Tuesday, August 30, 2005

Why corporate IT is melting down

No comments:
This week, Winn Schwartau writes in his Security Awareness blog about why Windows is such a mess and why it has to fail:


In a comment on this article, I wrote about what happens when corporate idiocy is then combined with the WinTel problem of cheap PC's and bug-ridden software.

I think this comment is worthy of an article in its own right, so here it is, in an expanded form, since I can write more here than on a comment page.

It is human nature to not want to admit error. It is the nature of bureaucracies to flat out refuse to admit error, no matter what the cost. They would rather run the entire corporation into bankruptcy than do something that would be an admission of error. And this is with good reason. The one who admits a mistake gets blamed for everything that goes wrong, even if the mistake wasn't his decision and even if the things going wrong have nothing to do with the decision. People get fired from their jobs for admitting mistakes. People get blacklisted from whole industries if they admit mistakes in public.

This, in itself, is a disaster that affects most corporations. Now guess what happens when you get an IT department involved, an aging infrastructure, and a budget crunch.

Initially, everything is running smoothly. The corporation is using big iron for everything important. This is probably some combination of mainframes, minis, workstations, etc. PC's are used, but not for anything more critical than as terminals for accessing the equipment in the machine room. The equipment works well. Partly because very expensive equipment is designed better, partly because it is easier to design and test software when the hardware configuration is carefully controlled, and partly because the number of computers is small enough for the IT department to be able to support.

This all works great until the big iron starts costing too much money. Maybe the electric bills are too high (some old mainframes draw a LOT of power!) Maybe some parts have broken and need replacement. Maybe the annual maintenance contracts are getting too expensive. Maybe the manufacturer is dropping support for the old equipment. It could even be something as trivial as needing more hard drives.

At this point, the IT department is doomed. They would like to buy more of the same. Add more memory/disk to the mainframe. Replace one cluster of minis with the newest model. Move to the latest system software. Ideally, they want to keep everything exactly the way it is. But their bosses won't stand for this. They know an upgrade is needed, but they don't want to spend the money on new big-iron. They look through the latest Dell/Gateway/HP catalog and see that PC's cost $500 each, and PC servers cost $5000 each. They order the IT group to replace the mainframes with a network of PC's.

Sometimes, an IT manager can fight this. Most of the time, he doesn't dare. He can be fired and replaced with someone who will tow the corporate line. The decision has already been made, and made by people with absolutely no expertise.

So the PC's are installed everywhere. The IT managers get bonuses for saving money (if they can make their bosses believe the move to PC's was their idea), and the executives consider the case closed. Everybody pats themselves on the back for a job well done (except for the IT people who know exactly what's about to happen - usually the help desk staff.)

Soon, the PC's start failing, or other weird problems start happening. Users have random system crashes. Unwanted programs (spyware, viruses, worms, etc.) start installing themselves all over the place. Users bring programs in from home, even though there may be a policy forbidding it.

The IT help desk does their best to keep everything running smoothly. They patch, clean, upgrade, and reinstall the PC's as necessary. But the problem doesn't ever go away. This is partly because the hardware is cheap junk. Partly because individual (usually untrained) users are doing their own system maintenance (even possibly against corporate policy). Partly because hackers and script kiddies attack Windows far more often than any other system. Partly because the IT staff has not been properly trained to transition from mainframe maintenance to Windows maintenance. And partly because Windows really is very insecure and very expensive to maintain in a large networked environment.

So the users start complaining a lot. The IT help desk gets swamped with calls. There is never enough money in the budget to hire more help desk staff. Help desk staff burn out and quit and have to be replaced with new staff that don't have sufficient training. This forces the help desk to start using handbooks instead of analysis in order to keep up with the calls, degrading the quality of support and making users even more angry.

IT clamps down on security by installing draconian firewalls and proxies throughout the network. They lock users out of their own PC's in order to restrict who upgrades what. They download and test/review every patch from Microsoft and push the updates onto user's computers over the network.

But this isn't fast enough. Soon a virus arrives and trashes the network. It takes weeks to fully recover. Word gets around that Microsoft actually had a patch available to fix the security hole that the virus used, but it wasn't deployed across the corporate network. Because IT hadn't yet tested the patch against all the corporate software. Those users who had hacked their way around IT's restrictions and installed the update anyway, of course, weren't damaged by the virus.

