Wild.

Cisco, with the aid of pliable government officials – do corporations know any other kind? – had a guy arrested and held in jail for 28 days in Vancouver, BC. He was arrested as he testified at a special hearing for the case!

Cuff ‘em, Danno
According to the Vancouver Sun newspaper:

In a rare move, McKinnon stayed extradition proceedings against Peter Adekeye, a British computer entrepreneur who once worked for Cisco Systems, Inc.

The judge said U.S. prosecutors acted outrageously by having the respected executive bizarrely arrested in Vancouver on May 20, 2010 as he testified before a sitting of the American court he was accused of avoiding.

He called Adekeye’s ordeal something out of a novel by Joseph Heller, the author of Catch-22.

The RCMP took Adekeye into custody as he was testifying before a special U.S. hearing at the Wedgewood Hotel about the very case that supposedly required his urgent extradition.

Adekeye was perp-walked through the hotel lobby to a waiting police wagon.

“This speaks volumes for Cisco’s duplicity,” the judge said, adding the company had “the unmitigated gall” to try to use the criminal process to humiliate and force Adekeye to abandon a civil suit.

Adekeye was held in custody for 28 days and forced to remain in Canada until this week under strict bail conditions because of the false and misleading material from the U.S., McKinnon said.

Canadian Justice Department lawyer Diba Majzub argued that it didn’t matter U.S. prosecutors falsely portrayed Adekeye as a Nigerian scofflaw who was a flight risk.

“You got a nice little network. Shame if something happened to it.”
Mr. Adekeye’s problems started when he sued Cisco for forcing customers to buy maintenance contracts. Cisco then accused him of 97 counts unauthorized computer access – each punishable by up to 5 years – a total of 485 years – in prison.

2 months after the arrest Cisco settled the case and abandoned the service-contract practice.

Never mind.

The StorageMojo take
Whoa. Assuming the Sun’s account is correct corporate and police powers are getting too cozy in San Jose.

The folks in Cisco’s corporate counsel’s office need a quick refresher in ethics. How about a 28 day stay in the Santa Clara county jail while they study up?

A quick look at Cisco’s recent financials finds that while product sales have been rocky, service sales are up. Good thing, given the plunge in the stock price in the last year.

Cisco has another business practice they should change: their corporate policy of not paying suppliers for 60 days. Cisco toilet cleaners are also privileged to loan Cisco money for 60 days. Is this a great country or what!

Memo to Chambers: it will take years to undo the damage you’ve done to Cisco in the last few years. Take your millions (billions?) and retire now.

Courteous comments welcome, of course. Darn activist judges take “liberty and justice for all” too far!

The performance increase in individual CPUs is slowing to a crawl. All the easy wins – higher clock speeds, wider datapaths, more DRAM, larger registers and caches, 2-4 cores – have been exploited.

Doctor, is there any hope?
In the recent PCAST report on Federal technological initiatives (see Fed funding for our digital future) (pdf) one sidebar suggested “Progress in Algorithms Beats Moore’s Law.”

. . . in many areas, performance gains due to improvements in algorithms have vastly exceeded even the dramatic performance gains due to increased processor speed.

The algorithms that we use today for speech recognition, for natural language translation, for chess playing, for logistics planning, have evolved remarkably in the past decade. It’s difficult to quantify the improvement, though, because it is as much in the realm of quality as of execution time.

In the field of numerical algorithms, however, the improvement can be quantified. Here is just one example . . . a benchmark production planning model solved using linear programming would have taken 82 years to solve in 1988, using the computers and the linear programming algorithms of the day. Fifteen years later – in 2003 – this same model could be solved in roughly 1 minute, an improvement by a factor of roughly 43 million. Of this, a factor of roughly 1,000 was due to increased processor speed, whereas a factor of roughly 43,000 was due to improvements in algorithms!

The StorageMojo take
Let’s file this one under “Wishful thinking” along with “US housing prices will never decline.” Piecemeal enhancements of specific application areas cannot replace the generalized performance improvements we’ve seen for decades.

No doubt there are important algorithmic improvements to be made. And that in certain problem spaces those speedups will far exceed Moore’s Law – even though the Law is about transistor count, not performance.

