Scott Rafer is a startup machine. He was one of 5 people at MyBloglog , the portable social network that caught fire in months and flipped to Yahoo, he was a co-founder of API management service to the stars Mashery and has held top executive positions at 6 other startups since leaving Kodak in the late 90’s. Today he’s unveiling his newest project and it’s a very ambitious one. Sponsor Handroll.tv is an HTML5 video delivery platform. “In the whole Jobs vs. Flash debate, the back-end implications are largely being ignored,” he writes in a blog post today. “HTML5 video makes it very tough to hide anything — media files, player code, usage, video description metadata, social gestures, editing layers, and a hundred other savory morsels. That data feast will all be floating around and available to slice, dice, layer, and roll. Bridging from data availability to great new applications will require open services in which that data is gathered and laid out for use. Handroll.TV is working to be one of those services.” Rafer is joined in founding the company by technologist and business exec Donna Romer and Aaron Wadler, who was Linux Systems Administrator at SuperPoke, the app synonymous with obnoxious if very well scaled Facebook platform applications. Right now the service is bare-bones. It’s a form that you can put any video file’s URL in and you’ll get HTML5 embed code and an API to poke it with. Eventually the service will support all kinds of analytics, authentication and even super-simple video editing. “Anyone who can hack a Tumblr or Wordpress theme,” Handroll says, “can be a video editor — and with the same tools.” Rafer aims for maximum openness with the service. He sees a giant abyss of opportunity in HTML5 video; he and his team intend to jump right into that abyss. “Basically none of the code is proprietary. It’s a big open database in the back. I don’t have any clue what the revenue model is here. It will be our database, we’ll have computationally more efficient ways to pull data from it than other people can, just because being database host has advantages. If someone is trying to pull a ton of data out of us, that’s premium. The ability to be social inside the video and mashup without video editing is going to change the online video market. Somebody’s going to figure out how to do the next big video service.” Could that somebody be Handroll.tv? Time will tell, but this is definitely an early service worth paying very close attention to. It’s sure to shake things up. Photo of Rafer by Dave Sifry . Disclosure: In addition to being awesome, Mashery is a long-time sponsor of ReadWriteWeb. Discuss

Click here to read more

VoltDB , an open-source “next generation” database, graduated from beta last week. The company, under the leadership of Postgres and Ingres co-founder Mike Stonebraker, claims its product is extremely scalable and 45-times faster than traditional database products. VoltDB is targeting enterprises such as software-as-a-service providers, financial traders, online businesses or any organization that requires “systems with large, fast-growing transaction volumes.” VoltDB is one of many projects trying to re-invent the database. Sponsor After over 30 years of dominance, the traditional relational DB model is being challenged by several companies. Charles Babcock, writing for Information Week , compares VoltDB to Cassandra , CouchDB and

