Denise Dubie quotes a Gartner VP webinar in her story “Technologies that won’t be ignored”. I found some analysis did not settle well.

“We cannot consolidate desktops. PCs by definition have a one-to-one ratio,” Paquet explained. “The return on investment model is fundamentally different even though the technology is fundamentally the same and therefore will not have nearly as high the potential ROI.”

I see what he is trying to say. Every user must have a PC — sit at the keyboard and look at the screen — so there is no way to share or consolidate…wait a minute. Of course you can consolidate the PC. The system board and all its fixings can be one-to-many.

That would be old-school, in fact, and has many popular applications. It would be just like servers where IT takes a plethora of hardware and consolidates. They do not remove ALL hardware, of course, just reduce. Reducing PC technology through consolidation makes sense but Gartner says it is not possible.

Why can’t we consolidate desktops? My guess is that this might end up an argument of definition where each time I point out how PCs can and do serve in a one-to-many model Gartner might just relabel this a server model.

Another odd bit. They give facts without attribution or citation in the webinar found here. One good example:

Did You Know? Percent Power Used: Typical x86 Server 65% Doing Nothing

Who says this? Their interpretation of a “nothing” could actually include running antivirus scans or a patch management. Background processes are too easily overlooked and underestimated. Turn this around and IT could easily miscalculate performance requirements — be surprised by big charges for “nothing” services in a pay-as-you-go model. CFOs will get cranky very quickly when they are forced to pay a premium for “nothing” loads not included in the 35% estimate by Gartner.

One more example quote without attribution or citation:

Did You Know? At current pricing the operating expense (energy) to support an x86 server will exceed the cost of that server….within 3 years!

Sounds like energy prices are rising. Or do they mean to say server prices are falling? Or is the point that energy consumption of servers is increasing while price of energy and equipment is constant? No data and no citation in the slide; form your own conclusions. I say 2011 is woefully late for noticing and working on energy costs of servers, but better late than never.

Finally, to the point of this post’s title, Gartner lists Cloud at the very bottom of their trends to watch, number 10. They say resource constriction (sizing down after load) is still a problem being figured out. This takes me back to the earlier “doing nothing” slide. If there is a problem figuring out when and how a server is “doing nothing” then why would we believe the earlier 65% statistic that tells us cloud/consolidation makes sense?

I enjoyed reading a recent article in the Sydney Morning Herald called New victim in India-Pakistan ‘cyberwar’.

The title does not really fit the body of the text. Here is a complete smack-down of the threat of cyberwar, for example:

“They hack through any number of sites every year. It’s just a bunch of kids who have got nothing better to do,” said Sahni, the executive director of the Institute for Conflict Management in New Delhi.

“The more serious threat is not this kind of childish prank but Pakistan’s use of net-based communication for actual terrorist operations,” he told AFP.

There is no juicy anecdote or data given at this point, just a reference to an old incident with India’s Oil and Natural Gas website. Actual terrorist operations sound serious but evidence of any such threat is missing.This is important to keep in mind when the article next turns to a self-described “evangelist” that dismisses the threat entirely:

Indians place little or no value on the kind of data individuals and organisations in many countries prefer to keep confidential, like passport and bank account details or work contracts, he said.

“Privacy is a concept not rooted in India culture. I don’t think we can change that and I don’t think it’s going to change in my lifetime,” said Mukhi.

“The government doesn’t care” about protecting information online, he said. “Corporates for some reason just don’t want to spend the money. They don’t think it happens often…. Web security is a low priority.

Thus the story boils down to a group in Pakistan issuing threats and warning how intent they are on starting a cyberwar with India by defacing websites, while India does not seem to put a high value on protecting their sites from defacement. It comes across like a fairy-tale wolf saying “I’ll huff and I’ll puff” as the pigs say “nothing like a good breeze to stay cool”.

I think it safe to say these results from Austin Texas’ new red light traffic cameras are not what anyone expected:

At seven of those intersections, the number of accidents has dropped. But at two intersections, authorities have actually seen a significant increase in crashes.

The intersection of MLK and I-35 has seen a 33 percent jump in the last year. The intersection of 15th Street and I-35 has had a 64 percent increase in crashes in nearly two years.