That doesn’t change the fact of computation today: the era of predictable and rapid performance improvement is over. Like a vein of rich ore that thins out, our computers will still improve, but the effort needed to do so is rising fast.

Cheap(er) SSDs, larger memories and caches are helping mask the performance plateau by increasing system performance, but reduced I/O latency and increased bandwidth will only take us so far. The way forward is a game of wringing out single-digit percent improvements, not the 2-3 year doubling of the last 60 years.

Courteous comments welcome, of course. The professor whose work the PCAST quote refers to is Martin Grötschel of Konrad-Zuse-Zentrum in Berlin. He’s been doing brilliant work on optimization problems- including the traveling salesman problem and data network design – for decades.

Given how hard it is to save data you want (see The Universe hates your data) to keep, losing data on the web should be easy. It isn’t, because it gets stored so many places in its travels.

Problem
But the power of the web means that silliness can now be stored and found with the speed of a Google search. You don’t want sexy love notes – or pictures – to a former flame posted after infatuation ends.

Or maybe you want to discuss relationship, health or work problems with a friend over email – and don’t want your musings to be later shared with others. Wouldn’t it be nice to know that such messages will become unreadable even if your friend is unreliable?

Researchers built a prototype service – Vanish – that seeks to:

. . . ensure that all copies of certain data become unreadable after a user-specified time, without any specific action on the part of a user, without needing to trust any single third party to perform the deletion, and even if an attacker obtains both a cached copy of that data and the user’s cryptographic keys and passwords.

That’s a tall order. Their 1st proof-of-concept failed. But they are continuing the fight.

Vanish
In Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy and Henry M. Levy of the University of Washington computer science department present an architecture and a prototype to do just that.

Ironically, the project utilizes the same P2P infrastructures that preserves and distribute data: BitTorrent’s VUZE distributed hash table (DHT) client.

The basic idea is this: Vanish encrypts your data with a random key, destroys the key, and then sprinkles pieces of the key across random nodes of the DHT. You tell the system when to destroy the key and your data goes poof!

They developed a data structure called a Vanishing Data Object (VDO) that encapsulates user data and prevents the content from persisting. And the data becomes unreadable even if the attacker gets a pristine copy of the VDO from before its expiration and all the associated keys and passwords.

Here’s a timeline for that attack:

DHT overview

A DHT is a distributed, peer-to-peer (P2P) storage network. . . . DHTs like Vuze generally exhibit a put/get interface for reading and storing data, which is implemented internally by three operations: lookup, get, and store. The data itself consists of an (index, value) pair. Each node in the DHT manages a part of an astronomically large index name space (e.g., 2¹⁶⁰ values for Vuze).

DHTs are available, scalable, broadly distributed and decentralized with rapid node churn. All these properties are ideal for an infrastructure that has to withstand a wide variety of attacks.

Vanish architecture

Data (D) is encrypted (E) with key (K) to deliver cyphertext (C). Then K is split into N shares – K₁,…,K_N – and distributed across the DHT using a random access key (L) and a secure pseudo-random number generator. The K split uses a redundant erasure code so that a user definable subset of N shares can reconstruct the key.

The erasure codes are needed because DHTs lose data due to node churn. It is a bug that is also a feature for secure destruction of data.

Prototype
They built a Firefox plug-in for Gmail to create self-destructing emails and another – FireVanish – for making any text in a web input box self-destructing. They also built a file app, so you can make any file self-destructing. Handy for Word backup files that you don’t want to keep around.

The major change to the Vuze BitTorrent client was less than 50 lines of code to prevent lookup sniffing attacks. Those changes only affect the client, not the DHT.

The Vanish proto was cracked by a group of researchers at UT Austin, Princeton, and U of Michigan. They found that an eavesdropper could collect the key shards from the DHT and reassemble the “vanished” content.

Who is going to collect all the shard-like pieces on DHTs? Other than the NSA and other major intelligence services, probably no one. For extra security the data can be encrypted before VDO encapsulation.

The StorageMojo take
The Internet is paid for with our loss of privacy. Young people may think it no great loss, check back in 20 years and we’ll see what you think then.

