Trends in Business Intelligence & 2010 Review
It’s the time of year when magazine editors can’t resist the urge to fill their glossy wares full of ‘thing of the year’ articles, the print equivalent of the mid-season “clip show” that has plagued many a TV series. Well, if it’s good enough for them it’s good enough for me so here’s my rather unstructured and unscientific take on Business Intelligence and Data Warehousing in the year that was – 2010…
Market Trends
To start, I’ve taken a series of snapshots from the excellent Google Trends showing global search volumes for each of the Big Four offerings to measure the level of interest. It’s reasonably clear to see from the graph below that interest in OBIEE shows a small but steady growth whilst Reporting Services shows a marked decline and the other two offerings remains roughly static (maybe a small decline?), this surprised me given that with the release of 2008 R2 I think that Reporting Services is really getting to the point where it offers a legitimate choice in the BI marketplace. Perhaps the issue that Microsoft have fragmented their BI offering to include a mixture of terms with Excel, PowerPivot, SharePoint, Analysis Services and Reporting Services all making up the BI stack and nobody really knows what to call it?
| Cognos | OBIEE | Business Objects | Reporting Services |
This year has also brought an increased emphasis on Mobile BI with the iPad and iPhone fast becoming common executive playthings, Business Objects making it’s Explorer and Xcelsius products available on Android in addition to the iPhone (Explorer only). MicroStrategy took the mobile emphasis a step further (perhaps to help stick their head above the crowd) by announcing a strong focus on the mobile BI market and offering a free 25-seat licence for their Mobile Suite. Despite a strong focus on marketing Mobile BI I’m still not convinced that any of the vendors have really hit the nail on the head with their solutions in that whilst many offer pretty visualisations and slick interfaces most seem to lack the kind of simplicity that helps to present information quickly and succinctly, even the frankly beautiful independent product RoamBI just feels a little overdone when it comes to actually using it.
Major Product Releases
It’s been quite a year in the BI & Database world with the launch of Microsoft SQL Server 2008 R2, Oracle Business Intelligence Enterprise Edition (OBIEE) 11g and IBM’s Cognos 10…
Microsoft’s launch is effectively a moderate evolution of SQL Server 2008 in most areas with little change to the database engine, it’s ETL tool Integration Services and it’s OLAP engine Analysis Services. That said, R2 did bring some handy incremental features which will be especially welcomed by the budget-conscious with an increase in the DB size of the free Express Edition from 4GB to 10GB and the addition of Backup Compression to Standard Edition. There were some interesting additions with PowerPivot, Master Data Services and StreamInsight thought I’m not sure that either will find a natural home for a good year or so as busy DBAs and developers struggle to find the time to try these new features out.
Despite the major jump in the version number Oracle’s release too seems to be mainly an evolution and as a great fan of the product I’m quite considerably relieved since Oracle could quite easily have been over-zealous in integrating their ‘own’ tools like Discoverer and Warehouse Builder with bought-in technologies like Siebel Analytics (which became the bedrock of OBIEE), Hyperion’s Essbase and Sunopsis (now Oracle Data Integrator). One of the less exciting but fundamentally important additions is that the semantic layer employed in OBIEE will be directly and immediately compatible with future releases of other Oracle products in the CRM, ERP and Finance application spaces.
I’m not as familiar with Cognos as the other two tools having only experimented with Cognos 8 for a couple of weeks but from everything I’ve read it seems that Cognos 10 was certainly a major milestone in the product’s lifecycle. Aside from the shiny sounding features such as Social Networking and iPad support (actually a very serviceable looking mobile BI app) there are some very cutting-edge additions to the product including a statistical engine drawn from SPSS and Active Reports which allows users to explore and analyse offline data including interactive email reports.
The Future?
No good review and roundup article ends without a nod to the future and whilst I’m not keen on making absolute predictions there are a few developments I’ll be keeping my eye on for 2011 and beyond.
The main event I’m anticipating is the release of Business Objects XI Release 4, I’ve not seen too many concrete details about functionality but over the last few years Business Objects have seen themselves distracted by the Crystal acquisition (including the shoe-horning of their core product into Crystal Enterprise) and in turn their acquisition by SAP. As a regular and long-term user of Business Objects I’m really hoping that they’ll blow away some of the cobwebs and deliver some new functionality as well as rounding off some of the edges that in previous versions feel a little unfinished, it would be great too if they finally included the key functionality from the legacy desktop client (which many long-term customer still rely on) in their core Web Intelligence product (Freehand-SQL & Grouping – I’m looking at you).
