# Looking for needles in haystacks, and other quixotic pasttimes

I have been wanting to get CCS adoption data. It helps us understand whether this is a viable target for software development, and whether or not we want to invest limited resources in it. We had been asked previously by Microsoft to “benchmark” applications, though they seem to have missed our point about porting the applications to run fast natively before we benchmark.

Regardless, we want to see if others have been adopting the platform. There is very little data on this. None really. One would expect that if CCS were flying off shelves that we would see massive press putsches going on. Should we read into the silence? I dunno.
Before I launch into this, I want to stress that I am a happy user of several Microsoft products (Excel, Powerpoint). If they were available for Linux, I would be happy. Yes, I have used Crossover office. I bear Microsoft no ill-will. I simply have a hefty dose of skepticism about motives and their business case for this market.
One place to look for a public company, is in its quarterly 10-q filing. Microsoft’s is here. Looking through this, I am trying to grab this information. Please note that I (personally) may be a Microsoft stockholder via funds that we own.
Unfortunately, there is very little data on CCS in there. There is quite a bit of data on their major product lines, the ones generating substantial fractions of billions of dollars (e.g. 10^9 USD) per quarter. I would have a hard time believing that CCS would be able to generate $1B/quarter. I would be surprised if it generated$1M/quarter. This $1M/quarter revenue would be about 2151 node licenses (at$465 per node). Or in terms of 16 node clusters, this would be about 134 such clusters adding $7440 to the cost of the cluster purchase before antivirus/antispam, or 538 personal clusters (4 nodes) adding$1860 to the cost of the cluster purchase before antivirus/antispam.
To hit $1B in sales for this product, they would need 21.5M nodes. I will leave that to the gentle reader to calculate how many 16 and 4 node clusters that would translate into. Needless to say, it is … unlikely … that CCS will be a$1B revenue size any time soon. As indicated, I would have difficulty believing $1M revenue (3 orders of magnitude lower). The latter number is at the upper edge of possible, assuming that winds blow in their direction. Hard. Which begs the question. Precisely why are they in this market, when there are much larger markets demanding their attention? Bear with me a minute. Take the ballpark size of the cluster market. Lets call it 6B$. Assume for the moment that each compute node costs around $5k (about correct, within a factor of 2 in most cases), and of the cluster market, about 1/2 the revenue goes to compute nodes, the rest goes to other things (infrastructure, storage, fabrics, …) . The market per year for systems in that cluster space is about 600k. Growing at 20+% per year, but call it 600k per year. This means, that, if Microsoft could suddenly convince all of us to drop Linux and switch, they would be looking at about$280M/year.
But what if only 10% switch.
$28M/year. Or 1%?$2.8M/year.
You see why we are so interested? We want to know whether this is a $2.8M market, or a$280M market.
Of course, it could be a 0.1% (19 clusters per year of about 32 nodes in size) in which case it is a $280k market to Microsoft. Again, could someone explain to me in simple terms precisely what the business value to Microsoft is in terms of pursuing such a relatively small market (compared to their other divisions)? I could believe somewhere in the 0.1% – 1% region at the end of this year for CCS. Without hard data, it will be pretty hard to do more than guess. These needles don’t want to be found, or the people who own them want them to not be found. Maybe someone could ask this question at the next stockholder meeting. That said, the 10-Q had some interesting data. Challenges to our business model may reduce our revenues and operating margins. Our business model has been based upon customers paying a fee to license software that we developed and distributed. Under this license-based software model, software developers bear the costs of converting original ideas into software products through investments in research and development, offsetting these costs with the revenue received from the distribution of their products. That is known. Microsoft develops software and charges per license/installation. Every time you buy a machine with Windows pre-loaded (effectively impossible not to do apart from Apple), Microsoft makes money. Every single time. They do not have effective competition for this lockin market. Their business model has become a defacto tax per unit sold that we the customers bear. If they did not have this lockin we would have real choice. This is not something they likely want, as choice could work against them. Competition does that. In recent years, certain ???open source??? software business models have evolved into a growing challenge to our license-based software model. Open source commonly refers to software whose source code is subject to a license allowing it to be modified, combined with other software and redistributed, subject to restrictions set forth in the license. True. Open source alters some of the economics of the market. Changes the way some business models work. When you spend little time competing, you spend a great deal of time protecting your business model. When something threatens this business model, well, this is one of the many aspects of competition. One of our competitors likes giving stuff away for free (or far under cost) when they see they have