wrong tool

You are finite. Zathras is finite. This is wrong tool.

Dropbox will start showing ads Real Soon Now

by Leave a Comment

With MSFT dropping the marginal price of storage for consumers to 0, what does this mean for Dropbox?

The old business model that was really awesome was that each user represented a permanent annuity. As each user consumed more storage, over time, the user paid more. And as the user consumed more, the ability to move the users data declined. And with features like photo-sharing and data sharing, the ability to move data became harder and harder and harder.

Although I am sure that DropBox assumed the cost per GB would drop over time, the assumption in the plan has to be that it never got to 0 and it always increased as people stored more.

This was a sound business model until or unless the annuity goes away.

And that is what MSFT just did. They eliminated the annuity business. I am sure that DropBox will resist. But here is what will happen: as people who start pushing into the higher and higher tiers of cost start looking at their bills, the desire to move to cheaper solutions will outweigh the inconvenience. They will either move all of their data or start moving parts of their data to newer cheaper solutions.

The net effect is that with a cost of 0 dollars, it makes a lot of sense to use the free DropBox offering and then when you have to pay go to MSFT for any excess data.

Now Dropbox has to come up with a new plan. Their annuity strategy is crippled.

And the new plan may be advertising. DropBox was a storage company that offered file sharing on the cloud. Now they are a content repository with some nifty content management and content sharing tools for consumers. Companies that provide tools for consumers that can not grow their revenue as an annuity will turn to trying to monetize their customers more efficiently. And with all of that user data, the temptation to use it to advertise will be great.

Gmail made it okay to have your email automatically scanned for advertising, – i wish I could have seen the ads on General Petraeus account, you have to believe DropBox customers will be okay with this as well…

 

And now unlimited – MSFT lays down the gauntlet

by 4 Comments

Microsoft just announced that they are offering unlimited OneDrive storage for ~7$ a year month along with Office 360.

Monetization of capacity in the storage industry is very hard. The storage industry was able to do that because of the cabling limitations of controllers and disk drives. Eventually you needed to buy a new controller because you could add no more disk drives to a controller. In the cloud the consumer never has to buy another controller, so the requirement to buy stuff to increase capacity never happens.

The fact that capacity is now going to be free – you’re paying for Office360 is showing that to be true.

After all the cost per GB is 0.03, the ability that you can charge 3x the cost of the media (30$ vs 100$) for a terabyte is unsustainable.

First movers in this space offered the novelty of cloud capacity, now that the capability has been commoditized, the end game for vendors in this space is going to be – interesting.

Other vendors will have to react to this change. How is going to be very unclear.

Google will quickly follow with a similar offer. I expect Box to be forced to do the same since they are competing with Google and MSFT for the same customers. DropBox will fight the hardest to avoid doing this but they too will eventually collapse.

Edit: Fixed the pricing to be monthly instead of yearly. 

Bracket Computing Revealed!

by Leave a Comment

My friend Jason Lango, CTO and Founder of Bracket Computing, is finally, YAY!, bringing Bracket out of stealth.

His ambition was always to create a great company that would build significant new technology. And Bracket’s initial announcements do not disappoint. He’s put together a great team and the team is targeting a great problem. Good things happen when you do that.

I am, and have been for a very long time, a huge fan – and best man at his wedding – of Jason so I am excited to learn about their new technology. Whenever we’ve worked together, he’s always done great work, and this is going to be no different…

And why I am so excited, because I might know what happened in Vegas but I only get to learn what goes on at Bracket after the public announcement 🙂

Definitely looking forward to learning more! No doubts that they will make great things happen!

 

 

How do box vendors get disrupted?

by 2 Comments

af2d9864b93a712a13a6e5d77615e03e

One of the more interesting questions confronting anyone who works at a box company, like I do, is what causes a vendor to get disrupted?

There are a lot of business reasons, and technical reasons covered in a wide variety of sources…

My pet theory is the following:

A box vendor produces a box that has to be deployed as a box because of what it does. For example, to switch you need a box that can sit between three physical cables and make decisions about where to forward the packets.

Deploying a box is a pain in the ass. Replacing a box is hard.

And the problem is that once you, as a customer, deploy a box, you realize that you need the box to do more stuff.

And the vendor starts adding software features into the box to meet that need.

And at some point in time, the box vendor believes that the value is the software and not the box. And they are partly right, except that the only reason the customer is buying the software from the box vendor is because they must buy the box.

And the box over time becomes an increasingly complex software system that can do more and more and more and more.

And software engineers hate complexity. And where there is complexity there is opportunity to build something simpler. And competition tries to break into the market by making a simpler box.

The problem with the simpler box is that if the set of the things a customer needs to do is A, and you can do A/2 – you’re simpler and incomplete.  Inevitably you will become as complex as the original box.

