Slashdot Mirror
Is Amazon Rigging the Bidding For Massive Government Contracts? (vanityfair.com)
SpzToid quotes Vanity Fair:
The controversy involves a plan to move all of the Defense Department's data -- classified and unclassified -- on to the cloud. The information is currently strewn across some 400 centers, and the Pentagon's top brass believes that consolidating it into one cloud-based system, the way the CIA did in 2013, will make it more secure and accessible. That's why, on July 26, the Defense Department issued a request for proposals called JEDI, short for Joint Enterprise Defense Infrastructure. Whoever winds up landing the winner-take-all contract will be awarded $10 billion -- instantly becoming one of America's biggest federal contractors.
But when JEDI was issued, on the day Congress recessed for the summer, the deal appeared to be rigged in favor of a single provider: Amazon. According to insiders familiar with the 1,375-page request for proposal, the language contains a host of technical stipulations that only Amazon can meet, making it hard for other leading cloud-services providers to win -- or even apply for -- the contract. One provision, for instance, stipulates that bidders must already generate more than $2 billion a year in commercial cloud revenues -- a "bigger is better" requirement that rules out all but a few of Amazon's rivals... Much of the language of JEDI, in fact, seems specifically tailored for Jeff Bezos. "Everybody immediately knew that it was for Amazon," says a rival bidder who asked not to be named. To even make a bid, a provider must maintain a distance of at least 150 miles between its data centers and provide "32 GB of RAM" -- specifications that few providers other than Amazon can meet.
The article also cites last year's "so-called Amazon amendment, a provision buried in a defense authorization bill that will establish Amazon as the go-to portal for every online purchase the government makes -- some $53 billion every year." And it also notes that Amazon employs more than 100 lobbyists in Washington, and "has spent $67 million on lobbying since 2000 -- including more this year than Citigroup, JP Morgan Chase, and Wells Fargo combined."
The article says this controversy may be "a sign of how tech giants and Silicon Valley tycoons will dominate Washington for generations to come."
But when JEDI was issued, on the day Congress recessed for the summer, the deal appeared to be rigged in favor of a single provider: Amazon. According to insiders familiar with the 1,375-page request for proposal, the language contains a host of technical stipulations that only Amazon can meet, making it hard for other leading cloud-services providers to win -- or even apply for -- the contract. One provision, for instance, stipulates that bidders must already generate more than $2 billion a year in commercial cloud revenues -- a "bigger is better" requirement that rules out all but a few of Amazon's rivals... Much of the language of JEDI, in fact, seems specifically tailored for Jeff Bezos. "Everybody immediately knew that it was for Amazon," says a rival bidder who asked not to be named. To even make a bid, a provider must maintain a distance of at least 150 miles between its data centers and provide "32 GB of RAM" -- specifications that few providers other than Amazon can meet.
The article also cites last year's "so-called Amazon amendment, a provision buried in a defense authorization bill that will establish Amazon as the go-to portal for every online purchase the government makes -- some $53 billion every year." And it also notes that Amazon employs more than 100 lobbyists in Washington, and "has spent $67 million on lobbying since 2000 -- including more this year than Citigroup, JP Morgan Chase, and Wells Fargo combined."
The article says this controversy may be "a sign of how tech giants and Silicon Valley tycoons will dominate Washington for generations to come."
Next up: is the government rigging the bidding for government contracts?
Amazon employs more than 100 lobbyists in Washington, and has spent $67 million on lobbying since 2000.
It's true. We have the best government money can buy.
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
One of the good-old-boys DoD contractors thought they had the sole source contract for bid rigging?
Have gnu, will travel.
The existing defense-oriented government data centres can easily support a really large open stack instance, which provides a more secure option that trusting a single vendor.
(In previous lives, I've worked with both Open Stack and with the Solaris side of the U.S. Defense Department's server farms: what I propose is child's play for them. Other departments? Maybe so, maybe not.)
davecb@spamcop.net
Just fill it to over-flowing and "we'll see what happens".
