November 21st, 2009

Educating IT decision makers

Posted by Paul Murphy @ 12:15 am

Categories: Applications, Enterprise Policy, General, Productivity, Strategy

Tags: Education, Risk, Information Technology, Strategy, Management, Paul Murphy

One of the more difficult questions behind some of the discussion here over the last week or so involves the extent to which we should try to educate our users so they can make informed choices.

The most basic problem, of course, is that it’s easy to support education in the abstract and extremely difficult, particularly when you’re involved with real world decision making, to separate education from advocacy.

I’ve got an unusually nasty version of that problem with a project I’m working on because I’m on both sides of the fence: user and techi. As a user I’m quite sure I know better than anyone else what needs to be done, and as a techi I’m quite sure I know better than anyone else how to get it done - the problem being, of course, that’s there’s no actual evidence to support either belief.

In this particular case, and I suspect often enough in other contexts, what’s going on is that I’ve spent a lot more time on this then they have, and as I help them catch up, both their views and mine are going to get modified. We are, in other words, most likely to educate each other about the specifics of the one and only right way of doing this - i.e. the one that evolves for us over time.

However, if I peer deeply enough into my navel, I think I can clearly group the issues or things about which there’s consensual uncertainty into three categories - and maybe learn something from doing that:

1. there are clear issues of fact on which I’m convinced my conclusions are largely unassailable.

   For example, I expect to use open source software, on Unix, for this - and maintain that for the particular class of application we need, Domino is the only proprietary option that makes the slightest sense, but that would be too expensive. (In fact, it would cost about $250K more upfront than using an open source mix, but in the long run the most likely IT related risk to be realized by this organization is that they hire an idiot to run the system - and using Domino could reduce both the risk of that happening and the rate of IT collapse if it does.)

   On these kinds of issues, therefore, I see no distinction between preaching the obvious to my user colleagues and educating them.

2. there are conclusions I’m equally sure about, but can see counter-arguments on - most are cases where cash costs are knowable, but the costs of what happens if some risk is realized, are not.

   For example, I’m convinced that the risks of using cloud anything vastly exceed the cost of owning and operating almost everything (except the net) ourselves. At the same time, however, bandwidth costs (especially in Canada where they’re more than three times comparable U.S. numbers) make a powerful argument for using other people’s bandwidth, and thus other people’s servers. Notice, however, this this isn’t as simple as it seems: a good compromise may be to do everything in house, but rent space on servers maintained by the three network carriers as store and forward points for bandwidth intensive material like videos.

   On these kinds of issues, therefore, I try to very carefully separate advocacy from education - explaining costs and risks in as nearly objective terms as possible, while stressing that decisions made to minimize risk (as opposed to decisions made to reduce immediate dollar costs) are almost always highly subjective. Thus showing them what the cost choices are is mostly education, but valuing risks avoided is mostly advocacy.

3. there are conclusions that reflect little more than bias and familiarity - but that familiarity is a ticket to both risk and cost reduction.

   I’m comfortable, for example, with limesurvey and think it can do a particular part of the job very well. Is it really the only choice? No, but it’s the only choice I’m immediately comfortable with and therefore the one I’d like to educate my users to choose - except, of course, that’s it’s pure advocacy for me to do so.

So where can we sensibly draw the line between advocacy and education? Logically it’s education if it helps them make their own choices, and advocacy otherwise - but, in practice education is often so slanted as to be indistinguishable from advocacy (even by those involved) unless you already know enough about the subject not to need to education. As a result my bottom line is a cop out: the idea that just making sure that both you and your users are aware of the issue and the impact it has on your working relationship is half the battle - while the other half is both so situation specific and touchy-feebly in nature that it’s like walking through a minefield: every step an adventure, and your first mistake also your last.

November 14th, 2009

An interesting exchange on politics and IT

Posted by Paul Murphy @ 12:15 am

Categories: Applications, Enterprise Policy, General, Infrastructure, Productivity, Security, Sun

Tags: Information Technology, Strategy, Management, Paul Murphy

Here’s a comment on last Saturday’s blog by “dedmonst”:

OT: squaring your political & technology views…

Paul,

slightly OT, but something that’s been bothering me…

Please pull me up if I’m being presumptive here, cos I confess to only dipping in to your blogs and comments occasionally, but I had you down as a republican - which I would have assumed (yes I know ass-u-me) put you in the bracket of beleiving that “the market will find a way” - i.e. let the market operate freely and the best operating mechanisms etc etc. will float to the top.

