Moore’s Law doesn’t just apply to semiconductors, it could rightfully be applied to the rate of innovation in the technology industry. In most cases, that’s a good thing, while in some cases, it’s truly awful. It’s rather sad to see malware writers manage to out-innovate many firms in the Silicon Valley. One wonders what legitimate software they could come up with if they ever decided to emerge from the shadows.
While the criminal element keeps the security software in business, other sectors are equally busy. For a sector with essentially two players, semiconductors remains vibrant and exciting. Sun, battling back from the edges of extinction under a new CEO, did the unthinkable and went whole hog into open source, and has been warmly greeted for it by the open source crowd. And “green tech” became one of the buzzwords of the year as energy consumption came to the foreground of every CIO’s mind.
AMD vs. Intel
Eighteen months ago, CNBC’s blowhard stock picker/weather vane Jim Cramer was down on Intel, often demanding the firing of CEO Paul Otellini, who was still relatively new to the job and cleaning up the mess left by his predecessor.
AMD, on the other hand, had one-upped Intel twice. It came out with 64-bit processors when Intel said no one wanted or needed 64-bit and it was first to market with dual core processors. It entered the server market for the first time with its Opteron processors in 2003 with no major OEMs. By 2006, it had all the tier one vendors: IBM, HP, Dell and Sun.
That would make AMD a victim of its own success. Infrastructure and fabrication is as vital to any chip vendor’s success as design. Hot chips are no good if you can’t make enough of them, and with a vendor like Dell sucking up the supply, AMD couldn’t make enough.
The result was the company was creamed in Q1 and spent the rest of 2007 recovering. Its $5.4 billion purchase of ATI has yet to pay for itself but may in 2009 with the Fusion project. In the mean time, AMD is being hampered by debt from the purchase, which in turn impeded its ability to expand its manufacturing lines.
Intel, on the other hand, streamlined its operations, cut more than 10,000 workers and was aggressive in releasing new chips, both desktop and server, and cutting prices. It beat AMD to market with a quad-core server, although AMD is very quick to point out that the quad-core Xeon is just two dual core chips on the same die.
AMD had a genuine quad core server chip in the works known as Quad Core Opteron, a.k.a. Barcelona. It should have been called Godot because a lot of people were waiting around for it, and at this point, still are. Granted, it did show up in August when it was had been due in February but only select customers are getting it. Unfortunately for AMD it showed up fairly slow, with the top clock speed of 2.0GHz. The company was insistent that it would out-perform the 3.0GHz dual core processors. The jury is still out on that.
Meanwhile, Intel came out with a whole new means for making chips that eliminated lead and the silicon that gave the Silicon Valley its name. Somehow, “The Hafnium Valley” just doesn’t have a ring to it, but it was an important breakthrough none the less. The results were lower voltage desktop and server chips that ran much cooler. Going into 2008, Intel is positioned much better than it was at the beginning of the year, while AMD continues to fall behind.
The Year in Malware
If they weren’t so loathsome, malware writers would be almost admirable in their drive to innovate. This year has seen some incredible advances in malicious code, which is not good news for the rest of us.
The year began with an attack that would set the tone for the rest of 2007. On January 19, after severe weather struck Europe, thousands of people received an e-mail with a subject line “230 dead as storm batters Europe.” It became known as the Storm worm, a nasty piece of malware officially dubbed W32/Nuwar by Microsoft, McAfee and a few other anti-virus vendors.
Storm was nasty because it defied the traditional spam methodology of hub and spoke distribution. A few servers, called command and control servers, would send out their payload and orders to the thousands of millions of infected computers on a botnet (define).
Storm, on the other hand, used a store and forward peer-to-peer approach, making it hard to eradicate. There were no central servers to take down, except at the very source, and right now the developer of Storm is the Osama Bin Laden of malware. As a result, it made Storm eradication very hard. The software mutates every 30 minutes, making it impossible to detect it with the usual signature-based security.
Other ideas weren’t so successful. Spam continues to grow overall, surpassing legitimate e-mail in sheer volume, but spam blocking filters have gotten more effective, sparing us the garbage. So spammers tried new ways to get around them. First was the use of image-based spam, where the information on pump-and-dump stocks, erectile dysfunction medication or mortgage deals was in a graphical image.
The filters got better at stopping that, so they tried PDF spam. That proved ineffective, partly due to the fact that PDF is so large it’s not efficient for spamming people. Plus, end users had gotten smart about not opening attachments from an unknown source. So PDF spam came and went in a real hurry. The year also saw its first audio spam, featuring a mechanical voice hyping a penny stock that proved more frightening than effective at selling the stock.
As the year wore on, a few trends become rather clear: the virus as we knew it was pretty much over, anti-malware software needed to move off signature-based detection, and the primary method of attack was now based on human gullibility.
The virus used to be about causing damage to your computer and then taunting you about it. That has really ended, with some exceptions. A virus was making the rounds earlier this year that deleted all of the MP3s on the user’s hard drive. But by and large, malware today is about stealth. A bot wants to operate quietly on an infected computer, pumping out spam. A key logger wants to get as much info from you as possible. So they want to keep quiet.