Click here to read more

Over the past couple of weeks, I’ve been using Check.in , the browser-based “check in” application that registers your current location with a variety of location-based social networking applications, including Foursquare , Gowalla , Brightkite , Whrrl and TriOut . The app was cooked up the Brightkite team in an effort to simply the process of using multiple services such as these, an ongoing frustration among LBS (location-based services) early adopters. So how did it fare? Not bad at all, if I do say so myself. Sponsor First, full disclosure: I’m not what you would call a heavy user of location-based social networking services. I have no mayorships . I visit incredibly boring places . I only started using Gowalla so I could try out Check.in. However, I’m not so old and boring (yet) that I can’t see the appeal of these services. In my younger, more active days – before I was tied down to a life of diaper-runs and other errands – an app like Brightkite or Foursquare would have been a blast to use. But sadly, I never got to experience these types of services back when they would have been the most fun for me – heck, I don’t think any of my college friends even had cell phones. (You kids have it so good, you have no idea). That being said, I really enjoyed using Check.in. It was incredibly easy to use, always found my location accurately and worked without error or crashes. My only complaint was that the app was slow at times, even when I had a good signal, although that could be due to the fact that it was still in private beta. Perhaps they hadn’t thrown enough computing power behind it yet? Sometimes this slowness, which often occurred during the “magical place matching” screen, was a major issue. When doing drive-by check-ins (a.k.a. “quick stops”), for example, I found myself leaving the venue before the processing was done. Curse you, Starbucks drive-thrus, and your speedy service! I will never be mayor! We Need a Place-Matching Database Another issue, and one which Brightkite has no control over, is the lack of a unified Places database, as TechCrunch mentioned earlier this morning. Brightkite is on board with this idea, but the other major players need to agree, too, in order for it to work. What this means in terms of app usability, though, is that you often have to tell it that Location X on this service is the same as Location Y on that service. Check.in, for what it’s worth, walks you through this process with ease, but it can slow down check in time even further. In other words, if you feel stupid “checking in” to places and try to get it over with quickly, before you have to explain yourself to your non-early-adopter friends and family, Check.in won’t solve that problem – it makes it worse. Solid, Well-Built App Outside of these inconveniences, neither of which are necessarily Brightkite’s problem, I can report that Check.in is a solid, well-built app. As you check in to the various services via Check.in, the app also returns relevant data, new mayorships, points, etc. The app has also been improved during the beta period with better, tighter privacy controls and sharing settings for posting to Twitter and Facebook. Insights and Future Plans The Brightkite team shared a few early insights from their beta trials that involved 6,000 users and 135,000 check ins. The average user checked in 20 times, more than 2.3 million places were queried and most users check in to two or three services at once. Friday is the busiest day for check ins and Sunday is the quietest. The team now wants your feedback as to what needs to be added or improved next. They’ve asked Yelp to open up their API, but so far, the company has said “no.” We suggest they consider adding another major LBS player, Loopt . From the Brightkite blog , it appears they’re also considering Check.in integration into Brightkite’s native apps, a decision that could easily make Brightkite the top LBS-based app across multiple platforms. Discuss

Click here to read more

Where there are definitions, there are reasons to bend them. Outsourcing, the practice of bringing outside organizations to manage a part the business process, is one of those concepts. In this post, we’ll take a brief stroll through the work of Caliber Point in mixing up both outsourcing and cloud computing. We look at where it touches on major shifts in enterprise software architectures and franchises like Oracle which this software-as-a-service product is built on. Sponsor In a way, the very definition of “corporation” suggests the creation of sensitive information. By having the purpose of bringing people together to generate profit, actions such as retaining employees, building strategies, and defining products create information boundaries within a company, and within the