It does not give details on the kind of crashes.

Then again, maybe someone saw this coming. A 2005 report in Virginia says a risk trade-off comes into consideration because cameras cause new types of accidents.

Further the data show that the cameras are correlated with…an increase in total injury crashes. More time is needed to determine whether the severity of the eliminated red light running crashes was greater than that of the induced rear-end crashes.

That being said, the cameras are not the only control factor. Some might say they are for detection as much or more than prevention. A 2004 Texas study argued that increasing the yellow-light interval by a second is what will reduce overall crash numbers.

Austin, Texas local news reports the police department has named Heartland in a payment card breach at Tino’s Greek Cafe.

“Through our investigation and through the investigation of the credit card companies, we’ve determined the compromise was not at the restaurant itself. It was somewhere in the network,” APD Sgt. Matthew Greer said. APD said a computer hack at Heartland Payment Systems, where the payments were processed, is a possible source of the problem.

Possible source. Not very encouraging. This has left the door open for Heartland to register disbelief and uncertainty.

“Recent reports of data theft at one Austin-area merchant clearly point to a localized intrusion initiated within the stores, either in their point-of-sale system or as a result of other fraud,” Heartland Payment Systems said in a statement.

So this time (or should I say so far) Heartland has not pointed the finger at auditors and QSAs or other payment card processing companies for leaving them in the dark. Quick flashback: Heartland’s CEO last year gave an odd reason for being breached.

The false [PCI DSS] reports we got for 6 years, we have no recourse. No grounds for litigation. That was a stunning thing to learn. In fairness to QSAs, their job is very difficult, but up until this point, we certainly didn’t understand the limitations of PCI and the entire assessment process.

PCI compliance never meant an entity could not be breached. A CEO can say he was misled, or misinformed, but it is not the responsibility of the QSA for that CEO to know the rules.

The Heartland CEO is saying the equivalent of a citizen should rely on a police officer to know the driving laws and if they crash they should be able to litigate against their driving test examiner. That is not how compliance works.

Complicating Heartland’s position is another recent Austin retail payment card breach, which also used them as a processor. Their image in the public eye is not exactly one of security so they should have to prove that a “localized” incident actually removes them from the fix.

As it happens the fix reported in the news makes Heartland appear involved more, not less. The police say the breach came from a weak link between the point-of-sale and the processor. The fix is to stop sending Heartland payment information over the Internet — processing is done over plain old telephone service (POTS) again. An architecture change such as this is usually not due to a localized flaw. Other retailers who connect to Heartland over the Internet might be asking themselves if they should dust off their modems.

One might think that Heartland’s recent efforts with end-to-end encryption would play directly into this issue and they would step up and wave their giant hand over the tiny merchant to make the problem go away. Instead they take a tough negotiation stance that angers the merchant.

Heartland issued a statement denying any involvement in the Tino’s breach, saying the problems, “clearly point to a localized intrusion initiated within the stores, either in their point-of-sale system or as a result of other fraud…the company is unaware of any broader issue.”

“I think that’s very irresponsible of them to issue a statement like that,” said [Tino’s restaurant co-owner] Nouri.

It might not be a broader issue, just a misconfiguration or flaw in communications security, but that still implicates Heartland. They do seem responsible.

When they use words like “unaware” it reminds me of when I presented in November 2005 at the Retail Security Forum in Chicago, Illinois a model for end-to-end encryption that would solve the problem described above. It was called “Manage Identities and Keys for the Retail Risk Model”. In fact, it described exactly a solution for what Heartland’s CEO started to discuss publically three years later (after the Hannaford Brothers breach) and their CIO started talking about four years later.

True end-to-end encryption to us, and what we’re putting forward as the standard, [starts] from the time the digits leave the magstripe on the consumer’s card, and is turned from analogue data into digital data, [and continues] all the way through the terminal, through the wires, through our host processing network until we securely deliver it to the brands. That’s end-to-end encryption.

They do seem aware of the broader issue. Whether or not this breach turns out to be on the point of sale or the network, I hope the APD will be able to push Heartland towards more awareness and accountability and get them to drop the “unaware” defensive line.