However when you talk technology you are constantly telling us “the market has got it dead wrong”. Your so called “data processing” folks, MS windows, what you call “ghosted virtualization” make up a vast and ever growing part of the market…

So how do you square these views? Or what assumption about you do I have wrong?

I wrote a quick response, ran an errand, and came back to replace the first response with this one:

This circle not square - (earlier response deleted - this is v.002)

The essential difference between people on the left versus the right of the political spectrum is that leftists want to tell others what to do and rightists don’t. Thus Pelosi’s health bill has jail sentences for those who don’t buy into her health insurance ideas while Palin thinks you should make your own decisions.

Put this in the IT context and what you have is a bunch of people on one side in IT who think they should tell the business what to do, and others, like me, who think the business users should make their own IT decisions.

Thus they demand central processing with central control, I argue for central processing on cost, security and reliability grounds with decentralized control for business productivity reasons. They want to tell users what to do and how to do it, I want them to figure out what they need to do and then do it.

But how can I see “the market” as wrong given the DP/Wintel majority in place and still defend people’s right to choose? Easy, I see most people as misled, by themselves and others, on most IT issues. DP had a fifty year headstart, the advantage of a position in finance, and the benefit of the high school nerd vs party people differentiation that keeps senior people from questioning them - and, most of all, ensures that few ever figure out that data processing and computing are different things.

So I tell people to smarten up - saying that the people who comprise the market can and should correct their mistakes. That’s a right wing perspective and approach. Most DP/Wintel people, in contrast, say its settled science and the user should shut up and pay - that’s a classic left wing position.

So, bottom line, no conflict.. :)

I thought this exchange worth repetition here because it strikes at the heart of a conflict most IT managers feel nearly every day: we’re paid to provide services to users but they generally appreciate neither the service nor our skills, most don’t understand what we do, many make demands that seem unreasonable, and a few demonstrate increasing irresponsibility with every action - so why not tell ourselves we know more about how tech should be used than they do and use our organizational leverage to insulate ourselves from them?

My answer is that the only really effective way to address this conflict is to remove it - and that you do that organizationally by either making IT the business or by turning IT people into business people: giving them the power to affect IT change but posting them in user groups and making them report to user management.

This is ultimately why I like Sun and Sun Rays - not because I love the company or the technology, but because this combination enables me to have a very small operations group responsible only for keeping the lights on, the machines running, and the IT bills paid while my sysadmins work in user areas to make that central system do whatever their local users want. You need the right people in the trenches, you need to empower your sysadmins far beyond what seems responsible in other organizational forms, and you need a very light but steady hand at the helm - but the end result is that your people cross train themselves, you get very close to 100% reliability on systems that change in some detail virtually every day, help desk and related PC costs disappear, and the productivity killing user/IT differentiation characteristic of most large organizations just quietly fades away to leave your IT people with better jobs and the business with an electronic nervous system that works.

October 24th, 2009

What Windows7 could mean for Linux

Posted by Paul Murphy @ 12:15 am

Categories: Apple, Applications, Development, Linux

Tags: Marketing, OpenBSD, Microsoft Corp., Linux, Operating Systems, UNIX, Open Source, Software, Paul Murphy

I’ve had people using Windows 7 for about three months now, and everything about it so far seems to confirm my first impression that it’s a lot better than Vista: effectively reprising the consolidation and debugging Windows 98 offered over 95.

Once you get past the sheer shock of using a Microsoft OS that doesn’t fail daily, however, you start to fret about the things that aren’t there: as a Mac/Solaris user, for example, I find the absence of multi-screen capabilities and the relative inflexibility of working panes and icons extremely frustrating. Still it is usable; and that’s a long step forward - at least until you get to development work.

Then the frustrations set in: Visual Studio is very slick, but very limited. Specifically, it’s great if your application is going to use a super-computer desktop as a graphics terminal but pretty much counter-productive if you want to sidestep client-server and produce genuinely integrated multi-host applications.

So why? Well, mainly because Microsoft’s inability to transcend its own 90s focus on helping its sales force make money selling client-server into businesses has left the whole .net thing Microsoft promised to integrate into Longhorn and its successors implemented, along with the promised PICK-like file system and security conscious display frameworks, only in marketing documentation.

Organizational disfunction aside, I think the key technical reason for this has been that getting those things done within the underlying memory and process management paradigm Windows NT+ inherited from VMS has proven, if not actually impossible, at least too hard for Microsoft to make a commercial success of.

