Software, Interrupted

Parallel Kingdom

(Credit: Parallel Kingdom)

Gilbertson's travails with the iPhone application acceptance process illustrates why Apple's gating of applications is a troubling reality for developers--and for consumers. And while it's understandable to have a gating mechanism in place, if Apple wants to remain at the top of the mobile application space, it so heavily dominates, the company needs to commit more resources to not just the application review process, but in communicating with developers. As of my last e-mail exchange with Gilbertson, Apple had not responded for more than six days. My call to App Store PR has gone unreturned for about 18 hours as of this post.

Apple's acceptance policies can be shockingly difficult to navigate, so much so that some have marveled at the fact that an ecosystem could build up at all.The fact that iPhone applications are written in Objective C, a previously uncommon programming language, is in and of itself a show-stopper for many developers, but that obviously hasn't stopped development.

Earlier today Ars Technica wrote about several prominent developer including Facebook's Joe Hewitt, Second Gear's Justin Williams, and longtime Mac software developer Rogue Amoeba, all of whom recently "decided that enough is enough" and that they would abandon iPhone development efforts. And while each cites different reasons, the underlying thread is that they've had enough of waiting for Apple to distribute their apps, an instantaneous effort on the Internet.

While restrictive or complex policies are unlikely to stop the iPhone juggernaut, they can be very painful reminders of what would happen if we regress 15 years to the unfortunate walled gardens of AOL. Tim O'Reilly reminded us of the risk of the closed Web recently, commenting that "anyone can put up a Web site, or launch a new Windows or Mac OS X or Linux application, without anyone's permission. But put an app onto the iPhone? That requires Apple's blessing."

It's unlikely that a few developers falling off of the iPhone train will have a dramatic effect on the growth of the market, but this kind of unhappiness can easily lead to a backlash. The big question is if another mobile platform can take the place of the iPhone.

Android has arguably the best chance, but it currently struggles due to immaturity of its own application ecosystem. Nonetheless, there is a huge revenue opportunity for an open-Web approach to mobile applications. It remains to be seen if Android can live up to the hype and not fall into the same trappings as the App Store. For all of Apple's sins in how they run that business, it's undeniable that it remains hugely successful.

With infrastructure services like Amazon EC2, Rackspace, and VMware making it easy to take advantage of the flexibility, portability, and reduced costs of cloud computing, it seems obvious to jump on the cloud bandwagon for new IT projects.

But, developers are generally left on their own to deal with the pain of deploying their apps to the cloud: configuring application servers, libraries, disk partitions, networking, clustering, service connections, and virtual private networks. After they get their app installed they also need to install management agents that run on top of the application layer.

Isaac Roth, co-founder and CEO

(Credit: webappVM)

Each agent and management server must be configured separately with management and monitoring solutions generally not portable. When every change to an environment requires installation of multiple agents on each server and configuration of multiple management servers, it becomes a tall order to move an application from a traditional infrastructure to the cloud, or from one cloud infrastructure to another: private to public, public to hybrid, or hybrid to private.

How do you get around this so you can actually capitalize on the benefits of cloud computing? Go virtual. Move application management, including easy on-boarding, from above the application stack into the underlying virtual layer, along with the rest of the cloud infrastructure.

I was recently briefed by webappVM CEO Isaac Roth on how the company is pioneering this new approach. He said the virtual path allows you to actually realize all of the flexibility, portability, and reduced costs that come with the promise of cloud computing.

My previous post about mobile data sync brought in several public comments and many more private e-mails from various companies asking for perspective on how the leading mobile platforms will compete in the sync space and whether or not start-ups like Funambol can compete.

More than anything else, the leading mobile devices--the iPhone and BlackBerry, are marketed more effectively than any other platform, especially Windows Mobile, which by all counts should be the leader.

It's not that Windows Mobile is so terrible (you can decide for yourself), but that Microsoft hasn't done enough to make users want to use it.

In a conversation today, I learned a bit about Microsoft's My Phone service, which I had previously never heard of, and also a bit about Palm's strategy in relation to making the Pixi a device of choice for the younger set. Minutes later, the two worlds collided when I hit the My Phone site and came across this image of bitter irony.

Is this ad in context?

