a reckoning for tech by the humans that work with it

Empathy for The Big Red O. TechReckoning Dispatch v3n14


Hi friends,

I’ve built my whole career on empathy. Putting yourself in other people’s shoes goes a long why towards understanding why somebody does something. Inexplicable villains exist mostly in the movies. I’ve had a lot of meetings over my career explaining to product teams, “Here’s why that blogger just said bad things about your product that made of feel bad and no, we can’t delete the post or yell at them.” Twitter is especially good at reducing empathy and making it easy to pass judgement in 140 characters on teams full of smart people trying their best.

So in that spirit, let’s take a look at what Oracle announced last week. Oracle is perhaps the easiest tech company to make fun of, with huge but flat legacy revenues, an often aggressive stance towards customers, and Uncle Larry on stage, who has a Trump-esque affection for superlatives. On the other hand, what I said above — smart people, working hard? Let’s see what they’ve got.

Brandon Butler’s article in CIO is a good place to get context. Does Oracle have a shot in the public cloud vs. Amazon and Microsoft? The headline from OpenWorld was about IaaS price, which most people thought was strange since AWS hasn’t been about low price (except on the entry cost) for a long time.

Gartner’s Lydia Leong lays it out in her post: Oracle’s next-gen cloud offering. The Big Red O has ambitions to be a player in public cloud.

Oracle has paid richly to hire an “A” team, so to speak — former long-time senior AWS engineers lead the project, and they’ve recruited heavily from all three hyperscale clud providers in Seattle … These are credible product and engineering people who, in my opinion, understand what they need to build and the enormous challenges ahead of them. … I would say that smart and scalable choices seem to have been made throughout. However, I would characterize this early offering as minimum viable product; it is the foundation of a future competitive offering, rather than a competitive offering today.

Indie analyst Ben Thompson gives his view of history in Oracle’s Cloudy Future. He makes a kind of strained analogy — Oracle is like an old-fashioned inflexible IBM hierarchical database,while AWS is ironically giving the flexibility that relational databases brought to the market. Ben’s always worth reading, though, and he makes two salient points:

  1. Oracle’s spending a lot less than Amazon on infrastructure, so can’t possible keep up in that way (A point that’s been made by many. Amazon spent $10B on infrastructure in the last 12 months, a future that includes retail distribution centers but, yow, that’s a lot of cabbage — more than a full Uber in a year.)
  2. Oracle is going to use its application offerings to pull people into its own cloud.

But Ben is not buying it:

In short, what Ellison was selling as the new Oracle looks an awful lot like the old Oracle: a bunch of products that are mostly what most customers want, at least in theory, but with neither the flexibility and scalability of AWS’ infrastructure on one side nor the focus and commitment to the user experience of dedicated SaaS providers on the other.

In his podcast discussing this article, Ben seems to think that that other vendors’ SaaS offerings are a bit more magical than they are in reality and he discounts Oracle’s ability to offer SaaS a bit more harshly than I would, but I see in general where he’s coming from.

Enrico Signoretti gives the full-on “Oracle is doomed” argument in his post: Oracle Cloud? I don’t get it… and I have a lot of questions.

Sorry to say Oracle, you are doomed. No, I’m kidding… of course. But life will get tougher in the future. You are missing all the important points and your technology is outdated and not efficient enough to run in public, private or hybrid clouds. The lack of options, especially in the open source space, will make it even harder for developers to chose your cloud… and you are missing what cloud developers really want from cloud infrastructures.

My take? The AWS rate comparisons are table stakes for 2016. Conventional wisdom has shifted from “AWS is the Only True Cloud” to a world of multiple hybrid clouds competing on features and ecosystem — Google’s sophisticated data services, IBM’s Watson and breadth of platforms, Microsoft’s apps and services tie-ins, including LinkedIn, and regional providers with data locality and specialized expertise. Oracle is unlikely to compete against AWS head-on, if for no other reason than the huge capital spend required, But Oracle as a service provider offering hybrid cloud within its ecosystem? It requires execution, and it requires a hybrid business model that retains margins in return for extraordinary customer value — margins are a business iceberg waiting even with perfect technical execution! But I have the empathy to see what the folks at Oracle are trying to create.