So now it wants to sell cloud computing and applications rentals but doesn’t have the OS foundation on which the development of these products has to rest - and that’s going to force Microsoft into a build or buy decision.

They’ve been trying to build a network based, vaguely Unix like, OS for PowerPC for about six years now -with no success to speak of, so my guess is that the build exponents will eventually lose the argument - leaving Microsoft with three mutually exclusive choices:

1. get there through a licensing deal with Apple;

2. do it by adopting and extending OpenBSD; or,
3. do it by adopting and extending Linux.

Each approach has pluses and minuses: the Apple approach would cost the most upfront, but drop a leading competitor out of Microsoft’s desktop markets; the OpenBSD approach combines low cost with a high quality code base and a well deserved reputation for security; and the Linux approach capitalizes on the breadth and capabilities of its community while threatening IBM.

You’d think Microsoft could do the Apple deal at the drop of a phone call to Mr. Jobs - who clearly wants to be out of the traditional PC business anyway - but my guess is that the emotional barriers to rational behavior on this will prevent that phone call.

If it comes to shootout between the OpenBSD and Linux options I suspect Microsoft’s techies will line up favoring OpenBSD as offering the stronger foundation for all the neat stuff they dream of doing, while all the marketing types will favor Linux - and in that company marketing trumps technology every time.

So the bottom line for Linux on Windows may be simple: Windows7 is probably Microsoft’s best OS yet and will therefore slow the move the Linux in the short term, but the limitations built into Microsoft’s development stack show it to be a dead end that will leave Microsoft marketing magnificent visions of its unfolding future while quietly figuring out how and when to abandon that code base for something else - and because that something could very logically be Linux it might be time for the Linux community to start paying a lot more attention to legacy interoperability with Windows.

October 10th, 2009

Clouds vs. Appliances

Posted by Paul Murphy @ 12:15 am

Categories: Applications, General, Strategy

Tags: Data Center, Information Technology, Data-processing, Data Centers, Cloud Computing, Virtualization, Strategy, Storage, Hardware, Data Management

When people talk about cloud computing as the future of corporate IT they’re generally thinking more or less in terms of traditional applications coupled with some processor intensive work in areas like business analytics or numerical analysis. I don’t think any of that’s going to happen - instead I think that cloud computing will evolve mainly into services for smart phones and ultimately form a kind of connective fog: an extension of present internet usage providing the processing needed to accomodate mostly store and forward type functionality.

If the upside of traditionally conceived cloud computing is exactly that of 70s style time sharing - namely, that you neither own nor operate the infrastructure and can therefore largely bypass internal IT to get applications working on it - its nemisis is exactly the same too: cheap local computing.

That’s what the PC promised and why so many corporate managers took advantage of data processing’s eagerness to buy from IBM to order hundreds, and often thousands, of PC/ATs when those first came out - and it’s also why many became even more cynical about IT when the first machines turned out to be laughably inadequate and later ones proved so unreliable that technologies brought in to free users from the data center are now owned by the data center and run by the data center.

Appliance computing, a model under which the customer buys a service delivered via a local processor local IT does not have root access to, had a brief resurgence in the ninties but neither the machines nor the software then available could handle larger, more complex, corporate applications without considerable on site expertise. At the time, therefore, that solution was largely limited to perceived simple and peripheral tasks of the kind we now associate with “purely hardware” solutions (like routing) or hosted services (like running Apache servers).

Today, however, those limits are largely gone and there are no big technical gotcha’s facing a company that wants to sell its customers things like fully vendor installed and vendor monitored ERP/SCP applications running on supplied servers and desktop displays entirely on the customer’s premises and physically in the customer’s control.

To get these the customer would simply sign a usage agreement and provide appropriate space, power, and network access to the vendor. Once installed, users would treat the applications the way they do the telephone: as something that just works and is monitored externally rather than by local data processing people - and, of course, if the vendor went under, they would simply take possession of the equipment, invoke contractual rights to passwords and licenses kept in escrow, and have at least as much time to adapt as they would if traditional IT had brought the applications on board in the traditional way.

The beauty of this approach is that it gives user management willing to accept standardized software direct control of its own IT while reducing both cash costs and business risk - quite the opposite of what this rather inadvertent bottom line comment (from a March 2009 Financial Times report on a gmail shutdown) reveals about the essence of cloud computing:

The glitch that led to the first global shutdown of Gmail since August began on Tuesday, during routine maintenance.

