Looking for needles in haystacks, and other quixotic pasttimes

I have been wanting to get CCS adoption data. It helps us understand whether this is a viable target for software development, and whether or not we want to invest limited resources in it. We had been asked previously by Microsoft to “benchmark” applications, though they seem to have missed our point about porting the applications to run fast natively before we benchmark.

Regardless, we want to see if others have been adopting the platform. There is very little data on this. None really. One would expect that if CCS were flying off shelves that we would see massive press putsches going on. Should we read into the silence? I dunno. Before I launch into this, I want to stress that I am a happy user of several Microsoft products (Excel, Powerpoint). If they were available for Linux, I would be happy. Yes, I have used Crossover office. I bear Microsoft no ill-will. I simply have a hefty dose of skepticism about motives and their business case for this market. One place to look for a public company, is in its quarterly 10-q filing. Microsoft’s is here. Looking through this, I am trying to grab this information. Please note that I (personally) may be a Microsoft stockholder via funds that we own. Unfortunately, there is very little data on CCS in there. There is quite a bit of data on their major product lines, the ones generating substantial fractions of billions of dollars (e.g. 10^9 USD) per quarter. I would have a hard time believing that CCS would be able to generate $1B/quarter. I would be surprised if it generated $1M/quarter. This $1M/quarter revenue would be about 2151 node licenses (at $465 per node). Or in terms of 16 node clusters, this would be about 134 such clusters adding $7440 to the cost of the cluster purchase before antivirus/antispam, or 538 personal clusters (4 nodes) adding $1860 to the cost of the cluster purchase before antivirus/antispam. To hit $1B in sales for this product, they would need 21.5M nodes. I will leave that to the gentle reader to calculate how many 16 and 4 node clusters that would translate into. Needless to say, it is … unlikely … that CCS will be a $1B revenue size any time soon. As indicated, I would have difficulty believing $1M revenue (3 orders of magnitude lower). The latter number is at the upper edge of possible, assuming that winds blow in their direction. Hard. Which begs the question. Precisely why are they in this market, when there are much larger markets demanding their attention? Bear with me a minute. Take the ballpark size of the cluster market. Lets call it 6B$. Assume for the moment that each compute node costs around $5k (about correct, within a factor of 2 in most cases), and of the cluster market, about 1/2 the revenue goes to compute nodes, the rest goes to other things (infrastructure, storage, fabrics, …) . The market per year for systems in that cluster space is about 600k. Growing at 20+% per year, but call it 600k per year. This means, that, if Microsoft could suddenly convince all of us to drop Linux and switch, they would be looking at about $280M/year. Not bad. But what if only 10% switch. $28M/year. Or 1%? $2.8M/year. You see why we are so interested? We want to know whether this is a $2.8M market, or a $280M market. Of course, it could be a 0.1% (19 clusters per year of about 32 nodes in size) in which case it is a $280k market to Microsoft. Again, could someone explain to me in simple terms precisely what the business value to Microsoft is in terms of pursuing such a relatively small market (compared to their other divisions)? I could believe somewhere in the 0.1% - 1% region at the end of this year for CCS. Without hard data, it will be pretty hard to do more than guess. These needles don’t want to be found, or the people who own them want them to not be found. Maybe someone could ask this question at the next stockholder meeting. That said, the 10-Q had some interesting data.

That is known. Microsoft develops software and charges per license/installation. Every time you buy a machine with Windows pre-loaded (effectively impossible not to do apart from Apple), Microsoft makes money. Every single time. They do not have effective competition for this lockin market. Their business model has become a defacto tax per unit sold that we the customers bear. If they did not have this lockin we would have real choice. This is not something they likely want, as choice could work against them. Competition does that.

True. Open source alters some of the economics of the market. Changes the way some business models work. When you spend little time competing, you spend a great deal of time protecting your business model. When something threatens this business model, well, this is one of the many aspects of competition. One of our competitors likes giving stuff away for free (or far under cost) when they see they have competition. While the consumer may think this is a good thing, all this does is to drive real innovators out of the market via financial competition. So we adapt to the challenge. We encourage this competitor to give their stuff away for free, and we capture revenue atop it. You adapt, and overcome. Or you don’t survive. Just don’t get bent out of shape when your competition adapts to your tactics and strategies.

Exactly. Microsoft has driven out all competition via … tactics … that have landed it in hot water from time to time when investigated. Along comes a competitive product and business model. Adapt. Or not.

This is debatable at best. It is fairly clear that OSS reduces TCO significantly. It is also quite clear that tools like Linux do not suffer the same intensity of exploits as the Microsoft platforms. Anyone can count bug reports, security bulletins and draw incorrect conclusions from them. The important question is what exploits are burning their way through the field? Do the epidemiology. Linux is not perfect. Nor is MacOSX. Both are quite a bit more secure based upon the exploits we see running around in the wild.

I honestly believe this is the least of Microsoft’s worries.

Yup. OSS is changing the economics of the model. Its adaptation time. Ignoring that for the moment, the major issue I see is this.

I would phrase it differently. They attack the low hanging fruit. Hackers will exploit insecurities on any platform. They are platform agnostic. They don’t care what it is they compromise, they just want it p0wned. So if one platform is intrinsically easier to hack than another …

Its that last sentence that they need to worry about. Why no one has initiated a class action suit against them for insecure software is beyond me. How many $B (billions of dollars) have been spent in patching holes, chasing new ones, and acting in a reactive mode to compromises that their software allows? How many $B (billions of dollars) have been lost due to exposure of information, leaked or destroyed documents? How many $B (billions of dollars) of administrators time have been spent chasing this stuff and trying to put these djinni’s back in their respective bottles? I truly never understood why no CIO has asked their legal department to help recover the costs that they willingly pay out every year. Right now, some of the most vicious attacks on Linux systems come via Windows. It is apparently very easy to install key loggers on windows machines. Since Linux machines are much harder to crack, don’t crack them. Crack the windows machines that they attach to. Then grab the passwords as they are entered via ssh clients. Voila. No exploit against the Linux box. Crack the windows box and the world of supercomputing is your oyster. So now lots of Linux sites are adopting multifactor authentication and one time passwords. Annoying that it has to be done, but the gateways into the resources are effectively unguarded due to the ease of overrunning them. Could you imagine a large cluster of windows machines after compromising, now being effectively a supercomputing spam-bot? The mind boggles. The world wants better Windows->Linux interoperability. I am pretty sure this is not what they had in mind. Well, the 10-Q had no real information on CCS. I expected some.