(Credit: Screenshot by Dave Rosenberg)

It's an ad for a Palm product that doesn't run Windows Mobile, or work with the Microsoft service, running on the MSN ad network, prominently displayed on the My Phone page. It confused me so much that I actually clicked on the ad to see if the services were somehow related.

There definitely is some logic from the Palm side--i.e. getting users to their devices, but this is an interesting failure of contextual advertising for Microsoft, allowing a direct competitor dominate the banner ad on their service page. Really, neither side benefits from the ad placement and considering the woeful state of both businesses, one would hope they care enough to not embarrass themselves and at least keep competitor ads off of their own sites.

While neither Windows Mobile nor Palm will be totally dead any time soon, if I'm on Apple's iPhone team, or working on Android, I wouldn't be too worried.

With Electronic Arts' recent $400 million purchase of Playfish, social games are all the rage in today's tech industry. That's no surprise: lightweight games on social networks (which people usually play while they're goofing off at work) and social games have attracted huge player numbers with the biggest titles boasting 20 million to 60 million regular players.

City of Eternals.

(Credit: Ohai)

But here's the worst kept secret about the genre: most social games aren't very, well, fun. They offer limited interactivity, game play challenge, and graphics. Consequently, players aren't invested enough to spend much money on them, especially compared to "hard-core" massively multiplayer-online (MMO) games. Even with the better social games, average revenue per users is less than a $1 per person.

By contrast, millions of World of Warcraft players willingly pay $15 a month in subscription fees alone. But, what MMOs like WoW have in revenue, they lack in growth due to the high technical hurdles and subject matter. WoW seems to have tapped out at around 12 million players, far less than the largest social games. And while the sustained revenue is great, attracting new players remains a challenge.

Enter City of Eternals, a Web-based MMO with a modern vampire theme from a new start-up called Ohai. After a long conversation with company CEO Susan Wu, a pioneer in the online gaming and virtual goods space, there are a number of reasons I think Ohai has the potential to succeed in the sweet spot between social games and hard-core gamer MMOs, and why the shift to social connection could become gaming's next big thing.

Ease of play
The biggest game platform isn't the Nintendo Wii or the iPhone, it's Flash, a browser plug-in installed on more than 99 percent of the world's PCs. An estimated 200 million people already play casual Flash-based games.

And while most MMOs require a huge client install, Ohai CTO and game industry veteran Don Neufeld (Everquest II, PlanetSide), and his development team (Free Realms, Lord of the Rings Online, Star Wars Galaxies, Dungeons and Dragons Online) have re-engineered Flash into an MMO platform that pretty much anyone can play, without having to install additional software or hardware upgrades. As Wu put it, this means Ohai can build "Games for your aunt who plays FarmVille on Facebook and your cousin who can't play World of Warcraft on his school PC."

Deep social network integration
City of Eternals is fully integrated with Facebook and soon Twitter, but that doesn't mean the game is only playable within the social network. Players' Facebook profiles follow them into the vampire world, so whenever you're curious, you can click on a fellow vampire, and check their Facebook profile. This is the first time I've seen this feature in any MMO, and it brings in some new possibilities--making it much easier to socialize (and of course flirt) within the game. Wu told me City of Eternals' gender spread is 50-50 (extremely rare, compared with male-dominated MMOs), so I wouldn't be surprised if it became a major online hotspot for socializing. Especially since the game isn't about geeky elves and orcs, but far more popular vampires--see below.

Subject matter
The Twilight book series has sold more than 85 million copies worldwide; the Underworld movie franchise has brought in more than $300 million in theatrical sales; and TV's True Blood and Vampire Diaries both have huge cult followings. Vampires are obviously pervasive throughout popular culture, but there's yet to be a full-fledged vampire MMO.

Still in Alpha stage, Wu told me that players average 12 logins per day in the game, with an average session length of 5 to 6 minutes, fulfilling one of the company's goals of making a "bite-sized MMO."

City of Eternals is Ohai's first of many of what they call "MMOs for everyone." Of course, there's still a lot of unknown variables. The vampire craze may wane too soon, and as the Electronic Arts purchase suggests, the competition is huge. Maybe I'm crazy, but by next year, I think there's a good chance the most popular MMO on the market won't be World of Warcraft, but City of Eternals, or another game that crosses the boundaries between MMO and socialized gaming.