Another area to watch in Business Intelligence and Data Warehousing as well as the wider enterprise market is cloud computing, Informatica’s ETL in the Cloud offering has seen improvements and adoption throughout 2010 and it’s almost a given that Microsoft will be adding some degree of ETL capability to their SQL Azure platform. I’d expect an announcement if not a release along these lines in the coming year, though it’s possible that ETL comes behind providing cloud based analytics (something SSIS guru Jamie Thomson suggests).
In a broader sense I’m expecting to see a little more interest and pickup in the open source BI market, I’ve been saying this for a while (“this time next year, Rodders…“) and I might be wrong for some time to come but I always keep an eye on companies using an Open Source model such as the ETL vendor Talend who recently acquired Sopera (a middleware and SOA vendor), BI vendor Jaspersoft and all-rounder Pentaho. With the global economy still suffering a hangover from the sub-prime mortgage crisis and banking collapse people have been looking for cheaper alternatives and open source companies provide a great way to achieve that, though some of Talend’s high-end offerings are almost comparable in price with other commercial products.
Another possible area to watch out for is the area of Personal Intelligence, essentially Business Intelligence for the individual. A colleague and I spoke about this back in 2008 and we could both see that as people increasingly become data-aware they’ll start to look inwards and aim to measure things about themselves, one obvious starting point is fitness and we already have sites to log and chart your weight and calorie intake as well as the brilliant Nike+ product that measures your pace, time and distance during a run using either a sensor in your shoe or GPS (iPhone app), see the sidebar of this blog or below (one of my runs on the Nike+ site) for examples of the output.
Categories: Business Intelligence, Business Objects, Microsoft SQL Server, Open Source, Oracle, PostgreSQL, Reporting Services, Security, SSIS, Windows Tags: 2008 R2, analytics, Android, BI, BI Trends, Business Intelligence, business objects, cloud, Cognos, IBM, informatica, iPhone, Jaspersoft, Microsoft, Mobile BI, Nike+, OBIEE, Open Source, Oracle, OSS, Pentaho, Personal Intelligence, Reporting Services, RoamBI, SAP, SQL Server, SSIS, Talend
Rootkit Hidden in Network Card Firmware
I just read a scary post by Guillaume Delugré following-up from his presentation (slides) made at the hack.lu conference in October. Essentially he reverse-engineered the Broadcom NetExtreme Network Interface Card and replaced the device’s standard firmware with modified code capable of intercepting network packets and hiding them from the OS – even when the OS registers the card as disabled.
The ultimate goal of the project is to build a rootkit that would reside in the NIC’s firmware and be capable of performing all sorts of nefarious tasks and once installed it could implement a range of countermeasures to avoid detection. One problem for the would-be malware writer is the limited memory available on the NIC, perhaps instead of acting as the primary payload the NIC rootkit could act as a wingman to a larger malware toolkit and even persist in the event that the OS infection was removed.
The rootkit could monitor outbound traffic to sense when it’s primary payload had been deactivated, report back to the command & control servers and wait to be notified of a hardened upgrade that could then be installed by exploiting communication with the driver layer via Direct Memory Access. Alternatively it could be used to thwart detection by network scanners like Nessus or perform port scans on the rest of the network, again – all without the knowledge of the host OS.
This may seem somewhat speculative but to me it’s the way of the future, many devices connected to your PC have flashable firmware and I imagine that within the next couple of years an example of exactly this kind of attack will be found in the wild – until then, stay tuned to the big conferences like Black Hat, Defcon and Hope.
SQLBits 7 – Saturday Conference Rundown
Starting my third day at SQLBits with a hat-trick of talks on technologies I’m unfamiliar with was a bit of a head-bender but an enjoyable one nonetheless. The first talk I chose was a great overview of how to use completely free tools (SQL Server Express 2008 R2, among others) with completely free spacial data (Ordnance Survey’s Open Data) to create spatial reports in Reporting Services. Since it’s not an area I’m working in at the moment I didn’t get any major take-aways but I do have an understanding of what’s possible and how to go about it – if you’re in the same boat you should check out FWTools, Shape2SQL and Grid InQuest.
