Cloud Computing Doghouse Updates (Incoming): Australia’s Clean Feed

Today was a sad day for all Australians (and not just becuase of the horrific bushfires) – Senator Stephen Conroy (Minister for Broadband, Communications and the Digital Economy, above) announced the start of the Internet Service Provider (ISP) Filtering Live Pilot. I’m not going to go into the myriad reasons as to why this is a full frontal assault on our rights, nor explain all the reasons why it can never work and why a limited opt-in trial is not representative of reality, talk about collateral damage or even point out the many ways that a tool like this could (and almost certainly will) be repurposed to invade our privacy and monitor our every (online) move – Wikipedia’s Internet censorship in Australia article does a great job of covering the main issues.

I will however point out that such systems can only have a detrimental affect on cloud computing which is heavily reliant on low latency, high bandwidth connections. I’m surprised that others have not focused on this before, but with consumers and business alike moving en-masse to cloud computing solutions like Google Apps, who in their right mind would interfere with the pipes that make it all work? Filtering systems are complex, orders of magnitude slower than dedicated network equipment, largely ineffective, easily circumvented and perhaps most importantly, prone to catastrophic failure.

Google’s recent high profile outage which rendered the Internet unusable for the majority of Internet users for almost an hour was due to a SINGLE ‘/’ CHARACTER misplaced in a filtering system. For many businesses, Internet connectivity is getting to be as important as other utilities like water, gas and electricity – without it they are completely paralysed. Even spikes in latency which affect functions like address auto-complete and interactive interfaces (think Gmail) can render cloud computing applications unusable. Forget the children (who could be filtered selectively anyway), think of the cloud! Besides, education is a better strategy.

For those of you who (like me) take offense to this latest attack on our liberties, here’s what you can do:

If you need a starting point, here’s what I sent to my old local member, Malcolm Turnbull (who happens also to be the leader of the opposition) back in October last year:

Dear Sir,

I write to register my strong objection to the “clean feed” proposal which is already once again already making Australia the “global village idiot“. A certified security professional I assure you that you are trying to achieve the impossible and as an Australian citizen I am concerned that this measure, sold as protection for society, will actually erode its very core. The scope for abuse of such technology is virtually unlimited and though today’s objective may be a noble (if unattainable) goal, inevitible future repurposing is a very serious risk that far outweighs any percieved benefit; it is indeed a slippery slope and short step from here to the systemic abuse of the most oppressive of regimes.

Furthermore, as an active proponent of the next generation of technology known as cloud computing I can assure you that any such system will impair both performance and security while being easily bypassed, damaging the country’s competitive edge and forcing business and personal consumers to pay more for already extortionate Internet access (in France for example a complete, unrestricted telephone/television/internet package costing hundreds in Australia is only €29.99).

Please reconsider this misguided proposal and divert funding to countermeasures such as education which will certainly be far more effective, in the same way that funds diverted to first responders would be a far more beneficial response to the threat of terrorism.

Kind regards,

Sam Johnston

And here’s what I heard back a few days later:

Thanks Sam for your email. There are many concerns about the manner in which a blanket arbitrary determination about web content will be imposed by the Government.

The coalition fully supports guarding our children from being exposed to inappropriate internet content and is of the firm belief that parental and adult supervision and guidance should be front and centre of all efforts.

We will continue to monitor the progress of this trial with great interest and make a considered assessment based on its outcomes. This will include analysis of the specifications and performance of the filtering methods tested.

Cloud Computing Doghouse Updates (Outgoing): Nirvanix

A lot has happened since I tried my hand at investigative journalism with my detailed piece on Nirvanix’s lineage and its connections with Streamload/Mediamax/The Linkup (which you can read about in their Wikipedia article). Shortly afterwards CMO Jonathan Buckley was gone and a month ago today CEO Patrick Harr left “to pursue a new business endeavour”, replaced by “IT Veteran” and ex-McKinsey & Co, Jim Zierick (many of my friends are current & former McKinsey consultants and without exception they all know their stuff).

I’ve since had a bunch of public and private feedback and also heard from the original founder, Steve Iverson, who was surprisingly objective about it all:

It’s been several months now, so I have had enough time to put it behind me and move on to new things. We had a good run with Streamload and some good times and some very bad times and many lessons learned for me. The Nirvanix/MediaMax outcome was very disappointing and could have worked out so much better for everyone (MediaMax, Nirvanix, and our customers) but I suppose it wasn’t meant to be.