In order to prevent this from happening again, IT turns on Windows' auto-update facility, where patches are automatically downloaded from Microsoft and installed. This prevents a recurrence of the problem, but it also eliminates any semblance of control over the network. IT no longer knows what system software is running on the PC's. Some patches will break applications, and IT won't find out until after users complain about the broken apps.

The situation spirals further and further out of control. Ultimately, the entire IT department is little more than a group of highly paid errand-boys. All of the real system maintenance is being done by the software vendors through automatic updates. The IT people will run cables and replace broken hardware, but they end up powerless to do anything else. The help desk tries valiantly to make the best of the situation, but ultimately, they are powerless to do anything more than chase down symptoms, read scripts, and apologize a lot.

Some people in IT see this happening and they know exactly why. They know that they need to get rid of the PCs and consolidate control back in the machine room. But the reasons for getting rid of the big iron (high cost) still exist, and executives refuse to include in-house support as part of the cost of running a PC-based network. And he who admits an error gets blamed for it. And users won't want to give up the freedom they were given, even if that freedom is clobbering their ability to do their jobs.

And, of course, the executives will say something like "Everybody else has switched over to PC's and they're doing fine, so the problem must be with you and your staff." Completely ignoring the fact that everybody else is also melting down and refusing to admit it.

Which is where we are today.

Monday, August 29, 2005

... and so it begins ...

No comments:
Remember the Rio? The first commercial MP3 player? Originally made by Diamond Multimedia, most recently made by D&M Holdings.

Well, D&M has decided to drop the Rio line of music players. Apparently they decided that they could not profitably compete against Apple's iPod.

Thursday, August 25, 2005

I got an iPod. Yippie!

No comments:
OK, so maybe this is of no importance to anybody else, but I'm thrilled over this newest arrival to my collection of tech-toys.

I've been wanting an iPod since they were first invented, but various factors prevented me from getting one. At first, it was the small capacity (my music collection is around 40GB. That's what happens when you've been buying CDs for over 15 years and rip them all into your computer.) Then it was the high price for the models large enough. Then (after figuring out how to load a random subset of music into it) it was indecision over what model to buy.

Well, fate made the decision for me this month. Earlier this year, Exabyte (makers of tape drives) ran a "VXA Saved The Day" promotion. You were asked to send in your stories about how their tape drive averted disaster. I told them about how an aberrant disk utility trashed my Mac's hard drive, and how I was able to recover in a few hours thanks to a full system backup on my Exabyte VXA-1 tape drive.

Well, they liked my story and I won an iPod mini (silver color). It arrived in the mail yesterday, and I'm enjoying it quite a bit. This is the previous generation mini, which means a shorter battery life (8 hours instead of 18), but with more bundled accessories. Mine came with both USB and FireWire cables, and an AC adapter. (The current model only includes a USB cable.)

I spent a few hours last night hand-picking songs to load into it (in the future, I'll set up iTunes to load stuff randomly, but right now, it's a new toy and I'm playing with it.) A simple audio cable to connect it to the car stereo, and I'm all set to take a road trip without bringing along a box of CDs.

I also noticed a feature in it that I requested from Apple a few years ago, and that hasn't gotten much publicity. The iPod supports a sleep timer. You can configure it to play for a fixed amount of time (15 minutes, 30 minutes, 1 hour, 1.5 hours, or 2 hours), after which it will turn itself off. Which means I can attach it to the stereo in my bedroom and have it play me to sleep.

At this point, the only question I have (which I'm sure will be answered soon) is how long the batteries will really last on a charge. Apple says that this model will run for up to 8 hours on a charge. Hopefully, they will be right.

Tuesday, August 23, 2005

C|Net: Info from Intel's Developer Forum

1 comment:
Intel showed off its roadmap for 2006 and 2007 at this year's Developer Forum.

Low power consumption is the big deal for all the new chips:

Notebook chips
Pentium-M (22W)
Low-voltage Pentium-M (5.5W)

Merom (5W)
Low-voltage Merom (0.5W)
Desktop chips
Pentium 4 (95W)

Conroe (65W)
Server chips
Xeon (110W)

Woodcrest (80W)

Follow the link to the C|Net article for all the details.

