Looking back about Data Centre location

Looking back about Data Centre location

I just came across some writing I did while working at Sun Microsystems; they/we were considering building a cloud platform in Europe and I was part of the team evaluating the potential location. (This would have been 2008/2009.

The key driver for locations was thought to be firstly the IT infrastructure i.e. networks and power, an EU compliant data protection regime, and political stability, with skills supply coming a 4th.

We argued for London or Amsterdam, which is quite funny 10 years later as London looks to leave the EU and there are growing doubts about its GDPR compliance.

I argued that Sun needed to avoid dis-intermediation and retain brand loyalty; this may have been impossible as part of a Cloud offering but it had the world’s leading software superstructure products at the time. I argued that IaaS was not enough to make it work for Sun and thus initiatives like Project Kenai (a predecessor to GitHub) were important indicators of what we should do, although the font in which I did it was quite small. I didn’t see that this was crucial, but when Sun announced its cancellation, I knew that this was part of the end and a decision taken by those that fetishised hardware. Interestingly Oracle reversed this decsion, and it staggered on for another eight years. It was one of a huge number of destructive decisions taken by a management who won by luck until it ran out.

Interesting to see where I was right and where I was wrong and just how much has changed in 10 years. …

HRMS, a distressed purchase?

I was provoked by this on Hackernoon, and wrote a little piece on HRMS systems. I have just come back from a Trade Union course on Employment Law and wonder whether the US based systems built for Silicon Valley behemoths are suitable for UK based SMEs. I reference the Gartner MQ which seems to have come on in the last two years; google it, you can get to see it from one of the companies in the top right quadrant but I like their functional breakdown.

I state that a “person” data model is key and finish with the following quote,

HR functions need to define their mission statement, somewhere between “stop the staff suing us”, and “delivering a self-actualising company”; only then can the needs of the software be defined and developed, bought or rented.

 …

Five steps to Compliance

As we entered the ground rush zone for the GDPR a number of organisations issued numbered guidance documents in preparation. I joined in and published a blog article on my linkedin blog called “Beyond Adequate Protection”. This had my five point list of tasks to be GDPR compliant. I summarise them here,

  1. Know and document your personal data catalogue and its lawful purpose
  2. Create an identity solution for your data subjects, so subject access requests can be fulfilled
  3. Build a record keeping solution
  4. Ensure that your incident management solutions are compliant
  5. Implement changes to the software development Life Cycle(SDLC) to include privacy impact assessments

The original article deals with these in a bit more detail but I finish by saying that it’s only this easy if your organisation already meets the need to provide adequate technical and organisational protection.

 …

Facebook & the European Union

Techcrunch reports that the European Parliament have called for an audit of Facebook’s systems in the light of reported data breaches. Will Facebook be added to the long list of US Tech companies successfully regulated by the EU albeit mainly over monopoly issues. (Google, Microsoft, Intel, Oracle). This is shared power, that the UK will lose should we leave the European Union. …

A bit of an old hat

I am tidying up my flat and recovered a copy of my 1988 paper developed for Oracle Expo Europe of that year, called Developments in the UK Case Market. It looked at SSADM vs Information Engineering and how and why to implement these methodologies. It’s not as dated in content as one might think, although the language is a bit old fashioned. Obviously if using post relational design and implementation techniques some of it is a bit old hat but not having a data model will be a cause of regret. …

e-voting using the blockchain

I have written a couple of things about e-voting, most comprehensively in an article entitled e-voting; I was in a hurry. I came across this twitter thread which reinforces the arguments I make, although he summarises the problems as secrecy and coercion. Matthew also takes a pop at the advocates of bitcoin though and that’s because its complex, not because its private and horrendously expensive.

There aren’t 833837 items in the thread, or at least I haven’t found that many, I make it about 14. Why not check it out? …

Eternal vigilance

I have been pointed at China’s Social Credit Scoring plans via two routes. The first is this extract published at Wired from Rachel Botsman’s book, “Who can we trust”. This details the Chinese Governments plan to build a social credit scoring scheme, but the sources and incentives are horrendously comprehensive, including their leading match making agency. (It’s taken me some time to read this article, an I have bookmarked and annotated it in my diigo feed.) Worrying things about the Chinese scheme is that voluntary participation becomes mandatory; while rewards and incentives are at the forefront of everyone’s mind today, control and punishment is planned, in the Chinese case in the short term they are talking about foreign and domestic travel restrictions but as I note, the countries leading dating agency is one of the surveillance agencies. There is also talk of social investment loans (helicopter money) which become available on the basis of social scores.

The second route was an article on Medium by someone who got banned from AirBnB. He pointed at an article on Buzzfeed, “A Chinese-Style Digital Dystopia Isn’t As Far Away As We Think” where a series of regulatory decisions in the USA seem to be paving the way to something similar, a powerful illustration that the argument that surveillance is OK if it’s private sector is horrendously false.

One worrying aspect of the proposed Chinese system is that your reputation is as good as that of your friends and we have idiots trying to replicate it with peeple, and reading up on that has started me worrying about Linkedin and its competitors and we all know we should get off facebook.

The wired article came before machine learning and massive scale AI became a hot topic, but it’ll be interesting to see what happens to social credit scores when they let rip with the application of machine learning. The automated derivation of reputation scores also raises issues of safeguarding, libel and context. Safeguarding and libel laws require the machines to tell the truth, in fact safeguarding may require machines to hide the truth. Context requires a level of nuance that we are unsure if machines will ever have, but even if they get there, justice and judges must remain human and the code must be open; China’s & Facebook’s is not!. The GDPR gives data subjects rights, perhaps its time to revisit the seven principles.

Of course in the UK, we have our very own examples of machines and data sharing getting it wrong. Sajid Javid, the Home Secretary has suspended the intra-government and some of the other immigration data sharing as a result of the backlash on the Windrush scandal. (I wonder if this I an excuse to look again at the DPA Immigration Exemption clauses.) Much of what is happening in China and the USA is also happening in the UK, it’s just that the surveillance agents are the US owned datenkraken and the British State have legalised the hacking of their data streams.

What’s happening in China is terrible, but our governments are following suit! The price of freedom is eternal vigilance. …