Slow down...you're moving too fast...

The buzz last week was all about how Microsoft has announced a public delay to the next version of Windows, named "Vista". Everyone was crying...vendors for not being able to sell more hardware before Christmas (people will not buy new PCs unless it comes with bling-bling), software authors for not being able to ship their Vista-specific titles, developers for not being able to close their Vista-related projects, and Intel for griping in general.

But before the stock market plummets on this announcement, there are two points of view not heard from -- the IT gurus who will have to roll this 7-year itch out to the end users, and the end users who will have to go through yet another drastic change in their lives. For these two camps, there is nothing but joy at the delay...as this will postpone the drastic loss of productivity time until calendar and budget year 2007.

Let us digress into why they want no part of Vista until it is proverbially jammed down their throats by the media and forced migration gods.

True users care not for bling-bling...they want the machine to start, to work, and to be consistent. They buy cars that will last five years. They will always eat the same foodstuffs. It's not about snazz and glitter...it's about productivity. Managers want eight hours of work out of me per day, they think, so I don't want to be impeded by rebooting three to six times a day, having to constantly hide Office paperclips, worry about the lack of anti-virus updates, and so forth. If the vendors and manufacturers want to roll these sorts of changes out, why not in small, incremental and non-destructive steps? Why every two to three years are we forced to take giant steps and fall behind for three to six months?

There is somewhat of a slowing of this process...Gartner's reports on the overall percentage of Windows XP and Office 2003 non-adoption are significant. And XP is almost seven years old. We still support people with Windows 98 and Office 97 - ones who have no need for the bling-bling, and their problems are being forced to upgrade. Why is that an issue? Oh, many know this answer...in order for Microsoft to be profitable, the world has to buy in to every upgrade and force the issue of upgrading hardware and accessories. A similar process exists in what Detroit and Los Angeles feed the world, but since the IT industry moves at lightspeed, the tremors from this Vista upheaval are more like earthquakes.

Detroit has been forced to re-examine the vox populii as gas prices and usage trends change. Los Angeles is also reworking itself due to advances in Internet delivery methodologies. Perhaps Redmond should be working on more of a relaxed, revisionary approach instead of yearly Office upgrades and quantum-leap Windows versions. Worry more about getting it to work RIGHT instead of bling-bling.

Hacking the underbrush

Grrrr! I hate when the commercial media picks up on something they think will sell more advertising dollars by dumb and dumber folks actually watching or reading the commercial crap sliced into it! Anything reasonable to report will be boring, I'm sure...but cough up on something that would fit just as easily on the cover of the National Enquirer (speaking of which...if you want an example of a BAD web site, go there...most of the material on the main page is selling their print editions...duh!), and you get that piece of data chewed up by nonsense editors (who are also instructed to make it sound worse intentionally) and then clipped until it is primo sensationalism.

What's got me riled this time, you ask? The Daily Hack a Mac bleed, of course!

Okay. Okay. I use one. I don't want the adware, spyware, BSOD, or perpetual troika of reboots. I don't want the reinstallation of Windows monthly. I do want to be able to work in a standard document format, so I don't use Brand U 'nixes and OpenOffice. Macs are fine with me, and I hate to see folks looking for ways to slice Steve and the Cupertino Gang down. (Another side note: you never see Steve spin doctoring these tabloids, do ya? Learn it, Ballmer!)

So a week or so ago some nimrod in Sweden boasts that he hacked a Mac in less than 30 minutes. BIG tabloid exploitations!!! Almost as big as Tom Cruise gets!!!! Film at eleven!!! Ah...but read the fine print...and the next day we hear that this guy got in because (1) the Mac was intentionally left open for rlogin and (2) the fool was given a local account ID and password. But NO WAY can you tell the tabloid media nebbishes THIS factoid. It doesn't SING. It doesn't sell Preparation-H or Depends.

So last week I have a friend come over and hang out. I was fired up with my WoW character, slicing and dicing when he walks in.