There’ve been what? five so far this year?

September 12th, 2009

Pano, Sun Ray, and the Wintel gestalt

Posted by Paul Murphy @ 12:15 am

Categories: Applications, Development, Enterprise Policy, General, Hardware, Strategy, Sun

Tags: Wintel, Smart Display, PC, Sun Microsystems Inc., Sun Ray, Pano, Desktops, Hardware, Paul Murphy

The latest, most wonderous, hula-hoop to hit Wintel is the zero client - and the process by which a 15 year old Unix innovation finally made it to the Wintel community shared consciousness illustrates both how PC marketing works and something about the consequences of taking the PC press too seriously.

Years ago HP offered the option of putting the keyboard, screen, and mouse on the user desk and the PC on a rack in the data center - but this idea didn’t sell well. In today’s version that physical PC has become a ghost: a virtual PC running in server memory, and quite a few companies are now selling smarter ways of connecting the desktop to it than the traditional Wintel approach in which real licensed PCs run licensed PC emulators accessing licensed virtual PCs.

Right now the company at the leading edge of this seems to be Panologic - makers of the Pano System. The Pano is a neat device: it does no local computing, can provide some cryptology support, and uses the standard network to connect to the host session - now limited to a virtual PC running under some OS like VMware’s.

If that reminds you of the original Sun Ray, it should because other than requiring the server to load and run a 512MB Windows emulation to run a 10K user process, the Pano System offers roughly the same features, costs roughly the same, is managed roughly the same way, and provides roughly the same benefits in terms of cost, heat and noise elimination, manageability, and desktop security.

Lots of PC reviewers love this thing - zdnet’s own Jason Perlow calls it “revolutionary” and sees a big role for future zero clients running Linux.

Now, personally, I’m hoping Pano does extremely well: that Gartner’s projection of 660 million virtual PCs by 2011 turns out an underestimate, because the ideas behind it are both inevitable in the long run and as valuable to business now as they were 15 years ago - but the company’s success in raising its own hype rating raises a question: what makes Pano hot where Sun Ray has long been an untouchable?

The answer, I think, comes in two parts: first Sun marketing refused to sell Sun Ray as what it is: a smart display; and instead insisted on pretending it is what it isn’t: a thin client. Pano’s self description as a “zero client” is lot better; in fact, it’s halfway home because both devices are smart displays and not clients at all.

The second part is more subtle: ever wonder why getting drunk together has been a bonding ritual for thousands of years? It’s the civilian version of playing with the elephant because alcohol, like terror, both cripples and isolates - making getting drunk together a powerful means of forming an Us by imposing the mutual equality of incapacitation on its members while setting up a strong boundary against Them - the sober people outside. Pano’s limitations and marketing are designed, I think, to exploit this phenomenon: to use Pano you have to have Windows, you have to have Active Directory, you have to have VMware (or something similar), you have to have x86, and the sales pitch assumes a whole panoply of popular delusion: from the value of PC style virtualization to climate change guilt - while Sun Ray, of course, presents as the sober opposite: a content agnostic device sold on value.

So what’s the bottom line? if you’re running an all wintel shop and think that’s your future: I suggest you ignore Pano’s sales pitch to take a close look at the cost, security, and managability benefits products like theirs can bring you - and when you find out for yourself how well the smart display idea works, you should then ask whose bad advice led you to not take this route ten or even fifteen years ago.

August 29th, 2009

Vindications: ah, the week that was

Posted by Paul Murphy @ 12:15 am

Categories: Applications, Development, Enterprise Policy, General, Government

Tags: SCO Group Inc., IBM Corp., Paul, System, Linux, Open Source, Mainframes, UNIX, Operating Systems, Servers

I’ve been having a great week: no rain, the arguments the rocks I’m working with put up have nothing to do with IT, and lots of gratifying news floating in.

I didn’t notice at the time, but apparently away back in July the London Stock Exchange got some serious press attention for cleaning its executive stables and following that by tossing the infamous TradEelect system to the wolves.

Regular readers will of course remember my comment on Microsoft’s use of the TradElect contract with LSE to hype its technologies over Linux: basically that the decision had nothing to do with Linux, that the subsequent trading shutdowns reflected bad management more than poor technology, and that the people involved should be tossed out along with the software.