The second talk was Matt Whitfield‘s ‘CLR Demystified’ and not being a developer I’ll admit that much of it went over my head but I get the basic principles and most importantly I know what’s possible and where I might make use of CLR. The most interesting avenues for me are the ability to write custom aggregate functions and define custom data types – I was also impressed with the opportunity to increase performance in certain text processing / forward log parsing situations.
The next talk I attended was a gentle introduction to PowerShell and James Boother did a good job of showing where it might be useful for admin tasks, in particular the example of purging old backup/log files based on age lit my eyes up. There was also a demo of PowerShell authenticating with Twitter and posting tweets as admin alerts, alas the demo failed but that could well have been a timeout on the Uni’s WiFi network or just plain old demo-gremlins. I must say thou that I still can’t view PowerShell with some sense of disappointment because with all it’s flexibility and power it’s so damned wordy and many of the tasks it performs could be achieved with less code that a good old Bash script.
As with Friday I attended Quest‘s lunchtime session run by Kevin Kline, Ian Kick, Brent Ozar and Buck Woody – they’re some of the most experienced guys in the SQL community and when you get them together they’re funny as he’ll too so I was both entertained and informed in their myth-busting quiz.
My first afternoon talk was Gary Short’s session on NoSQL which predictably sparked a few polite but irate rebuttals from argumentative DBAs but the session itself was an excellent whistle-stop tour of the predominant NoSQL technologies and use cases. I was encouraged to hear from someone experienced in the field that nobody has quite put together all the pieces to hook up BI tools (that traditionally expect relational/dimensional models or OLAP sources) to the NoSQL back-ends, it’s a shame since I might need to do so pretty soon – I guess I’m going to have to get my hands dirty then!
The final talk was from Kevin Kline of Quest who covered SQL Injection, it was an informative talk that gave me pause for thought about a couple ‘best practices’ that I probably ought to harden a little. Kevin recommended a few tools that I’ll definitely be checking out at some point, notably:
- HP Scrawlr
- URLScan
- Source Code Analyser for SQL Injection
- Assessment and Planning Tool
- Discovery Wizard
And a few handy sites/articles:
Once more it was a great conference and the free day was every bit as good as the paid day, I can honestly say that I walked out of the event already looking forward to the next one.
Categories: Events, Microsoft SQL Server, NoSQL, Open Data, Security Tags: CLR, Microsoft SQL Server, NoSQL, Open Data, PowerShell, Security, Spatial, SQL Injection, SQL Server, SQLBits
The Truth About Information Security…
It’s an old one but I just came across this cartoon from XKCD and it made me laugh…
Categories: Security Tags: Cryptography, Wrench, XKCD
The Next Hope Talk Schedule Announced
From July 16th – 18th 2010 in New York City the guys behind 2600 Magazine will be hosting The Next Hope, a conference for hackers of all types: amateurs, hobbyists, professionals and the generally curious.
Topics are wide and vary from IPv6 to Phone Phreaking, Disaster Relief to Graphic Novels and Cooking to DNS Sec – here’s the full talk schedule announced Monday (see table with abstracts here)…
Friday 16th
| Time | Tesla | Lovelace | Bell |
|---|---|---|---|
| 10:00 | IPv6 Playground: New Hope Update
Joe Klein |
GPS – It’s Not the Satellites That Know Where You Are
The Cheshire Catalyst |
|
| 11:00 | The State of Global Intelligence
Robert Steele |
Locational Privacy and Wholesale Surveillance via Photo Services
Ben Jackson |
Light, Color, and Perception
Jonathan Foote |
| 12:00 | Wireless Security: Killing Livers, Making Enemies
Dragorn, RenderMan |
Content of the Future
Greg Newby, Michael S. Hart |
SHODAN for Penetration Testers
