Spec Conformance in the Age of Clouds

As a veteran of three or four (depending upon how you count them) majorly disruptive changes in computing, I’m always on the lookout for things that distinguish cloud computing from what-has-been-before. I am seeing a rather interesting change in the notion of “conformance” as it applies to the way specifications are written and negotiated.

What Does “Conform” Mean?

To be brief (and oversimplify somewhat), in the age of packaged software, a statement in a specification that “conformant implementations MUST support FeatureX” is a promise about the possible behavior of any software claiming to conform to that spec. If you buy a chunk of software that claims to conform to this specification, it must be possible for you to configure that software such that FeatureX is supported. Note that this configuration doesn’t have to be the default configuration. The vendor that sold you the software may even recommend against such a configuration. Nevertheless, that vendor can rightfully claim that their product conforms to the spec, even if some of their customers “choose” to configure their deployments in ways that are not spec conformant.

In the cloud, a statement that “conformant implementations MUST support FeatureX” is more closely a statement about the actual runtime configuration of any system claiming to conform to that spec. Because the vendor and provider roles have merged, “the vendor” cannot simply allow “the provider” to enable support for FeatureX – FeatureX has to actually be supported in the systems that are deployed and operated by that provider. There are ways the provider can skirt this, for example, by allowing/enabling FeatureX on a per-tenant basis – but, overall, it seems to me that the move to cloud computing has reduced the amount of wiggle room available to implementers.

Sausage Making

Warning to anyone laboring under the illusion that specifications are crafted by disinterested scientists whose main goal is technical quality: this next section deals with some of the political/technical maneuvering that goes into creating specifications and may be unsettling.

Let’s lay out a scenario: You are involved in a standards-development group that is collaborating on the specification of some API. It turns out that some members of this group feel that it is absolutely essential that the API MUST support FeatureX. After researching their proposal you become convinced that these people have been engaging in some activity that seriously impairs the functioning of their pre-frontal cortex. You try arguing them out of it, watering down the requirement, etc. all to no avail.

If you are representing an organization that develops and sells packaged software, this situation is not too dire if (1) FeatureX doesn’t affect too many other areas, (2) a minimal FeatureX isn’t overly complicated and difficult to implement, (3) you are reasonably sure that none of your customers will ever want FeatureX. Simply get your developers to implement a minimal version of FeatureX, enable it as a non-default configuration option, and ship. If you are right about (3), the code for FeatureX will never be exercised outside of conformance testing. You and your organization may not want to do this, but you have some degree of flexibility.

Now suppose you are representing an organization the develops, hosts, and operates a cloud service. Even with per-tenant configuration tricks, the call to require FeatureX means that your organization not only has to develop the code to support FeatureX, it may have to deploy it and support it. This significantly raises the stakes around conformance – particularly for features that are “operationally infeasible” in your particular architecture. You can’t be flexible about a requirement to support a feature you can’t actually support.

Upshot

I see a couple of obvious effects of this difference in the context around cloud specifications. The first is that cloud specs will take longer to develop. Arguments that formerly could have been resolved with a “fine, have your FeatureX” now have to follow some (in all likelihood torturous) course that morphs FeatureX into something everyone can support and/or some parties have to reconcile themselves to the refactoring work necessary to support it. Secondly, I expect cloud specs to have fewer strange requirements that were included due to the intransigence of some parties and laziness of others. This is a good thing for interoperability and thus for humanity at large.

Caveat

Note that none of this has anything to do with the creation (or blessed lack thereof) of “optional features” – i.e. features that are described by a spec but not required to claim conformance. As near as I can tell, there is nothing about the context of cloud computing that effects the creation of such features one way or another.

lyrics daddy moon

If you came across this because you are searching for the artist or lyrics to the song that played on the episode of Parenthood that aired Tuesday, January 11th 2011 that has the hook line “oh daddy moon …” this post is to tell you that artist is Tom Freund and the name of the song is “Little Room Of Mine”. You can find the song on his latest album “Fit To Screen”.

Obviously I like Tom or I wouldn’t be trying to help other people find him. If you liked “Little Room Of Mine” you’ll like is other stuff.

Technorati Tags: music,tomfreund

The Mind that Maps

Considering my appetite for cool software tools, it shouldn’t come as a surprise that I’m into mind mapping software. I’ve used MindManager for years now and, though I like the product, I can’t see shelling out $180 for an upgrade when there are so many cheaper/free alternatives. Is it too much to expect Mindjet to factor the existence of these competitive offerings into their pricing? Or is it just the case that MindManager is targeted at the enterprise and no one actually uses their own money to buy it?

Technorati Tags: mindmap,tools

Something Clever to Say

I often wonder how many misbegotten trends in IT have their origin in the need to say something clever about a subject that you don’t know very much about. Example (circa 2002):

Joe’s Manager: Joe, what do you think about this web services stuff?