It is slowly dawning on the public that their lives are an open book on the Internet. Expect a growing market for private communication and storage if ease-of-use and trust issues can be resolved.

You don’t have to be Tiger Woods to want to keep your private life private. I hope the Vanish team succeeds.

Courteous comments welcome, of course. Figures courtesy of the Vanish team.

Greg Reyes, former CEO of Brocade, received a sentence of 18 months and a $15 million dollar fine for his conviction on 10 felony counts related to options backdating. Prosecutors had asked for 37 months and a $137 million dollar fine. Mr. Reyes was emotional at his sentencing:

When Reyes got his opportunity to address Breyer, he stood at the lectern silently for a few seconds, and then broke down sobbing. [His attorney] read his statement for him.

“I am a shell of the man I once was,” he read.

Breyer said he was quite moved by the 400 letters sent in on Reyes’ behalf, as well as the financial and emotional support he extends toward others. Yet a message must be sent to executives that deceiving the public markets is a serious crime, Breyer said.

The judge cited one more reason for a prison term.

“White-collar defendants, unlike most defendants I see in court every day, have choices,” Breyer said, adding that he had just sentenced a man to more time than Reyes because he illegally re-entered the United States to see his 5-year-old son.

In two weeks, Breyer will sentence another man whose drug addiction began when his father shot him up with heroin when he was 11.

“What choices did that young boy have?” Breyer said.

[From Law.com]

The best CEO of any high tech company?
I met Mr. Reyes a couple of times when both of us wanted Sun to buy FC switches to make Sun’s early FC array more maintainable. I was at Sun at the time. He was an excellent salesman, but some idiot had decreed no FC switches for the storage group.

Storage Newsletter had an odd bit of history as well:

In 2002, we asked Steve Duplessie, well known consultant, to told [sic] us who was the best CEO in the storage industry. His answer: “[The best CEO] would be Greg Reyes of Brocade.”"

The 2 critical success factors for salesman are: a capacity for self-delusion – so you can sincerely and honestly tell your prospects how good it is; and a resolutely short term focus, because making this quarter’s numbers is what counts. Don’t hire a salesman to design your products or your strategy.

The StorageMojo take
Given Brocade’s current problem – they’ve been for sale for over 9 months and there are no takers – and his own, Mr. Reyes was no strategist. But Brocade’s IPO timing made fortunes for Mr. Reyes and co-founders Paul Bonderson and Kumar Malavalli. Isn’t that what really counts?

But Mr. Reyes can be forgiven if he feels unfairly singled out. Here we are 2 years after after the big Wall Street meltdown, where the big ibanks were packaging and selling crap and calling it gold, when mortgage companies and rating agencies had gone wild, and who’s gone to jail for that?

At the same time, Maher Arar, a Canadian who was arrested in 2002 by U.S. officials while changing planes in New York on a trip to Montreal and then rendered by US officials to a Syrian jail was denied a hearing by the US Supreme Umpires. According to the findings of fact, Mr. Arar

. . . was in Syria for a year, the first ten months in an underground cell six feet by three, and seven feet high. He was interrogated for twelve days on his arrival in Syria, and in that period was beaten on his palms, hips, and lower back with a two-inch-thick electric cable and with bare hands.

So buck up, Mr. Reyes, things could be worse. In 18 months you will have paid your debt to stockholders and you will still be among the richest 30,000 or so people in the world.

Courteous comments welcome, of course. America is a nation of laws, not of men, unless the men are fighting terrorism.

For an industry that stands to make billions of dollars on electronic health records (EHR) – if we can get people to use them – storage vendors are strangely passive on the issue of health privacy. Even the good guys like HP and NetApp are silent. What’s up?

The problem
According to Dr. Deborah Peel, a psychiatrist and founder of Patient Privacy Rights said in a recent column in the Wall Street Journal:

In 2002, under President George W. Bush, the right of a patient to control his most sensitive personal data—from prescriptions to DNA—was eliminated by federal regulators implementing the Health Insurance Portability and Accountability Act. Those privacy notices you sign in doctors’ offices do not actually give you any control over your personal data; they merely describe how the data will be used and disclosed.

