Archive for February, 2012

Hoff’s RSA 2012 Schedule: My Talks, Panels, Seminars & Such

February 26th, 2012 1 comment

I’ll be at the RSA Conference all week from 2/27-3/1.

Here are the sessions I’m slated to perform:

  1. SEM-001 : 2/27 – Security Basics Seminar “Firewall Basics”
  2. EXP-204 : 3/1 @ 1pm – Grilling Cloudicorns : Mythical CloudSec Solutions You Can Use Today (with my usual partner in Cloud, Rich Mogull)
  3. STAR-106 : 2/28 @ 1:10pm – Firewalls: Security, Access, The Cloud – Past, Present and Future

I’ll also be spending a bit of time lurking about the Juniper booth as well as that of our awesome new acqusition, Mykonos Software.

Lest I forget Jeremiah Grossman and my infamous BJJ Smackdown at Ralph Gracie’s academy (down the street) at 6PM on 3/1

See you at the show.


Categories: Security Conferences Tags:

AwkwardCloud: Here’s Hopin’ For Open

February 14th, 2012 3 comments


There’s no way to write this without making it seem like I’m attacking the person whose words I am about to stare rudely at, squint and poke out my tongue.

No, it’s not @reillyusa, featured to the right.  But that expression about sums up my motivation.

Because this ugly game of “Words With Friends” is likely to be received as though I’m at odds with what represents the core marketing message of a company, I think I’m going to be voted off the island.

Wouldn’t be the first time.  Won’t be the last.  It’s not personal.  It’s just cloud, bro.

This week at Cloud Connect, @randybias announced that his company, Cloudscaling, is releasing a new suite of solutions branded under the marketing moniker of  “Open Cloud.”

I started to explore my allergy to some of these message snippets as they were strategically “leaked” last week in a most unfortunate Twitter exchange.  I promised I would wait until the actual launch to comment further.

This is my reaction to the website, press release and blog only.  I’ve not spoken to Randy.  This is simply my reaction to what is being placed in public.  It’s not someone else’s interpretation of what was said.  It’s straight from the Cloud Pony’s mouth. ;p


“Open Cloud” is described as a set of solutions for those looking to deploy clouds that provide “… better economics, greater flexibility, and less lock-in, while maintaining control and governance” than so-called Enterprise Clouds that are based on what Randy tags are more proprietary foundations.

The case is made where enterprises will really want to build two clouds: one to run legacy apps and one to run purpose-built cloud-ready applications.  I’d say that enterprises that have a strategy are likely looking forward to using clouds of both models…and probably a few more, such as SaaS and PaaS.

This is clearly a very targeted solution which looks to replicate AWS’ model for enterprises or SP’s who are looking to exercise more control over the fate over their infrastructure.  How much runway this serves against the onslaught of PaaS and SaaS will play out.

I think it’s a reasonable bet there’s quite a bit of shelf life left on IaaS and I wonder if we’ll see follow-on generations to focus on PaaS.

Yet I digress…

This is NOT going to be a rant about the core definition of “Open,” (that’s for Twitter) nor is this going to be one of those 40 pagers where I deconstruct an entire blog.  It would be fun, easy and rather useful, but I won’t.

No. Instead I  will suggest that the use of the word “Open” in this press release is nothing more than opportunistic marketing, capitalizing on other recent uses of the Open* suffix such as “OpenCompute, OpenFlow, Open vSwitch, OpenStack, etc.” and is a direct shot across the bow of other companies that have released similar solutions in the near past (, Piston, Nebula)

If we look at what makes up “Open Cloud,” we discover it is framed upon on four key solution areas and supported by design blueprints, support and services:

  1. Open Hardware
  2. Open Networking
  3. Open APIs
  4. Open Source Software

I’m not going to debate the veracity or usefulness of some of these terms directly, but we’ll come back to them as a reference in a second, especially the notion of “open hardware.”

The one thing that really stuck under my craw was the manufactured criteria that somehow defined the so-called “litmus tests” associated with “Enterprise” versus “Open” clouds.

Randy suggests that if you are doing more than 1/2 of the items in the left hand column you’re using a cloud built with “enterprise computing technology” versus “open” cloud should the same use hold true for the right hand column:

So here’s the thing.  Can you explain to me what spinning up 1000 VM’s in less than 5 minutes has to do with being “open?”  Can you tell me what competing with AWS on price has to do with being “open?” Can you tell me how Hadoop performance has anything to do with being “open?”  Why does using two third-party companies management services define “open?”

Why on earth does the complexity or simplicity of networking stacks define “openness?”

Can you tell me how, if Cloudscaling’s “Open Cloud” uses certified vendors from “name brand” vendors like Arista how this is any way more “open” than using an alternative solution using Cisco?

