Month: September 2020

    Snowflake IPO

    On September 16, 2020, history was made on the New York Stock Exchange. A software company named Snowflake (ticker: SNOW) made its IPO as the largest publicly traded software company, ever. As one of the most hotly anticipated listing in 2020, Snowflake began publicly trading at $120 per share and almost immediately jumped to $300 per share within a matter of minutes. With the never before seen hike in price, Snowflake also became the largest company to ever double in value on its first day of trading, ending with a value of almost $75 billion. 

    What is Snowflake?

    So, what exactly does Snowflake do? What is it that makes a billionaire investors like Warren Buffet and Marc Benioff jump all over a newly traded software company? It must be something special right? With all the speculation surrounding the IPO, it’s worth explaining what the company does. A simple explanation would be that Snowflake helps companies store their data in the cloud, rather than in on-site facilities. Traditionally, a company’s data is been stored on-premises on physical servers managed by that company. Tech giants like Oracle and IBM have led the industry for decades. Well, Snowflake is profoundly different. Instead of helping company’s store their data on-premises, Snowflake facilitates the warehousing of data in the cloud. But that’s not all. Snowflake has the capabilities of making the data queryable, meaning it simplifies the process for businesses looking to pull insights from the stored data. This is what sets Snowflake apart from the other data hoarding behemoths of the IT world. Snowflake discovered the secret to separating data storage from the act of computing the data. The best part is that they’ve done this before any of the other big players like Google, Amazon, or Microsoft. Snowflake is here to stay. 

    Snowflake’s Leadership

    Different than Silicon Valley’s tech unicorns of the past, Snowflake was started in 2012 by three data base engineers. Backed by venture capitalists and one VC firm that wishes to remain anonymous, Snowflake is currently led by software veteran, Frank Slootman. Before taking the reigns at Snowflake, Slootman had great success leading Data Domain and Service Now. He grew Data Domain from just a twenty-employee startup venture to over $1 billion in sales and a $2.4 billion acquisition sale to EMC. I think it’s safe to say that Snowflake is in the right hands, especially if it has any hopes of maturing into its valuation.

    Snowflake’s Product Offering

    We all know that Snowflake isn’t the only managed data warehouse in the industry. Both Amazon Web Service’s (AWS) Redshift and Google Cloud Platform’s (GCP) BigQuery are very common alternatives. So there had to be something that set Snowflake apart from the competition. It’s a combination of flexibility, service, and user interface. With a database like Snowflake, two pieces of infrastructure are driving the revenue model: storage and computing. Snowflake takes the responsibility of storing the data as well as ensuring the data queries run fast and smooth. The idea of splitting storage and computing in a data warehouse was unusual when Snowflake launched in 2012. Currently, there are query engines like Presto that solely exist just to run queries with no storage included. Snowflake offers the advantages of splitting storage and queries: stored data is located remotely on the cloud, saving local resources for the load of computing data. Moving storage to the cloud delivers lower cost, has higher availability, and provides greater scalability.  

     

    Multiple Vendor Options

    A majority of companies have adopted a multi-cloud as they prefer not to be tied down to a single cloud provider.  There’s a natural hesitancy to choose options like BigQuery that are subject to a single cloud like Google. Snowflake offers a different type of flexibility, operating on AWS, Azure, or GCP, satisfying the multi-cloud wishes of CIOs. With tech giants battling for domination of the cloud, Snowflake is in a sense the Switzerland of data warehousing. 

    Learn more about a multi-cloud approach

    Top of Form

    Bottom of Form

     

    Snowflake as a Service

    When considering building a data warehouse, you need to take into account the management of the infrastructure itself. Even when farming out servers to a cloud provider, decisions like the right size storage, scaling to growth, and networking hardware come into play. Snowflake is a fully managed service. This means that users don’t need to worry about building any infrastructure at all. Just put your data into the system and query it. Simple as that. 

    While fully managed services sound great, it comes at a cost. Snowflake users need to be deliberate about storing and querying their data as fully managed services are pricey. If deciding whether to build or buy your data warehouse, it would be wise to compare Snowflake ownership’s total cost to building something themselves.