All kind of obvious really, but of course this generated a certain amount of off topic fury from the wintel committed - for example, deadwood1 had this to say:

Problem had nothing to do with .net or TradElect

You should do some research before you leap gleefully at any attempt to blame MS technology. The failure was due to LSE attempting to do an upgrade themselves that they screwed up. It had nothing to do with .NET not performing or a failure of the application. You lose credibility when you let your personal prejudices overshadow your journalistic integrity.

Then this week SCO finally got its chance to face Novell in court - and since that whole issue is both an absolute no brainer and the key to either forcing a settlement on IBM or eventually getting the actual claim into court, people like “Wolf_z”, who wrote the comment excerpted below in response to my my comment on the Novell issue are going to be leaving their expertise on the law off their resumes:

You (conveniently) overlook a few things.

5. Paul has some inexplicable need for SCO to win, perhaps he owns SCO stock. happy SCO had no case, never did have a case, and chose the wrong tiger to poke with a stick.

7. SCO isn’t a threat now, and in reality never was. If there’s anything left of SCO once they are forced into chapter 7 (which shouldn’t take too much longer) IBM’s counterstrike will leave SCO a smoking crater.

Given all this, I feel very comfortable making the following predictions:

1. The judgement against SCO will stand, the appeals court will find Judge Kimball decided correctly.

2. SCO will enter chapter 7 involuntarily before the end of the year.

3. It’s my understanding liquidation of SCO won’t stop IBM’s countersuits, so the smoking crater might be filled in with salt. happy IBM probably *will* choose to continue in the face of SCO’s liquidation. IBM will want to make very sure no one else is stupid enough to repeat SCO’s mistake in the future.

And, of course, lots of people, including one Guy Smiley, vent their expertise on threading models and Intel’s halfway house approach to hyper-threading with stuff like this:

Your’e hilarious Murph…

So 1 HBA is bad because you get no parallelism, but 2 NICs is bad because you get bus contention. Riiiiight.

Your problem, Murph, is that you assume what you’re trying to prove. Instead of analyzing anything objectively, you just look for the quickest way to reach the conclusion that Windows sucks. The result is that your arguments contradict each other, ignore the facts, and generally don’t make any logical sense.

So what did AMD do this week? Announce a “new” form of multi threading for its “Bulldozer” x86 cores that’s learned from Sun, optimized for Unix (including Linux), but has backwards compatibility features to support the Windows model.

But, of course, the number one subject on which I have received hate mail (due, I think, to an organized campaign by some data processing people) has long been my position that running Linux on a mainframe IFL rarely makes sense for both cost and performance reasons. So what happened last week? IBM cut its IFL and related pricing by up to 40% - and the redoubtable Timothy Morgan, a man whose editors have not, I believe, been threatened with the loss of IBM’s ad dollars, wrote a remarkable article for the register in which he looks at the cost of the IFL approach.

For this article he postulates that it’s possible to see just how many Intel Nehalem chips IBM thinks each IFL can replace by costing out the IBM approach and then seeing how many x86 Nehalems that same money would buy - an approach that lets him report the numbers without being even the least tiny bit critical of IBM.

The entire article is well worth reading - here’s a longish extract encapsulating the key bit I’m interested in here:

When you do the math, that works out to $323,204 for a five-processor Linux machine with no memory, no disk, and no systems software, including z/VM or Linux. Because there is a big disparity between the cost of Linux on the mainframe and Linux on x64 boxes - excuse me, I forgot to speak perfectly GNUbie there: the disparity is between Linux support costs, since Linux is not an operating system and even if it were, it is free - let’s add Linux to this barebones mainframe.

Given the discounts that Novell has cooked up and its 80 per cent market share on the mainframe, let’s slap some SUSE Linux Enterprise Server 11 on the System z BC box. It costs $10,200 per engine, with discounts for a one-year standard support contract for SLES 11 on mainframes, so that adds another $51,000. (At list price, this would cost $75,000.)

If customers want to pre-pay for five years of support, they can get a support contract for $37,499, or $7,499 per engine per year. That’s a big price drop, so let’s be generous and do the comparison over five years. The bare System z machine with Linux and five years of support costs $510,699.

Let’s now look at how many Xeon 5500 boxes with Linux and support that gets you, not including memory, disk, or hypervisor costs, as fairly as we can, given the lack of information about mainframe pricing. We’ll take IBM’s own System x servers, and use the System x3550 M2 rack server, the cheapest of IBM’s Nehalem EP boxes. With two of Intel’s four-core, top-end Xeon X5570 processors, the x3550 M2 costs $6,681. Main memory for this x64 box costs $109 per GB, and there is no way IBM is not charging a lot more for main memory on mainframes.