Joe: (scrambling) I think it has a lot of potential but, uh . . ., they really need to solve the security problem first.

The truth of the matter is, at the time, Joe knew almost nothing about web services, SOAP, etc. but he had read/overheard just enough to know that “everybody” was concerned with “the security problem” (whatever that was). The result was the development of a boatload of  new technologies (WS-Security and its attendant profiles, WS-SecurityPolicy, WS-Trust, WS-SecureConversation, etc.) when the vast majority of SOAP deployments do fine with little more than SSL and BasicAuth. I remember a SOAP-oriented conference in 2005 in which a vendor rep asked the audience “How many of you are using or planning to use WS-Security?”. When only one hand (in a room of at least 100) went up, the rep went slightly non-linear saying something to the effect of, “WTF, you asked us to build all this stuff …?!?”

Fast forward to today and substitute “cloud” for “web services”. I’m willing to admit that there are a few security issues that are unique to the cloud (mostly around multi-tenancy), but I assert that 99% of “cloud security issues” are no different than current IT security issues. I’m worried that, in their need to have something clever to say about the cloud, people are creating the false impression that someone needs to invent a whole boatload of “cloud security” technologies when we simply need to re-apply our current security solutions.

Technorati Tags: cloud,security

For the Children

BuzzNet Tags: prop19,marijuana,legalization

While I’m on the subject of marijuana legalization, I just have to spend a few moments rebutting one of the stupidest arguments I heard in the recent debate on CA’s Proposition 19 - “If you legalize pot, all your kids will be doing it”.

To understand why I think this is such a dumb argument I have to relate the following. When I was a kid growing up in the suburbs of Chicago in the late 70’s it was way, way easier for me (and everyone else I knew) to get our hands on pot than alcohol. Why was this? Because alcohol was legal for people 21 and over and pot was illegal for everybody.

The people I bought pot from, and the only way that anybody I knew got pot, were acquaintances of mine – sometimes slightly older kids. Meanwhile the only place to buy liquor was stores and bars. The kids selling me pot weren’t taking any great risk in doing so – we’re talking very small quantities here and you had to be a true idiot to get caught. The people who weren’t selling me liquor were doing so because they didn’t want to lose their liquor license for the sake of a cheap case of beer and a bottle of peach schnapps.

This may all be anecdotal, but I’m pretty sure it’s not. If you want to stop people from selling any kind of drug to kids you have to (a) legalize that drug for use by adults, (b) license the sale of that drug, (c) revoke that license if they are caught selling to minors. You need the carrot and the stick. If I were emperor of CA, I’d tie your liquor license, your lottery concession, and your marijuana license into one big bundle – get caught selling any of these to minors and we’ll revoke all three.

Prop 19 and Huck Finn

BuzzNet Tags: prop19,marijuana,legalization,marktwain

While reading Huckleberry Finn to Annelise I came across the following:

Pretty soon I wanted to smoke, and asked the widow to let me. But she wouldn't. She said it was a mean practice and wasn't clean, and I must try to not do it any more. That is just the way with some people. They get down on a thing when they don't know nothing about it. Here she was a bothering about Moses, which was no kin to her, and no use to anybody, being gone, you see, yet finding a power of fault with me for doing a thing that had some good in it. And she took snuff too; of course that was all right, because she done it herself.

For those that voted “no” on California’s recent Proposition 19, it seems like Huck has got your number.

Nature

This is a riff on something I heard some mad philosopher say on NPR, so the original idea isn’t mine (I don’t have any original ideas). This guy was ranting that “Nature” had replaced “God” as our cultural conscience. The clichéd assumptions are everywhere: everything that is Natural is good, Nature is harmonious and in balance,  humanity should strive to align itself with Nature - if/when we ever do, all will be well.

In truth Nature is anything but balanced. It only looks that way to us because our timescales are so ridiculously short. "Nature” is one giant cataclysm after another. Not once, but five times has this planet seen mass extinctions where, for example, 70% of the land species were completely wiped out. Massive floods of magma could bubble up from the Earth’s core (tomorrow) and wipe out the human race (along with all other mammals, most birds, reptiles, etc.). To “Nature”, this wouldn’t be that big of a deal. Nature isn’t our mother and Nature doesn’t care if we live or if we die. “Nature” doesn’t care if we do or don’t try to “live in harmony” with the current equilibrium point (however short-lived it may be).

I think we should stop deifying Nature and get pragmatic. Take the best telescopes we’ve got and look out at the universe. Do you see, anywhere, any place where humans beings can live that we can get to? No. Alright then, what we have here is a liferaft situation. We are living in the only place that we can live and we have to take care of it because we have no idea how long we may need it to last.

BuzzNet Tags: philosophy,green,god,practical approaches to the survival of the human species