Michael ‘theprez98′ Schearer |
| 13:00 | Keynote Address
Dan Kaminsky |
||
| 14:00 | (2 hours) | Digital: A Love Story
Christine Love, Jason Scott |
Examining Costs, Benefits, and Economics in Malware and Carding Markets
Dr. Thomas J. Holt |
| 15:00 | Arse Elektronika: Sex, Tech, and the Future of Screw-It-Yourself
Johannes Grenzfurthner |
Botnet Resistant Coding: Protecting Your Users from Script Kiddies
Fabian Rothschild, Peter Greko |
Electronic Take Back
John McNabb |
| 16:00 | Own Your Phone
TProphet |
Sita Sings the Blues: A Free Culture Success Story
Nina Paley |
Cooking for Geeks
Jeff Potter |
| 17:00 | Keeping Your Job While Being a Hacker
Alex Muentz |
“Brilliants Exploits” – A Look at the Vancouver 2010 Olympics
Colin Keigher |
Design of a Wireless EMG
Konstantin Avdashchenko |
| 18:00 | Tor and Internet Censorship
Jacob Appelbaum, Seth Schoen |
The OpenAMD Project
Aestetix, cpfr, Echo, Far McKon, Mitch Altman, Travis Goodspeed |
Lisp, The Oldest Language of the Future
Adam Tannir |
| 19:00 | Extreme Lockpicking
Barry Wels, Han Fey |
Easy Hacks on Telephone Entry Systems
Davi Ottenheimer |
Buying Privacy in Digitized Cities
Eleanor Saitta |
| 20:00 | Build Robots and See the World
Jonathan Foote |
Towards Open Libraries and Schools
Ellen Meier, Gillian ‘Gus’ Andrews, Jessamyn West |
Monkeysphere: Fixing Authentication on the Net
Daniel Kahn Gillmor, Jameson Rollins |
| 21:00 | Hackerspaces Forever: A Panel
Hackerspaces.org |
Introduction to the Chip Scene: Low Bit Music and Visuals
Don Miller, Joey Mariano, Peter Swimm |
Risk Analysis for Dummies
Nick Leghorn |
| 22:00 | (2 hours) | Electronic Waste: What’s Here and What’s Next
Stephanie Alarcon |
Detecting and Defending Your Network from Malware Using Nepenthes
Marco Figueroa |
| 23:00 | Get Lamp Screening and Discussion
Jason Scott |
Interaction with Sensors, Receivers, Haptics, and Augmented Reality (90 minutes)
Elle Mehrmand, Micha Cardenas / Azdel Slade, Pan, Ryan O’Horo, TradeMark G. |
Injecting Electromagnetic Pulses into Digital Devices
Paul F. Renda |
Saturday 17th
| Time | Tesla | Lovelace | Bell |
|---|---|---|---|
| 10:00 | How to Run an Open Source Hardware Company
Limor ‘Ladyada’ Fried, Phillip Torrone |
T+40: The Three Greatest Hacks of Apollo
Stephen Cass |
False Domain Name Billing and Other Scams
The Cheshire Catalyst |
| 11:00 | Video Surveillance, Society, and Your Face
Joshua Marpet |
Behind the Padlock: HTTPS Ubiquitous and Fragile
Seth Schoen |
Hacking Out a Graphic Novel
Ed Piskor |
| 12:00 | Grand Theft Lazlow – How Hacking is Both the Death and Future of Traditional and Interactive Publishing, Journalism, and the Media
Lazlow |
Vintage Computing
Bill Degnan, Evan Koblentz |
For Its Own Sake and to Build Something Better: A Primer on Neuroscience, Bat Echolocation, and Hacker Bio-inspiration
Scott Livingston |
| 13:00 | Keynote Address
Julian Assange |
||
| 14:00 | (2 hours) | A Red Team Exercise
Tom Brennan |
No Free Lunch: Privacy Risks and Issues in Online Gaming
Don Tobin, Lyndsey Brown |
| 15:00 | How to Bring Your Project from Idea to Reality: Make a Living Doing What You Love
Mitch Altman |
Geo-Tagging: Opting-In to Total Surveillance
Paul V |
Modern CrimeWare Tools and Techniques: An Analysis of Underground Resources
Alexander Heid |
| 16:00 | Snatch Those Waves: Prometheus Radio and the Fight for Popular Communications
Maggie Avener, Pete Tridish |
Memory Fun 101 – Memory Training for Everyone
Chester Santos |
Surf’s Up! Exploring Cross Site Request Forgery (CSRF) through Social Network Exploitation
Daniel McCarney |
| 17:00 | Privacy is Dead – Get Over It
Steven Rambam |
Smartphone Ownage: The State of Mobile Botnets and Rootkits
Jimmy Shah |
Much Ado About Randomness
Dr. Aleksandr Yampolskiy |
| 18:00 | (3 hours) | Free Software: Why We Need a Big Tent
Deb Nicholson |
Why You Should Be an Amateur
Ben Jackson |
| 19:00 | (3 hours) | Reach Out And Touch Face: A Rant About Failing
Johannes Grenzfurthner |
Hackers for Human Rights
Adrian Hong |