competitive landscape. It is in the context of outsourcing sensitive information and processes that we analyze a product called Republic, by Caliber Point that has technology to merge Oracle R12 core technology with a software-as-a-service offering for outsourcing Human Resources. This product enables companies to have a product and set of services to run the basic business processes such as HR payroll and administration. Disruption is In: The Back Office In all the virtualization and cloud computing change occurring, sometimes it is easy to forget about arguably the hardest to distribute resource, the database tier. And, where the database tier is tightly interwoven with software (like enterprise packages) it can become a sedimentary set of infrastructure. Although not normally associated with the movement of cloud computing, Oracle in itself has been disrupting the layers of software and infrastructure in the back office with its heavy acquisitions and merger of Siebel, PeopleSoft, BEA, and now Sun. In a way, the company has faced some of the hardest integration challenges by thinking about enterprise services bus, which is an enterprise version of software-as-a-service that is used extensively in cloud computing. Both small companies and large companies support this movement, Caliber Points notes here: “….Larger clients such as Cadbury (50,000), BNP Paribas (65,000), Astra Zeneca (70,000), IKEA (67,000), Philips (110,000) etc. have implemented their HR systems on a multi-tenanted model.” Multi Tenant: Just Makes Sense We took a moment to sit down with Caliber Point CEO RU Srinivas to discuss how the company has been working within the Oracle innovation model to help figure out where cost-savings, SaaS, and enterprise licensing meet – and innovating to offer a multi-tenant solution in the midst of the evolution underway for the entire market. In the one pager, the company offers these human resource services: Administrative HR: Employee Database, Workforce Administration, Employee Self-Service, Reporting Manager, Self Service. Compensation – Records and Updates Payroll and Employee Benefits Time Entry and Management HR Regulatory Reporting and Analytics The companies Republic product release offers customers a solution that both extends as well as fits into Oracle’s business product offering. In their brochure , Caliber Point stresses the overall value of mulit-tenant solutions and how the combination of configuration patterns lead to more effective software deployment – an easy place to gain cost savings. We believe this gives Oracle opportunities to look into the future of where PeopleSoft and Oracle database technology future lies. If we live in a “multi-tenant or whither” world, it is key for Oracle (and others) to position themselves for a dominant solution like has been enjoyed in the past in the enterprise. Unhost: ( Verb ) We’re not sure if to “unhost” is an official term, but if it was, we’d suggest this definition: “Reduce technical footprint and save money by leveraging outsourced commodity services that you used to manage yourself”. It could be argued that public cloud computing (Amazon) is a part of the outsourcing movement. Instead of taking people processes however, cloud computing starts with resources and works its way down by wrapping compute, storage, and networking into service definitions that are accessible by credit cards. Caliber Point’s CEO, RU Srinivas “RU” shared with us the base case for cost savings with the models of outsourcing. Here, in the company’s Republic white paper the case is being made on the pressure of change to pricing for SAP and Oracle and the benefits of the next wave of outsourced infrastructure. We asked RU if it was possible to break it down the cost savings in a simple way for large enterprises who pay for licenses for platforms today would be tempted to “un-host” their infrastructure. RU explained that it wasn’t quite that simple, considering the depth of solutions with tools like PeopleSoft and other factors, but as a basis, cost savings of 30% were a reasonable starting point. However, as noted in the companies outsourcing products, it is also possible to gain similar cost reductions in human resource outsourcing offerings Caliber Point offers. This brings us to the conclusion that multi-tenant may mix well with multi-continent support like that offered by big outsourcing organizations. The opportunity for both hosting and supporting becomes a big win for companies looking reduce expenses in core business functions such as human resources. We wonder if offerings like Republic will emerge out of cloud computing and compete with Amazon (and others) as the new center of the cost-savings universe. What comes to mind when you think of outsourcing and cloud computing today? Discuss