What causes the disruption is when the customer no longer needs to deploy the box.

To pick an example that I can talk about, many vendors in the storage industry used spinning rust disk drives to store data. When customers decided that they no longer wanted to use spinning rust to store data, vendors like Nimble and Pure started to win in the market because they stored data in flash.

Nimble and Pure certainly didn’t have the feature set of their competitors – how could they. The reason they won deals was because the decision criteria for the customer wasn’t software it was the desire to store the data differently on a different kind of physical media – flash. The combination of a customer desire to store the data differently coupled with a simpler box made it possible for Nimble and Pure to win in the market place.

To put it differently Pure may, for all I know, have A/5 of the features of the competition, but if the first order decision is that you want to store data on flash in an external array, then that is irrelevant because you’re not comparing Pure to a spinning rust array, but Pure to another flash array. And there Pure has an advantage.

The networking industry has stubbornly resisted disruption for years. And part of the reason is that the physical box hasn’t really changed over time. Parts of the industry have changed, and overall the same leaders are still winning.

However, there is a possibility of a disruption in the networking industry, in particular, in the modern cloud data center.

The reason being that for the first time in a long time, the fundamental network stack may be re-wired in a very unique way.

In an earlier post, I discussed thee Network Database. In a traditional network, every network element has to be a full fledged participant in the Network Database.

And like traditional applications that have to interact with a database to do anything interesting, network services must also interact with the Network Database to do anything interesting.

And it turns out that building an application that uses the Network Database is hard, unless your application fits into that model and … well … runs on the network element.

Companies like to whine that network vendors are slow, maybe they are – or maybe the problem they are trying to solve in the way they are trying to solve it is just hard and takes time. Having worked with folks in this industry, I am convinced of the hardness thesis rather than the laziness thesis.

SDN – has the potential – to disrupt the model of software applications being built as distributed services running on multiple network elements. For one reason: it actually makes building network applications easier because it aligns with how the vast majority of programmers think. Building applications out of distributed protocols is hard. Building applications on a centralized database is easy. And there are claims that well you’ll need multiple databases to scale, and it turns out that too is easy – after all that’s what the web guys have been doing for years.

And that creates an interesting disruption in the network stack. That is different than flash and disk drives but potentially as massive.

The value of the software stack that the traditional vendors have built over time begins to diminish as more services get built using a different model. One argument is that it will take time for the new services to be as complete as the old model. And that is true. If you believe, however that the new programming model is more efficient and expands the pool of programmers by a step function, then the gap may be closed significantly faster.

Having said all of that, I am reminded of a saying:

Avec des si et des mais, on mettrait Pari does une bouteille.

The Network Box vendors are making their strategic play as well, and the industry will change and we will most likely still see the same players on top ….

 

 

 

Firewalls and The Network Database, Redux

by Leave a Comment

Let’s talk a little bit more about Firewalls and Network Databases.

The obvious insight most networking people have is that the purpose of IP is to find a route between A and B. If there is a path, IP will find it.

The problem is that the network is a graph that isn’t owned by anyone. Anyone can create a connection, and any connection can create a path and any path can lead A to B.

The really annoying problem is that because the graph is built on physical cables that are very expensive to put in the ground, a single physical cable can be a path that is open to some packets and closed to others.

In other words, some links from A to B are valid because the person at A is allowed to talk to B, and some are not. And the amount of state you need to inspect to determine if packet A is allowed to go from A to B is considerable.

Really obvious stuff.

If you want to control traffic going that goes through a physical cable then you have to put a device that can look at all of the traffic coming in on the physical cable and make routing decisions. The device has to have a notion of forwarding paths and rules about how the data can flow through the device.

And that’s what a firewall does. First the firewall makes sure the packet is allowed to go through the firewall at all, then the firewall looks at where the packet wants to go next, and sees if the packet is allowed to based on the security policy.

From a particular point of view a firewall is just a router that uses a different kind network database. However, the database properties of the firewall are very different.

What is very confusing, especially to the networking industry, is that because firewalls are really just a router that has a different kind of database, it’s easy to assume that a firewall is a router and that the same kind of system level insights that apply to routers apply to firewalls.

And that’s unfortunate. Because a firewall system design is better informed from the system design of scalable web applications that have centralized databases than routers or switches.

More to come.

 

The Network is the Database and Firewalls

by Leave a Comment

Following up to yesterday’s post, I wanted to talk about the Network…

Again this is stuff a noob like me finds interesting. I am glossing over massive amounts of detail. And I may be wrong, and if I am I’d like to be corrected.

If you come from a database background, a database has the following useful properties:

  1. There is a single IP address you can ask all your questions of
  2. Only approved people can add or remove state
  3. You can trivially query the current global state of the database.

