Friday Summary: January 25, 2013By Adrian Lane
Will Hadoop be to NoSQL what Red Hat is to Linux? Will it become more known for commercial flavors than the open-source core? Lately I have been noticing similarities between the two life-cycles, with the embrace of packaged variants.
What I notice is this: In 1994 I replaced an unreliable BSD distribution with a Slackware distribution of Linux – itself a UNIX derivative. Suddenly “this old PC” was not only reliable, it felt 5x faster than it did running from the Windows partition. Slackware Linux was a great product limited to the realm of uber-geeks – you needed to assemble and compile before you could use it. But you could customize it any way you wanted – and it put a truly powerful OS on the desktop – free.
Then Linux started to go a bit mainstream as it allowed us to cost-effectively run applications that previously required a substantial investment and very particular hardware. Caldera was a big deal for a while because they produced a ‘corporate’ flavor. Some companies noticed Linux was a powerful platform and embraced it; others viewed it – along with most open source – as a security threat. But its flexibility and ability to deliver a server-quality OS on commodity hardware were too compelling to ignore.
Then we got ‘professional’ distributions, tools, and services. Adoption rates really started to take off. But while the free and open nature of the platform still roots the movement, it started to feel like you need a commercial version for support and tools. These days few people grab different pieces and assemble their own custom Linux distributions.
I think Big Data is already moving from the fully open source “piece it together yourself” model into complete productized versions. If that’s true I expect to see the 125+ versions of NoSQL begin to simplify, dropping many of the esoteric distributions, likely boiling the market down to a few main players within the next few years – and eventually the Big Data equivalent of a LAMP stack. After that the NoSQL growth curve will be about standardized versions of Hadoop. The question is whether it will look more like Red Hat or Ubuntu?
This really has nothing to do with security, but I thought there were too many similarities to ignore.
On to the Summary:
Webcasts, Podcasts, Outside Writing, and Conferences
- Milestone: Episode 300 of NetSec podcast.
- Mike quoted on Reuters on Cisco’s network security competitiveness.
- Mike quoted in the Merc about Cisco’s network security (missed) opportunity.
Favorite Securosis Posts
- Mike Rothman: Don’t respond to a breach like this. Small minds make poor decisions. And everyone else should continue to do the right thing, even if small minds can’t understand it and take action against it.
- Adrian Lane: Emotional Whiplash. Mike nailed it. And I only saw the first and fourth quarters!
Favorite Outside Posts
- Adrian Lane: “Cyber” Insurance and an Opportunity. Fascinating.
- Mike Rothman: XSS, password flaws found in popular ESPN app. Man, this sucks. Any big sports fan uses the ESPN app. Good thing it doesn’t store anything sensitive because I can’t live without my scores and NFL news.
Recent Research Papers
- Building an Early Warning System.
- Implementing and Managing Patch and Configuration Management.
- Defending Against Denial of Service (DoS) Attacks.
- Securing Big Data: Security Recommendations for Hadoop and NoSQL Environments.
- Tokenization vs. Encryption: Options for Compliance.
- Pragmatic Key Management for Data Encryption.
- The Endpoint Security Management Buyer’s Guide.
- Pragmatic WAF Management: Giving Web Apps a Fighting Chance.
Top News and Posts
- Aaron Swartz’s death
- Backdoors Found in Barracuda Networks Gear
- Google Tells Cops to Get Warrants for User E-Mail, Cloud Data
- Twitter flaw allowed third party apps to access direct messages
Blog Comment of the Week
This week’s best comment goes to -ds, in response to It’s just Dropbox. What’s the risk?.
If we make security break users, we make users break security.
This is such a basic principle. I’m tired of being in an industry where my peers would rather have the illusion of control then actual, effective, risk proportinate security. We have so many pretenders and unfortunately many of them are loud voices and dominate the coversation to the extent that newly minted security practicioners think they are the ideal. Next one of them that says “we do X because it is a best practice” is getting a wedgie.