But patients are right to fear the release of potentially embarrassing information on such health issues as STDs, depression or substance abuse problem, abortions or miscarriages and other issues that should be between a patient and their doctor – not a mortgage company or an employer.

Today our lab test results are disclosed to insurance companies before we even know the results. Prescriptions are data-mined by pharmacies, pharmaceutical technology vendors, hospitals and are sold to insurers, drug companies, employers and others willing to pay for the information to use in making decisions about you, your job or your treatments, or for research. Self-insured employers can access employees’ entire health records, including medications. And in the past five years, according to the nonprofit Privacy Rights Clearinghouse, more than 45 million electronic health records were either lost, stolen by insiders (hospital or government-agency employees, health IT vendors, etc.), or hacked from outside.

One poll found that 1 in 8 people have withheld information from doctors out of privacy concerns. Another poll found that fully 59% were not confident that their health records would be protected if stored electronically.

This is America, where non-compliance with “official” policy is a way of life. If you hope your company will make billions on the EHR market, maybe you think again.

The solution
Dr. Peel’s organization is lobbying Congress to protect patient privacy. Kudos to the ONLY computer or storage company that has joined her in the fight: Microsoft.

The StorageMojo take
Maybe I expect too much from vendors. Why should they care if rampant abuse hoses the EHR market and sours public attitudes towards major users of storage products?

But somehow it doesn’t seem like too much to ask for at least IBM, HP, Oracle and NetApp to get involved to ensure that massive data storage infrastructures are not abused. Having millions of consumers hate and fear your products – or their use – seems counter-productive.

I hope this is just an oversight and that vendors jump aboard. Vendors?

Update: Sign a petition to Congress for a Do Not Disclose law that gives you control over your health information. End update.

Courteous comments welcome, of course.

In a 2nd trial, Brocade’s former CEO Gregory Reyes was convicted of 9 felony charges of fraud and making false statements. The jury deliberated for 4 days.

The jury acquitted him of a conspiracy charge. Sentencing is set for June 24. His lawyer will appeal for a new trial.

Mr. Reyes made some $380 million dollars off Brocade during the dot com boom. What investors didn’t know is that if he had followed the proper accounting rules Brocade’s $67 million FY2000 profit would have been a $950 million loss, at least on paper. Options are a non-cash expense, but so are a lot of other things on income statements.

Mr. Reyes was sentenced to 21 months in prison and a $15 million fine after the first trial, but that was thrown out on appeal and a re-trial ordered. However, that sentence was based on a calculation of “zero-loss” and now prosecutors say they can reasonably calculate loss.

Brocade paid $160 million to settle a class-action suit after Mr. Reyes first trial, a number likely to figure in the prosecutor’s calculations.

The StorageMojo take
Mr. Reyes can take solace in the fact that in America it is the size of your bank account, not the length of your rap sheet, that determines the esteem of your fellow citizens. On that measure Mr. Reyes will do very well, with even a fine of $100 million leaving him a very wealthy man.

There will be an all-expenses-paid stay at a Club Fed, but in 5 years that will be a fading memory. And he’ll tap a rich vein of Valley “there but for the grace of God go I” sympathy once he is out.

If he chooses to follow the well-worn path of public contrition – which he hasn’t yet – followed by good works all will be forgiven in a few years. It could be worse.

Courteous comments welcome, of course.

The historic Health Care Reform that Congress passed last night puts America on a path to be competitive with every other industrialized nation. But it is good for the storage industry as well.

Why?

Electronic medical records
As I noted back in ’06:

Medical records are one of the biggest storage opportunities of the next decade – if Americans can be persuaded they are secure. Right now they aren’t, and with the continuing stories about lost laptops and illegal data access, there is no reason for people to get comfortable. Without public support electronic medical record systems are dead and millions of Americans will suffer from medical delay and even death.

HCR fixes part of the problem: outlawing insurance denials based on pre-existing conditions removes a big fear of electronic medical records (EMR). There is still the issue of medical privacy (see Medical privacy is a sick joke), but that is fixable.

