The game is changing for appliance users too - preaching to the Cobia choir

Eric Ogren has a good article up on his ComputerWorld blog about recent advances by Intel/AMD that make it "increasingly harder to justify large engineering investments in custom-built ASICs or hardware that is not built on a standard platform."  Amen brother!  This is exactly what we have been saying with Cobia from the beginning.  Todays multi-core processors with virtualization technologies offer exponentially greater computing power than have ever been available before from off the shelf products.  To the point that justifying custom silicon hardware in most cases does not make sense.  The good news is that following Moore's Law, this advantage is only going to continue to grow.  Yesterdays dual core lead to todays quad core, who knows what tomorrow.

A couple of points of fact bring home the reality of this for me.  First is the results I have seen with deep packet inspection on these new systems with optimized software.  Though up to this point (as a comment points on Erics article points out) we have only seen sub-Gbps speeds, I have good reason to beleive that this barrier will be passed like the sound barrier in airplanes long ago.  Supersonic deep packet inspection on off the shelf hardware will be a reality in the market within a few months!  The second point of fact is a conversation I had with a security director at a large media company in NY.  He told me that just 2 months he visited a data center his company has over in NJ. The place was cavernous and mostly empty.  He returned just two months later and the center was filled to the brim with Dell servers and they are looking to build another data center.  But they are also mandating to move any and every application possible onto virtual servers.

I am not the first blogger to say that virtualization will revolutionize the data center.  But between virtualization and these powerful new processors, there is a revolution going on.  Check out Cobia and see the performance that these trends are putting in your hands without expensive silicon.  We are just at the dawn of the brave new world, but it promises to continue the computer revolution to empower us to do more for less!

We want you to develop a Cobia module

Developing the Coba platform has been a learning experience for us here at StillSecure. From the very beginning we wanted other software developers and ISV's to develop and/or port their applications to Cobia.  Early on in speaking to these developers it was obvious that Cobia needed an easy way for them to develop to the platform and develop a Cobia-like UI for their applications.  We wanted to develop something that would make it really easy to develop to, giving developers a lot of flexibility.  We also wanted to allow UI development beyond just a simple web GUI. We wanted a widget like development environment which would really put the power in the developers hands. 

Yesterday, we announced the release of the Cobia SDK.  Developed in close collaboration with the development community already working on Cobia, we think this SDK represents a game changing event in the Cobia community evolution.  If you get a chance have a look at the SDK documentation. If you work at an ISV who would like to use the power of Cobia to expand the distribution of your product, this SDK could be just the ticket for you.

I am interested in what others think of the concept of the SDK and what you think of the Cobia SDK.  Drop us a line with your thoughts.

A realistic view of formerly open source security

Michael Mimoso on Information Security Magazine has a good article reprinted on SearchSecurity.com that talks about how the view of "the community" is changing in open source security.

Michael laments about the days when tools like Snort and Nessus were free as in beer, including the rules and plug ins for them. But taking a realistic, mature view of business Michael acknowledges that these tools had to "grow up". Michael puts it in perhaps the clearest language I have seen yet on the subject:

Well, Nessus had to grow up; Snort too. They've been commercialized by those that built them, and that was inevitable. After all, this is a capitalistic society, and eventually the socialism that is the free software movement just doesn't pay the bills.

Free Software = Socialism?  Not sure I would go that far. But words like patent, copyright and license have invaded the communities and commercial providers of formerly open source and free tools try to walk a fine line between satisfying the user community and keeping a healthy bottom line. Taking the logic to the recent ClamAV acquisition, Michael says it is only a matter of time before the other shoe drops on that one (as I have said from day one). However, one thing I would like to point out is, I don't beleive that deal has closed yet. I have heard rumors that there may be some roadblocks which need to be overcome.  I guess we will see.

Michael and I are again on the same page in talking about the impact this will have on UTM and other vendors who bundle these products into their own.  The guys at Astaro and Barracuda may play it off as no big deal, but they have to be already thinking about their options. I don't think it is going to be as easy as they make out and will certainly cost them more.

Finally, right in line with our strategy on Cobia licensing  Michael talks about vendors abandoning pure "open source" licenses in favor of a Cobia communtiy type of license.  I think over time more and more of the open source tools you use will move to this hybrid model of licensing

Isn't dual licensed open source software a hybrid?