     

    Snowflake’s User Interface and SQL Functionality

    Snowflake’s UI for querying and exploring tables is as easy on the eyes as it to use. Their SQL functionality is also a strong touching point. (Structured Query Language) is the programming language that developers and data scientists use to query their databases. Each database has slightly different details, wording, and structure. Snowflake’s SQL seems to have collected the best from all of the database languages and added other useful functions. 

     

    A Battle Among Tech Giants

    As the proverb goes, competition creates reason for caution. Snowflake is rubbing shoulders with some of the world’s largest companies, including Amazon, Google, and Microsoft. While Snowflake has benefited from an innovative market advantage, the Big Three are catching up quickly by creating comparable platforms.

    However, Snowflake is dependent on these competitors for data storage. They’ve only has managed to thrive by acting as “Switzerland”, so customers don’t have to use just one cloud provider. As more competition enters the “multicloud” service industry, nonalignment can be an advantage, but not always be possible. Snowflake’s market share is vulnerable as there are no clear barriers to entry for the industry giants, given their technical talent and size. 

    Snowflake is just an infant in the public eye and we will see if it sinks or swims over the next year or so. But with brilliant leadership, a promising market, and an extraordinary track record, Snowflake may be much more than a one hit wonder. Snowflake may be a once in a lifetime business.

    HPE vs Dell: The Battle of the Servers

    When looking at purchasing new servers for your organization, it can be a real dilemma deciding which to choose. With so many different brands offering so many different features, the current server industry may seem a bit saturated to some. Well this article does the hard work for you. We’ve narrowed down the list of server manufacturers to two key players: Dell and Hewlett Packard Enterprises (HPE). WE will help you with your next purchase decision by comparing qualities and features of each, such as: customer support, dependability, overall features, and cost. These are some of the major items to consider when investing in a new server. So, let’s begin.

    Customer Support – Dell

    The most beneficial thing regarding Dell customer support is that the company doesn’t require a paid support program to download any updates or firmware. Dell Prosupport is considered in the IT world as one of the more consistently reliable support programs in the industry. That being said, rumors have been circulating that Dell will soon be requiring a support contract for downloads in the future. 

    You can find out more about Dell Prosupport here.

    Customer Support – HPE

    Unlike Dell, HPE currently requires businesses to have a support contract to download any new firmware or updates. It can be tough to find support drivers and firmware through HP’s platform even if you do have a contract in place. HPE’s website is a bit challenging to use in regard to finding information on support in general. On a brighter note, the support documentation provided is extremely thorough, and those with know-how can find manuals for essentially any thing you need. Though, by creating an online account through HPE‘s website one can gain access to HPE‘s 24/7 support, manage future orders, and the ability to utilize the HPE Operational Support Services experience. 

    Customer Support Winner: Dell

    Dependability – Dell

    I’ll be the first to say that I’m not surprised whenever I hear about Dell servers running for years on end without any issues. Dell has always been very consistent as far as constantly improving their servers. Dell is the Toyota of the server world.

    Dependability – HPE

    Despite the reliability claims made for HPE’s superdome, apollo, and newer Proliant line of servers, HPE is known to have faults within the servers. In fact, a survey done mid-2017, HP Proliant’s had about 2.5x as much downtime as dell Poweredge servers. However, HPE does do a remarkable job with prognostic alerts for parts that are deemed to fail, giving businesses a n opportunity to repair or replace parts before they experience a down time.

    Dependability Winner: Dell

    Out of Band Management Systems

    In regard to Out of Band Management systems, HPE’s system is known as Integrated Lights-Out (iLO), and Dell’s system is known as Integrated Dell Remote Access Controller (iDRAC). In the past there were some major differences between the two, but currently the IPMI implementations don’t differ enough to be a big determining factor. Both systems now provide similar features, such as HTML5 support. However, here are a few differences they do have.

    Out of Band Management Systems – Dell

    Dell’s iDRAC has progressed quite a bit in recent years. After iDRAC 7, java is no longer needed, yet the Graphic User Interface is not quite as nice as the one. iDRAC uses a physical license, which can be purchased on the secondary market and avoid being locked in again with the OEM after end of life. Updates are generally a bit longer with iDrac.

