mattered.

It certainly mattered to Google, because that $4.5 billion number will be at the heart of the inevitable anti-trust lawsuit Google will file almost immediately. Every good anti-trust lawyer in America just cancelled his or her July 4th holiday to prepare their pitch for Google, which will probably claim Restraint of Trade as well.

Given that the courts will shortly be involved, Google can probably operate unfettered for another 2-3 years, during which they’ll try to build their own mobile patent portfolio. Google may well be able to use the courts to slow the actual Nortel transaction, too, according to my lawyer friends.

So the “Android is dead” story here is way premature.

In the long run, remember, Google will probably be able to use its legal strategy to force the consortium to at least license some or all of the patents. They’ll get a royalty from Google, I suppose, and thus benefit from Android’s success, but then Google is unlikely to be completely deterred, either.

The story everyone seems to be missing here is who gets what in this consortium deal? Most journalists and bloggers seem to assume the winners will all share equally in the IP spoils. But I have people who know people and the word I am hearing it that’s not the way the consortium works at all.

Some consortium members get patents, some get royalties, and some just get freedom from having to pay royalties.

Notice Nokia isn’t in the consortium? The Finnish company is apparently covered by Microsoft, tying Nokia even more firmly to Windows Phone.

Here’s the consortium participation as I understand it. RIM and Ericsson together put up $1.1 billion with Ericsson getting a fully paid-up license to the portfolio while RIM, as a Canadian company like Nortel, gets a paid-up license plus possibly some carry forward operating losses from Nortel, which has plenty of such losses to spare. For RIM the deal might actually have a net zero cost after tax savings, which the Canadian business press hasn’t yet figured out.

Microsoft and Sony put up another $1 billion.

There is a reportedly a side deal for about $400 million with EMC that has the storage company walking with sole ownership of an unspecified subset of the Nortel patents.

Finally Apple put up $2 billion for outright ownership of Nortel’s Long Term Evolution (4G) patents as well as another package of patents supposedly intended to hobble Android.

At the end of the day this deal isn’t about royalties. It is about trying to kill Android.

Note — Here’s a pretty good account from Reuters of the Nortel patent auction. You’ll notice they don’t include the participation breakdown of the winning bid (who gets what) that so far appears no place but here.

Was there a break-in? Was data stolen? Was there an unencrypted database of SecureID seeds and serial numbers? All we can say at best is that we don’t really know. And in some quarters that is supposed to make us feel more secure because it means the bad guys are equally clueless. Except they aren’t, because they broke-in, they stole data, they knew what the data was good for while we — including SecureID customers it seems — are still mainly in the dark.

A lot of this is marketing — a combination of “we are invincible” and “be afraid, be very afraid.” But a lot of it is intended also to keep us locked-in to certain technologies. To this point most data security systems have been proprietary and secret. If an algorithm appears in public it escaped, was stolen, or reverse-engineered. Why should such architectural secrecy even be required if those 1024- or 2048-bit codes really would take a thousand years to crack? Isn’t the encryption, combined with a hard limit on login attempts, good enough?

Good question.

Alas, the answer is “no.” There are several reasons for this but the largest  by far is that the U.S. government does not want us to have really secure networks. The government is more interested in snooping in on the rest of the world’s insecure networks. The U.S. consumer can take the occasional security hit, our spy chiefs rationalize, if it means our government can snoop global traffic.

This is National Security, remember, which means ethical and common sense rules are suspended without question.

RSA, Cisco, Microsoft and many other companies have allowed the U.S. government to breach their designs. Don’t blame the companies, though: if they didn’t play along in the U.S. they would go to jail. Build a really good 4096-bit AES key service and watch the Justice Department introduce themselves to you, too.

The feds are so comfortable in this ethically-challenged landscape in large part because they are also the largest single employer… on both sides. One in four U.S. hackers is an FBI informer, according to The Guardian. The FBI and Secret Service have used the threat of prison to create an army of informers among online criminals.

While security dudes tend to speak in terms of black or white hats, it seems to me that nearly all hats are in varying shades of gray.

Yet there is good news, too, because IPv6 and Open Source are beginning to close some of those security doors that have been improperly propped open. The Open Source community is building business models that may finally put some security in data security.

The U.S. government is a big supporter of IPv6, yet the National Security Agency isn’t.  Cisco best practices for three-letter agencies, I’m told, include disabling IPv6 services. From the government’s perspective, their need to “manage” (their term, not mine — I would have said “control”) is greater than their need to engineer clean solutions. IPv6 is messy because it violates many existing management models.

The key winners are going to be those companies that embrace IPv6 as a competitive advantage. IPv6-ready outfits in the U.S. include Google, AT&T, and Verizon. Yahoo and Comcast still have work to do. Apple has been ready for years.