As consumers increasingly purchase sophisticated smartphones such as the iPhone, BlackBerry, and Droid, they are developing expectations for how these phones allow contacts, calendars, e-mail, and social networks to remain in sync across all their devices.

One of the big challenges is that users don't always maintain the same source of inputting data--they switch from browser to desktop application to smartphone as their data access and entry point, introducing many variables into the data chain. And data integrity will only get more complicated as more applications become browser-based and keep no local data storage.

Most enterprise users have a local store in addition to the cloud storage, something that I still find puzzling from the T-mobile Sidekick outage, where consumer data that should have been in multiple locations (or at least present on the device) was thought to be lost.

The most common sync services are not provided directly by the mobile operator. Generally this is a good thing, as the more you can dis-intermediate the carrier, the more control you have over your data. But because the sync services are provided by others--notably Microsoft, Google, and Apple--you end up locked-in to their data structures as well as whatever privacy and data management issues that might arise in relation to advertising or other usage of your information.

Today, you can fairly easily sync your mobile device with most common online e-mail and PIM services although the BlackBerry, Droid, and the iPhone differ in their approaches--or at least in the visibility of how they work. For example, you can sync with Gmail and other services on the iPhone, but it rather perversely requires the Microsoft ActiveSync protocol.

By controlling the address book, Google and Apple effectively lock-in users to their sync service, leaving the carriers and devices to be easily replaced (minus the cancellation charges.) The user would barely notice the difference, aside from the sticker on his phone that says AT&T or Verizon.

Mobile operators do not want to cede control of the address book to Google or Apple, but they are late to the game and do not yet have sync solutions of their own. As a result, they are scrambling to add this functionality, but building a sync solution that works with all different devices and email services is no easy task, thanks to the widespread problem of device fragmentation in the industry.

One option is to deploy a white label solution, like the open mobile cloud sync offered by Funambol. Funambol CEO Fabrizio Capobianco told me the company has been approached by many of the top mobile operators, with several of them looking to setup sync services for their customers. They all recognize the issue, and according to Capobianco can turn to Funambol as a way to quickly bring a high-quality solution to market.

With all the different players in mobile sync, users will begin to question who owns their data. Enterprise users, in particular, should have privacy concerns about trusting their data to someone else. In the case of Android users, there is a growing anti-Google sentiment, and if Google already owns your email, calendar, and search queries, do you really want them to own your phone contacts as well?

The cost benefits of virtualization are well-documented, allowing enterprises to significantly reduce the space and electrical power required to run data centers and streamline the management of an ever-growing number of servers.

Virtualization also provides means for expedient scalability. Given today's economic climate and cost-cutting mandates, it is not surprising that analyst firm Gartner recently predicted that 50 percent of workloads will run inside virtual machines by 2012.

What many organizations fail to understand, according to Amir Ben-Efraim, CEO of virtualization security provider Altor Networks, is that collapsing multiple servers into a single one with several virtual machines inside eliminates all firewall, intrusion detection, and other protections in existence. Physical security measures literally become "blind" to traffic between VMs, since they are no longer in the data path.

This echoes comments made by Gartner analyst Neil MacDonald, who wrote in a recent presentation titled "Securing the Next-Generation Virtual Data Center" (subscription required), that "most virtual machines you deploy will be less secure than the physical systems they replace," and that "virtualization will radically change how you secure and manage computing environments."

VMware recently launched a partner program to help ISVs develop solutions certified as "VMsafe." VMsafe provides API sharing through a secure container, enabling partner companies to access virtual environments. This virtual security technology provides fine-grained visibility over virtual-machine resources, including monitoring every aspect of the system with the ability to address previously undetectable viruses, rootkits, and malware before they can infect a system.

I spoke to Ben-Efraim to better understand the issues around VM security and for what users should be on the lookout. According to him, there are two common approaches that use existing methods to secure virtual-network traffic: using VLANs to separate and control communication between VMs; and taking software-based firewalls and running them as agents on each VM. Unfortunately, both of these approaches fall short.