Well implemented, EMR, along with other process re-engineering, can deliver the same results for citizens that it did for the Veterans Administration health care system (see Effect of the Transformation of the Veterans Affairs Health Care System on the Quality of Care from the peer-reviewed New England Journal of Medicine).

The net/net: a common, uniform, EMR takes better care of patients, virtually eliminates prescription errors, enables large-scale studies of treatment protocols, and ensures that a highly mobile population gets consistent care. It’s all good – and massive storage makes it go.

The StorageMojo take
EMR will drive massive growth of medical data, both locally in doctor’s offices and in hospitals, but also in the cloud. Large anonymized data sets will be popular for research – expect Amazon to store them for free – on everything from treatment outcomes to drug interactions and patient education techniques.

While political conservatives demonize science and data-driven policies, the real world work of doing more with less continues. Massive EMR data will be a key driver over the next decades for improving medical outcomes and reducing costs.

Note: Data geeks will like this: Florence Nightingale was not only a public health reformer, but a statistician and pioneer in data visualization. Check this out for details.

Courteous comments welcome, of course. Kudos to the Republicans for their principled work to protect campaign contributions every American’s God-given right to a premature and bankrupt death. But they lost, and a bit of our freedom dies with them.

Today is Memorial Day in America. For StorageMojo.com’s international visitors, this is the day Americans remember those who have fought for our liberty and our ideals.

But many of our ideals are older than America. Others have shared them, beginning in ancient Athens, the first democracy.

2500 years ago Athens was fighting for its life against its polar opposite, Sparta. Athens, the world’s only democracy, cultivated trade, learning, arts and politics. In contrast the Spartans lived as a military state on a permanent war footing, for some 90% of their population were slaves, always tempted to revolt.

After an early battle the Athenian leader Pericles spoke of his city’s ideals at a memorial service for the dead. The text is from The Peloponnesian War by Thucydides. The words are his, the bolding and editing mine.

Our constitution does not copy the laws of neighbouring states; we are rather a pattern to others than imitators ourselves. Its administration favours the many instead of the few; this is why it is called a democracy. If we look to the laws, they afford equal justice to all in their private differences; . . . advancement in public life falls to reputation for capacity, class considerations not being allowed to interfere with merit; nor again does poverty bar the way. . . .

The freedom which we enjoy in our government extends also to our ordinary life. There, far from exercising a jealous surveillance over each other, we do not feel called upon to be angry with our neighbour for doing what he likes. . . . [We] obey the magistrates and the laws, particularly such as regard the protection of the injured, whether they are actually on the statute book, or belong to that code which, although unwritten, yet cannot be broken without acknowledged disgrace.

Further, we provide plenty of means for the mind to refresh itself from business. We celebrate games . . . all the year round, and the elegance of our private establishments forms a daily source of pleasure . . . while the magnitude of our city draws the produce of the world into our harbour, so that to the Athenian the fruits of other countries are as familiar a luxury as those of his own.

If we turn to our military policy, there also we differ from our antagonists. We throw open our city to the world, and never by alien acts exclude foreigners from any opportunity of learning or observing, although the eyes of an enemy may occasionally profit by our liberality; trusting less in system and policy than to the native spirit of our citizens. . . .

We cultivate refinement without extravagance and knowledge without effeminacy; wealth we employ more for use than for show, and place the real disgrace of poverty not in owning to the fact but in declining the struggle against it.

…[O]ur ordinary citizens, though occupied with the pursuits of industry, are still fair judges of public matters; . . . and, instead of looking on discussion as a stumbling-block in the way of action, we think it an indispensable preliminary to any wise action at all. . . . [T]he palm of courage will surely be adjudged most justly to those, who best know the difference between hardship and pleasure and yet are never tempted to shrink from danger.

. . . And it is only the Athenians, who, fearless of consequences, confer their benefits not from calculations of expediency, but in the confidence of liberality.

May it be ever so.

Free the American worker!
After a truly wretched New England winter, news that EMC’s David Donatelli is moving to HP’s sunnier climbs isn’t a total surprise. Nor is it surprising that EMC is trotting out its noncompete agreement to keep Dave from HP.