    Out of Band Management Systems – HPE

    HPE’s ILO advanced console requires a license, buy the standard console is included. Using the advanced console can ultimately lock you in with the OEM if your servers go to end of life. Unfortunately, they can’t be purchased on the secondary market. Although, it’s been noted that you only have to purchase one product key because the advanced key can be reused on multiple servers, this is against HPE’s terms of service. Generally, the GUI with ILO advanced appears more natural and the platform seems quicker.

    Out of Band Management Systems Winner: HPE

    Cost of Initial Investment- Dell

    Price flexibility is almost nonexistent when negotiating with Dell, however with bigger, repeat customers Dell has been known to ease into more of a deal. In the past Dell was seen as being the more affordable option, but the initial cost of investment is nearly identical now. With Dell typically being less expensive, it tends to be the preference of enterprise professionals attempting to keep their costs low to increase revenue. Simply put, Dell is cheaper because it is so widely used, and everyone uses it because it’s more cost effective.

    Cost of Initial Investment- HPE

    HPE is generally more open to price negotiation, even though opening quotes are similar to Dell. Just like everything in business, your relationship with the vendor will be a much greater factor in determining price. Those that order in large quantities, more frequently, will usually have the upper hand in negotiations. That being said, HPE servers tend to be a little more expensive on average. When cost is not a factor, HPE leans to be the choice where long-term performance is the more important objective. HPE servers are supported globally through a number of channels. Due to the abundance of used HPE equipment in the market, replacement parts are fairly easy to come by. HPE also offer a more thorough documentation system, containing manuals for every little-known part HPE has ever made. HPE is enterprise class, whereas Dell is business class.

    Cost of Initial Investment Winner: Tie

    The Decisive Recap

    When it really comes down to it, HPE and Dell are both very similar companies with comparable features. When assessing HPE vs Dell servers, there is no winner. There isn’t a major distinction between the companies as far as manufacturing quality, cost, or dependability. Those are factors that should be weighed on a case by case basis.

    If you’re planning on replacing your existing hardware, sell your old equipment o us! We’d love to help you sell your used servers.

    You can start by sending us a list of equipment you want sell. Not only do we buy used IT Equipment, we also offer the following services:

    Apple’s Bug Bounty Program : Hacker’s Getting Paid

    How does one of the largest and most innovative companies in history prevent cyber attacks and data hacks? They hire hackers to hack them. That’s right, Apple pays up to $1 million to friendly hackers who can find and report vulnerabilities within their operating systems. Recently, Apple announced that it will open its Bug Bounty program to anyone to report bugs, not just hackers who have previously signed up and been approved. 

     

    Apple’s head of security engineering Ivan Krstic says is that this is a major win not only for iOS hackers and jailbreakers, but also for users—and ultimately even for Apple. The new bug bounties directly compete with the secondary market for iOS flaws, which has been booming in the last few years. 

     

    In 2015, liability broker Zerodium revealed that will pay $1 million for a chain of bugs that allowed hackers to break into the iPhone remotely. Ever since, the cost of bug bounties has soared. Zerodium’s highest payout is now $2 million, and Crowdfense offering up to $3 million.

    So how do you become a bug bounty for Apple? We’ll break it down for you.

     

    What is the Apple Security Bounty?

    As part of Apple’s devotion to information security, the company is willing to compensate researchers who discover and share critical issues and the methods they used to find them. Apple make it a priority to fix these issues in order to best protect their customers against a similar attack. Apple offers public recognition for those who submit valid reports and will match donations of the bounty payment to qualifying charities.

    See the Apple Security Bounty Terms and Conditions Here

    Who is Eligible to be a Bug Bounty?

     

    In order to qualify to be an Apple Bug Bounty, the vulnerability you discover must appear on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration. The eligibility rules are intended to protect customers until an update is readily available. This also ensures that Apple can confirm reports and create necessary updates, and properly reward those doing original research. 

    Apple Bug Bounties requirements:

    • Be the first party to report the issue to Apple Product Security.
    • Provide a clear report, which includes a working exploit. 
    • Not disclose the issue publicly before Apple releases the security advisory for the report. 

    Issues that are unknown to Apple and are unique to designated developer betas and public betas, can earn a 50% bonus payment. 

    Qualifying issues include:

    • Security issues introduced in certain designated developer beta or public beta releases, as noted in their release notes. Not all developer or public betas are eligible for this additional bonus.
    • Regressions of previously resolved issues, including those with published advisories, that have been reintroduced in certain designated developer beta or public beta release, as noted in their release notes.