Signatures, the venerable method of virus detection, are being viewed as near-obsolete now because this stuff mutates so fast it’s impossible to keep up with it. Even though many antivirus products update their signatures multiple times per day, with the Storm worm mutating every 30 minutes, it’s impossible to keep up. An effort is underway to move toward heuristics, detecting malicious activity by suspicious behavior, but that has proven a less than perfect science up to now.
The business of malware remains, regrettably, healthy. With China and Russia as the primary sources of malicious code and almost no leadership from Washington, Americans continue to be victimized to the tune of $100 to $200 million a year, depending on which report you read. Malware is such a big business the writers even offer service contracts with their software, so if it stops working, they will update it to get around the latest security measures.
Next page: The Life of Java
Open Sesame, Java
At the 2006 JavaOne conference, newly-minted CEO Jonathan Schwartz took to the stage to inform the attendees that Sun intended to release its Java programming language as open source, after more than a decade of yowling from the open source community. It went even further in November of that year by announcing it would release the source code under the very liberal GPL (define) license.
Sun continued with these efforts in 2007, meting the promised milestone of releasing a buildable version of the Java Development Kit in May, just prior to JavaOne. Some code still has to be replaced because the developer that licensed it to Sun refused to allow that code to be open sourced.
To further its open source efforts, Sun hired someone who knew a thing or two about that world, Ian Murdock, developer of the Debian Linux distribution. He was brought on board in March to help advance OpenSolaris, Sun’s open source operating system.
The project will be known as Project Indiana. It will offer automatic updating to the OpenSolaris operating system via the Internet, using a similar method to Yum and App-Get on Linux, or Windows Update for Windows. OpenSolaris will be a regularly updated operating system seeing many changes as Sun experiments, and the ideas that work will eventually be rolled into the official release of Solaris.
The result of all of this openness is Java is finally finding favor in the open source world after a chilly relationship as recently as 2005. Long criticized by the open source community, there are now 23,000 projects on Source Forge and Java projects make up 25 percent of SourceForge projects, although there had been a healthy number of Java-based projects prior to Sun’s embrace of open source.
Sun needs the open source community behind it, because 12 years after its introduction, Java is still not living up to its promise. Remember ‘write once, run anywhere?’ That mantra hasn’t been heard from in a while. The company is bringing back that notion, if not that slogan, by centering things around the Java SE platform and rewriting large chunks of the code to eliminate all the incompatibilities.
Java is also facing more competition than ever before. In the dynamic language space, Python, Ruby and PHP are big and growing players. Microsoft continues to hang in there with the .NET Framework. Now Adobe threatens Java’s hegemony in the Internet space with AIR, nee Apollo. Sun’s response has been JavaFX, which will bring Web 2.0-like experiences to the client in an off-line situation.
JavaFX is expected to ship next year, along with a significant upgrade to the Java runtime to address a major complaint; performance. Next year will definitely be an important year for Sun and the Java community. Sun is banking heavily on Java; it even changed its stock ticker from SUNW to JAVA to reflect this.
The real test will be whether this open source embrace will translate to the bottom line. CEO Jonathan Schwartz has mended a lot of fences and done things considered impossible under long time CEO Scott McNealy, but Sun continues to pull off slim profits with minimal growth, and these open source efforts need to show up in the bottom line sooner rather than later.
Five years ago, the electric bill was the last thing on any IT manager’s mind. Today, power constraints are so bad that in lower Manhattan, many data centers can’t add any more equipment because there is no more power to be had. Gartner estimates that for every dollar spent on IT hardware, it costs fifty cents to power and cool it, and that price will rise to 70 cents in the coming years.
Intel and AMD led the way, but pretty much every hardware vendor was in lock step. IBM had its Big Green project, with more than $1 billion allocated for developing energy efficient technologies. HP and Dell have their own “green” initiatives and every company in the power and cooling business is looking at ways to cut the bills.
Sun took a unique approach with green tech. Besides routinely touting the energy efficiency in its UltraSparc chips, Sun came up with the mobile data center, called the Black Box. Former CEO Scott McNeal reasoned it’s easier to move data than electricity, so the solution was to put the mobile data center where power was cheap and move the data over the Internet.
With every major hardware vendor promoting the idea of consolidation, the big players led by example. Eating your own dog food, as they say at Microsoft. IBM has consolidated 155 datacenters worldwide down to seven; Intel plans to consolidated 133 down to eight; HP began a project in 2006 to reduce its 85 datacenters to six; Sun had far fewer datacenters, but by deploying advanced hardware in its existing centers it was able to increase density and performance and still reduce the number of physical machines.
The companies are now taking these lessons to customers. One example: IBM helped database developer Sybase consolidate its datacenters so that it will stay in the same power envelope until 2017 and reduced its hardware inventory by 45 percent.
This article was first published on InternetNews.com.