Some readers will question why I appear to be promoting the undermining of U.S. intelligence interests. Why would I promote real data security if what we have now is working so well for our spy agencies?

I’m not a spy, for one thing, but if I was a spy and trying to keep my secrets secret I wouldn’t buy any of these products. I’d roll my own, which is what I think most governments have long done. So the really deep dark secrets were probably always out of reach, meaning most low-hanging fruit is simple commercial data like the 125+ million credit card numbers stolen so far this year from Sony, alone.

If the NSA needs my credit card information let them show me why. I think they don’t need it.

We’ve created a culture of self-perpetuating paranoia in military-industrial data security by building systems that are deliberately compromised then arguing that draconian measures are required to defend these holes we’ve made ourselves. This helps the unquestioned three-letter agencies maintain political power, doing little or nothing to increase national security, while at the same time compromising personal security for all of us.

There is no excuse for bad engineering.

“For whatever reason (low crime rate, maybe?),” my reader says, “the Japanese cannot seem to get their heads around the fact that unencrypted cardholder data sitting on servers in unsecured areas and being transmitted across public networks is a bit of a risk. Every other country in Asia has grasped this easy concept, but not Japan. I have tried many times to explain why this is bad but am usually met with blank looks and checking of watches.

“I could remote desktop right now to a Windows 2000 server in a facility in Japan with a public IP (user-name Administrator, no password) which contains hundreds of thousands of .csv files with full PAN, CSV, name, address etc. I notified the facility in question about this two years ago, by the way, and they have never done anything about it.”

This is Bob again. From my own experience with Windows systems I can’t imagine such exposed servers having not been repeatedly explored by bad guys over the past two years.  That information isn’t just vulnerable, it is gone.

But it isn’t just the Japanese who are at fault. A short survey of some of my U.S. admin friends showed there are plenty of unsecured or under-secured payment servers running in this country, too, though none I know of without passwords. I don’t want to name too many names, but if your organization is handling funds on old unsupported Windows 2000 servers you are probably in trouble.

Now back to Sony. With now over 100 million accounts exposed, Sony finally sent lame duck exec Kaz Hirai out to take one for the team and apologize. Hirai offered — just as I predicted — a month of free service. What now? Lawyers will sue, Sony will fix their systems, and gamers once again will game. But while Sony may escape large economic losses from the current problems plaguing its various networks, there is one group that will continue to be rightly upset with the electronics giant — credit card companies like MasterCard and Visa.

The credit card companies have published standards for the management of customer data. These standards are a good combination of requirements and best practices. Anyone who does a significant amount of credit card-based business is required to meet these standards, which Sony appears to have ignored. Independent audits are required. To enforce the credit card company rules there are fines and the death penalty — being cut off.

Since Sony processes credit card transactions — and even offers its own credit cards as you’d know if, like me, you obsessively watch Jeopardy — they are going to be under a very uncomfortable microscope very soon.

The auditors are coming. Worst case they might tell Sony to buzz-off — to refuse Sony’s credit card charges for those 100+ million accounts. Then something really interesting stuff might happen.

Sony might not care.

If Sony is busted by Visa or Mastercard, Discover or American Express, all that probably means is they’ll have to hire a middle man — usually a big bank — to do the credit card transactions for them. Different servers in a different data center would handle the money and all would once again be right with the world, though at the cost of an extra service charge to Sony.

But what if Sony chose a different path? What if Sony cut a payment deal with, say PayPal, instead?

It’s a tempting gambit. PayPal would like nothing more than to pick up those 100 million accounts. They’d pay Sony for them, turning a loss into a gain and a loss of face into an industry transition.

PayPal has been looking for a chance to kick the credit card companies down a peg, grabbing some business.

I can almost hear the phones ringing in Tokyo….

Recent history suggests Sony’s likely gift to users as an apology for losing their personal data will be some period of free credit monitoring and a free month of PSN service. If that sounds generous you might be surprised to learn that the going price for wholesale monitoring from the big U. S. credit reporting firms is approximately five cents per account per month or $3.85 million if all 77 million PSN accounts have been compromised. The usual terms for a mea culpa of this sort are three months of monitoring for a total cost to Sony of around $10 million.

“It will cost them more to send the e-mails making the offer than it will to provide the service,” said a source of mine in the credit reporting industry.

If you are hoping for big bucks from a class action lawsuit, go back and read PSN’s Terms of Service you clicked on without reading when you first joined the network. As with nearly all such legal agreements, you signed away any significant right to compensation beyond the direct cost of the service for the time it is disrupted. Only the lawyers will make a dime from this.