(Disclaimer: Oracle remains a client, which helps me with the empathy but I don’t believe influences what I wrote above.)

As technology professionals, security is part of our remit. But sometimes these days it seems like it’s the Walking Dead out there. The latest wave of zombies is the record-breaking DDoS attack against security journalist Brian Krebs, which at this time appears to have been handled by Google after Akamai thew its hands up. For context read Why the silencing of KrebsOnSecurity opens a troubling chapter for the ‘Net by Dan Goodin at Ars Technica. And what enables these apocalyptic attack? YOUR FREAKING UNPATCHED IoT DEVICES. I told you all those unpatched TVs were a disaster.

Instead, the attacks against KrebsOnSecurity harness so-called Internet-of-things devices — think home routers, webcams, digital video recorders, and other everyday appliances that have Internet capabilities built into them. Manufacturers design these devices to be as inexpensive and easy-to-use as possible. Consumers often have little technical skill. As a result, the devices frequently come with bug-ridden firmware that never gets updated and easy-to-guess login credentials that never get changed. Their lax security and always-connected status makes the devices easy to remotely commandeer by people who turn them into digital cannons that spray the Internet with shrapnel.

Krebs does lay out some zombie-proofing technology in his (now visible again) blog post:

As I noted in a November 2015 story, The Lingering Mess from Default Insecurity, one basic step that many ISPs can but are not taking to blunt these attacks involves a network security standard that was developed and released more than a dozen years ago. Known as BCP38, its use prevents insecure resources on an ISPs network (hacked servers, computers, routers, DVRs, etc.) from being leveraged in such powerful denial-of-service attacks.

Former VMware CTO Steve Herrod just issued a call for a broad national response. We’re Losing the Cyber-War. It’s Time to Mobilize.

This growing skills gap has not gone unnoticed by the U.S. government. President Obama’s 2017 budget calls for a 35 percent increase in spending on cybersecurity, bringing it to $19 billion. A substantive portion of this budget goes toward the recruiting and training of cybersecurity professionals. For example, the Administration has created a National Initiative for Cybersecurity Education, earmarking $62 million to expand a CyberCorps Reserves program that offers scholarships to students who commit to starting their careers with the Federal government.

These are nice pieces of the puzzle, but a broader, more comprehensive initiative — call it “Secure America” — is needed to recruit, educate and create appealing career paths for potential “white hat” cyber-warriors.

Two asks this week:

Ask #1: Sign up for The Briefing List

As we mentioned last week, if you’re a blogger, and you want an occasional briefing from a vendor, just sign up here with The Briefing List. Thanks for those folks who have already signed up!

Ask #2: Share Your OPML & Podcast List

I’m working on a number of aggregation and curation projects. If you use RSS, I’d love to get a copy of your OPML file to get a good set of blog and news feeds, and podcasts you subscribe to. I will aggregate and share everything that is sent in.

In the meantime, if you are looking for a good feed of virtualization blogs, Eric Siebert has turned his Top 100 vBlogs list into a river/planet/feed here: http://planet.vsphere-land.com.

The latest Geek Whisperers drops lots of wisdom: Choosing Titles You Want To Have with Frank Denneman at World 2016 — Ep 120.

From the mailbag: Joe Stewart points out that there is nothing new under the sun, and speed of execution is nothing new: “Our team was called devops back in 2004. Because we did ops for development. (Because regular ops wasn’t fast enough.) Pretty sure we weren’t pioneers either.” And Bill Petro uses the power of USENET to pull up his old vi macros and this great review of MacWorld Expo 1991 that ends with an offer for permission to reprint in newsletters. So that tells you how far we’ve come in 25 years! Right back to newsletters.

Photo credits: jtroyer at Pillar Point Harbor and David Skazaly. For more groovy links, check out TechReckoning on TwitterFacebook, or LinkedIn. If you like this newsletter, forward it to someone you admire. .