As promised, we recorded all of the day’s presentations and we’ve published them on TechNet:

Keynote Address by Scott Charney, Corporate VP, Microsoft Trustworthy Computing

Threat Modeling at EMC and Microsoft by Danny Dhillon of EMC and Adam Shostack of the Microsoft SDL team (of course)

Mitigations Unplugged by Matt Miller, Microsoft Security Science team

Concurrency Attacks on Web Applications by Scott Stender and Alex Vidergar of iSEC Partners

Fuzzed Enough? When it’s OK to Put the Shears Down by Jason Shirk, Dave Weinstein and Lars Opstad, Microsoft Security Science team

Real World Code Review – Using the Right Tools in the Right Place at the Right Time by Vinnie Liu of Stach & Liu

In addition to the presentations, we also recorded some short interviews (about 10 minutes long) with each of the speakers. If you’re just looking for a quick summary of a particular talk, these interviews are the place to start:

Threat Modeling at EMC, Danny Dhillon

Threat Modeling at Microsoft, Adam Shostack

Mitigations Unplugged, Matt Miller

Concurrency Attacks on Web Applications, Scott Stender and Alex Vidergar

Fuzzed Enough? Jason Shirk and Dave Weinstein

Real World Code Review, Vinnie Liu

I hope at least 96% of online readers will be able to directly apply this material to their products, just like the show attendees. Please post back and let us know, either way. And let us know what you’d like to see for next year. We have big plans to build on our success and make SDL Sessions 2.0 even bigger and better than the first.

So I was very interested when I heard that Opus Interactive, a customer of ours, had “joined the VMware vCloud initiative as a VMware Service Provider”. I talked to Eric Hulbert, CTO of Opus Interactive, to get some details directly from the source.

Eric shared our own caution about making “cloud-ready” announcements. There have simply been too many companies talking about cloud solutions that lack any substance – usually based on definitions of cloud computing that are hazy or just too broad. The backlash against the cloud hype is often quite justified. But in Opus’ case, there are real components that if they don’t add up to a “full” cloud computing solution just yet, are well on their way – and enabled by VMware’s program for service providers (VSPP).

Opus Interactive is serious about virtualization, which is an indispensable tool in their stated goal of creating a high-density micro-data center with the smallest footprint possible. They are 100% wind-powered and have already virtualized much of their data center, reducing the amount of hardware necessary to run the business and driving down costs to produce even more competitive advantage in a crowded marketplace.

VSPP for vCloud provides a rental model of VMware licenses – e.g., for Enterprise ESX or VDI. VMware Service Providers report on their customers’ virtual machines (vm) and pay only for what is actually used. This model lets Opus Interactive quickly spin up a vm to get a new customer up and running in about an hour and stay very cost competitive at the same time; Opus offers their vClustr entry-level virtual server for only $99.

Cost-effective, rapidly scalable computing “on-demand” based on shared resources, managed by “expert” third-parties, enabled by virtualization technology and pay-per-use vm licenses. Cloud computing? Instead of thinking about a single definition of cloud computing, perhaps it’s more relevant as the market matures to think about a continuum of cloud computing. And by that definition, Opus Interactive is providing cloud services, enabled by VMware’s VSP program. Next on the schedule, automated provisioning and perhaps in the future, API’s that make it even easier for application developers to test and deploy apps on Opus Interactive’s cloud platform – which, by the way, uses EM7 for its core management solution.

Gravity is not the main obstacle for America’s space business. Government is

IN THE spring of 2006 Robert Bigelow needed to take a stand on a trip to Russia to keep a satellite off the floor. The stand was made of aluminium. It had a circular base and legs. It was, says the entrepreneur and head of Bigelow Aerospace in Nevada, “indistinguishable from a common coffee table”. Nonetheless, the American authorities told Mr Bigelow that this coffee table was part of a satellite assembly and so counted as a munition. During the trip it would have to be guarded by two security officers at all times.

Exporting technology has always presented a dilemma for America. The country leads the world in most technologies and some of these give it a military advantage. If export rules are too lax, foreign powers will be able to put American technology in their systems, or copy it. But if the rules are too tight, then it will stifle the industries that depend upon sales to create the next generation of technology.

It is a difficult balance to strike and critics charge that America has erred on the side of stifling. They claim that overly strict export controls have so damaged the space industry that America’s national security is now threatened by its dwindling leadership in space technology. The system, they complain, fails to distinguish between militarily sensitive hardware that should be controlled and widely available commercial technologies, such as lithium-ion batteries and solar cells. The zealous application of the export rules is the American space industry’s biggest handicap.

Economists have long understood the corollary concept of Coase's ceiling, a point above which organizations collapse under their own weight -- where hiring someone, however competent, means more work for everyone else than the new hire contributes. Software projects often bump their heads against Coase's ceiling: recall Frederick P. Brooks Jr.'s seminal study, The Mythical Man-Month (Addison-Wesley, 1975), which showed how adding another person onto a project can slow progress and increase errors.

What's new is something consultant and social technologist Clay Shirky calls "Coase's Floor," below which we find projects and activities that aren't worth their organizational costs -- things so esoteric, so frivolous, so nonsensical, or just so thoroughly unimportant that no organization, large or small, would ever bother with them. Things that you shake your head at when you see them and think, "That's ridiculous."

Sounds a lot like the Internet, doesn't it? And that's precisely Shirky's point. His new book, Here Comes Everybody: The Power of Organizing Without Organizations, explores a world where organizational costs are close to zero and where ad hoc, loosely connected groups of unpaid amateurs can create an encyclopedia larger than the Britannica and a computer operating system to challenge Microsoft's.

