Archive for the 'opensource' Category

The app hell of the future

Just over 5-years ago, in April 2011, I wrote this post after having a fairly interesting exchange with my then boss, Michael Dell, and George Conoly, co-founder and CEO of Forrester Research. I’m guessing in the long term, the disagreement, and semi-public dissension shut some doors in front of me.

Fast forward 5-years, and we are getting the equivalent of a do-over as the Internet of Things and “bots” become the next big thing. This arrived in my email the other day:

This year, MobileBeat is diving deep into the new paradigm that’s rocking the mobile world. It’s the big shift away from our love affair with apps to AI, messaging, and bots – and is poised to transform the mobile ecosystem.

Yes, it’s the emperor’s new clothes of software over again. Marketing lead software always does this, over imagines what’s possible, under estimates the issues with building in and then the fast fail product methodology kicks-in. So, bots will be the next bloatware, becoming a security attack front. Too much code, forced-fit into micro-controllers. The ecosystem driven solely by the need to make money. Instead of tiny pieces of firmware that have a single job, wax-on, wax-off, they will become dumping ground for lots of short-term fixes, that never go away.

Screenshot_20160524-113359Meanwhile, the app hell of today continues. My phone apps update all the time, mostly with no noticeable new function; I’m required to register with loads of different “app stores” each one a walled garden with few published rules, no oversight, and little transparency. The only real source of trusted apps is github and the like where you can at least scan the source code.IMG_20160504_074211

IMG_20160504_081201When these apps update, it doesn’t always go well. See this picture of my Garmin Fenix 3, a classic walled garden, my phone starts to update at 8:10 a.m., and when it’s done, my watch says it’s now 7:11 a.m.

IMG_20160111_074518Over on my Samsung Smart TV, I switch it from monitor to Smart TV mode and get this… it never ends. Nothing resolves it accept disconnecting the power supply. It recovered OK but this is hardly a good user experience.

Yeah, I have a lot of smart home stuff,  but little or none of it is immune to the app upgrade death spiral; each app upgrade taking the device nearer to obsolescence because there isn’t enough memory, storage or the processor isn’t fast enough to include the bloated functions marketing thinks it needs.

If the IoT and message bots are really the future, then software engineers need to stand up and be counted. Design small, tight reentrant code. Document the interfaces, publish the source and instead of continuously being pushed to deliver more and more function, push back, software has got to become engineering and not a form of story telling.

YesToUninstallAnUpdate[1]

Retired Until Further Notice

RUFN. I can’t remember where I first saw this, I think on an ex-colleagues linked-in status(*1). Back in September I declared I was done with cube life and it didn’t take long before it was time to part company with Dell.

I’m at an important crossroads, starting to pack up my Austin home, and move to a new house my partner, Kate, and I are building just south east of Boulder CO. Kate is already living in Boulder, where we are partners in Boulder Bodyworker.

So it seemed like an appropriate time to take some time out, and start an exciting new phase of life for me. I’ll be keeping busy, while I don’t have any active movie or music projects at the moment, I am behind on working on a project for Tri Equal and also a member of the advisory board  of the Professional Triathlon Union and continuing generally as an activist in the triathlon community.

I’m available for consulting work in the new year, especially for small to medium sized businesses that want to get an insight or review of their technology strategy; a perspective and advice on working with open source; data center operations.

Otherwise I’ll post here as appropriate and see how things develop next year. Merry Christmas and a Happy New Year

 

*1. Yeah I’m aware of the slang usage.

O’Reilly Webcast – Extending Cassandra for OLAP

oreilly doradusColleague Randy Guck, who leads our open source Doradus project, recent gave an O’Reilly Webcast on the project and using Doradus to extend Cassandra for high performance analytics.

The discussion on how Doradus leverages Cassandra, its data model and query language, the internal architecture and the concept of storage services gave in-depth background to then understand the Doradus OLAP service and how it provides near real-time data warehousing.

Randys’ slides and webcast can be fund here. It does need registration, but is well worth the effort. The webcast was sponsored by Dell, which was entirely coincidental, since it was for a Hadoop services offering. Doradus offers some interesting ways to extend and use Cassandra and Randy covers most of them in the webcast. The key point is, that Doradus is an open source project, use and source code are free. Details on Doradus are in this blog entry.

OpenSSL and the Linux Foundation

Former colleague and noted open source advocate Simon Phipps recently reblogged to his webmink blog a piece that was originally written for meshedinsights.com

I committed Dell to support the Linux Foundation Converged Infrastructure Initiative (CII) and attended a recent day long board meeting with other members to discuss next steps. I’m sure you understand Simon, but for the benefit of readers here are just two important clarifications.

By joining the Linux Foundation CII initiative, your company can contribute to helping fund developers of OpenSSL and similar technologies directly through Linux Foundation Fellowships. This is in effect the same as you(Simon) are suggesting, having companies hire experts . The big difference is, the Linux Foundation helps the developers stay independent and removes them from the current need to fund their work through the (for profit) OpenSSL Software Foundation (OSF). They also remain independent of a large company controlling interest.