Is that a joke summary? seriously I hate Amazon but none of the 3 sample clauses seem at all unreasonable. Was the 32GB of RAM a fucking typo? is there seriously any cloud provider (even small ones) that don't go that high? having Datacenters geographically separated is a common clause. 2 billion in revenue would be the only questionable one.
I see Bezos' purchase of the Pravda on the Potomac is paying dividends.
Arranging the "requirements" to limit who may supply goods to the government has been around ever since the bidding process was formalized. Al Gore's revision of the rules (some years ago, now), reduced the practice for commodity items, but did very little for truly one-of-a-kind and high-tech goods and services.
To even make a bid, a provider must maintain a distance of at least 150 miles between its data centers and provide "32 GB of RAM" -- specifications that few providers other than Amazon can meet.
If most of the other providers can't fulfill the obvious technical requirements required for obvious technical reasons, is the low number of qualified bidders really an issue? That Amazon as the government acquisition portal is another thing, though.
If I leave all of my doors unlocked and all of my stuff gets stolen, should I blame the company that built my house?
Here's a different view:
In the past several months, a private investigative firm has been shopping around to Washington reporters a 100-plus-page dossier raising the specter of corruption on the part of senior Defense Department and private company officials in the competition for the JEDI cloud contract. But at least some of the dossier's conclusions do not stand up to close scrutiny.
https://www.defenseone.com/tec...
You say all that like Amazon doesn't have tools and documentation available for customers to secure the data they put in their bucket.
Was this article posted by the owner of some two-bit regional hosting operation? The specifications mentioned in the summary aren't tailored to Amazon, but hit every major cloud provider from Rackspace through IBM, Microsoft, Amazon, etc.
If you don't have datacenters outside of a 150 mile radius and you think that 32GB RAM is extreme, you're not capable of hosting even a mid-sized enterprise, let alone a large government. There wouldn't be too many small businesses that could get away with 32GB RAM in a server. It sounds like the complainant is doing small business web hosting out of a single rack unit and wondering why they're cut off from contracts they could never possibly fulfil.
What a ridiculous article.
There are already 200+ providers that are 800-37 compliant, or are in the process of getting products authorized. The DoD has 47 vendors on there. AWS has 184 authorizations, MS has 86; they are the top 2.
I suspect once Trump groks this, he will FREAK out. He seems to have a huge amount of hatred for Amazon, so I would expect him just ordering the DoD to not do this if AWS is going to be the provider...not sure if he will have any other solutions.
Personally, I think anything that falls under 800-53 should NOT be outsourced in any way; you can't properly lock down the underlying AWS; you don't have access to their actual infrastructure. How would you audit that all the switches that your data travels across have the proper DoD login banners, or restricting SNMP by IP address? Maybe they already do all this; but a "small breach" could become "keys to the kingdom" to a huge amount of information.
God I'm tried of seeing this. I'm not the biggest fan of AWS or S3 but when you see a news article on documents being leaked on S3 is almost certainly 100% the users fault (I'm not aware of any cases where it wasn't).
S3 defaults to private/restricted access. If you created a bucket right now and uploaded files the are not publicly accessible. You have to explicitly grant public access and if you do that through the web interface it even prompts you with something akin to "this is probably a very bad idea, are you really sure you want to do this".
The only fault that can be laid at Amazon's feet is that the ACL system can be very difficult to learn and master for novices. This causes non-tech types to just throw up their hands and just go with the public option thinking that it will be fixed later. AWS could help the situation by creating an S3 lite that had a more dropbox like interface and allowed access to be easily managed through OAuth access based on social media accounts.
This stuff must be completely non-critical. I can only imaging that all is routinely stolen and distributed globally anyways...
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Now we are quoting Vanity Fair here at Slashdot.
Teen Vogue next?
I've worked on Government contracts and have a NAC clearance - It would be a good idea for this to be moved to a cloud environment where Amazon is taking special care and keeping the infrastructure completely NIST compliant. The data would be more secure than it is now - believe me.