    How Does the Bounty Program Payout?

     

    The amount paid for each bounty is decided by the level of access attained by the reported issue. For reference, a maximum payout amount is set for each category. The exact payment amounts are determined after Apple reviews the submission. 

    Here is a complete list of example payouts for Apple’s Bounty Program

    The purpose of the Apple Bug Bounty Program is to protect consumers through understanding both data exposures and the way they were utilized. In order to receive confirmation and payment from the program, a full detailed report must be submitted to Apple’s Security Team.  

     

    According to the tech giant, a complete report includes:

    • A detailed description of the issues being reported.
    • Any prerequisites and steps to get the system to an impacted state.
    • A reasonably reliable exploit for the issue being reported.
    • Enough information for Apple to be able to reasonably reproduce the issue. 

     

    Keep in mind that Apple is particularly interested in issues that:

    • Affect multiple platforms.
    • Impact the latest publicly available hardware and software.
    • Are unique to newly added features or code in designated developer betas or public betas.
    • Impact sensitive components.

    Learn more about reporting bugs to Apple here

    LTO Consortium – Roadmap to the Future

    LTO – From Past to Present 

    Linear Tape-Open or more commonly referred to as LTO, is a magnetic tape data storage solution first created in the late 1990s as an open standards substitute to the proprietary magnetic tape formats that were available at the time.  It didn’t take long for LTO tape to rule the super tape market and become the best-selling super tape format year after year. LTO is usually used with small and large computer systems, mainly for backup. The standard form-factor of LTO technology goes by the name Ultrium. The original version of LTO Ultrium was announced at the turn of the century and is capable of storing up to 100 GB of data in a cartridge. Miniscule in today’s standards, this was unheard of at the time. The most recent generation of LTO Ultrium is the eighth generation which was released in 2017. LTO 8 has storage capabilities of up 12 TB (30 TB at 2.5:1 compression rate).

    The LTO Consortium is a group of companies that directs development and manages licensing and certification of the LTO media and mechanism manufacturers. The consortium consists of Hewlett Packard Enterprise, IBM, and Quantum. Although there are multiple vendors and tape manufacturers, they all must adhere to the standards defined by the LTO consortium.  

    Need a way to sell older LTO tapes?

    LTO Consortium – Roadmap to the Future

    The LTO consortium disclosed a future strategy to further develop the tape technology out to a 12th generation of LTO. This happened almost immediately after the release of the recent LTO-8 specifications and the LTO8 drives from IBM. Presumably sometime in the 2020s, when LTO-12 is readily available, a single tape cartridge should have capabilities of storing approximately half a petabyte of data.

    According to the LTO roadmap, the blueprint calls for doubling the capacity of cartridges with every ensuing generation. This is the same model the group has followed since it distributed the first LTO-1 drives in 2000. However, the compression rate of 2.5:1 is not likely to change in the near future. In fact, the compression rate hasn’t increased since LTO-6 in 2013.

    Learn how you can pre-purchase the latest LTO9 tapes 

    The Principles of How LTO Tape Works

    LTO tape is made up of servo bands which act like guard rails for the read/write head. The bands provide compatibility and adjustment between different tape drives. The read/write head positions between two servo bands that surround the data band. 

    The read-write head writes multiple data tracks at once in a single, end-to-end pass called a wrap. At the end of the tape, the process continues as reverse pass and the head shifts to access the next wrap. This process is done from the edge to the center, known as linear serpentine recording.

    More recent LTO generations have an auto speed mechanism built-in, unlike older LTO tape generations that suffered the stop-and-go of the drive upon the flow of data changes. The built-in auto speed mechanism lowers the streaming speed if the data flow, allowing the drive to continue writing at a constant speed. To ensure that the data just written on the tape is identical to what it should be, a verify-after-write process is used, using a read head that the tape passes after a write head.

    But what about data security? To reach an exceptional level of data security, LTO has several mechanisms in place. 