Bad public policy
The theory behind noncompetes is that a company is protecting its intellectual and commercial property such as customer relationships and product plans. But we already have laws protecting intellectual and commercial property — laws that are quite regularly enforced through civil and sometimes criminal action. Nor is it difficult to suss out who major customers are or what v6.4 of product X will look like.

The problem with noncompetes is twofold. First, they interfere with the free movement of labor to the highest and best use. Shouldn’t Mr. Donatelli be free to take his talents to the highest bidder for the maximum benefit of the free enterprise system?

Second, non-competes are bad for the US economy. Unlike Massachusetts California does not honor them. Yet California has managed to create many more jobs and much more wealth than Massachusetts in the postwar period – despite the Bay state’s early lead in computers and telecommunications as well as DoD and DARPA funding.

Looks like EMC lost this one
If you are a California company following HP’s example could be profitable. As a law firm noted:

If an employee with a noncompetition agreement . . . joins a California company, there is a good chance that the California employee and the new employer may sue in California to invalidate the agreement . . . . The former employer will opt to sue in a state that enforces noncompetition agreements. . . . [U]ltimately, it may come down to whichever side can first obtain a judgment in its favor.

In other words: “you have a good case Mr. Donatelli. How much justice can you – and HP – afford?”

Bay state readers: throw off your chains
Bay state readers: contact your state rep and state senator to support House Bill 1794 that would outlaw all non-competes in the state. Yay!

Somehow I doubt EMC’s top brass is supporting this long overdue reform. But it will be good for you and and your children. Maybe EMC and other companies will be more considerate of employees if it is easier to leave.

The StorageMojo take
There is no evidence that non-competes have helped the economy or the companies that employ them, while hurting labor mobility. Let’s end this relic of medieval serfdom and give labor the same freedom accorded capital.

Hiring companies should also think hard about whether EMC execs are worth the hassle. I’ve seen too many EMC long-timers make a mess at their new company because of cultural differences. EMC’s unique culture has served them well, but it isn’t like most other tech companies.

Courteous comments welcome, of course. I wish HP luck with their new hire. Expect culture shock on both sides.

I’m at SNW and learning a lot about the latest and greatest, including wordpress hacking.

I found this helpful Google warning when I went to the site this morning:

Oh, goodie.
Running the latest version of wordpress, so I *hope* that isn’t the problem.

Combed through the site files and found a few hundred suspicious cache files, which I deleted.

Also appears that my new theme, Thesis from DIYthemes, was hacked as well. Still sorting that out.

Update: It appears the culprit was a hacked “creative” coming in from IDG’s advertising network which reps for StorageMojo. I looked at the source and found no way to determine that.

So how does a “creative” get hacked? Are ad agencies being infiltrated by hackers? Did some idiot download a cute graphic and paste into a layout?

While I like my new theme, I’ve realized that its developers it know way less about security and software development than the WordPress team. And that gives me pause. End update.

Update II: Got another Google malware warning Saturday afternoon and was able to pull the offending script v fast. Also found a “WordPress” document that wasn’t part of WordPress at all. I hope that does it. End update II.

The StorageMojo take
The crack StorageMojo security team is on the case. Sorry for the disturbance.

Now back to our regularly unscheduled program.

Courteous comments welcome, of course.

Or a reasonable facsimile thereof
If you are interested in Disaster Recovery check out Axxana. They solve the limited synchronous data copy distance problem with a black box designed for data. Concept is simple but getting the details right is hard.

The problem
Synchronous replication requires that apps wait until the remote site completes the write. Given the speed of light, that means that synch sites can’t be very far away. Certainly not the 300 miles the SEC would like to see for financial institutions – we still have a few of those, don’t we?

Axxana’s answer
No matter what happens in a plane crash, they always seem to be able to recover the “black box” that tells them what the plane was doing shortly before the crash. Axxana has developed a black box for data centers.

Here’s how they describe it:

The Phoenix Black Box is located near the storage system at the primary data center and records a synchronous data stream from the storage. At the same time, an asynchronous data replication system is moving data to a secondary data center (the remote recovery site). The Phoenix Black Box has to protect only the Gigabytes of data that would have been lost in a typical asynchronous replication scenario. Data is protected inside the Black Box during the course of the disaster and can be immediately extracted.