I can relate to Steve’s situation in that he would certainly not be the first technical person to have been disenfranchised by unscrupulous business types (Cisco founders Sandy Lerner and Len Bosack come to mind), but I also feel for the many victims who lost irreplacible data in The Linkup’s demise. I guess we’ll never know the true extent of Nirvanix’s culpability.

If this anonymous former employee is to be believed then maybe it’s too late for Nirvanix already, but if the guys responsible for this debacle are indeed long gone and they’ve tightened the belt and replaced key members of the management team then maybe it’s not – time will tell. They have some attractive products and (almost) first-mover advantage so provided they can deliver on the service then they could well still turn it into a success story.

In any case there seems little point in leaving them in the doghouse – no doubt if the data could have been restored it would have already and perhaps the old adage that “lightning never strikes the same place twice” is apt. I wish Jim and his team well and look forward to seeing what the next Nirvanix chapter holds.

Update: They flamed out; here’s a post mortem.

Cloud Computing Doghouse Updates (Incoming): Psion / Netbook trademark

Many of you will remember Psion from their heydey of making PDAs and other consumer devices and will be surprised to see them being discussed in the context of cloud computing. I’ve already explained what the netbook class of laptops is before and why 2009 will be the year of the enterprise netbook. Basically these are laptops that are optimised for the Internet, not bloated operating systems running heavyweight local applications. They have just enough resources for that task and as a result are significantly cheaper and (having dispensed with many of the moving parts) are far more reliable. They run cooler and longer and are both economically and ecologically friendly (think $300-400 each and 5-10 year lifetime, or a couple of bucks a month). Sounds too good to be true? Well if Psion have their way, it will be (at least under the ‘netbook’ moniker to which we are all accustomed).

You see the thing is that a bunch of years ago Psion somehow managed to obtain trademarks (including US trademark #75215401 and EU Community Trademark #000428250) for the term ‘netbook’ which it used on a line of products abandoned over 5 years ago. While the trademark probably should have been rejected outright for being ‘merely descriptive’ (e.g. a network enabled notebook), it wasn’t and managed to proceed to registration and extension into other territories.

Despite significant generic usage of the term over the last year or two (sufficient that the vast majority of us don’t think ‘Psion’ when we hear ‘netbook’), just before christmas last year Psion’s lawyers sent out a bunch of cease and desist letters (like this one) – not only to vendors but also to bloggers! They later clarified that they were only going after those “profiteering” from the term while conceding that “the extent of use has not been that great” (they have just been “supplying ‘Netbook’ accessories and also providing maintenance and support to existing ‘Netbook’ users“).

To our surprise the USPTO enforced it as recently as last month in denying at least 3 other marks (here, here and here) containing the term ‘Netbook’ citing ‘confusing simularity’ with Psion’s existing registered trademark. Google only last week banned ads containing the term as well. Too bad for Dell, HP and anyone else with a ‘netbook’ line. Ultimately though it will be the consumer who suffers if Psion continue on this perplexing crusade. They still lack a netbook offering (even if they are scrambling to build one) and while their Symbian/ARM based product was quite revolutionary, it would not have been the first time a product failed because it was ahead of its time.

See trademarks are designed to give a legal monopoly such that an owner can build up a brand and prevent others from releasing similar products with the same identifying features. They’re essential for many businesses and generally good for consumers too – you know what you’re getting when you buy a can of Coke® but couldn’t be so sure were it not for trademark protection. In this case though the term ‘netbook’ grew organically and independently of Psion’s largely unsuccessful product (sufficiently so that it has been long since abandoned). Their choosing to wait until now to enforce the trademark rather than stamp it out when it first appeared (in which case we would have just found some other term) is damaging to the segment, damaging to the users and damaging to cloud computing itself.

That’s why they’re taking over from Dell in the cloud computing doghouse and will stay there until such time as they win (which would be a travesty of grand proportions) or the trademark is invalidated as descriptive and/or generic. If any vendors want to take on this fight then I’d be more than happy to provide an expert opinion, and I’m sure I’m not alone. To those of you who think Psion is playing fair, guess again – they had their chance and missed it by a full 5 years. If they want to get in the game now and compete on a level playing field then they are more than welcome, but resorting to the trademark equivalent of a ‘submarine patent’ is (in my opinion at least) playing dirty pool.