Matt Assay is probably one of the most vocal zealots in the "religious right" of the Open Source movement.  Matt's views which are well documented, are that if it is not an OSI approved license, it is not open source, Microsoft is the evil empire and that eventually all non-open source software (as he defines it) is headed for the junk pile or museum. So it is no surprise then that he takes issue with Microsoft's Clint Patterson comments:

"The open-source development model has yet to demonstrate the ability
to support profitable software businesses that can drive the
coordinated research and testing necessary to sustain innovation. Many
in the open-source software community have shifted to hybrid business
models. They are making the same business decisions as any commercial
software company in terms of what products and services to give away,
what intellectual property to protect, how to generate revenue, and how
to participate in the community."

Matt then proceeds to do a lawyer like point by point rebuttal. Of course though Matt claims all of Patterson's claims are false, even he admits that most of them are at least partially true.  Beyond that though, Matt's arguments are the usual zealots type of drivel.  Whether we were talking about open source software or religious extremism, extreme zealots arguments have certain consistencies across the board.  Here is one:  When responding to this:

"The open-source development model has yet to demonstrate the ability
to support profitable software businesses that can drive the
coordinated research and testing necessary to sustain innovation"  Matt says while it may be true, who is Microsoft to talk about innovation. Matt that does not answer the question at hand. And Matt, forgive me for bringing this up, but when you are driving the kind of revenue Microsoft is I don't think they are as quite concerned with it as you are.  They have already done their foundational work Matt.  When you have that kind of market cap, you can get away with it.

But my bigger problem is Matt denying that hybrid models are not the trend in open source. Matt narrowly defines hybrid models as cases where source code is not entirely released under an open source license.  I don't think that is the issue. I think dual licensed software, which almost every commercial open source vendor is using now (including us here at StillSecure) is a hybrid model.  It is the future of open source.  The days of wild eyed hippies preaching free love, free sex and free software are over. Commercial entities how distribute software under an open source license need to be able to monetize their investment in the IP and dual licensing is a way to do it.  Also, companies who license their software under GPL, but only make it available to paying customers are violating the spirit if not the letter of the open source license as well.

The bottom line is extremism is a bad thing in just about everything.  There are no absolutes and you can't let your emotions get in the way of common sense when looking at open source software.

Who loves virtualization? Your CFO

Virtualization is taking the IT industry by storm and only Moore's law has probably had more financial impact. I was talking with StillSecure CFO, Larry Middle, last week about how well the message about virtualization is reaching CFOs. Larry's very aware of products like VMware because of the dollars it has saved our business. But from what I learned, virtualization isn't yet the hot topic with all CFOs. I would think it would be on the front cover of every magazine directed at IT spending.

If want to do yourself and your career a favor, anytime you are implementing virtualization make sure you cost out the dollar spend for a full hardware setup for comparison. Don't assume your financial organization will look into it themselves. Make sure the financial case is front and center so the business knows how much money you are saving.

The same applies when using Cobia. Show your financial team the dollar spend benefits of Cobia software with off the shelf Intel/AMD hardware over expensive (and less flexible) proprietary appliances. They'll love your analysis even more if you are running Cobia using VMware or open source Xen. You'll get lots of brownie points and they'll know you are spending the company's money wisely.

It's time for your 15 minutes of fame!

You've heard the saying, that old Andy Warhol phrase everyone will be famous for fifteen minutes. More commonly we hear about peoples' fifteen minutes of fame.

So, you might be asking; "When do I get my fifteen minutes of fame?" Well, this is your lucky day. You could be the winner of our new Cobia contest Real World Cobia!

Our crack marketing team (and your's truly) were locked away for months in our StillSecure think tank coming up with this next great promotion. We tried every kind of idea: Where in the world is Cobia?, I want my Cobia TV module, Cobia for the masses, Yellow Cobia Submarine, iCobia, Lucy in the Sky with Cobia, and my personal favorite You Can Tune A Cobia but you Can't Tuna Fish. But as always, the best ideas won out and Real World Cobia was selected.

How do you win? Well, send us your Cobia story. How you use Cobia at home, work or school. Where you use Cobia, such as in a lab, at customers sites, in the classroom, or in your own business network. Tell us about your experience. What happened when you downloaded? Did Cobia install as easily as we said it would? What's your favorite thing about Cobia? What else would you like Cobia to do? Have you checked out the source code or even begun developing enhancements, or better yet, your own module.? Tell us whatever you like, and what new capabilities you'd like to see in Cobia. Most importantly, tell us how Cobia is changing your network, your personal work, and your world!

You can send us your Real World Cobia entry in a variety of forms; a simple email or text write up, a web site or blog entry, your podcast, a music video, an article, video blog, essay or white paper. Make it a project for one of your assignments in college and kill two birds with one stone. Tell your boss it's the new network architecture you've been secretly working on in the lab that saves the company a TON of money. Hey, get some fame and be a company hero all at the same time! As long as we get your story before the deadline, and we can share your Cobia experience with others, that's what we are looking for.