competition. While the consumer may think this is a good thing, all this does is to drive real innovators out of the market via financial competition. So we adapt to the challenge. We encourage this competitor to give their stuff away for free, and we capture revenue atop it. You adapt, and overcome. Or you don’t survive. Just don’t get bent out of shape when your competition adapts to your tactics and strategies. A number of commercial firms compete with us using an open source business model by modifying and then distributing open source software to end users at nominal cost and earning revenue on complementary services and products. These firms do not have to bear the full costs of research and development for the software. A prominent example of open source software is the Linux operating system. Exactly. Microsoft has driven out all competition via … tactics … that have landed it in hot water from time to time when investigated. Along comes a competitive product and business model. Adapt. Or not. Although we believe our products provide customers with significant advantages in security and productivity, and generally have a lower total cost of ownership than open source software, This is debatable at best. It is fairly clear that OSS reduces TCO significantly. It is also quite clear that tools like Linux do not suffer the same intensity of exploits as the Microsoft platforms. Anyone can count bug reports, security bulletins and draw incorrect conclusions from them. The important question is what exploits are burning their way through the field? Do the epidemiology. Linux is not perfect. Nor is MacOSX. Both are quite a bit more secure based upon the exploits we see running around in the wild. the popularization of the open source software model continues to pose a significant challenge to our business model, including continuing efforts by proponents of open source software to convince governments worldwide to mandate the use of open source software in their purchase and deployment of software products. I honestly believe this is the least of Microsoft’s worries. To the extent open source software gains increasing market acceptance, sales of our products may decline, we may have to reduce the prices we charge for our products, and revenue and operating margins may consequently decline. Yup. OSS is changing the economics of the model. Its adaptation time. Ignoring that for the moment, the major issue I see is this. Security vulnerabilities in our products could lead to reduced revenues or to liability claims. Maintaining the security of computers and computer networks is a critical issue for us and our customers. Hackers develop and deploy viruses, worms, and other malicious software programs that attack our products. Although this is an industry-wide problem that affects computers across all platforms, it affects our products in particular because hackers tend to focus their efforts on the most popular operating systems and programs and we expect them to continue to do so. I would phrase it differently. They attack the low hanging fruit. Hackers will exploit insecurities on any platform. They are platform agnostic. They don’t care what it is they compromise, they just want it p0wned. So if one platform is intrinsically easier to hack than another … Despite these efforts, actual or perceived security vulnerabilities in our products could lead some customers to seek to return products, to reduce or delay future purchases, or to use competing products. Customers may also increase their expenditures on protecting their existing computer systems from attack, which could delay adoption of new technologies. Any of these actions by customers could adversely affect our revenue. In addition, actual or perceived vulnerabilities may lead to claims against us. Although our license agreements typically contain provisions that eliminate or limit our exposure to such liability, there is no assurance these provisions will be held effective under applicable laws and judicial decisions. Its that last sentence that they need to worry about. Why no one has initiated a class action suit against them for insecure software is beyond me. How many$B (billions of dollars) have been spent in patching holes, chasing new ones, and acting in a reactive mode to compromises that their software allows? How many $B (billions of dollars) have been lost due to exposure of information, leaked or destroyed documents? How many$B (billions of dollars) of administrators time have been spent chasing this stuff and trying to put these djinni’s back in their respective bottles?
I truly never understood why no CIO has asked their legal department to help recover the costs that they willingly pay out every year.
Right now, some of the most vicious attacks on Linux systems come via Windows. It is apparently very easy to install key loggers on windows machines. Since Linux machines are much harder to crack, don’t crack them. Crack the windows machines that they attach to. Then grab the passwords as they are entered via ssh clients. Voila. No exploit against the Linux box. Crack the windows box and the world of supercomputing is your oyster.
So now lots of Linux sites are adopting multifactor authentication and one time passwords. Annoying that it has to be done, but the gateways into the resources are effectively unguarded due to the ease of overrunning them.
Could you imagine a large cluster of windows machines after compromising, now being effectively a supercomputing spam-bot? The mind boggles.
The world wants better Windows->Linux interoperability. I am pretty sure this is not what they had in mind.
Well, the 10-Q had no real information on CCS. I expected some.