In an IP network, the database is the network, and the database has the following perverse properties:

  1. There is no single IP address you can all ask all of your questions of
  2. Anyone can add or remove state
  3. You can not query the current global state

The Network Database is the single most unique database on the planet. The properties of that database provide for resiliency, force co-operation between bitter commercial rivals and require some of the most sophisticated protocol engineering on the planet.

And why is this important to Firewalls?

If we consider firewalls, and computationally cheap security then we realize that the single most important function of a firewall is to make sure that Network is a Database only contains records (routes) that are approved.

That was a mouthful.

Consider a route from IP 1.1.1.1 to 2.2.2.2. The network administrator would like to say that no such route must exist in the network database. The problem is that the network administrator can not guarantee that such a route won’t get created either maliciously or intentionally. The inherent properties of the Network Database make this impossible.

What to do?

Well you create a device that has all of the rules that you want to enforce and that device has all of the properties of a real database:

  1. There is a single IP address
  2. Only approved people can add or remove state
  3. You can trivially query the current global state

And then you put that database in the middle of the network and have it verify that no invalid route is inserted by essentially seeing every packet and making sure that every route is valid in the context of the security policy.

In effect, this is the really astonishingly surprising result – a firewall’s first and foremost role in a network is to secure the routing tables. What I mean by securing the routing tables, what I mean is that you are ensuring that no route that you don’t want exists.

That’s why a firewall is inline, that’s why it exists. If you could secure the routing tables without a firewall, then you could – in principle – transform the security industry.

And it turns out that SDN can eliminate the need for a firewall… Maybe. And that is very disruptive. And SDN’s might do this because, well, they move the Network Database out of the Network into a database that has standard database properties…

And I’ll get to that when I talk about SDN.

 

 

What does a firewall do?

by 1 Comment

Following up from my post about an Idealized Firewall , let’s look at what a Firewall does …

Again this isn’t novel or new…

First a picture:

2014-10-20_1132

A firewall provides three kinds of security services.

1. Computationally Cheap Security

The most important service a firewall provides and perhaps the entire raison d’etra is what I call cheap security. Not cheap from a cost, but cheap computationally. The amount of state that has to be kept and tracked is relatively small. This kind of security is what we traditionally call Layer 4 security. A lot of what passes off as security in this space is handled both in a firewall, and using other technologies like vlan’s, ACL’s etc.

This is the layer that transforms packets into flows ..

Everything else a Firewall does stems from this layer, and I’ll get to why in another post.

Remove the need for this kind of security as a stand alone box and you remove the need for firewalls.

2. Connectivity Services

Because a firewall gets deployed at a network choke point, and because it does cheap computational security and is already inspecting traffic flows or must inspect traffic flows, a firewall is a natural place to deploy some connectivity services like NAT or ipsec. You can, and Juniper does, deploy this technology elsewhere like routers.

This technology only gets deployed on a firewall if the box is deployed at the network choke-point.

3. Computationally Expensive Security

As you get better at solving the cheap security problems, the bad guys have to expend more effort to break in. As the efforts to break in costs more in terms of CPU and memory, then the amount of resources required to detect the bad guys increases. Like in a real war, as the weapons of defense improve, the offensive strategies adapt and force the defensive strategies to get more expensive.

Firewalls are able to play in this space because they do the heavy lifting of transforming the packet flood into a flow, and this layer is really just doing deeper and deeper analysis into flows and across flows.

Many innovative startup companies are working on this space because this is where the need is most pressing and most difficult to deal with.

If another layer were to transform the packets into flows, then this layer could live outside of the firewall. And in fact, as some companies have demonstrated it is possible to do this packet-to-flow transformation without being a firewall by hiding behind SPAN ports.

Because of the need for rapid innovation, resource requirements and lack of universality computationally expensive security can exist for a long time outside of the firewall before collapsing to the firewall.

Fascinating Account on Recent Gaming History

by Leave a Comment

I had the chance to stumble on this answer on quora that discussed in long detail how computer gaming had metastasized from a minority group activity to a majority group activity and the social implications there in.

The summation can be found here:

[..] appeals to people who feel alienated by the changing face of gaming, people who feel criticized when they’ve been the minority, people who want to keep gaming the way it was, people who are already prone to assuming conspiracies, and people who feel as if they’re being disenfranchised by the changes in society being carried out in gaming. It has been timely, in the sense that it is happening during a particularly pessimistic period in game journalism (see all the “gaming is dead” articles) and during a period where there’s an active series of cultural debates occurring on the role of gaming in culture.

Working at Zynga in the period 2009->2011 and seeing the abrupt transformation of gaming to a mainstream activity was disorienting. Making games that everyone played was not the experience I had with games. Games were a niche activity that some people did, not everyone. .