Now, toss on SLES 11, which is priced per machine, not per processor core, on x64 machinery. It costs $799 per box per year, or $3,995 per box for five years of support. So that comes to $10,676 for a bare-bones x64 Linux image.

What these system prices imply is that a fully-engined System z BC with five 3.2 GHz engines should be able to support the same number of Linux images as 48 of those System x3550 M2 rack servers, which have a total of 384 Nehalem cores running at 2.93 GHz.

As in, “Ya - you know, like he said” - pricing parity means either that any performance discrepancies between the 16Ghz delivered by the five IFL engines and the 1,125GHz delivered by the x86 boxes are purely imaginary, or that the mainframe approach is a trifle over-priced.

But hey, what am I doing about it? Nothing - I’m going out to argue with another couple rocks.

August 8th, 2009

The! meaning! of! bing!

Posted by Paul Murphy @ 12:15 am

Categories: Apple, Applications, Database Management, Enterprise Policy, General, Strategy

Tags: Dell Computer Corp., Hewlett-Packard Co., Oracle Corp., Information Technology, Sun Microsystems Inc., Microsoft Corp., IBM Corp., Sales Strategy, Strategy, Sales Force Management

On the surface the bing/yahoo deal carries a simple technical message: unstructured search has finally defeated structured search. Less obviously, however, the real meaning of the deal may be financial.

IBM, Sun/Oracle, and Apple are all integrated businesses selling hardware, software, and IT services to customers worldwide. IBM and Sun/Oracle are direct competitors in commercial IT, while Apple sells from a unique consumer communications perspective, but each develops IT and related technology for its own markets and offers its customers everything from career support to systems that work.

In comparison the HP/Dell/MS/Intel grouping is a strategic mess. Between them they cover the same markets the other three do, but no single player dominates; the people they depend on for sales are aging; competition from outside the group is fierce; and technically they’re not in the game with the other three.

So what to do? HP has succeeded in becoming Compaq; but, like the original, they’re hurt by their lack of OS, application, and engineering control. Meanwhile, Dell is just a house branded reseller, Intel continues its long and proud history of popularizing AMD technologies; and Microsoft is constrained by its organizational inability to transcend its own x86 programming and sales models.

To succeed against IBM and Sun/Oracle the Wintel group need more than mere momentum; it needs tighter integration, and a more engineered product focus. When and how that will come about is an open question - but Microsoft’s recent ads for the non existent Microsoft PC suggest, I think, that they’ve chosen to to address this by building an integrated products and services company of their own. Thus the financial meaning of the Yahoo deal might be that Microsoft gets a longer reach, but keeps its cash available for strategic acquisition: presumably either HP or Dell.

That would give the world three big integrated IT suppliers plus Apple: all offering their customers everything from hardware to application support services -with IBM selling into its traditional big money DP markets, Sun/Oracle selling advanced technologies and packaged applications, and the Microsoft PC company straddling in the middle: advertising technology but mainly selling to hobbyists, small businesses, and data processing.

So which one? I’d bet on Microsoft going after Dell now and AMD later because that will force HP and Intel to make some deeply traumatic choices - but there’s no good reason Mr. Balmer couldn’t cut the Microsoft PC company’s long term cost of slaughtering HP by going after both companies right now: he’s got the money; anti-trust in the Obama is just a loyalties issue; and a survivor, if there is one, would be seriously weakened.

July 25th, 2009

Thinking about ROCK

Posted by Paul Murphy @ 12:15 am

Categories: Applications, Enterprise Policy, General, Sun

Tags: Sun Microsystems Inc., Processors, Semiconductors, Hardware, Components, Paul Murphy

Last Friday my wife and I went to Thompson Falls, Montana, to look at a granite quarry and, as it turned out, buy 32 tons of the stuff for some home improvement work I’m really not looking forward to. It was a fun, relaxing, day: we drove the Highway to the Sun across Glacier National Park early enough Friday morning to see virtually no other traffic, were amazed by the lush valleys and enormous vistas on the western side of Montana, got along well with the people we met at the quarry, and had a pretty good dinner near Columbia Falls on the way home.

Still, as frequent readers must know, it’s just not possible for me to drive the Highway to the Sun, stare at trillions of tons of vertical rock all day, wander through a large commercial quarry talking rocks, and not occasionally think about Sun’s Rock processor.