Cloud Computing Doghouse Updates (Outgoing): Dell Computer

Today is an important day in that it marks the 6 month anniversary of USPTO’s revocation of Dell’s Notice of Allowance for the infamous ‘Cloud Computing’ trademark #77139082 that I revealed on 1 August last year. Why’s that important? Because “to avoid abandonment, the office must [have] receive[d] a proper response to [that] office action within 6 months of the issue/mailing date“. Although it was widely accepted that they’d have had a snowflake’s chance in hell of reversing a finding that the mark was both descriptive and generic, it’s good to know that the term ‘cloud computing’ is as of today officially unencumbered and that the USPTO should shortly issue a ‘Notice of Abandonment’.

While it would have been a nice gesture for them to overtly abandon the mark (like Arista recently did after their application #77596599 for ‘Cloud Networking’ suffered the same fate) they’ve served their time and have been doing some interesting things in the cloud computing space ever since (both on the client and the server side). Many of my large enterprise clients buy Dell gear and despite this shenanigans and tomfoolery I’ll happily continue to recommend them (as I have done now for over a decade).

Interestingly enough they’ve now found themselves on the other side of the table with Psion’s various Netbook trademarks. This could cause some problems for their Inspiron Mini line (including the Mini 12, one of the first full sized netbooks) as unlike the cloud related marks, these ones actually proceeded to registration.

Dell are leading the way on the client side for cloud computing and are really putting the cat amongst the pigeons by experimenting with ARM processors in their new range of business hybrid laptops. I’m looking forward to seeing some great stuff from them in 2009, particularly as they’re joining Apple, Google and others at the ARM party (to which both Intel and Microsoft thus far aren’t invited).

The Cloud Computing Doghouse: Nirvanix (aka Streamload aka MediaMax aka The Linkup)

Although Dell have been denied the ill-fated cloud computing trademark (that’s lowercase please. hold the ™) and moved on to more interesting things, they’re yet to concede defeat and withdraw their application. Even though the double decker bus has disappeared from the moon, that leaves us with 6 months of uncertainty before USPTO consider it abandoned, during which time they can appeal the decision. Although it is generally accepted that they would have a snowball’s chance in hell of succeeding, I would have preferred they take it out the back and put it out of its misery, and they can stay in the doghouse until they do (or it expires).

On the other hand there’s a backlog of crass acts of stupidity in the cloud computing space so they’re going to have so shove over and make room in the doghouse for someone (or something) new; the inaugurating member can’t monopolise it forever. And who better than a ‘new’ company associated with “the meltdown of an online storage service that will leave about 20,000 paying subscribers without their digital music, video, and photo files”: Nirvanix.

First and foremost (given they have apparently threatened to sue one of their own founders) this is an opinion piece based on what little information I have been able to scratch together from various online sources – draw your own conclusions and do your own research before you rely on anything here. It is more a commentary on one of the inherent but easily mitigated risks of cloud computing – unreliable providers – than on Nirvanix itself.

Let’s start with some background and basic maths:

Today you can buy a terabyte (1Tb) hard drive with a 5 year (60 month) warranty for $150 retail single unit quantities. Meanwhile the going rate for cloud storage is about $0.15/Gb/month. Ignoring complications like formatting losses, servers (which are cheap and can host many drives), bandwidth, etc., simply by wiring these up to the cloud one could get a return on investment in a month ($0.15 x 1000Gb/m = $150) and over the life of the $150 drive you can make a whopping $9,000.

Admittedly a gross simplification, but to remote users looking down relatively narrow pipes it can be very difficult to tell the difference between a cheap desktop hard drive and an expensive enterprise SAN (that run at about $20/Gb/year, over an order of magnitude more expensive than cloud storage). At least it is until the thing loses their precious 1’s and 0’s, in which case you hope it was run (or at least backed) by a large storage vendor from redundant datacenters rather than a long haired 16 year old from his basement. Herein lies the problem; presumably Nirvanix/Streamload/MediaMax/The Linkup (or whatever they’re calling themselves today) fall somewhere between the two extremes (hopefully the former rather than the latter), but it’s hard to tell where.