VLAN segmentation extends the notion of LAN resource segmentation to include VMs. The approach essentially requires that VMs, which can naturally be grouped (i.e. by function or user base), be isolated from other VMs by use of virtual switches and routing (i.e. the human resources VLAN contains HR-serving VMs). However, VLAN segmentation is not a permanent solution to securing environments because of networking complexities, performance degradation, and security limitations of the approach, Ben-Efraim said.

Most businesses seek competitive advantage through some kind of change. Whether they want to beat the competition to market with a new service or introduce new product categories, disruption is the norm.

The challenge in today's IT-centric world is that every one of those disruptions requires a software change, introducing the potential for downtime and lost revenue.

Change control and the associated risk mitigation is a big problem that every large organization faces. Last year, the London Stock Exchange crashed during a software change and was down for more than seven hours, costing traders millions, if not billions of dollars in lost business. This year we've had high profile outages at Salesforce.com, Twitter, and Amazon's EC2, among others, affecting tens of millions of people.

No company is immune to this type of risk and companies that want to stay on the leading edge need to embrace these changes in order to stay competitive.

Coverity, a software integrity firm perhaps best known for its SCAN project of open-source software sponsored by the Department of Homeland Security thinks it has the preventive medicine to help organizations avoid the inevitable errors, defects, and failures that software change can introduce.

The company's latest release, Coverity 5, promises to mitigate the business risk of software changes across an organization's entire software portfolio. It claims this is the first product that lets developers automatically map and identify how a single defect impacts multiple code bases, projects, and products. Through a unified defect management interface, it also can help organizations review, prioritize and triage their C/C++, Java and C# defects in a single work flow.

This approach lets an organization quickly answer five key questions of software change management:

1. How do I find defects introduced by changes?
2. How do I know the severity of new defects?
3. How do I know the impact to my code, my projects, my products?
4. How do I fix them fast?
5. How do I know I fixed them?

Today, market opportunities are changing faster than businesses can deliver. When your organization changes software, how quickly can answer the five questions above?

The Tennessee Valley Authority is the nation's largest public power provider serving approximately 9 million consumers in seven southeastern states. The organization also happens to be a big supporter of open-source projects, including Hadoop, a tool designed for deep analysis and transformation of very large data sets.

Earlier this year, the Tennessee Valley Authority (TVA) announced that it open sourced its data system used to collect data from smart grid devices called Phasor measurement units (PMUs). The data collection system is known in the industry as a Super Phasor Data Concentrator (SuperPDC), which can be used to determine the health of a power grid.

The open-source version of the SuperPDC is now called the "OpenPDC." I spoke to both Ritchie Carroll (RC), the project's creator, and Josh Patterson (JP), the person responsible for introducing Hadoop to the project, to discuss what the OpenPDC is and why TVA turned to Hadoop in building the system.

What sort of data volumes are you working with?
RC: Currently there is around 20 TB of archived data, we expect this to grow quickly as a result of the SmartGrid stimulus funding which includes the addition of 850 phasor measurement devices. This may well grow the archive to half a Petabyte within the next few years.

How is this data currently captured and managed? Is any data discarded?
JP: Data is collected directly from field devices at 30 times per second. This data is then time-aligned and processed in real-time--all data gets captured into a binary data file as time-series data for mass processing by Hadoop.

RC: No data is currently discarded, if we get to the point of needing to discard data because of cost--this will be a decision based on weighed importance of collected data. It is likely the data around major events will never be deleted because it will always be valuable for future student researchers. There is also value in being able to go back in time and look for newly discovered event signatures to see how long they might have been occurring.

Microsoft released on Thursday a new position paper, "Privacy in the Cloud Computing Era: A Microsoft Perspective," that includes information about the remote storage and processing of personal information.

Privacy and security concerns continue to be a primary argument that cloud naysayers use against storing data and applications on the Internet. Big IT vendors and service providers like Microsoft and Hewlett-Packard will sooner or later be forced to take the cloud seriously or risk missing out on the whole next wave of IT consumption. And their large enterprise customers will expect them to offer cloud services with the appropriate levels of privacy and security measures in line with their business needs.

The interesting thing about this paper is that Microsoft takes surprisingly minimal responsibility for the data it will manage: