Google-China Cyber Skirmish

Google’s motto is “don’t be evil”. In 2006, CEO Eric Schmidt refined this principle to an “evil scale” on which it would be OK to self-censor Google.cn — given the alternative to not offer Google.cn at all. After cyber attacks on Google infrastructure by Chinese hackers, Google now threatens to move out of China.

In a hearing before the Committee on International Relations of the U.S. House of Representatives on February 15, 2006, Google’s Elliot Schrage defended the China move. Schrage explained that the global service Google.com was accessible in China, however, Internet censorship affected Chinese user experience severely. This would damage Google’s competitive position in China. Schrage named three corparate objectives [1]:

(a) Satisfy the interests of users,
(b) Expand access to information, and
(c) Be responsive to local conditions

The third point related to China business and Google’s transition from “don’t be evil” to “evil scale”. Google argued that self-censorship would be less evil than Chinese censorship, promising more transparency and better privacy standards. Google would only store data in China if data privacy and security could be assured. Therefore, Gmail and Blogger were not hosted in China.

Four years later, Google announces to end Google.cn self-censorship [2]. The reason for the strategic change: severe hacker attacks on Gmail accounts of human rights activists which apparently took place as part of concerted cyber attacks. In 2006, Google made clear that data protection was the conditio sine qua non of their business engagement. Now, Google is acting on it. The shut-down of Google.cn seems to be a safe bet. It remains an open question whether the Chinese offices will be closed, though.

Geneva Conventions of Cyber War

The Google-China cyber skrimish is rather harmless, although it might in the end deprive Chinese Internet users from a useful search service. Nevertheless, the story raises a more general issue: How should countries (and organizations) respond to cyber attacks? Right now, anything seems to be allowed. Do we need “Geneva Conventions of Cyber War”?

Neil C. Rowe from the U.S. Naval Postgrad School wrote an interesting book chapter on the ethics of cyber warfare. A key issue addressed by the Geneva Conventions is the moral imperative to avoid collateral damage. Rowe states that “[a]n intriguing possibility for ethical cyber-attacks is to design their damage to be easily repairable” [3]. Other important issues are “damage assessment” and “determining the perpetrators and victims”. How can an attacker be sure to have reached his objective? How can the perpetrator of an attack be identified? Apparently, the second point is relevant for the Google-China discussion.

International laws must address these issues. The use of certain “cyberweapons” should be prohibited and sanctioned. The methods and means of combat cannot be arbitrary, but must follow the rules of civilized society. In a more networked world, cyber warfare will likely become a more urgent problem…

References

[1] http://googleblog.blogspot.com/2006/02/testimony-internet-in-china.html

[2] http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

[3] http://faculty.nps.edu/ncrowe/attackethics.htm

Android Market Europe

Apparently, Android Market will be available for consumers and developers in Europe, soon. Just got this E-Mail.

Hello,

I’m writing to let you know that priced apps are now available to users in Germany and Austria. You can target your priced apps to these users by selecting the “Germany,” “Austria,” or “All Current and Future Countries with Payment” location options in the publisher website at http://market.android.com/publish. If you select “All Current and Future Countries with Payment,” then your priced apps will automatically appear to users in all countries where priced apps are available.

Also, I am pleased to let you know that free applications will become available in Italy over the next few weeks. Italy will join the other countries where users currently can download free applications: US, UK, Germany, France, Austria, Netherlands, Czech Republic, Poland, Australia, and Singapore. You can make your free apps available to Italian users by selecting “All Current and Future Locations”. We will add the option to target these countries individually when we add the ability to add French and Italian application descriptions in the publisher website, which we expect to be complete in the coming weeks.

Finally, I want to let you know that we are hard at work to enable developers in Germany, Austria, Netherlands, France, and Spain to offer priced applications in the coming weeks. Once merchant support for priced apps are live in these countries, we will announce our plans for launching support for developers in additional geographies.

Thanks for your support, and we look forward to continue working with you on Android Market.

Eric Chu,
Android Market

Google, Inc.
1600 Amphitheatre Parkway
Mountain View, CA  94043

Eucalyptus+AppScale=AWS+AppEngine

The UCSB EC2-cloud-clone-architecture Eucalyptus has given birth to additional overlay layer: AppScale. Like Eucalyptus simulates EC2 interfaces and functionality, AppScale simulates Google’s App Engine. Now it is possible to build an infrastructure that integrates well with both Amazon Web Services and App Engine. Nice…

Keyboardr

Today I came across a cool Web application that fellow students of University Karlsruhe developed: keyboardr. The major feature is to quickly navigate Google search results with your keyboard. My first impression was very positive; obviously the core developer Julius Eckert knows how to code proper Ajax. Besides the neat technical implementation, I can clearly see the value of a faster, better search interface.

Also: Check out the great developer blog of Julius Eckert.

Google App Engine – Free Lunch is Over

Apparently, Google App Engine costs money now – at least if you are over the free quotas (which are about to drop). This is the billing page that I can see on my App Engine account. More important, however, Google Checkout seems to be available for developers in more countries than just the United States and UK, soon. This means that you can easily commercialise your GAE applications other than with advertisement.

GAE Billing Status

Google Bug #2

Google Docs is down :-( These things seem to happen more often lately…

Google Docs Outage

Google bug

I knew it: the Internet is a dangerous place…

Every site on the Internet may harm your computer

Update: http://googleblog.blogspot.com/2009/01/this-site-may-harm-your-computer-on.html

Cloud Mashups

Information-integration, Presentation-layer Mashups

Is the next wave of mashups rising? Since Paul Rademacher’s early experiments with housingmaps.com back in 2005, Google Maps mashups have become ubiquitous. The Google Maps API is popular because it enables developers to build Web applications that output information in a more user-friendly representation, such as real estate locations or crime scenes [1] [2]. Yahoo has developed some really cool tools that further reduce the learning curve of processing, mixing and restructuring information and media from different sources into a single representation [3] [4]. However, it seems like these are mashups of the old days. A new dawn is breaking…

Platform Mashups

The new type of mashup that we can see today combines Cloud Computing services and integrates them into a single service or application. Amazon’s GrepTheWeb is a good example for Cloud Computing service compositions within the domain of a single provider [5]. However, the recent announcement of Appirio’s ReferMyFriends App shows that also cross-Cloud mashups are viable [6]. Other examples for cross-Cloud mashups are Facebook + EC2 back-end [7] and Force.com + AppEngine back-end [8] (although it is probably only a matter of time until [8] will become one of the single-domain examples).

What are the main motives to combine Cloud Computing services? One motive is similar to the old Google Maps-style mashups: integrate information from different domains. The other motive: make your service scalable by extending it with a Cloud back-end. Still, there are more interesting mashup opportunities at the horizon…

Mobile Device Platform vs. Cloud Platform

Today in Davos Mark Zuckerberg said [9]

The platforms aren’t there yet. With all the mobile platforms—iPhone, Blackbery, Android, the mobile web—it is difficult to develop for all of them. When the number of platforms consolidate it will become a powerful thing.

Far from it. I doubt that the number of mobile device platforms is going to decrease in the near future. On the contrary, I believe that we will see more platforms popping up. Besides Symbian, iPhone, Blackberry and Android, there is a bunch of Linux-derivatives on the way for Netbooks and other mobile internet devices (MID).

This is the hour of the Clouds. Instead of engineering an application again and again for each and every mobile device platform, just build it once for a Cloud that taps into each of these devices. Although politics might hamper the process of creating such unified Cloud environments, I am convinced that this is a better approach for many developers. Just take Facebook as an example. Instead of building a social media application for iPhone, Blackberry and Android, build a Facebook Application [10] [11] [12].

[1] http://www.housingmaps.com
[2] http://chicago.everyblock.com
[3] http://pipes.yahoo.com/pipes/
[4] http://developer.yahoo.com/yql/
[5] http://developer.amaz[...]
[6] http://www.techcrunchit.com/2009/01/30/[...]
[7] http://developer.amaz[...]
[8] http://developer.force.com/appengine
[9] http://www.techcrunch.com/2009/01/30[...]
[10] http://www.facebook.com/apps/[...]
[11] http://na.blackberry.com[...]
[12] http://androinica.com/2008/11/14[...]

Classification of Cloud Computing Stakeholders

Update: The diagrams in this post are out-dated. Please click here to find the new versions.

The Onion

In an attempt to better understand the nature of cloud computing I tried to draw a classification of some companies and applications that spawn in the cloud.

Three different cloud computing levels

Infrastructure

The heart of the cloud is what some people call Infrastructure as a Service (IaaS). This is as near to bare metal as we can get: pure storage and compute capacity. With virtualization techniques it is packaged into small units that are delivered like water or electricity (notion of utility computing).

Infrastructure as a Service

Platforms

The next layer is Platform as a Service (PaaS). Here we find more complex platforms, such as Google App Engine or Salesforce.com AppExchange. Marc Andreessen, who coined the phrase “Web as Platform”, once wrote: “[a] platform is a system that can be programmed and therefore customized by outside developers — users — and in that way, adapted to countless needs and niches that the platform’s original developers could not have possibly contemplated, much less had time to accommodate. [...] If you can program it, then it’s a platform. If you can’t, then it’s not.” (Source)

Platform as a Service

Although I would not consider Amazon EC2 or S3 to be a platform but rather IaaS, the elastic infrastructure provided by Amazon has enabled third-party developers to build platforms on top of it. I asked myself where in my diagram to put the other Amazon Web services (FPS, DevPay, etc.) but haven’t come up with a plausible place, yet. It should probably be somewhere between IaaS and PaaS.

Apps & Services

The outer layer of my onion is formed by all the applications and services that are built on top of either IaaS or PaaS. I am not satisfied with the outer layer. I feel that it needs further categorization, such as grouping by types of applications, e.g. Social Network Apps, Backup Services, and so on.

Cloud Applications and Services

API

Each layer has a different set of APIs. Near to the core, developers have standard Web technologies and protocols to access and use the cloud. Further away from the core, levels of abstraction are added, making APIs more vendor-specific. On the application & service layer, we find a mix of standardized and less standardized APIs.

Cloud APIs

Suggestions?

I want to improve and extend my diagrams and find a more proper categorization of cloud vendors and services that sit on top of the cloud. What are your ideas and comments on this one? And another thing is: Would you consider firms that use IaaS, like Mosso and cohesiveFT, as PaaS vendors? How are they different from, say Joyent or flexiscale?

(A very good and comprehensive list of cloud vendors can be found on John Willis’ blog)

Comparing EC2 and App Engine

Comparing Two of the Leading Software Platforms in the Cloud

Shortly after the Google App Engine appeared, Dion Hinchcliffe provided us a nice comparison of how the Google Service stack compares to Amazon Web Services.

What we can learn from Dion

First of all, I like this graphic because it shows that

1. Today’s big cloud infrastructures comprise of a bunch of vendor-specific services.
2. We should differentiate between the core cloud (infrastructure) and vertical or horizontal cloud services.
3. There are different levels of integration.
4. There is a client side, too. Tool support is crucial if you want to push a new technology. Another facet is the trend towards online/offline applications (Google Gears, Adobe AIR, etc). Users should be able to continue doing work even if the cloud goes down for a while.

My objections

Of course, everyone has his personal bias, so I see things a bit differently:

1. I agree, there are obviously a lot of different services out there.
2. According to the picture it seems like the core of the Amazon cloud is EC2 and the core of Google App Engine is – well – the App Engine. Why not count in storage capacity? I believe that storage as well as processing power should be seen as the core cloud services. Amazon S3 and SimpleDB and Google datastore respectively are part of the core cloud. There are horizontal cloud services as well, such as Amazon Flexible Payment Service (FPS). It does not help much if only your infrastructure scales but the rest of your business does not.
3. What you cannot see from the picture is that Amazon’s Web Services are more loose coupled and Google’s services are glued together. Seems like Amazon has taken the Linux approach to Cloud computing, whereas Google follows the Microsoft business model. Where Amazon Web Services offer greater flexibility because they can be combined with third-party services, integrated into (open source or commercial) frameworks and software products,  Google provides a more easy-to-use model (auto-scaling, sweet APIs) at the cost of vendor lock-in.
4. I believe that it is important to have a look at the client side, too (see my blog post on OpenSocial + App Engine). How do programmers develop applications for and deploy them into the cloud? Aptana, for instance, offers tool support for developers who seek to deploy their application into the (Joyent) cloud. Obviously, Google Mashup Editor, Open Social, and others are going to integrate much better with the rest of Google’s cloud API stack. Another category of tools are monitoring and admin tools which right now only exist for Amazon (as far a I know).

Business Models

One last thought. Dion mentions the following

As for enabling business models, Amazon has it’s eCommerce APIs to help its PaaS partners generate revenue while Google has its far more flexible and general purpose advertising models with its AdSense product line.

Why is it far more flexible to do advertising? Google can offer advertising services, for sure. But Amazon has an interesting market position, too: a huge retailer with millions of registered customers. If they give access to Amazon customer accounts (and they do, Amazon FPS for example), third-party developers can build innovative business models around it. They can develop marketplace applications, charge micro-payments, and so on.