Any expansion of the OpenSSL team depends on the team itself being willing and able to grow the team. We need to be mindful of Brooks mythical man month. Having experts outside the team producing fixes and updates faster than they can be consumed(reviewed, tested, verified, packaged and shipped) just creates a fork, if not adopted by the core.

I’m hopeful that this approach will pay off. The team need to produce at least an abstract roadmap for bug fix adoption, code cleanup and features, and I look forwarding to seeing this. The Linux Foundation CII initiative is not limited to OpenSSL, but that is clearly the first item on the list.

Open Source @ Dell – Doradus

I’m delighted to announce that last week Dell Software group made available it’s first major open source project, Doradus.

Doradus is the next and biggest release so far from the software group at Dell and it joins Blockade, discussed in this blog. Through 2014, I hope to be in a position to announce at least a couple more big projects, and numerous smaller ones. We are pulling together a coherent approach to this, as well as a number of smaller tools.

What is Doradus?

Doradus is a set of tooling that started out ~2.5 years ago and is, and has been used by a number of our Dell software products. It has not been available as a product itself. Doradus provides a REST API on top of the Cassandra NoSQL database, adding a number of high level features. As a pure Java service it simplifies and extends NoSQL database functionality with a graph-based data model with bi-directional relationships and full referential integrity.

Included are a powerful query language supporting full text and statistical queries; Automatic data aging;  and Two storage services that target specific application types. An  OLAP service provides ultra-dense storage and fast analytic queries. There is a client library that allows Java clients to use POJOs to access Doradus DBs. It scales horizontally with Cassandra to provide NoSQL benefits of elasticity, replication, fault-tolerance, low cost, etc.

What was open-sourced?

The Doradus components included in the OSS offering are:

  • doradus-server: Source code and config files for the server.
  • doradus-client: Source code and config files for the Java client library.
  • doradus-common: Source code for doradus-common.jar, used by both the client and server modules.
  • docs: PDF versions of the main Doradus documentation. The build scripts in the root directory also build Java docs for the client library in the folder ./doradus-client/docs.

These components are released with the Apache License 2.0. Currently, we are working through the legal issues on enhancements and contributions, and will add an Apache based CLA to encourage larger contributions. In the interim we are happy to accept bug fixes for inclusion in the next code base rev. We are also looking to add the regression test suite that we use for continuous integration build integrity.

Where can I get it?

Doradus source code, documentation, and build scripts are available here: https://github.com/dell-oss/Doradus . You can use any Git client to download the files, or click the Download ZIP button to get everything as one .zip file. The root directory has both Ant and Maven build scripts, which download dependent jar files and build the binaries. In the near future, we will post pre-built source code, doc, and binary bundles on Maven Central to simplify downloading and installing.

What is dell-oss?

One of the things we’ll be doing this year is pulling together our open source projects and contributions, to make them easier to find, and to simplify for the Dell teams that will be contributing OSS projects. Personally, I’d like to also include a section where we store copies of our incoming and outgoing licenses, templates, and completed licenses. At least as of now we’ll be doing that through dell-oss, with Ant and Maven as needed. More detail on this when we make our next project announcement.

Congratulations to Randy Guck, James Bumgardner who made the OSS effort happen, also to the other Doradus developers.

More on OpenSSL, Heartbeat

I don’t propose to become an expert on OpenSSL, much less the greater security field, but I know people who are. My role in the Linux Foundation Core Infrastructure Initiative was to help Dell recognize how we can support a key industry technology, and at least give Dell the ability to have input on what comes next.

Our SonicWall team have many experts. They’ve published a great blog both on  their product positioning and use in relation to Heartbleed and vulnerabilities, and Network Security product manager Dmitriy Ayrapetov raises the question, in a world of mostly TCP traffic, are TLS Heartbeats even necessary?

The Dell SecureWorks Counter Threat Unit™ (CTU) have a blog on malware arising out of and exploiting the heartbleed vulnerability. Another great Dell resource well worth following for those with an interest in secuirty.

Core Infrastructure Initiative (OpenSSL)

I’m pleased to announce that Dell with be a joining the Linux Foundation and a number of key industry partners in establishing the Core Infrastructure Initiative(CII). This is another open source initiative, and I’m glad to have have played my part in pushing through the approval. I mentioned in my February blog, and we continue to work on three other, I think significant initiatives.

CII is a new project to fund and support critical elements of the global information infrastructure. The Core Infrastructure Initiative enables technology companies to collaboratively identify and fund open source projects that are in need of assistance, while allowing the developers to continue their work under the community norms that have made open source so successful.

The first project under consideration to receive funds from the Initiative will be OpenSSL, which could receive fellowship funding for key developers as well as other resources to assist the project in improving its security, enabling outside reviews, and improving responsiveness to patch requests.

You can read the full Linux Foundation news release here and the New York Times already has a blog here.


About & Contact

I'm Mark Cathcart, formaly a Senior Distinguished Engineer, in Dells Software Group; before that Director of Systems Engineering in the Enterprise Solutions Group at Dell. Prior to that, I was IBM Distinguished Engineer and member of the IBM Academy of Technology. I'm an information technology optimist.

Blog Stats

  • 82,840 hits

Subscribe to updates via rss:

Feed Icon

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 586 other followers

Top Clicks

  • None