Click here to read more

At 1:00 a.m. on Sunday morning I was doing routine maintenance on my personal Amazon Web Services account and instead found myself looking at something I had no right to be seeing: A database with 800,000 user accounts to the e-card site CardMaster.com . Along with that were the database passwords and back end of a major U.S. Public Broadcasting Service news show website ( Gwen Ifill’s Washington Week ), including daily updates from panelists on the stories they cover. I wish I wasn’t the person to find this. I founded one of Amazon’s earliest dashboards. My consultancy is on Amazon’s European Customer Advisory Board. But this highlights a significant issue in the cloud today: There is a whole new user profile acting as developer and administrator. We are becoming empowered with amazing tools – and being given enough rope to really hang ourselves. Sponsor Guest author Jonathan Siegel is a serial entrepreneur and founder of the cloud applications consultancy ELCTech.com as well as a handful of cloud startups. Jonathan’s book, Electric Connections , is due out in June of this year. I am an early adopter, business builder and owner of a cloud consultancy. On Sunday morning I went to clear out my personal Amazon Web Services account of excess files after seeing huge usage numbers from a report by CloudSplit. For those technically inclined, I was clearing out my S3 buckets and moving the few files that I wanted to save into an EBS disk instead. My EBS disk ran out of space and I went to use a feature called EBS Snapshots. Snapshots are like a tape backup of your EBS disk drive. That’s when I noticed something odd: My EBS Snapshot account was filled with hundreds of snapshots, when I knew I had only made a handful. I wondered, Why do I have access to these backups? Were these backups made by my teammates? Shared snapshots from Amazon? Or something else… What I saw were backups of Enron emails, a genomics database and then two made my stomach turn – a database for 800,000 user accounts to CardMaster.com and the database and site files for the Washington Week website. Yeah, the Enron emails are a non sequitur and the genomics database was likely meant to be public. But the other two, there’s no way they were intended for the public, yet here they were – marked as public and available to me or any other Amazon cloud user. How Did This Happen? Amazon is the largest and longest running public cloud computing platform. It has pushed the boundaries of technology infrastructure for us users. In fact, it has given us tools that are more powerful than anything we previously had available in our own small datacenters. This is great, because before we needed to hire trained Cisco or NetApp administrators in order to do basic tasks as our websites scaled. This was expensive and added another step – a delay – to our deployments. Amazon’s infrastructure commoditizes much of this technology into simple Web calls; paste some XML to Amazon and your website gets a full incremental backup to live-networked NAS. But as Stan Lee has warned us: With great power comes great responsibility. By giving programmers control of the network and storage, we’ve empowered developers to take on system administration chores. This power has come too quickly or is being digested too lightly – as my discovery has shown. In the case of PBS’s Washington Week there was quick acceptance of the issue. “It was human error and nothing personal was exposed,” said Kevin Dando, PBS’s Director of Digital Communications. “Although we weren’t aware of the issue initially, it was easily corrected. Because of Amazon’s strong audit capabilities we could pinpoint the error and fix it quickly.” Despite numerous attempts we were unable to reach CardMaster.com. This highlights a deeper issue in the cloud today: Despite what you may think, cloud security is not sexy. We are seeing products that address the baseline needs of cloud functionality, like Amazon’s dashboard and the support sites for the cloud. They focus on the sexy: deploying mobile apps, auto-scaling, grid processing and other buzz-word-friendly features. But the dirty truth is that the cloud has a whole new user profile acting as administrator and needs a new set of tools and expectation management to ensure that little mistakes make little problems and not big ones. Remember: This is not something that Amazon did wrong. This is an intentional switch thrown by Amazon’s users that allowed their data to be public to any other Amazon user. The users did not mean to hit that switch and it’s unclear whether those users would have found this issue without my notification. This is the switch in Amazon’s Web Console. It can be more subtle when packaged deep within cloud-assisting tools: And Why Me? A spokesperson for Amazon pointed out that snapshots were private by default and users must choose to share them. According to Amazon, “users understand this feature very well as this is no different than users explicitly choosing to share their data by any means.” However, as we’ve seen, users are obviously making their data inadvertently public. Amazon said they were updating their documentation “to provide more explicit guidance on this feature,” and that they would be “reaching out to the few who may be unknowingly sharing their snapshots.” The question, though, is: Is it too easy to accidentally make your data public – and whose role is it to play data cop? This leads to me, at 1 a.m., and finding security leakage with Amazon’s cloud customers while doing unrelated housekeeping. Look, I’m anything but an IT Security guy; I’ve got enough on my plate to worry about. For god’s sakes, I have 6 kids! Moreover, I’m an outspoken supporter for moving companies to the cloud – and I exclusively recommend Amazon’s cloud because of its reliability and features. Why is it me that finds this security issue – one that has been open since January of this year if the Snapshot dates are accurate. This tells me that there is a pattern about to be replayed: That the users on the cloud today are a motley crew. That we need more supervision and hand-holding – whether we like it or not. That powerful services like CloudKick and CloudSplit need to be encouraged to add security as a top-priority feature. And we need to budget for their services and embrace their boring, yet hyper-important role as perimeter guard and security inspector. If I were to try to keep this security problem in the bag – and avoid alerting the community – I would be fostering a sense of complacency that is antithetical to the marketplace needs. The cloud is so young that when we find a problem we need to admit it and find real, workable solutions. Since the cloud represents new ways of doing things, it gives us new ways of getting in trouble, and we need a lively forum for nipping these issues in the bud and laying a framework for ongoing success. What Now? If you are on Amazon’s cloud, I can’t stress enough that you need to immediately go to your AWS Management Console. Check at a minimum that your Snapshots, for every Region, are marked PUBLIC only if you mean them to be available to ALL other Amazon Web Services users. I’ve already checked mine. If you find data that you did not intend to make public, you need to engage your security team to remove the snapshots from the public and mitigate any data exposure. Hopefully this gets chalked on the wall as a lesson learned – and we continue our march to the cloud with a deeper appreciation of our security support needs. This isn’t about calling people out. I work in the cloud and am passionate about its development. These mistakes could very well have been ones I made – or any other cloud user. To move the cloud forward we need to encourage a dialog about our new found power, new paradigms and new needs in the cloud. Discuss

Click here to read more