Waikato Business News April/May 2021

28 WAIKATO BUSINESS NEWS April/May 2021
Is serverless right for you?
By RACHEL PRIMROSE
Serverless. It’s a buzzword. Love ’em
or hate ’em, buzzwords give us crucial
clues into what is trending, and this
one is loaded.
Serverless computing is a
cloud computing model
in which the cloud provider
dynamically allocates
computing resources based
on demand, and where the
provider also administers the
underlying servers on behalf
of its customers.
To some it means “little
to no maintenance”, to others
“cheaper technology infrastructure”.
While both are
true, serverless is by no means
a panacea.
Across all three major
cloud infrastructure providers,
there is no set monthly pricing
for serverless infrastructure.
Pricing is based on how much
resource (generally number
of seconds that code runs,
throughput, and memory) that
each request consumes.
Serverless is not necessarily
going to be cheaper
for code that runs 24/7, but
there are other benefits. You
won’t need a systems administrator
and developers won’t
have to learn how to install,
run, secure and patch a Linux
server (an increasingly rare
skill). Running and maintaining
servers is at a minimum a
monthly maintenance job, and
at worse a drop-everythingall-hands-on-deck
for highrisk
issues such as the recent
security vulnerabilities.
Equally important is the
supporting services. Serverless
workloads have limits,
and don’t always provide
features such as internet
access, traditional storage and
security.
While handled differently
across cloud providers, these
costs are additional to the cost
to run the code written by
your software developers. The
great news though is that compared
to the cost for multiple
virtual machines, container
services or physically hosted
servers, this is generally lower
until you get into extremely
high workloads or if you are
willing to significantly compromise
on performance.
The cloud infrastructure
cost aside, operational costs
for serverless are a success
story but also introduce items
on your risk register. When
you select serverless computing,
the updates to the underlying
hardware, operating
system and base programming
runtime are done for
you. This doesn’t mean that
software maintenance doesn’t
exist – you’ll be informed and
asked by your cloud provider
to upgrade or face the consequences,
which starts with an
inability to release new functionality,
and can end up with
your code ceasing to run.
You have two important
risks to consider. You will be
forced into upgrading platforms
at some point. This will
usually be several years in
the future if your software is
deployed on up to date platforms.
The timing and inescapable
inevitability cannot
be ignored commercially.
The second risk is that you
are effectively outsourcing
your systems administration
to your cloud provider. Professional
consensus is that
due to scale and customer
volume the cloud providers
will do a better job than your
single sysadmin, but this is not
guaranteed.
With risks acknowledged,
we come to the true advantage
in operational expenditure.
There’s no requirement
for a dedicated systems
administrator.
The entire ecosystem
from deployment to maintenance
can be looked after
by your software partner
or developers, with a little
help from your cloud provider
in the form of proactive
notifications.
Another common question
about serverless is the cost
to develop and scale. This is
highly dependent on the languages,
frameworks and type
of problem you’re solving.
Swapping out traditional servers
for serverless solutions
may not give a good solution.
In general, there should be no
additional cost to implement
serverless code, provided that
serverless is the correct technical
fit for the problem.
And finally, onto a good
problem to have: a fast
growing business. In this
area serverless technologies
really shine.
With a support ticket
(and a good explanation),
well designed solutions can
scale from 1,000 concurrent
requests up to 10,000 in
hours. With traditional infrastructure,
building for scale
can be cost prohibitive during
the initial design and build,
whereas serverless solutions
are largely intrinsically scalable.
The key to a successful
serverless implementation
is good architecture. Serverless
should always be considered
in a holistic way,
starting with good technical
fit, but always looking at the
business fit as well.
At Company-X we have
great success passing on
serverless solutions to clients
with feedback that onboarding
time is low due to great
TECH TALK
tooling, the inherent modularisation
that serverless code
and infrastructure provides,
and that the low infrastructure
entry cost has made an agile
approach a reality.
> BY RACHEL PRIMROSE
Rachel Primrose is a software architect at software
development specialist Company-X.
Working from home and copyright rights:
the need for certainty of ownership
In pre-Covid days, if you
created copyright works
such as drawings or
source code as part of your
job, the odds are you would
have done so during ‘normal
office hours’ at your desk
rather than at 9pm in the
comfort of your own home. It
would have been straightforward
to establish who was the
owner of copyright (TOOC)
in those drawings or source
code.
In these Covid-affected
times, however, many officebased
employees now work
flexible hours and work from
home (WFH). Indeed, the
8.30am-5pm day in the office
has almost become a rarity
rather than the norm. As a
result, ascertaining who is the
owner of copyright in drawings
or source code may be a
little harder to discern; or at
least, the topic may be open
for greater debate.