The controversy involves a plan to move all of the Defense Department's data -- classified and unclassified -- on to the cloud.
That is an excellent idea! It should be rolled out as soon as possible.
Sincerely,
China.
Having worked in the defense industry, and seen it first hand.
Cloud computing is cheaper. The problem for the defense industry is security.
Amazon is the only one to pass the test. It cost them a lot.
Now they're reaping the benefit of that expense.
They are the only cloud player to have invested in defense level security.
It saves money, even if they are the only player
Old Larry Ellison is upset that the DoD isnâ(TM)t lining up to give him money. ORACLE is dumping shit loads of money into spoiling this cloud contract - because it isnâ(TM)t fair to them
This isn't something fresh to this case, it happens all the time. If other companies want the business, they will jump through the hoops. I'm not going to feel bad for Microsoft, Google, and Oracle.
> The information is currently strewn across some 400 centers, and the Pentagon's top brass believes that consolidating it into one cloud-based system, the way the CIA did in 2013, will make it more secure and accessible.
WTF? How stupid are these people? It's called a single point of failure and that makes it a single weakness for Russia or China to attack. Wow. So fucking dumb.
And yes: Bezos and Amazon are assholes but people keep buying from them. You buy from them. You endorse them. So stop whining you hypocritical latte-sipping iPhone-fondling instagram-selfying facebook-posting self-entitled hipster. Fuck them but fuck you even more.
Does the donald know about this?
This is similar to contracts that detail that they need to support Microsoft's software's proprietary protocols without actually saying it should be a Windows server. Sure, an alternative is technically possible but it doesn't exist. It's pretty shit but it just means that's they have no interest in changing their operations.
Yes, it's bullshit but it's old bullshit that's been going on for decades.
Anons need not reply. Questions end with a question mark.
Unless they helped write the rules? Or are they just lying about benchmarks and bending the language to meet the criteria?
Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017
Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016
his hosts program is actually pretty good by xenotransplant August 10 2015
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015
I like your host file system by Karmashock September 09 2015
that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015
I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017
* Best part = Linux 64-bit model's faster/more efficient (2x work in 1/2 the time)
APK
P.S.=> For a faster/safer/more reliable internet. Even you stupid níggers can benefit from my greatness. God's gift to Slashdot will NEVER be silenced... apk
This does not apply here. DoD requires an air-gapped cloud that has no connectivity with the public Internet. Amazon already operates such a "region" for the CIA.
It's actually very easy. Amazon will build a DC that is completely dedicated to DoD. It won't have ANY external connections, with all operations handled through SKIFs and DoD-controlled VPNs.
For those who haven't worked with governments before, I've seen it go like this: Someone in the government (local or otherwise) wants to deal only with vendor X (a friend, nepotism, he thinks theirs is the best product, etc.). With cooperation from the government person, vendor X writes a bidding specification that is very detailed, so that all other bidders are excluded.
AWS does not give you full control or even console access so you can't load your ISO as boot also you don't control the AWS router that maps the PUB IPV4 to your local IPV4 and you can't get your OWN server or cluster that is just your systems and not auto balanced loads from any AWS VM.
maybe call all users as ANY AWS user some may think that all users = all users in your domain.
Would rather deal with Amazon than GSA. A few years ago, I ordered a bale of rags from GSA, got a bale of rags. Made out of cut up cloth rain coats. Ordered a set of snap-ring pliers with a NSN from a very good set. (NSN=national stock number) Got a chinese copy. Wanted a Estwing hammer. Another copy. Try sending something back to the GSA. You can, maybe, sometimes.
Passionately Indifferent
what is that 32GB listed about then? For some loads an VM with 32GB can be extreme. If any thing 32GB per DC = must be some small system over all.
Take your meds dude.
The "must already have $2B in revenues" is a little sketchy.
