I have been enjoying a short holiday in which I decided to totally disconnect from work for a while and re-charge my battery. So while many bloggers and authors in our industry were making predictions for 2013, I was doing some other stuff and blogging was not part of that 😉
Now that we survived the end of times let’s look back and forward a bit. I don’t want to burn myself making crazy predictions about this year but still like to present some thoughts for the longer term. Stay tuned…
Some of my vacation time was spent on selecting a replacement for my ancient, 32-bit VMware ESX server that I have used for some of my own testing. I replaced it with a HP Proliant Microserver which is not all too powerful (just one AMD Turion II CPU with 2 cores @ 1500 MHz) but it is completely in line with the theme of this blog: do more with less Dirty
Cache Cash (and use VMware to do it where you can).
The server consumes as little as 40 Watts but still has 16GB memory (I upgraded from 2) and has 4 internal SATA drive bays – plenty of space to run Oracle and/or Greenplum virtual machines. Although it is not certified for VMware ESXi, I found no problem at all installing it (straight out of the box, but I decided to do it again and run the ESXi kernel from a USB stick, making it easier to create backups before upgrades and to replace disks without having to reinstall later). The ILO card add-on allows me to run it headless and do maintenance from wherever I like (as long as it does not require HW modifications).
Having this power efficiency allows me to run it 24×7 without going bankrupt on my electricity bill. It will replace my separate file server and also run some personal web apps too. Talking about consolidation! But don’t expect blog posts where I break some existing benchmark results… I probably will get myself a more powerful workstation for such stuff later this year…
Regarding my blog, I started in February 2011 so currently I’m blogging for less than 2 years. The traffic on my blog has been steadily increasing ever since, from just 159 pageviews in the first month to well over 5,000 views in November 2012!
Here is a top-10 of pageviews of all posts:
Strangely enough, one of my very first posts around Linux disk alignment, still is a bestseller!
Plus two more posts related to performance, and two around stretched clusters. Interesting. My posts around DB virtualization are not even in the top 10 (one just made it in the top-20) but as DB consolidation gets hot, I expect that to change this year.
So to everyone following my blog, thank you for reading, and I promise to keep up blogging and frequently post new stuff. The main topics for the upcoming period will probably be related: More on Oracle Exadata, and more on database virtualization.
In the meantime, I’ve looked at several other posts containing 2013 predictions and especially around security. Now I don’t have a crystal ball that tells me what’s going to happen in 2013 but I expect a few things in the longer run (say, within the next 10 years or so).
The end of passwords as we know them
I’ve seen a lot of predictions on security related stuff but I miss a very important one: The replacement of the traditional username/password authentication mechanism is way (waaaaay) overdue. Even with a decent password manager (I use Keepass on Linux, Windows and iPhone) it is still a pain in the ass. My Keepass database holds some 50+ passwords for different Internet fora, financial sites, internal EMC accounts, and much more. It performs auto-type on many websites so that I don’t have to manually enter userid/passwords everytime I want to login somewhere.
I am skeptical about security in the cloud (remember the Dropbox security leaks last year?) so my Keepass database is on my own Apache/Webdav server (that runs on the ESX server I mentioned above) to sync across many devices.
Still, every time I log in to a site that I haven’t visited in a while, I get bugged:
– Passwords have expired so even Keepass will not allow me in. I have to create a new password (Keepass fortunately creates strong passwords) and do some stuff to log in again
– Website login pages have changed so Keepass does no longer recognize a login page and where to enter userid/pass automatically
– Every time I want to register on a new forum/site I have to create a completely new entry
– If I forget to enter the password in Keepass and I forget the password, the website typically mails the password unencrypted to my mailbox. Or sends a link allowing me to change it (anyone aware that email is notoriously insecure and can be spoofed/sniffed?)
I am an IT professional. I know how to use computers. But I have trouble explaining my parents, family, friends, or basically anyone not being a geek, why and how to use a password manager. They prefer writing passwords on a piece of paper (!) or even worse, in an unencrypted Word document on their PC. They use the same password for many different sites. They are not worried because they “have nothing to hide” so if they get hacked, they don’t really care…
Even if you use strong passwords and different ones for different sites, even if you use a password manager and do everything right, you still cannot prevent your private information going public because some website gets hacked and information gets stolen.
Some say that people are the problem instead of the technology. I don’t agree. I think it is the responsibility of us, ICT specialists, to think of something better that is easy to work with, tamper-proof and reliable.
There have been initiatives to replace the password concept. Think OpenID, SAML, WebID and other initiatives. There are stronger 2-factor authentication methods. But none of those have become mainstream so we need something else, something to get rid of userid / passwords forever.
In 2011 I submitted an idea on EMC’s internal Innovation Showcase to overcome this once and for all. The idea was not complete – it was more a starting point, an idea to get working on further. The reasoning was that EMC (and in particular, the RSA division) was well positioned to drive such an initiative and get worldwide adoption starting from the top down. Unfortunately I was not one of the winners of the challenge but during that period I understood RSA was already working on similar concepts – but for B2B only and with more commercial approaches (for private and hybrid cloud strategies). So my idea stays dormant for now. If I get time I might write a separate blogpost on the proposed solution, and maybe someone in the open source community picks it up and can use some of the concepts…
If not, something else will happen. But my prediction (and maybe it’s just wishful thinking) is that within 10 years from now, we look back and wonder how we ever managed to work with such an awkward and insecure method. I guess the security experts in the industry forgot about this one because a replacement will most likely not happen anytime soon.
Expectations on Exadata
Another prediction (aren’t predictions always some kind of wishful thinking?): I expect more customers to move mission-critical databases from Oracle Exadata back onto best-of-breed, shared infrastructures (I already see this happening at some of my large customers). It just takes time for Oracle customers to figure out that the Exadata advantage for consolidation just is not there, that using Exadata is way too expensive and inefficient (talking about Dirty Cash…), and has a whole bunch of other disadvantages over other solution stacks as well. I was reluctant to discuss Exadata before (I prefer to talk about our own strenghts over competition-bashing) but this is going to change in 2013. That said, my real challenge is to keep that discussion honest and useful and stay away from throwing FUD around (even if the competition does). I challenge you as a reader to let me know when I’m about to cross the borderline.
Will Oracle sell more Exadata? Probably. Oracle’s marketing has never been stronger. But under the marketing cover there’s a lot of stuff that they’d rather not talk about. Let’s see if we can uncover some of that. My colleague Kevin Closson already started long ago, and does a great job at that!
I will focus less on database internals itself (Kevin knows that stuff much better than me) and more on the requirements for (and integration with) the rest of the IT infrastructure stack (think availability, disaster recovery, data integrity, data cloning features, I/O performance, efficiency and the like).
Best wishes for 2013 and keep up the good work!
390 total views