Some people, of course, think this thing’s been canceled; others, including me, dismiss that report as just part of the overall attempt to damage Sun as much as possible; while still others have speculated (correctly, I think) first that the rock processor could really make Oracle’s RDBMS and business applications rock and later that the ideas will survive Sun no matter what.

What occurred to me, however, was this: people have studied the use of transactional memory in the development of security and transactional authorization monitors but, at least to my knowledge, nobody’s linked four core Sun technologies: DTrace, HTM (hardware transactional memory), CMT, and processor based, hardware supported, packet cryptology in this context.

With these you could build an applications environment that automatically wraps transactions inside a TPM, automatically encrypts and “channel hops” all communications, automatically monitors processors for both unexpected results and unexplained activity, and automatically inserts a user defined authorization function into each transaction.

Applications written within environments like that to control many physically separate units acting together could be guaranteed to degrade gracefully as these units fail, guaranteed to warn users if attempts are made to corrupt them, guaranteed to be fully auditable after the fact, and can be made arbitrarily difficult for an outsider to corrupt.

The obvious applications here are offensive: to control, for example, a flock of smart weapons going after a submarine, a sniper, or some particular piece of enemy infrastructure. The more defensive and immediate applications, however, are in work like hardening networks and civil infrastructure (particularly electrical distribution and generation) against both accidental and intentional corruption or subversion.

Both Oracle and Sun sell into those markets now - and because those markets are spending enormous sums on labor intensive, make do, solutions that provably don’t work very well, the bottom line for Rock is that a little imagination and a little courage is all the Sun/Oracle combination will need to make this a mega win - and not just for their technology and companies, but for the country.

July 18th, 2009

Managing IT in desperate times

Posted by Paul Murphy @ 12:15 am

Categories: Applications, Development, Enterprise Policy, General

Tags: Paul Murphy

It’s hard to get your head around this, but lots of people are doing the impossible right now: revising bet-your-job IT budgets for fiscal 2009/10.

Unemployment in Michigan hit 15.2% last month, in California it’s 11.5%, across the US it’s 9.5%, and New York is set to try out for a new world record job loss rate by raising some tax rates to 58% of income - the only safe jobs in the United States right now are in government, and those have false floors because the tax revenues needed to sustain them once the stimulus monies run out simply won’t be there.

So, some unhappy advice for my American friends in IT management:

• if you can retire, or motivate others to retire, do - but be aware of the risks. There’s nearly two trillion newly printed dollars floating around with nothing in the economy to back them. Covering that deficit will require some combination of significant inflation and vast new taxes: either way some disruption is inevitable, so retire if you can, but think twice first.

• Windows 7 looks pretty good (it compares to Vista like 98c did to 95a). Any “Vista capable” PCs you may have can run it, and users will thank you for what they’ll see as real and positive change.
• On anything else to do with Windows, stop digging the hole. If it works, do any Win7 compatibility changes needed and leave it alone. Freeze anything you can that involves outside expenditures, especially for evergreen support, systems software, and consultants. If you previously brought in specialized expertise to help with something, find a way to train some of your own people to handle it instead.
• If anything that costs non staff dollars or invokes risk looks avoidable, avoid it. This is not the year to move to DB2, experiment with network virtualization, merge some SQL-Server DBs, implement system wide identity management, or do anything else that’s risky and expertise intensive. Have your people do what they do, focus on helping them keep their jobs, talk long and loudly about improving performance and reliability, but don’t undertake anything that’s new and avoidable.
• If you absolutely can’t avoid doing something, maximize your own staff involvement, incur hardware costs in preference to outside expertise costs, and be prepared to abandon previously ironclad corporate standards if that’s what it takes to bring in cheaper and more functional stuff like Linux, open source applications, and Solaris.
• Remember that the IT budget is part of the organization’s expense portfolio and if you can get some of your people, paid for from your budget, working as users in user departments, everybody will be better off. The employees will have jobs, user management will have reasons to support your budget, your resume will show a smaller budget drop, and you can get those people back quickly if you need them.

  A good place to look for opportunities to do this is the user side dream projects list - look at the people you’d like to keep but can’t protect in a budget crunch, match them up to user dream projects, and sell having your guys working for user management to user management and the staff involved by arguing that they’re developing the expertise they’ll need to really understand those dream projects.

  If next year’s economic situation improves, everybody wins - and if it doesn’t, well you kept them employed another year and helped them diversify their skills.