These two don't seem particularly discriminatory: Data centers 150 miles or more apart is something every cloud provider of any significance already has. Maybe not every data center is 150 miles from every other, but Amazon doesn't have that either. 32gb ram virtual servers is trivially added for anyone who didn't have it -- the physical servers backing the VMs often have 1TB ram or more.
Here's what really cuts out almost everybody: Amazon has a virtual networking system (VPCs) with their cloud product that allows for complex security infrastructures with VMs behind multiple layers of protection devices. Most cloud providers offer VMs plugged directly in to the Internet. Period.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
that bit about how Trump is an idiot for being skeptical of Amazon and Bezos.
There are many people getting big benefits from the endless Trump/Russia "collusion" probe that after more than a year seems to be focused on perfectly legal payouts of blackmail money to strippers, and a couple of slimy lawyers who cheated on taxes years before Trump ran for president --- With Trump being endlessly threatened with impeachment if he messes with the justice department, all the corruptocrats and lobbyists in the beltway are free to run amok without fear that the president will fire his ineffective AttyGen (Elmer Fudd AKA Jeff Sessions) and replace the fool with somebody effective who might do Trump's bidding and look into any huge custom-made-for-Amazon RFQs. With nobody at the helm at the justice department, there are career people in all departments who are free to write bid requirements tailored to the vendors they prefer (with an eye toward second careers working for those vendors). For those of you who doubt this sort of bold corruption happens in DC, google "Air Force tanker contract" or "ULA block buy".
"...Washington for generations to come."
Yeah....... Nope
Other cloud providers can’t supply 32GB of RAM, and that’s Amazon’s fault somehow?
You understand AWS less than you think.
Is that a joke summary? seriously I hate Amazon but none of the 3 sample clauses seem at all unreasonable. Was the 32GB of RAM a fucking typo? is there seriously any cloud provider (even small ones) that don't go that high? having Datacenters geographically separated is a common clause. 2 billion in revenue would be the only questionable one.
It’s common in government for a vendor to offer help writing a bid that only they can win, by listing really technical things only their solution provides. And if you decide you really want that vender, not much keeps you from doing this. This isn’t necessarily done in bad faith, and it could save money over integrating a bunch of different shit that wasn’t designed to fit together. Think long term support costs for a frankensystem put together from lowest bidders.
So yes, it’s hardly surprising if those requirements were reverse engineered from someone’s desire to use AWS specifically. It’ll be up again at some point in the future at least.
But Microsoft, Oracle and others are known to uuse those practices. So why bother? If you expect they play fair then it should be to anyone
The 150-mile minimum looks like a straight-up âoefuck youâ to Oracle. Oracleâ(TM)s bare-metal team built data centers within 1ms of one another in order to improve latency and provide something no other cloud provider could provide. Due to speed of light limitations, a 1ms round-trip time allows for data centers â" at the absolute most! â" to be 93 miles from one another. Given routing & switching latencies, youâ(TM)ll usually want the data centers somewhere around 50-80 miles from one another. This is far enough to be largely free from most correlated risk except extinction-level events. Big middle-finger to anyone who wants to push performance higher than Amazon does. Wow.
Matthew P. Barnson
I learn what I think when I read what I write
A cyber war is coming and theyâ(TM)ll tear Amazon a new asshole before they knew what hit them.
Good news is the DOD contractors will say I told you so and charge 2x to do it right.
This is a pretty standard part of any RFP, where vendors fight to make sure the requirements favor themselves. It's up to the project committee to weight the various requirements and figure out which ones are real and which ones are vendor-related BS.
Big Capitalistic Corporation Does Everytthing In Its Might To Become Even Bigger!!1!
News at 11.
The DoD is not centered around genome analysis or other HPC applications (yes, they have them but that's not their "core business"). They have mission critical apps that any number of countries, organizations and people want to screw with. And they have the ability to do so (and before you dismiss it, I'll remind you that the Pentagon had a gaping hole in it after 9/11). Layer natural disasters and the fact that US power grid has had catastrophic regional failures and I would also like to make sure my servers were not all bundled into one nice little target area.