What can you win? Most importantly, all the fame and notoriety that comes with winning a prestigious StillSecure contest like Real World Cobia. Plus we'll be telling everyone that you are a winner and you rock because you use Cobia! We are also giving away some great prizes; the choice of a digital camera, Apple TV, or a digital MP3 watch. The prizes are cool stuff.

Read the web site for more contest information, rules and deadlines.

Thanks for joining in on all the fun. All us here are looking forward to reading and watching your Real World Cobia entries. I personally have a lot riding on this promotion, because next time I'm really pulling hard for the You Can Tune A Cobia but you Can't Tuna Fish contest idea. Wish me luck! And best of luck to all of you who enter.

Cobia partner VMware IPOs today - Virtualization is Real

VMware came out with their IPO today. With an initial strike price of $29 it soared up to $55. We'll have to see what the closing price is at the end of the day and they are off to a great start.

First, congratulations to VMware. They are a partner of StillSecure's through our Cobia VMware certification and Strata Guard VMware versions. VMware's IPO is important for several reasons. In addition to serving as a funding and investment event for VMware, it also validates the market for virtualization and promises for a strong future.

I truly believe that virtualization will not only fundamentally change the IT server market but also networking and security. Thinking of a particular hardware appliance only having a fixed set of features is something we won't miss in the not too distant future. In large part those days are here with Cobia, both as a hardware appliance and as a software option. It also sets the stage for many future innovations in virtualization - we've only seen the beginning in many respects.

Congratulations to Vmware on their IPO.

Note: I have a few more thoughts on this on my personal blog if you're interested.

LinuxWorld and Black Hat - two big successes

Last week StillSecure had our first presence at LinuxWorld in San Francisco. This, right on the heels of our week at Black Hat in Las Vegas, the week prior. Overall both events were hugely successful for us and getting the word out about Cobia.

LinuxWorld has a much different feel (not different - bad, just different) than Black Hat. Networking and security are subtopics at LW, as you can imagine, but still very topical all the same. BH of course is intensely about security, so on the whole both conferences were very good venues to discuss Cobia and StillSecure's security products, Safe Access, Strata Guard and VAM.

We were joined by Cobia user advocates, such as Glenn Kelly from Vine Hosting (www.vinehosting.com), who brought a unique viewpoint of someone who is deploying and running Cobia every day in his customers' networks. We had lots of opportunities to talk with many who have already downloaded Cobia and are using it or testing it in their networks. Leslie, a StillSecure UI designer from our user interface design team, also met with several attendees to do product testing on UI screens for current and future Cobia modules. FYI - If this is something you would like to participate in (many people are surprised at how much of their feedback makes it into our UI designs), we'd love to include you in our product design process. Product testing is something we do constantly, but I digress... And of course the StillSecure marketing team did a bang up job for both events, including our highly popular "Cisco hates my network" and "What happens in Vegas, stays in Vegas... unless you catch a virus" t-shirts. I think every Cisco competitor, and a few current Cisco employees, dropped by to ask for a t-shirt. (If you want one, drop me an email with shirt size and mailing address.)

Overall, two great conferences for StillSecure's Cobia. Most importantly, we had lots of opportunities to meet and interact with current and future Cobia users. Thanks to our customers and partners who dropped by to say hello, and thanks to everyone for stopping by!

Product testing - your help is needed

Hello everyone. We will be doing some testing of the user interface designs for Cobia and our upcoming Strata Guard IPS module at Black Hat (August 1-2) and LinixWorld (August 6-9). You will be giving us very valuable feedback that will help us with the product design and usability. Plus we have some very nice "parting gifts" for each participant who helps us.

If you are planning to attend Black Hat in Las Vegas or LinuxWorld in San Francisco, or live in those areas, and would like to help us, please send your email address and phone number to cobia@stillsecure.com.

Use cases you would like to see

I'm working on picking up where Martin left off by describing various Cobia network configuration scenarios, something we call use cases. First I'll be looking at a typical SMB or branch office network, breaking down each element of the WAN connection, firewall, wireless, internal user network, and web and email access. Then we will add various network application and services into the mix, such as hosting your own web or email, remote web-email access, VPN, and VoIP. Look for those use cases in the coming days and weeks.

If you have a specific scenario, network or configuration you would like covered, just drop me an email and I'll be glad to add it to the mix. If you need help right away, post your question to the Cobia forums and one of our users or StillSecure team members will be glad to help you out.

Thanks - Mitchell