Shirky teaches at New York University's Interactive Telecommunications Program, but this is no academic book. Sacrificing rigor for readability, Here Comes Everybody is an entertaining as well as informative romp through some of the Internet's signal moments -- the Howard Dean phenomenon, Belarusian protests organized on LiveJournal, the lost cellphone of a woman named Ivanna, Meetup.com, flash mobs, Twitter, and more -- which Shirky uses to illustrate his points.

The book is filled with bits of insight and common sense, explaining why young people take better advantage of social tools, how the Internet affects social change, and how most Internet discourse falls somewhere between dinnertime conversation and publishing.

Shirky notes that "most user-generated content isn't 'content' at all, in the sense of being created for general consumption, any more than a phone call between you and a sibling is 'family-generated content.' Most of what gets created on any given day is just the ordinary stuff of life -- gossip, little updates, thinking out loud -- but now it's done in the same medium as professionally produced material. Unlike professionally produced material, however, Internet content can be organized after the fact."

No one coordinates Flickr's 6 million to 8 million users. Yet Flickr had the first photos from the 2005 London Transport bombings, beating the traditional news media. Why? People with cellphone cameras uploaded their photos to Flickr. They coordinated themselves using tools that Flickr provides. This is the sort of impromptu organization the Internet is ideally suited for. Shirky explains how these moments are harbingers of a future that can self-organize without formal hierarchies.

These nonorganizations allow for contributions from a wider group of people. A newspaper has to pay someone to take photos; it can't be bothered to hire someone to stand around London underground stations waiting for a major event. Similarly, Microsoft has to pay a programmer full time, and Encyclopedia Britannica has to pay someone to write articles. But Flickr can make use of a person with just one photo to contribute, Linux can harness the work of a programmer with little time, and Wikipedia benefits if someone corrects just a single typo. These aggregations of millions of actions that were previously below the Coasean floor have enormous potential.

But a flash mob is still a mob. In a world where the Coasean floor is at ground level, all sorts of organizations appear, including ones you might not like: violent political organizations, hate groups, Holocaust deniers, and so on. (Shirky's discussion of teen anorexia support groups makes for very disturbing reading.) This has considerable implications for security, both online and off.

We never realized how much our security could be attributed to distance and inconvenience -- how difficult it is to recruit, organize, coordinate, and communicate without formal organizations. That inadvertent measure of security is now gone. Bad guys, from hacker groups to terrorist groups, will use the same ad hoc organizational technologies that the rest of us do. And while there has been some success in closing down individual Web pages, discussion groups, and blogs, these are just stopgap measures.

In the end, a virtual community is still a community, and it needs to be treated as such. And just as the best way to keep a neighborhood safe is for a policeman to walk around it, the best way to keep a virtual community safe is to have a virtual police presence.

Crime isn't the only danger; there is also isolation. If people can segregate themselves in ever-increasingly specialized groups, then they're less likely to be exposed to alternative ideas. We see a mild form of this in the current political trend of rival political parties having their own news sources, their own narratives, and their own facts. Increased radicalization is another danger lurking below the Coasean floor.

There's no going back, though. We've all figured out that the Internet makes freedom of speech a much harder right to take away. As Shirky demonstrates, Web 2.0 is having the same effect on freedom of assembly. The consequences of this won't be fully seen for years.

Here Comes Everybody covers some of the same ground as Yochai Benkler's Wealth of Networks. But when I had to explain to one of my corporate attorneys how the Internet has changed the nature of public discourse, Shirky's book is the one I recommended.

This essay previously appeared in IEEE Spectrum.

• The Cathedral and the Bazaar by Eric S. Raymond
• The Wisdom of Crowds by James Surowiecki
• We Are Smarter Than Me by Barry Libert, Jon Spector, Don Tapscott
• The World Is Flat by Thomas L. Friedman
• The Innovator's Dilemma by Clayton M. Christensen
• The Long Tail by Chris Anderson
• The Speed of Trust by Stephen M. R. Covey
• What Got You Here Won't Get You There by Marshall Goldsmith
• Outsourced (the movie)

Also remember that I mildly panned Digital Economy by Harbhajan Kehal and Varinder P. Singh; my assertion was that the next 10 years will bring about a social economy instead, one that includes the digital natives you’ll all be hiring and selling to now or very soon. They’re the ones who are building it, so you might as well adapt.

SaaS is taking a bite out of the $18 billion IT management market. A new Forrester Research report forecasts SaaS-based IT management accounts will be 10% of the market by 2013. The reason: high level of interest from medium-sized and large enterprises. Forrester also predicts that enterprises with 1,000 or more employees will account for 50% of SaaS installations in 2009. We’ve seen this on the service desk side with the rapid growth of upstart Service-now.com. Companies are looking for easier and rapid deployment, lower upfront and capital costs and rapid time to value – all benefits of SaaS as well as our own appliance model.

IBM snapped up Transitive this week. Their QuickTransit software dynamically translates native code between architectures, enabling apps compiled for one processor to be run on another without any modification. Apple was the first licensee and used it to build Rosetta, a translation system that allowed users of Intel Macs to seamlessly run legacy PowerPC apps. IBM plans to use the technology to move workloads onto IBM systems without recompiling, allowing customers to “save on energy costs due to hardware consolidation and reduced TCO.”

At CA World, CA announced a partnership with Amazon to provide “management capabilities around Amazon’s EC2 utility computing platform, potentially including discovery of software running on EC2 instances, performance monitoring, configuration management, software deployment capabilities and provisioning”. John Willis, in spite of some pretty funny potshots and stories about CA (don’t we all have them), writes that “CA is the first of the Big Four to take the cloud serious”.