Hell, this is the entire reason the internet exists... the DoD asked DARPA to come up with a distributed network that could route around problems and keep working.
I don't disagree that people write specs to favour a vendor, I have seen it done myself. But those specs DON'T favour any particular vendor, if those are true samples of what they call favouritism then I call Bullshit on the story as it must have been written by someone with no knowledge of the topic. I am assuming though it is just a really badly written summary/article and somewhere in the details really are some amazon favouring clauses.
32GB isn't even extreme for a VM. Hell we have more than I can count with 10 times that amount of RAM running on various cloud providers. Not aware of any cloud provider that would be impacted from such a low number.
Must be the god damn Russkies again. Those sneaky sons of bitches are always up to something. It's like my grand-dad always told me, "Never trust a goldurn Russian", he'd say. If only he'd lived to see the shit those sneaky fucking Russians were getting up to these days, he'd have a conniption fit! I tell you what, that whole Slavic race is good for nothin', and nothin' but trouble, the whole sneaky lot of 'em. They may look white, but they're like god damn gooks on the inside.
As a user of their product and others., it's far superior. Frankly the other vendors don't even offer a comparable product.
You can create Amazon Machine Images and install anything that amazon hardware architecture supports. Conversion from .OVA -> AMI is simple.
You can install your own firewalls if you so wish, but most people don' tbother
So it only cost them 1/10% of the prospective ANNUAL contract in lobbying expenses? Cool.
After a DARPA meeting I was approached by a lobbyist for "only" $10k a month.
Speaking as a federal employee - it’s incredibly difficult to just buy what you need. In business you find a provider and initiate a contract. In government, there are a ridiculous number of steps that make this impossible, all in the name of ensuring we cannot send a sweetheart deal to a relative or etc. This means it is not possible to just buy, say, a Dell computer, we have to propose a computer buy and specify what we need and let a reseller bid. We “save money” by buying the exact same Dell from a reseller who bought it from Dell to sell it to us. I am still 100% unclear how that can possibly be cheaper, but the reseller meets the requirement to be minority owned or Veteran owned or what have you, so hooray.
What happens in many cases when you have a very specific need is that multiple resellers will jump in and insist that they can provide what you want, when in fact they cannot. We spent about a year researching software for a very specific need and settled on one service that did what we wanted; during the bidding, several other providers (which we had specifically rejected during our fact-finding) popped up and insisted they could do things that their software clearly was not capable of doing. The contracting agents don’t have the background to know this. They just see a vendor saying “we can do this for way cheaper” without realizing that “way cheaper” is only possible because the service lacks 50% of what we need it to do.
Writing an “open bid” contract in such a way that only one vendor really can match the need is the simplest, fastest way around this mess, and unless/until the federal contracting and acquisition system is fixed, this will continue to happen. Everyone on the inside knows it happens, and honestly every once in a while some other vendor actually CAN meet the requirements, so it is as fair as we can make it without wasting everyone’s time and your tax dollars.
Tl;dr: if it looks suspiciously specific it’s intentional, and likely so for a damn good reason. We’d save a lot more cash if we just accepted some level of graft once in a while.
(Don’t get me started on the “approved” vendor site we have to use for most smaller buys; imagine Amazon if coded by Microsoft in 1996, where everything you buy that claims to be “new” is actually remanufactured, “name brand genuine” shows up as a knock-off, and once we actually got a device show up with European voltage requirements even though it stated repeatedly that it took 115v. Damn thing wouldn’t turn on with our puny American voltage and we had to fight to return it.)
prease 2b learnink2engrish.
Writing grants and contract proposals so that they exclude everyone but the vendor you want is dead simple; my clients used to do it all the time when they wanted a new high-end scientific gadget or piece of expensive gear.
You just write the grant so that it specifies as "mandatory" one or more features that disqualify all the other entries. It's pretty easy to do.
In my client's case they just wrote that one of "must-have" items was a "sample exchange airlock" mechanism for any new electron microscope they were going to buy. Ours was the only one that had such a feature (because we patented it) and so our company always "won" the grant. (And a sample exchange airlock *is* a valuable feature, make no mistake.)