Many people who were involved in gaming hated Zynga because we were building games they didn’t like. I am not a game desiger, and I am not an expert in the art of gaming and I do know Mark Skaggs (FarmVille and CityVille and Red Alert) and Brian Reynolds (FrontierVille and CivII) and they built some products that millions loved.

And what they showed was that there was this vast untapped market desire for games that was unanticipated.

For a while, many folks in the industry looked at the games we built and said – these are not games. And then some folks people looked at the games we built, and said: I can do better. And much better games that targeted the markets Zynga had shown existed emerged.

The wold of gaming is very different from the world I grew up in. And that’s a good thing …

The Idealized Firewall

by 1 Comment

2014-10-12_1508

 

When I joined Juniper, my interview was very funny because I knew nothing about networking or security. Well okay, I could draw clouds that had arrows pointing to each other and I knew the basics of sockets, but nothing like anyone who actually knows networking…

That’s what has made the job so much fun. Applying 15 years worth of experience to learning a new problem domain…

A specific challenge, I had was how to think about a firewall, in particular what exactly are the functional elements of a firewall that transcend any specific implementation.

A diagram I came up with that has had surprising predictive power is what I am sharing today.

Basically a firewall has three layers.

Physical Layer

Starting from the top, we have a physical layer that has packets come in as a rain drops. I’ve already talked about rain drops and streams, and this lowest layer is what handles the packets. This is a physical network layer where cables are plugged into a firewall device. Just above the packet flood is a load-balancer that ensures that packets from similar flows end up on the next layer at the correct processing unit.

Cheap Computational Security

Cheap computational security is what I have been calling security that can be done very efficiently,  has to look at a relatively bounded number of packets and can be assisted with hardware. This is typically what we have historically called “L4 Firewall Security”. Things like ALGs etc are implemented in this layer. This layer is able to take the packet flood and turn it into a stream before the security processing begins.

Because cheap computational security is implemented in terms of flows, a series of packets turns into a flow and then we start doing security on it, abstractly we can think of thousands of individual threads each handling a single flow. Obviously this is not how we would implement things, but is a useful mental model.

This mental model is particularly useful because it explains why the prior layer must load-balance the packets. Essentially using packet only information the physical layer must direct packets to the right thread processing the right flow.

Because the physical layer can make a mistake in load-balancing, this layer is able to detect the mistake and forward the packet to the right cheap security element.

Once the cheap computational security is done, then packet is forwarded to more expensive computational security if that is appropriate. That forwarding goes through yet another load-balancer whose purpose is to find either a lightly loaded computational element or send more packets to one that is still processing.

Expensive Computational Security

The final layer in firewalls is expensive computational security. This is stuff we have historically called “L4-L7 security services” such as UTM or SSL forward proxy etc.

This layer expects to receive a stream of packets and typically takes a lot of CPU and Memory resources to perform the operations that need to be done to detect security breaches.

Again this layer can conceptually be thought of a series of distinct computations on independent flows.

Final thoughts

What I described isn’t a firewall per-se, it’s just a useful mental model for how to think about firewalls. And in particular, to understand the hardware trade-offs in designing firewalls.

 

 

Learning Rust

by Leave a Comment

I recently stumbled on to the Rust programming language.

What struck me was the promise of safety and performance – a C for the rest of us is the customer pitch.

And indeed Rust is a nifty programming language that tries to bridge a gap between managed code and unmanaged code. Managed code is code that has system managed memory, aka garbage collectors, and unmanaged code is code that relies on the programmer to manage the code directly.

Conceptually what they are doing is using the type system to enforce safety. This restricts what kinds of things you can do with pointers, but if the type system forbids certain activities then that’s okay and your program can fit into that model that’s okay as well.

There are papers from 15 years ago that explored this kind of concept: CCured: Type-Safe Retrofitting of Legacy Software – Rust almost represents a natural evolution of this thought process – don’t try to make an unsafe language safe, let’s try to make a language safe while retaining the ability to manage memory directly.

What is intriguing about Rust and what differs from the papers I remember reading so many years ago when I was a student at Stanford is that they are tackling the problem differently. Instead of asking: How do I make C safer? They are asking: How do I make it easier for Ruby programmers to write code that has memory that is unmanaged? Essentially they are posing the question – do we need garbage collectors at all? And if we don’t then that may have profound implications for how code gets written.

And as it turns out that the problem of enabling Ruby programmers to write unmanaged code is far more important to solve than the problem of making C safe, and I might even argue tractable.

What is fascinating is that since the early late 90’s the need for a language that fits between the need to actually manipulate direct memory regions and completely managed code remains and that space needs to get filled  and Rust is a credible player in that space.