That is not to say that Sony doesn’t takes the attack or subsequent outage lightly. No Japanese company would. But the fiercely proud corporation also hasn’t gone out of its way to apologize. No Japanese company would. A funny thing about Japanese business culture is the tendency to apologize profusely for absolutely anything that is beyond the control of the company or its executives. They’ll apologize for traffic, for bad weather, for someone else’s mistake, but if the company or its leaders have actually screwed-up they generally won’t say a thing, which is not at all good for Sony’s global image.

This outage comes in large part because Sony has been so aggressive against hackers, who finally decided to slap-down the electronics giant. This is not to argue that Sony shouldn’t defend itself, but it is to argue that Sony should have expected elevated attacks as a result of its actions. Maybe they did expect more trouble, but the fact that they were so easily compromised shows corporate hubris at a reckless level.

Now let’s consider for a moment why this outage is continuing a week after the break-in. Speaking with a few experts and reading the official Sony FAQ gives some insight into what may really be going on. Sony says it is investigating, but should an investigation really take this long? Can’t the server logs and other network data be locked-down in a few minutes and examined at leisure? Sure. So when Sony says it is investigating what they probably mean is they are trying to fix the problem, seal the breach, and make sure that particular gambit cannot be accomplished again. This takes time — hours of programmer time and dozens or even hundreds of hours of QA time to make sure the fix scales properly and will work under a full network load.

Sony doesn’t say this, of course, but that puts us back to the fierce pride part. While they can admit a break-in they find it very difficult to say they are putting locks on the doors that never had them.

But wait, there’s more! In the official Sony FAQ  and also the Official PlayStation blog there is an amazing admission that the company really has no idea how many user accounts were compromised. They suggest that users “assume” their data has been stolen. Well, was the data stolen or not? That big unencrypted or shoddily encrypted file with the details of 77 million account holders either left the building or it didn’t, right?

Sony doesn’t seem to know.

This is from the official PlayStation blog:

Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.

I love the part about it having been a malicious attack. Had the attack been less malicious, would less data have been lost? That is the sound of Sony whining.

When I discussed the attack with a friend of mine in the enterprise data security business he made an interesting speculation. “A really smart criminal would want to cover his tracks,” said my friend. “You can either grab the data and hope to slink away unnoticed or you can grab the data then destroy everything on your way out.”

In a worst case scenario, Sony doesn’t even know what vulnerability the crackers used to gain entry. Sony may be literally clueless.

The people behind this PSN hack didn’t want it to go unnoticed. They wanted Sony and Sony users to know they had been violated. And Sony’s apparent ignorance of just what was taken (possibly even how it was taken) plus the fact that the network is still down a week later strongly suggests the crackers may have thrown a few metaphorical hand grenades into the system on their way to Dennys for that celebratory Grand Slam breakfast.

If only they both worked.

The cameras came from  Abel Cinetech in New York City and we paid about $14,000 for the pair. The cameras worked fine for a few weeks until one froze-up in Boulder, CO.  We couldn’t get the camera to boot.  We sent it in for repair and Sony checked it into their system on 8/4. I spoke to one of their reps a few days later and was told they were waiting for parts but the camera would probably be repaired by the end of the next week.

I called that Friday and was told the parts were in and the camera was being repaired — and that I should call again in a few days. So I called back Tuesday, then Wednesday when we were in Portland and was told essentially the same thing again — they were working on it and it would be a few more days.

I called again this past Monday and was told that they needed more parts from Israel which they were expecting sometime around September 16th. The guy I spoke to was very direct and said that considering the last time they ordered parts they came in a few days late, as well as factoring in repair time — I was looking at it being ready a few days after the 16th.

At this point I started asking for a replacement, explaining that this was a new camera and that we had already spent so much on rentals (this camera rents for $100 per day).  My priority was getting it back ASAP, which  could be achieved by having it replaced. The guy suggested I speak to a manager and it might be possible to get a replacement.

I spoke to a manager named Sylvia on Tuesday of last week who said that they don’t have loaner cameras in the service department, but that it might be able to arrange something with another department. Silvia said she’d talk to the engineers and get back with me later that day. I haven’t heard from her since… In fact, I asked for her direct number at the end of the call and she declined, saying that she was going to send me an email with all of her contact info…. That never arrived either.

I suspect Sylvia isn’t a manager at all, but rather some support rep they put on the phone to appease me.

So I contacted my salesman at Abel as well as the sales manager. They both have been working with Sony, but all I have so far from them is a promise made to them by Sony that the shipping of the part to the service facility would be ‘expedited.’ They are still working on the situation, however and I’m told they will get back to me.

Although this is a warranty repair and thus free, I asked if I could perhaps, for a fee, have the repair expedited. All they could offer was that warranty repairs were given priority anyway, and that if I included a note with the camera requesting expedited repair perhaps they would do so if they had time. I included such a letter detailing how important the camera was to the production and requesting expedited repair.

At no point did Sony contact me about the status of the repair, even when it was delayed. Also, at no point did anyone at Sony offer an apology, even when I expressed to several people just how displeased I was.

These are great cameras when they work, but when they don’t work they are simply $7,800 bricks.  Sony clearly doesn’t care about its prosumer customers.  Interestingly you can get customer support on the weekend for Sony’s cheapest consumer camcorder but not for this baby.

Tell a friend.  Tell them that Sony makes fine prosumer camcorders but doesn’t support them worth a damn.  Tell them that Sylvia is a liar.  Tell them to expect to pay $3000 to rent a $7000 replacement camera if they need a repair.

And tell them to do what I probably should have done in the first place, which was stick with Panasonic. 

How can that be?  Wasn’t it just a year ago that Blu-Ray, with its greater data capacity, triumphed over the opposing HD-DVD standard?  Well promises were made to achieve that victory and now it appears promises may have been broken.

Understand that the success or failure of Blu-Ray has little to do with games and everything to do with movies.  Two historical events informed the battle between Blu-Ray and HD-DVD.  First was the epic and costly 1980‘s competition between the BetaMax and VHS tape cassette standards.  Second was the triumphant succession of DVD over VHS, when we all replaced our tape libraries with disks, gladly paying anew for what we already owned, buying every Hollywood exec a new Mercedes in the process.

Re-fighting the battle between BetaMax and VHS was something the industry wanted to avoid when it came to an emerging HD video standard,  There had been for a moment such a potential conflict for DVD but the opposing forces were brought to a compromise by the movie studios, themselves, and a single technical standard emerged, pumping billions into the movie business as a result.  That’s the same goal that all sides had in the HD video fight — to get it over with quickly and get us all replacing our video libraries with HD.

According to Hollywood insiders who speak with me, the HD video battle was again decided by the studios when Disney and 20th Century Fox went with Blu-Ray in 2008.  The leader in that decision was reportedly Disney, which had 35 animated classic films it envisioned bringing to market in a data rich format with lots of extra material — so much material and games that HD-DVD, with its lower capacity, couldn’t hold it all on a single disk.  So it was Blu-Ray’s greater capacity that swayed Disney, along with Sony’s promise that the rampant success of PS3 game machines would quickly put Blu-Ray drives in most American living rooms.

The Disney fantasy was that Blu-Ray would triumph, PS3s would be everywhere, and American families would, all over again, buy enhanced copies of the 35 animated classics, sending up to $7 billion to Disney.

Well so far it hasn’t happened.

Yes, there are millions of PS3s in use, but millions more xBox360s and Nintendo Wii’s.  PlayStation 3 is the third-best-selling next-gen game console — third out of three, which is the wrong place to be for any competing tech standard that hopes to dominate.  Game consoles that have already been on the market for a year or more don’t suddenly win from behind like Seabiscuit.  Sony sells more PS2s still than PS3s.  PS3 was a year late to market, had supply problems, fewer game titles, and those titles usually cost a bit more than on other platforms.  But what really killed it for the movie studios was something completely different and unanticipated — the need for an HDTV to go with each PS3 Blu-Ray player.

Both the VCR and DVD revolutions required that just a single revolutionary (in the case of DVD, evolutionary) product be successful.  Your TV remained the same.  You can play a DVD on a DuMont black & white TV set from 1956, but Blu-Ray — unless you are not taking advantage of any of its, well, advantages — requires a whole new TV.  The chances of people buying simultaneously an HDTV AND a PS3 were lower and so was the dual penetration with the result that Blu-Ray disk sales, while not terrible, are also not material, yet, to the movie industry.  And the question now is whether they ever will be material?

Blu-Ray will survive, but will it be just for cinephiles?  That depends on how the 1080p download market evolves (which is why Apple has yet to sell a computer with a Blu-Ray disk installed, seeing it as eventual channel conflict with iTunes) or whether a new HD-DVD standard will emerge to compete again with Blu-Ray.

And don’t forget the impact of up-converting progressive-scan DVD players, which even Sony sells: I just bought one for $44.77 at Wal-Mart and driving the 720p display in my RV makes a standard-definition DVD of Charlie and the Chocolate Factory look amazingly good.  Not good enough for a cinephile, but that’s five percent of the video market, tops.

Yes, Blu-Ray is better, but for many people the incentives aren’t there, which leaves us still looking for a higher-density data standard that ideally costs less than Blu-Ray. That particular need, especially in the PC industry, never went away.

This alternate standard is coming, I’m sure, and don’t be surprised if it turns out to be pretty much the same HD-DVD that lost-out a year ago, though this time probably not under the Toshiba brand.  It would make a superior archival platform and might even be used for HD video, too.  Retooling a factory to stamp HD-DVDs costs millions less than upgrading to Blu-Ray and the eventual disks are significantly cheaper.

But that The Making of Bambi featurette may have to go.