Data extraction is achieved either by:

• Physically locating the system by tracking the homing signal and connecting a laptop with an Axxana software component to the Phoenix System™ at the disaster site, or
• The self sufficient and well protected system transferring the data to the secondary site using highly resilient cellular broadband technology.

Your data phones home after a disaster.

Compelling economics
It will take a while to suss out all the implications, but one simple scenario is a company with 3 data centers around the world could in-source their DR strategy with the equivalent of synchronous data recovery. How much would that save?

Distribution
They are working with as many of the major vendors as they can to get the product to you through people you already deal with. Expect to see some announcements.

The StorageMojo take
They are in contention for StorageMojo’s “coolest new product as SNW” award. It looks like they can handle anything up to an A-bomb blast. If that happens even synchronous data replication may not work. Besides, a dirty bomb is much more likely. Happy thoughts, eh?

Comments welcome, of course. Guys, sorry if I jumped the gun. But when I saw the web site was up . . . .

Stepping beyond marketing green-washing, the folks at Wikibon have done something. Tomorrow morning they’ll announce, along with California-based PG&E, Conserve IT,

. . . a first-of-its-kind service that accelerates the qualification of storage products for energy rebates and provides independent validation of energy efficiency for storage platforms from a number of leading vendors, spanning emerging Web 2.0 suppliers to the most recognized brands in the business.

Conserve IT was launched on behalf of IT customers in the Wikibon community who wanted to take advantage of the excellent programs PG&E and other utilities have put in place to conserve energy. The community felt that it could help to dramatically increase the participation of storage technologies which are major consumers of power and cooling in data centers. PG&E responded to Wikibon by allocating resources to help qualify additional storage technologies and providing guidance to the storage industry at large.

A watt saved is a watt earned
3PAR, Compellent, DataDirect Networks, EMC, Hitachi Data Systems, Nexsan and Xiotech, have signed on to the program. Customers who want PG&E’s incentives must be accepted into the program before buying new equipment.

PG&E has long understood that conservation cuts their marginal cost of power. Since that power is the most expensive they buy – usually natural gas-fired turbines – it is cheaper for them to pay customers to conserve power than building more power plants. Faster and better for the environment too.

The StorageMojo take
Kudos to Wikibon for sheparding this program and to PG&E and the storage companies for their support. Now it is up to the customers to take the next step.

Of course, looking at the companies involved, you are wondering “where are HP, IBM, Sun and NetApp?” I hope they are already in process, but if not, get the lead out. Company reps are invited to comment to update StorageMojo readers on your progress.

Comments welcome, of course.

Getting rid of the hacked files and spam links wasn’t the end of it
Dreamhost notified me that the load on my server was excessive and they’d disabled StorageMojo.

Yikes! Had I been hacked again? DDOS attack? What?

Building the correct mental model
In short order I brought up my SFTP client, my tracking site, the Dreamhost webpanel and my son on chat. He had me toss a new index.html file into the site folder to let people know that the problem was getting addressed.

On to problem solving
It took a while to figure it out because I’d never seen it before.

The load was coming from Google referrals for charming search terms that I’m going to misspell on purpose in hopes of not attracting similar traffic:

• download sh*mail
• downlode free 1ndian s3x movies
• pharmasuitical affiliate prom0
• 0rgish/behe*ding
• h1nd1 p0rn m0v1es

*Lots* of pee-oh-rn requests for many different ethnic types. Some things are universal – at least among guys.

There were no hacked files still on StorageMojo – I’d gotten them all last week and they were still gone. But the tracking site was referring to them, so for a while I thought they were there but that for some reason I couldn’t see them.

But then my son checked what happened when someone tried to go to the spam links. The site was delivering a “system error” message – not the static 404 page I’d expect – so the site wasn’t delivering the spam content and it really was gone. Presumably processing for the “system error” page created much of the extra overhead Dreamhost was seeing.

For a while StorageMojo was getting thousands of hits an hour from these Google referrals. At some point Google must have crawled the site again, saw the content was no longer there, and stopped referring people.

Not a moment too soon!