If the various articles (especially this one) are to be believed, the whole sorry saga goes something like this:

  • Steve Iverson (a uni student at the time) develops “adaptive data compression algorithms” for his thesis in 1998
  • Shortly after graduation he founded Streamload to “easily and securely send, store, move, receive and access their digital files
  • By 2005 Streamload was hosting about half a petabyte (425Tb) of data for “well over 20,000 users
  • Streamload was rebadged (after receiving some investment) to Streamload MediaMax™ (as distinct from MediaMax, Inc. which did not exist at the time) on the DEMOfall 05 stage as “a suite of ultra-high capacity online services that helps you manage, share, and access all the files and digital media in your life.
  • However by December 2006 it was losing money and Patrick Harr (current Nirvanix CEO) replaced Steve (with his blessing) as CEO and Steve became CTO. After 60 days assessment the new CEO “advocated letting it ‘gracefully die’ and creating a new company selling ‘cloud’ storage to paying enterprise customers“.
  • Disaster struck on June 15 2007 when “a Streamload system administrator’s script accidently misidentified and deleted ‘good data’ along with the ‘dead data’ of some 3.5 million former user accounts and files
  • Two weeks later Streamload’s board of directors pressed on with Harr’s strategy and “split the company into two independent businesses. Streamload changed its name to Nirvanix. It kept many of the former company’s physical assets [including all the servers and data] and employees, and secured $12$18 million in initial venture funding.
  • Meanwhile “The MediaMax consumer product and its disgruntled customers went to Iverson as CEO of a ‘new’ business” along with “only about $500,000 in working capital” while Nirvanix managed to scratch together a cool $18m from the likes of Intel.
  • After a botched upgrade to MediaMax v5 (which by Steve’s own admission introduced a bunch of features users didn’t want) they changed their name again to The Linkup which was marketed as “a social networking site based around storage“, only to also botch the migration to 20% more expensive (at $5.95/$11.95 per month) paid-only services.
  • Users of the free service were given three weeks (which was extended due to problems with the ‘mover’ script) to upgrade or permanently lose their data. Curiously the data was the whole time stored on Nirvanix servers and was being migrated to their new enterprise Storage Delivery Network.
  • Late July Nirvanix Clarifies False Information in Blogosphere in a blog post buried in their developer site.
  • MediaMax/The Linkup closed its doors on 8/8/08, having given users 30 days notice to retrieve their (remaining) data.

As at today the various angry masses are waiting for Nirvanix to give them access to (what remains, apparently about half of) their data, which Nirvanix assures us “remain[s] secure in the old Streamload/MediaMax storage system” (although it is not clear whether the files migrated to The Linkup were not deleted 8 days after the 8/8/8 closure). They also claim “access to those files requires the MediaMax application front-end and database” (roping SAVVIS, who apparently maintained the frontend, into the fray) but MediaMax claim to have offered it to them, noting that “if they could have got the files back, they would have”. Steve goes on to say:

Fundamentally, MediaMax is responsible because you are our customer, and the biggest mistake we made was to trust Nirvanix to manage our customer data – yes, it was on the “old Streamload system”, and not their new Nirvanix SDN, but I believe the care and attention that was required was not there and was beyond unprofessional.

Here’s where it gets really interesting. In Nirvanix’s own words:

Are Nirvanix Inc. and MediaMax Inc. the same company?

No. Nirvanix and MediaMax split out of the same company, Streamload, Inc. in July 2007. Each company would be independently formed with separate ownership, oversight and investors. The companies were subsequently split off in July 2007 and have been separate and distinct entities since that time.

Did Nirvanix delete user data?

No, Nirvanix has not deleted any customer data.

Did a storage problem occur at Streamload?

As documented on the MediaMax blog in July 2007, a storage problem did occur at Streamload on the Streamload/MediaMax storage system in June 2007. This occurred prior to the formation of Nirvanix Inc. and was completely independent of the Nirvanix Storage Delivery Network which was not launched until October 2007.

The problem with these denials, and in particular the claim that the mass deletions at the start of the death spiral “occurred prior to the formation of Nirvanix Inc.”, is that it conflicts not only with what investors, ex-partners, users, etc. say but also with the California Secretary of State, who list Nirvanix, Inc. as a “merged out” California corporation (C2111900) filed on 15 June 1998 (conveniently the exact same month Streamload was founded; almost a decade before they claim it came into existence) and as a Delaware corporation (C3051094) filed on 16 October 2007. Incidentally MediaMax, Inc. (C2998020) was filed earlier, on 16 May 2007. In case you’re wondering what “merged out” means (despite having to learn all this as CAcert‘s Organisation Assurance Officer I had to look it up too), here’s the definition:

The limited partnership or limited liability company has merged out of existence in California into another business entity. The name of the surviving entity can be obtained by requesting a status report.