    Due to several data reliability features including error-correcting code (ECC), LTO tape has an extremely low bit-error-rate that is lower than that of hard disks. With both LTO7 and LTO8 generations, the data reliability has a bit error rate (BER) of 1 x 10-19.  This signifies that the drive and media will have one single bit error in approximately 10 exabytes (EB) of data being stored. In other words, more than 800,000 LTO-8 tapes can be written without error. Even more so, LTO tape allows for an air gap between tapes and the network. Having this physical gap between storage and any malware and attacks provides an unparalleled level of security.

     

    Learn more about air-gap data security here

    The Role of Cryptocurrencies in the Age of Ransomware

    Now more than ever, there has become an obvious connection between the rising ransomware era and the cryptocurrency boom. Believe it or not, cryptocurrency and ransomware have an extensive history with one another. They are so closely linked, that many have attributed the rise of cryptocurrency with a corresponding rise in ransomware attacks across the globe. There is no debating the fact that ransomware attacks are escalating at an alarming rate, but there is no solid evidence showing a direct correlation to cryptocurrency. Even though the majority of ransoms are paid in crypto, the transparency of the currency’s block chain makes it a terrible place to keep stolen money.

    The link between cryptocurrency and ransomware attacks

    There are two keyways that ransomware attacks rely on the cryptocurrency market. First, the majority of the ransoms paid during these attacks are usually in cryptocurrency. A perfect example is with the largest ransomware attack in history, the WannaCry ransomware attacks. Attackers demanded their victims to pay nearly $300 of Bitcoin (BTC) to release their captive data..

    A second way that cryptocurrencies and ransomware attacks are linked is through what is called “ransomware as a service”. Plenty of cyber criminals offer “ransomware as a service,” essentially letting anyone hire a hacker via online marketplaces. How do you think they want payment for their services? Cryptocurrency.

    Read more about the WannaCry ransomware attacks here

    Show Me the Money

    From an outsider’s perspective, it seems clear why hackers would require ransom payments in cryptocurrency. The cryptocurrency’s blockchain is based on privacy and encryption, offering the best alternative to hide stolen money. Well, think again. There is actually a different reason why ransomware attacks make use of cryptocurrencies. The efficiency of cryptocurrency block chain networks, rather than its concealment, is what really draws the cyber criminals in.

    The value of cryptocurrency during a cyber-attack is really the transparency of crypto exchanges. A ransomware attacker can keep an eye on the public blockchain to see if his victims have paid their ransom and can automate the procedures needed to give their victim the stolen data back. 

    On the other hand, the cryptocurrency market is possibly the worst place to keep the stolen funds. The transparent quality of the cryptocurrency blockchain means that the world can closely monitor the transactions of ransom money. This makes it tricky to switch the stolen funds into an alternative currency, where they can be tracked by law enforcement.

    Read about the recent CSU college system ransomware attack here

    Law and Order

    Now just because the paid ransom for stolen data can be tracked in the blockchain doesn’t automatically mean that the hackers who committed the crime can be caught too. Due to the anonymity of cryptocurrency it is nearly impossible for law enforcement agencies to find the true identity of cybercriminals, However, there are always exceptions to the rule. 

    Blockchain allows a transaction to be traced relating to a given bitcoin address, all the way back to its original transaction. This permits law enforcement access to the financial records required to trace the ransom payment, in a way that would never be possible with cash transactions.

    Due to several recent and prominent ransomware attacks, authorities have called for the cryptocurrency market to be watched more closely. In order to do so, supervision will need to be executed in a very careful manner, not to deter from the attractiveness of anonymity of the currency. 

    Protect Yourself Anyway You Can

    The shortage of legislative control of the cryptocurrency market, mixed with the quick rise in ransomware attacks, indicates that individuals need to take it upon themselves to protect their data. Some organizations have taken extraordinary approaches such as hoarding Bitcoin in case they need to pay a ransom as part of a future attack. 

    For the common man, protecting against ransomware attacks means covering your bases. You should double check that all of your cyber security software is up to date, subscribe to a secure cloud storage provider and backup your data regularly. Companies of all sizes should implement the 3-2-1 data backup strategy in the case of a ransomware attack. The 3-2-1 backup plan states that one should have at least three different copies of data, stored on at least 2 different types of media, with at least one copy offsite. It helps to also have a separate copy of your data stored via the air-gap method, preventing it from ever being stolen.

    Learn More About Getting Your 3-2-1 Backup Plan in Place

    Scroll to top