So what was this all about?
My son hypothesized:

This looks like a two-step scheme…step one is that they hacked your site and got all those bad SEO files uploaded. Step two is to send lots of fake Google traffic through your site to increase PageRank.

Then I went one step further and checked out one of the spam pages that Google had cached. In big bright colors it told me that my XP system was infected with viruses and I should download their *free* virus scanner.

Whoa, scary. Except I’m on a Mac.

Botnet recruitment? I don’t know.

The StorageMojo take
I’ve made a number of changes to tighten up StorageMojo. As I was researching this I found that there are many security “folk remedies” out there, but very little on what the high priority issues are.

Keeping software up to date seems to be the critical success factor – and sad to say, I’d been lax. In addition to keeping current I’m now checking my site files more often among other changes.

Hopefully these requests will tail off as Google stops referring people. And StorageMojo can go back to being a quiet little site.

Thank you for your patience.

Comments welcome, of course.

I had a con call with Chris Gladwin and Russ Kennedy of Cleversafe a couple of weeks ago. They’ve come to market with a product line that seeks to deliver:

• Massive scalability to meet growing digital content requirements
• Unprecedented Security and Privacy for critical digital assets
• Survivability against disasters, dishonesty and time
• Extremely cost-effective infrastructure compared to traditional methods

That’s a quote from their pitch.

Cleversafe’s product line
Cleversafe, IIRC, started as a software company, but their announced products come in nice rack-mountable boxes. There are 3 of them:

• CS Slicestor – Dispersed Storage server – $11.3k
• CS Accesser – Dispersed Storage router – $12.3k
• CS Manager – Dispersed Storage network manager – $12.3k

The Slicestor is a 1U storage server containing 4 disks. The Accessor slices up the data and distributes it – think slice router. The Manager works out of band to monitor and manage the storage network components.

I assume the pricing includes some room for volume discounts. There is an open-source version (c. 2006) of the software. The company intends to offer a software-only version as well.

Why hardware?
The Conventional Wisdom in VC circles is that tin-wrapped software ramps revenues faster – hey, you’re selling tin + bits – at the cost of lower margins and loss of focus.

Qualifying hardware is non-trivial; so you tend to stay on one platform longer than you should. At liquidity event time, software companies fetch higher multiples, so it may be a net loss. VCs live by the Golden Rule: he who has the gold makes the rules.

What it does
Cleversafe has an iSCSI or block storage interface. It takes the data, slices it into small pieces using Information Dispersal Algorithms and then ships the slices off to storage either locally or around the world.

In the latest version you can specify how many slices the system makes and how many slices are required to rebuild the data. If you have 11 data centers around the world, you can specify that, say, 6 are required to recreate the data.

You could lose access to 5 data centers and still recover. If the local controlling authority busts into 3 or 4 data centers, they get nothing. Pretty cool if you worry about corrupt government officials getting hold of your company secrets.

The company is planning on adding FTP, CIFS and NFS in the fullness of time.

How well it works
Cleversafe claims that given sufficient low-latency bandwidth the dispersed storage is as fast as a local disk. That’s a tall order, but for now I’ll take their word for it.

Who should buy it?
The company is aiming the Dispersed Storage Network at ISPs to offer as a service and multinationals with round the clock operations and critical data.

How it works
Cleversafe uses Cauchy Reed Solomon erasure codes to slice and dice the data. These codes have several advantages:

• More capacity efficient and failure tolerant than parity codes
• Doesn’t require a license
• Code and decode are faster than other stack operations

If you’d like to play with Cauchy Reed Solomon, check out Dr. Jim Plank’s software page which includes

. . . Reed-Solomon coding, Cauchy Reed-Solomon coding, general bit-matrix coding, Reed-Solomon coding optimized for RAID-6, and Liberation coding. The documentation provides some tutorial material on matrix and bit-matrix based erasure coding.

I met the good doctor at FAST, where he was delighted to find that Clevesafe – also a FAST presenter – was using techniques he’d worked on a decade ago.

The StorageMojo take
I’m impressed with what Cleversafe has done. They will look even smarter after EMC’s Hulk/Maui announcement this spring. I suspect they’ll be bought by year’s end.

Kudos to the Cleversafe team.

Comments welcome, of course.