Thus it appears that Streamload, Inc. changed its name to Nirvanix, Inc. which then “merged out” of existence in California, “into” Nirvanix, Inc. (Delaware)… the corporate equivalent of moving house (it would be good if someone in the US could get a status report to confirm).

A murderer changing her name after the crime and then claiming immunity on the grounds that it happened before she existed would spend the rest of her life in jail.

Even if they were a different legal entity as claimed they still appparently have the same staff, same 525 B Street, San Diego address, even the same CEO (which I’ll bet a judge would find interesting). If they are one and the same then is it not actually Nirvanix, Inc. who still has a binding contract with all those customers (at the very least least the ones who didn’t migrate to The Linkup)? Did the original Streamload terms allow for a transfer from StreamloadNirvanix to MediaMax? Did the customers agree? Indeed, was it not then a StreamloadNirvanix system administrator who ordered the deletion of the data? (Update: According to a comment MediaMax claim it was, which reconciles with the dates above.)

So why have Nirvanix thus far managed to escape culpability in the form of public (PR) execution and class action lawsuits? This appears to be no accident, rather the result of a sustained [dis]information campaign. For example, most of this information is from the Nirvanix article in Wikipedia which was recently nominated for deletion, apparently by Matthew Harvey at JPR Communications (Nirvanix’s PR firm) who already blanked it twice before being blocked for doing it a third time as a sock puppet. Jonathan Buckley (Nirvanix’s Chief Marketing Officer) also weighed in with a Strong Delete vote (that was largely ignored as a conflict of interest) and the article was unsurprisingly kept and remains to give a voice to the disenfranchised masses. They have also apparently been fairly active with the bloggers, calling their posts “inaccurate and libelous”, a post by an investor “suspect and untrue”, again claiming “Nirvanix was not even incorporated in June of 2007”, and you can bet there’s plenty more going on that we don’t hear about (Update: including press censorship, astroturfing and blaming the victims, claiming they “are all software pirates and porn addicts”).

The more cynical reader could be forgiven for believing that this was planned (but I think it was more a case of incompetence and gross negligence):

  • Develop interesting technology
  • Build reputation by servicing users for free
  • Get millions in investment
  • Float said users off on a leaky liferaft with $1 in $37 ($500k for MediaMax vs $18m for Nirvanix), and the inventor himself
  • $$$Profit$$$

Why do I care? I don’t particularly (at least not about this specific situation) but like the rest of the fledgling cloud computing industry I do find articles that could have been easily avoided (like “Storms in the cloud leave users up creek without a paddle“) difficult to swallow. I’ve never used their services and I don’t compete with them; if anything I may end up recommending them to my consulting clients if they are the best fit for a problem. I do however feel for the 20,000 or so people who lost irreplacible photographs, video, music and other data through acts that can only be described as gross negligence; as a long time professional system administrator I find occurances like the June 2007 accidental deletion extremely hard to accept. The story of a disenfranchised inventor having been parted with his invention is oh-so-common too. Finally, I just don’t like coverups:

Trust is (for now) an essential component in cloud computing infrastructure and victims of outages, data loss, privacy breaches, breakins, etc. have every right to full transparency.

Were this another storage provider (eg Amazon S3) there would have been a clear demarcation point (the APIs) and it would have been possible to demonstrate that the client either called for the destruction of data or did not. Accordingly, immutable audit logs should be maintained and made available to cloud computing users (this is not always the case today – often they are kept but not accessible). There should also be protection against accidental deletions (in that they should not be immediately committed unless purging is required and requested, eg to satisfy a privacy policy or other legal requirement). Nirvanix notes that (for the SDN at least) “at any point during this eight-day [deletion] process, the file can be fully recovered” and other providers have similar checks and balances (this is almost certainly why you can’t recreate a Google Apps user for 5 days, for example).

So where to from here? If Nirvanix do have the data as they claim, then they should stop the ‘internal’ bickering and do everything within their power to get as much of the property (data) as possible back to its rightful owners, or give a full and transparent explanation for why this is impossible. If they are in fact the same legal entity the users contracted with initially (Streamload, Inc., as appears to be the case) then they should take responsibility for their [in]actions, apologise and offer a refund. That being the case, customers should hold them to this, both directly (info@nirvanix.com or 619.764.5650) and with the help of organisations like GetSatisfaction.com, Better Business Bureau or if necessary, the courts.

In the mean time they can stay in the doghouse, with Dell…