The need then to be sure of
who owns what in an employment
context is perhaps more
INTELLECTUAL PROPERTY ISSUES
> BY BEN CAIN
Ben Cain is a Senior Associate at James & Wells and a Resolution
Institute-accredited mediator. He can be contacted at 07 957 5660
(Hamilton), 07 928 4470 (Tauranga) and benc@jaws.co.nz.
important now than it was in
the old days.
The recent case of Michael
Penhallurick v MD5 Ltd
[2021] EWHC 293 in the
Intellectual Property Enterprise
Court in England,
although relating to events
pre-Covid, illustrates this
need.
Penhallurick, a former
employee of MD5, claimed
ownership of copyright in
eight works relating to a
technique he named “Virtual
Forensic Computing”
or “VFC”.* The eight works
comprised different versions
of the software code (literary
works), a graphic user interface
(artistic work) and a user
guide (literary work).
It was established that the
first two works – the earliest
version of the VFC source
code and the object code
compiled from this code –
were created in 2005 and
2006, before Penhallurick
was employed by MD5 in
November 2006. The Court
found these works were not
relevant to Penhallurick’s
claim and consequently
focussed its assessment on
the remaining six works created
by Penhallurick after he
joined MD5.
The Court found Penhallurick
was the author of
the six remaining works and
therefore was the first owner
of copyright in them – unless
any were made in the course
of his employment by MD5
pursuant to the IP clause in
Penhallurick’s employment
agreements, in which case
MD5 was the first owner.
Which of these was the case
turned on the meaning of “in
the course of his employment”.
Why? Because of the
poor wording of the “Job
Titles and Duties” and intellectual
property clauses in
Penhallurick’s first employment
agreement.
The Court ultimately
found that all of the works
had been created by Penhallurick
in the course of
his employment with MD5.
Of particular interest to this
author, and relevance to this
article given the current (and
potentially permanent?) fashion
for working flexible hours
from home, however, is the
Court’s finding in relation to
the third and fourth copyright
works (“VFC Version 1” and
the graphical user interface
(“GUI”) for VFC Version
1) created by Penhallurick
in 2007. In respect of these
works, the Court said:
“[66] … It seems that Mr
Penhallurick took on the task
[of developing VFC Version
1 and GUI] with enthusiasm,
to the extent that he took his
work home some of the time.
His staff annual appraisal of
August 2007 suggests that
much of the work must have
been done during working
hours at MD5. But whatever
the exact proportion done at
home, it does not displace the
strong and primary indication
that it was work done in the
course of his employment.
The fact that an employee
does work at home is relevant
to the question of whether
the work is of a nature to fall
within the scope of the duties
for which he is paid but it
may or may not carry much
weight. Where it is otherwise
clear that the work is of such
a nature, in my view the place
where the employee chooses
to do the work will not generally
make any difference. The
same applies to the ownership
of the tools the employee
chooses to use, here sometimes
Mr Penhallurick's own
computer system. If it is clear
that the employee is being
paid to carry out a task as
agreed with his employer,
he may choose to use tools
supplied by his employer or
his own tools; either way,
the task is carried out in the
course of his employment.”
Although it is not stated,
I am confident the same reasoning
applies to the time of
day the employee chooses
to do the work – that is, it
doesn’t matter whether you
do the work at 10am or 10pm,
if the work is carried out in
the course of your employment
then any copyright
rights in it will be owned by
your employer.
Standing back, Penhallurick’s
case identifies two
important ‘take homes’
for both employers and
employees:
• first, if an employer is
going to make use of copyright
works created by
an employee before that
person is an employee,
then the employer should
have the employee assign
copyright in those works
to the employer at the
same time the employee
becomes an employee.
Alternatively, execute a
licence agreement with the
employee at the same time
the employee becomes an
employee to enable those
works to be lawfully used
by the employer;
• second, the employer
should ensure employment
agreements, but particularly
those with employees
whose job it is to create
intellectual property,
adequately identify an
employee’s role and scope
of duties so that it is clear
what resulting intellectual
property the employer is
laying claim to by virtue
of the employment agreement,
irrespective of what
time of day and where that
intellectual property is
created.
* VFC is a method of retrieving
an image of the hard disk
without writing on it, then
booting up the image on a
virtual machine so that the
image can be investigated.
In developing the technique,
Penhallurick had used a freely
available product called VM
Software to set up the replica
of the target computer’s hardware
and operating system.
As computer programs generally
have inbuilt safeguards
to prevent them from being
manipulated in this way, the
method developed by Penhallurick
involved a password
bypass feature.