Friday, August 19, 2005

Interview with John Gruber

No comments:
John Gruber, owner of the Daring Fireball blog, was recently interviewed by the GUIdebook Gallery. The discussion revolves around the good, the bad and the ugly regarding the Macintosh user interface.

A good read for anybody interested in UI issues.

Wednesday, August 17, 2005

Orson Scott Card on Weapons of Mass Destruction

No comments:
Orson Scott Card, along with several science fiction writers recently attended a convention in England to discuss weapons of mass destruction.

The result of the discussion is both reassuring and frightening. Follow the link for the whole story.

Friday, August 05, 2005

Indiana judge outlaws Wicca

No comments:
Recently, a Wiccan couple filed for divorce. Both parties are continuing their practice of Wicca (a non-mainstream religion that is gaining popularity in some parts of the country.) The judge presiding over the divorce, however, has ordered that their son be "sheltered from the involvement and observation of these non-mainstream religious beliefs and rituals."

In other words, the judge ordered the parents to not teach their own religion to their own child. This is clearly a violation of their First Ammendment rights.

This ruling was appealed and upheld. The family is continuing to appeal to a higher court. If they violate the judge's order, the child could be taken away and placed in a foster home.

Before you write this off as an isolated case, consider what precedents this might set. Suppose a judge in the future decides that your religion is not mainstream and should therefore be forbidden from your children? Texas has already decided that the Unitarian church is not enough of a religion to qualify for tax-exempt status. It's not a stretch to imagine a judge deciding to take away the children of Unitarian parents, based on this decision.

Virusses, start your engines

No comments:
Microsoft's public beta for Vista (their next generation of Windows) has been out for only eight days when someone has already written a virus for it.

Does anybody seriously think Microsoft knows or cares anything about security when things like this can happen?

I do find it a bit amusing that most people haven't bothered reporting this. Apparently everybody just expects Windows to be full of virusses, so one more really means nothing.

Thursday, August 04, 2005

PS3 running Mac OS???

No comments:
This article is an interesting overview of Sony's new Playstation 3, which is expected to ship next spring.

Of particular interest, scroll down to the bottom line where it reads:

Sony is expected to offer optional hard drives for the PS3 with potential memory capacity of 80 or 120 GB. It remains to be decided whether the standard version of the PS3 will come complete with a hard drive. The operating system has also yet to be clarified. The integrated Cell processor will be able to support a variety of operating systems (such as Linux or Apple's Tiger).

I can understand Sony supporting Linux, but Mac OS (Tiger)????

While it may be true (and is likely) that the PowerPC-based Cell processor is compatible-enough with existing PowerPC G3/G4/G5 chips to make it compatible with Mac OS, it takes a lot more than a compatible CPU to make a compatible computer. And Mac OS is closed-source, so the system isn't going to be ported without Apple's say-so.

My guess is that this is Sony's marketing people not understanding what they are writing, but who knows. Maybe Apple will decide to team up with Sony to provide some kind of non-gaming system software for the PS3. I wouldn't expect it, but Apple (at least recently) seems to enjoy doing what the rest of the world doesn't expect.

Alternative creation theory: the Flying Spaghetti Monster

No comments:
Sounds good to me. Now if only we can force the Kansas schools to teach it.

Tuesday, August 02, 2005

Brain-dead hotel security violating your privacy

No comments:
Today, most hotels use the TV as an interactive computer terminal. The TV can be used to make purchases, check out, pay the bill, purchase movies, purchase video games, and a plethora of other services. They also provide a lot of administrative functionality that guests normally don't know about.

Any network engineer with even an ounce of sense would design such a system with encryption in the set-top boxes and a security server in the back-office.

But they're not designed that way. The network involves no encryption whatsoever, and the TV programming is not scrambled in any way. All of the security exists in the set-top box, and nowhere else.

Which means that any person that brings his own TV tuner (like a USB-based tuner attached to a laptop computer) can tune in on all of the TV programs, including the ones you're supposed to pay extra for. And with a little more work, you can access all of the administrative screens, allowing you to view the accounts for everybody in the hotel, set wakeup calls for anybody in the hotel, and even alter some billing records (like movie purchases and minibar usage.)

In the future, when hotels start adding cameras to the TVs (presumably for allowing video-chat features), you'll be able to tap into that as well if they don't wise up and implement a more effective security model.