Can you tell me if “Open Cloud” is more “open” than Piston Cloud which is also based upon OpenStack but also uses specific name-brand hardware to run?  If “Open Cloud” is “open,” and utilizes open source, can I download all the source code?

These are simply manufactured constructs which do little service toward actually pointing out the real business value of the solution and instead cloaks the wolf in the “open” sheep’s clothing.  It’s really unfortunate.

The end of my rant here is that by co-opting the word “open,” this takes a perfectly reasonable approach of a company’s experience in building a well sorted, (supposedly more) economical and supportable set of cloud solutions and ruins it by letting its karma get run over by its dogma.

Instead of focusing on the merits of the solution as a capable building block for building plain better clouds, this reads like a manifesto which may very well turn people off.

Am I being unfair in calling this out?  I don’t think so.  Would some prefer a private conversation over a beer to discuss?  Most likely.  However, there’s a disconnect here and it stems from pushing public a message and marketing a set of solutions that I hope will withstand the scrutiny of this A-hole with a blog.

Maybe I’m making a mountain out of a molehill…

Again, I’m not looking to pick on Cloudscaling.  I think the business model and the plan is solid as is evidenced by their success to date.  I wish them nothing but success.

I just hope that what comes out the other end is being “open” to consider a better adjective and more useful set of criteria to define the merits of the solution.


Enhanced by Zemanta

PSA: Paula Deen, Sausage Pancake Egg Sandwiches & Security…

February 9th, 2012 4 comments
Chocolate grilled cheese open-faced

Chocolate grilled cheese open-faced (Photo credit: benchilada)

There’s an awful lot of angst in the world today. Navel gazing at security drama can drive one batty.  Every day there’s some disaster brewing that threatens to turn order into chaos.

Looking at tabloids and celebrity nuttiness makes the security industry tame in comparison.

To wit:

Apparently Paula Deen’s fans (and foes) are shocked; blindsided by the fact that cooking with pounds of sugar, butter and deep frying foods does not constitute healthy living.

This is a recent revelation, however.  You see, before she admitted that she’s had Type 2 Diabetes for years, these same outraged people were under the impression that dishes such as Chocolate Cheese Fudge and Sausage Pancake Egg Sandwiches (credit: here) were healthy and must just have been accidentally skipped on the FDA food pyramid for healthy eatin’ (which ain’t all that hot, either.)

This was made even more insidious since during her “coming out,” as Ms. Deen announced a partnership with Novo Nordisk, maker of the diabetes drugs Victoza, NovoRapid and Levemir.

Thou repeath what thou soweth.   Apparently, she soweth a lot of buttah.

What strikes me as an interesting parallel is how many people react/respond to announcements/incidents in the security space.  We know certain behaviors are unhealthy or that certain practices result in outcomes which are shady at best, and yet we close our eyes conveniently…consuming the security version of “chocolate cheese fudge.”

And then when the industry responds with either outrage or (worse) “a magic pill” promising to treat said maladies, the crucifixion begins anew; we often blame the victim and then turn on the “savior.”

The point here is not to point the finger at either the victim (Deen | corporation) or the “savior” (Novo Nordisk | Security industry,) but rather the behavior that enables the entire co-dependency in the first place.

It’s also very easy based on perspective to waffle or conflate the villain (Food industry, Deen | blackhats, researchers, security industry)

Frankly, these things manifest themselves because we allow them to.

If you don’t want to increase the risk of diabetes, while some indicators point to genetics, eating healthy, exercising and not adding 6 pounds of butter/sugar to a recipe and deep frying it might be a good start.

Likewise, if you wish to practice good security hygiene, change the behavior of how we approach our “recipes,” and like a good plan to get healthy, invoke the discipline, lifestyle changes and “exercises” we go through to break the cycle of despair.

We’ve all seen cycles where we feel powerless to change things.  At least it appears that the timeframe seems daunting and unachievable.  Frankly, this is just a matter of expectations; it’s just that little voice (or big doughnut) inside one’s head that needs to be silenced.

I’ve changed my lifestyle and personally borne witness to being able to improve my wellbeing, health, fitness and quality of life in general.  I’ve also been lucky enough to chip away at problems, slowly and over the last two decades, to try and make things better in the security space.

I’ve been the pill taker as well as the pill maker and what I’ve learned is that I can’t blame the butter for eating it.

May I suggest the following (old) blog post for some motivation?  How to Kick Ass In Information Security: Hoff’s Spiritually-Enlightened Top 10 Guide to Health, Wealth and Happiness.

…and lay off the sugar.


Enhanced by Zemanta
Categories: Jackassery Tags: , ,