So again, this is nothing new.
Just cruising through this digital world at 33 1/3 rpm...
No. when this man gas Chambers a shit ton of people, maybe then , but words on a page do not compare to actual violent action. Unless someone is successfully systematically rounding up a demographic for Mass disposal they're not too much like the Nazis
So we all are familiar with the twitter rhetoric from POTUS regarding Amazon taking an 'unfair' advantage of mismanaged pricing by the USPS and how it is
'supposedly' upside down in a debt structure standpoint. We are also aware this is party driven because Jeff B owns both amazon and the washington post.
But here is the thing. When it comes to deals like this, this is the one area that the executive branch has complete latitude. These aren't congressional decisions, these fall squarely on department heads. So if DJT was really gunning for Bezos, what are the odds they would have a snowball's chance in hell of getting even a water fountain maintenance contract? So that leads me to believe that all that 'conflict' is just for show.
To even make a bid, a provider must maintain a distance of at least 150 miles between its data centers and provide "32 GB of RAM" -- specifications that few providers other than Amazon can meet.
Basically all major cloud providers can do that, even smaller ones. Linode? They top out at 300GB of RAM on their largest nodes, and have data centers in all four extremes of the US. DigitalOcean? They go up to 192GB and have data centers in NYC and SF. For an extreme case, Microsoft will do 3.8 TB of RAM on Azure.
Sumpin like, oh I don't know, like ... ARE YOU READY FOR SOME FOOTBALL?!!!
Woo-hoo!
We're gonna go all the way this year, I just know it! We finally got some fresh meat in the backfield, and finally got someone who can throw the ball. Yeooow, boy's a stud!
You guys act like this 'lobbying' shit matters, but what matters is getting the first down without getiing a flag on the play. I mean, first down, baby, that's what it's all about ... a couple of those and booya !! 6 points baby, who's your daddy, I'm your daddy, just ask yo momma! I mean, wait til I pull out first, but then totally ask her when I'm finished! That's right, baby! My team totally stomped your team and we won. That's right, WE won ... no they don't pay me, but I don't need it, I have a good job and am proud to be the 12th man that helps my squad win! I can't help it if you don't have tesm spirit! I gots spirit yes I do, I gots spirit how bout you? What's that? No? Didn't think so, natch!
The rest of you losers can sit around yapping about politics this and corrupt that, but I'm gonna watch me some FOOT BOWWW, Baby! Ya heard?! Some Foot BOW WOW WOW YIPPIE OH YIPPIE AYYYYYYYYYEEEEEEEEEEHAAAAAAAWWWWWWWWWW!!!!!
Woooooooooooooo!
I sure like me some football.
Really tired of the Cloud Computing\Outsourcing is Cheaper chant. Politically, it's great to be able to claim that you're "going" to save money but those projected savings always seem to be eaten up by increased fees and service add-ons. Cloud computing isn't about saving money (although it's always marketed that way), at least for Federal and state governments. It's just an easy way of divesting yourself of the responsibilities of managing an IT infrastructure. Additionally, you get to shift costs from capital to operational, which just looks better on the books. In the end, you're still going to pay more though. As far as security is concerned, what could possibly go wrong with giving stewardship of our country's most sensitive data over to some non-auditable (IT wise), public, global entity?
Indeed. On Azure:
An 8 core 32GB VM is $668 USD/month
16 core 448 GB VM is $7044. (Four hundred forty eight gigabytes of random access memory.)
And for revenue:
Q1 2018 Cloud Revenue for Microsoft is $6bn; for AWS its 5.4bn and IBM it's 4.2 bn. Seriously, the 3rd placed provider is clearing the threshold twice - and doing it in only a QUARTER of the year.
Yeah, $2bn / year sounds like "keeping kiddies out of the adults swimming pool". But it doesn't make sense as Oracle themselves say they are pulling in 9.8bn per year.