  And, bottom line? with today’s economy the very best you can hope for is keeping most of your people while more or less holding the line on services - so focus absolutely on doing that, and let everything else go.

July 11th, 2009

Pigeons roosting and doing what pigeons do

Posted by Paul Murphy @ 12:15 am

Categories: Applications, Security, Sun

Tags: PC, Sun Microsystems Inc., Sun Ray, Desktops, Servers, Hardware, Paul Murphy

I was just wondering what I was going to run on about for today’s blog when the phone rang…. a guy I haven’t heard from in this century.

“Bill XX? Really? Wow, I haven’t heard from you for awhile, where are you working now?

“Still at XX eh? that’s a long time - so, what’s up?”

“Ya I heard about, according to the news about 6,000 affected PCs - really, closer to 15,000? and for how long? (surprised snort) you’re kidding, and no one noticed?

[He explains that some top level executives want him to report to them about the problem]

“Well, If I know anything about how they work, they won’t care much about the actual security issue, just about how the press got wind of it - trust me, talk to them about shutting down outside access to confidential data and that’s how they’ll hear you.

[He asks if Sun Ray would solve the problem].

“Well, I can try to answer that, but why call me, I don’t work for Sun - ”

[Turns out he talked to a client I helped install Sun Rays - and called Sun last week, but the guy said someone from Toronto would have to call him and that hasn't happened yet.]

“That’s probably because you guys kick lots of tires but only buy from IBM”

[He argues that they buy from HP and Dell too]

“That’s low bid PCs, Sun doesn’t sell those - But on the specific issue of whether Sun Ray will solve your problem: sure, in terms of what to say when they ask you this afternoon what alternatives exist and how you’re going to ensure this never happens again - but not in deployment, no.

[He rises to the bait, asks why if Sun Ray is a high security device using them wouldn't prevent future data losses to internet attacks.]

“Because Sun is selling more and more Sun Rays into PC environments where the buyers are looking for better control over what their users do: using PC servers to deliver PC software to those users -and that kind of server proliferation means you lose security control. Sure your exposure shifts a bit from the desktop to the server racks, but you still have the same people problem, the same x86 problems, the same garbage networking, and the same crappy software.

What’s worse, the current product works well for PC apps, but that market is now driving design decisions with the next generation being prepped to be operationally indistinguishable from a desktop PC with DP style lockdowns in place - moving from smart display to some kind of half assed thin client. It’s bad news for users, but just the kind of DP idiocy guys like your old boss; what was his name, bruce something? used to love.

“He’s still there!? Are you serious? the guy barely made it through highschool and he’s kept a senior IT job for like, what 20 years! it’s no wonder you’re stuck in 91 and trying to rediscover 1975. Look, Sun Rays are great - and if you’ve got national security class issues they’re the only way to go. But you don’t you’ve got a bunch of PC users who desperately want to believe that their PC empowers them do things for themselves - and Sun Ray’s greatest strength is that it will let you give them the freedom to do exactly that, but its greatest weakness is that it will also let people like Bruce do the opposite, what you just said: more controls, less user freedom.

“You want to succeed with Sun Ray? use it to give users what they want - you want to fail with Sun Ray? use it give data processing people what they want. The technology works both ways, but if you do the DP thing you’ll limit organizational flexibility and users will eventually sabotage you in all possible ways - until Sun Ray becomes the worst mistake you ever made.

“Don’t do it - an architecture combines management with technology, it’s not just hardware and software. Either change your departmental management style to something that works for users, or stick with the client-server crap - it doesn’t work for them either, but they don’t know that because everyone tells them how wonderful it all is, and they’ve never seen an alternative.

He wasn’t happy with me - but what’s truly shocking about this is that when I talked to this guy last, in mid 1998, his concerns were almost exactly the same: he had a few thousand PCs running Windows95 and wanted to know if Sun’s acquisition of NetDynamics made buying into their identity server a good idea. Now here it is over ten years later, and he’s still buying from the same vendor, still looking wistfully over the fence, and still fighting the same losing battles, with the same tools, and under the same restrictions - so, besides putting his kid through college, what’s he achieved?

Professionally, I think, nothing. The buzzwords have changed. He’s worked hard, cashed a lot of salary cheques, paid his dues to lots of other people, and probably sometimes learnt something - but what he’s achieved in terms of contributions to his employer is nothing: every day has been a different day with different words but pretty much the same [four letter word] - for close to 15 years now.