| 20:00 | Rummaging in the Government’s Attic: Lessons Learned from More Than 1,000 Freedom of Information Act Requests
Michael Ravnitzky, Phil Lapsley |
Hey, Don’t Call That Guy A Noob: Toward a More Welcoming Hacker Community
Nicolle (‘Rogueclown’) Neulist |
The Telephone Pioneers of America
Kyle Drosdick |
| 21:00 | Social Engineering
Emmanuel Goldstein |
Circuitbending
Jimmie Rodgers |
|
| 22:00 | Building and Breaking the Next HOPE Badge
Travis Goodspeed |
2600 Meetings: Yesterday, Today, and Tomorrow
Gonzo, Grey Frequency, Rob T Firefly |
PSTN-based Cartography
Da Beave, JFalcon |
| 23:00 | Net Wars Over Free Speech, Freedom, and Secrecy or How to Understand the Hacker and Lulz Battle Against the Church of Scientology
Finn Brunton, Gabriella Coleman |
Hacking Our Biochemistry: Pharmacy and the Hacker Perspective
Jennifer Ortiz |
Radio Reconnaissance in Penetration Testing – All Your RF Are Belong to Us
Matt Neely |
| 00:00 | Saturday Night Hacker Cinema | Spy Improv on Steroids – Steele Uncensored – Anything Goes
Robert Steele |
Sunday 18th
| Time | Tesla | Lovelace | Bell |
|---|---|---|---|
| 10:00 | The Need for a Computer Crime Innocence Project
Alex Muentz, Joe Cicero, Seth Schoen |
Hacking Your GPS
Cass Lewart |
Hacking Terrorist Networks Logically and Emotionally
Hat Trick, Mudsplatter |
| 11:00 | From Indymedia to Demand Media: Participation, Surveillance, and the Transformation of Journalism
Chris Anderson |
Hacking for an Audience: Technology Backstage at Live Shows
John Huntington |
Lock Bypass without Lockpicks
Dan Crowley |
| 12:00 | Cats and Mice: The Phone Company, the FBI, and the Phone Phreaks
Phil Lapsley |
Simpsons Already Did It – Where Do You Think the Name “Trojan” Came From Anyway?
Bill Cheswick, Matt Blaze, Sandy Clark (Mouse) |
Burning and Building Bridges: A Primer to Hacking the Education System
Christina ‘fabulous’ Pei |
| 13:00 | The DMCA and ACTA vs. Academic and Professional Research: How Misuse of This Intellectual Property Legislation Chills Research, Disclosure, and Innovation
Chris Mooney, Tiffany Rad |
American Bombe: How the U.S. Shattered the Enigma Code
Shalom Silbermintz |
TrackMeNot: Injecting Reasonable Doubt in Everyone’s Queries
Vincent Toubiana |
| 14:00 | Informants: Villains or Heroes? (90 minutes) | Into the Black: DPRK Exploration
Michael Kemp |
The Freedom Box: How to Reclaim Privacy on the Web
James Vasile |
| 15:00 | Hacking the Food Genome (15:30)
Gweeds |
CV Dazzle: Face Deception
Adam Harvey |
Bakeca.it DDoS – How Evil Forces Have Been Defeated
Alessio ‘mayhem’ Pennasilico |
| 16:00 | Hackers without Borders: Disaster Relief and Technology
Dennison Williams, Elena, Smokey |
The Black Suit Plan Isn’t Working – Now What?
James Arlen |
|
| 17:00 | The HOPE Network | Sniper Forensics – Changing the Landscape of Modern Forensics and Incident Response
Chris Pogue |
|
| 18:00 | Closing Ceremonies |
Privacy Tool: Disposable Email Address
From time to time I find myself forced to provide an email address to register on a website to get some content (a solution to a problem, a whitepaper, etc.), generally I’m loath to spread my email address around because (a) it’s a personal identifier and (b) I’m likely to end up with even more SPAM than I have now.
Well, there’s a great solution – you can use a temporary email address. There are several sites out there that will randomly generate an email address that become valid for a fixed period of time before the account (and all of the mail) is deleted. One thing that you should know is that the content of the emails themselves should not be personal since there there is often no authentication, it’s really just a quick and easy solution and is not secure in itself.
The site I tend to use if Guerrilla Mail, their temporary addresses last for 60 minutes but can be extended and they also let you pick your own address or take a randomly generated one. There are other sites out there but the only one I’ve had any experience with is 10 Minute Mail, I’m sure some quick googling will bring up a load of alternatives.