"Dru! You still using a MAC???? Girl, they got hacked!!!"

I glower and complete the quest before replying. "Did you read the rest of the story?"

"There was a rest?"

"Yeah. But if you want, we'll let you try and smite mine." (The boy thinks he's a hacker...Univeristy of Idaho regents, take note: no danger from this one as you will see...) He brings over his Toshiba that is running Fedora 4 and is supposedly radioactive with hack tools and such. I connect him to my network, give him my local ip address, and start playing WoW. "Free pizza for you if you do it in under 30 minutes," I say before he presses a key.

"Solid! It's mine!"

30 minutes go by. "Any luck yet?" I ask, busily flying into Silithus. I see no interruptions.

"Uh..."

"Didn't think so. Prize is now a free Coke if you do it in under an hour."

Another hour goes by. I've managed to increase my rep with the Cenarion Circle folks by 1000 points. "Well?"

No reply.

"Dude, your credibility as a closet hacker is on the line," I say. No reply. "Prize is now I DON'T tell your boyz about this," I warned him.

"Aw, Dru!"

"Hey! You said it was easy...show me."

"Well, the press..."

"Ah-ha!!" I stand up and point skyward. "There's your first mistake, monkey-boy. You believe in THE PRESS?" I close up show in Azeroth and walk over to his PC. How far did you get? Maybe I'll give you partial credit."

"I can ping it..."

"Amazing! So can the rest of the world. Did you get in? Any way, shape, or form of same?"

"Uh..."

"I thought not," I grinned, rankling him more. "Go back and re-read the article. When you have the machine in its normal mode, with all of the current updates, basic security stuff turned on, and DON'T give out a login ID, you are Fort Knox on this baby. I wouldn't use it otherwise."

Exit another fallen warrior. This is why I get rankled. None of these media dweebs...these n00bs of the Internet RSS feeds (notice none of the real news folks on the web would ever give out a PARTIAL story)...none of them ever try it themselves. What ever happened to the concept of "freedom of speech" and protecting the "free press" by being RIGHT? Gone the way of Redford and Hoffman, I suppose.

Windows and UNIX users take note: yeah, yeah, properly secured your boxes will resist kryptonite. But they DON'T come out of the box that way, do they...?

Got a machete handy, anyone?

If you want something done right...

My friend Professor Joplin would say that we are in an era of evolutionary flux, both biologically and culturally. My use of this statement will no doubt bring her to attack the context of my usage of it in this blog (and I certainly hope she uses this forum to do so), but her paradigm illustrates the world in general...I seek its usage as an explanation of why the IT industry today is also in a flux of a similar nature.

At the end of the previous century, with the emotional world in a state of hesitant dread of what the zeroes would do to our collective psyche, the IT industry was doubled over with a certain two-digit doom that most companies knew about when they coded it ten to twenty years earlier and yet waited until the last moment before even admitting it was an issue -- let alone actually taking hard-fought budget dollars to correct it. I speak, of course, of the Y2K debacle. At the time, I was working with a couple of Fortune 500 corporations in their effort to slay this proverbial dragon before he breathed fire on January 1st, 2000, and what should have been an easy walk in the allegorical park turned into a dark, revealing nightmare of hardware and software replacement that far outstripped their budgeted IT dollars. But the day came and went without the world ending, and computers went on to keep printing social security and accounts payable checks. Life went on.

Into the void left by this sudden collective exhalation went the Dot.com investment bubble that popped shortly thereafter when the IT dollars that had been under-budgeted failed to reappear. In a lot of analysts' minds, it never will be as "fluid" of an IT budget as it was for Y2K...and I tend to agree. There will never again be the sort of protracted effort and funding that was the Apollo Program, either -- but that didn't stop the space effort. Just changed it into fetching gorgeous images from the surface of Titan and Mars rovers who are working a year past their supposed "mean time to fail" that are proving the world once had flowing water. A similar evolutionary change (hence my borrowing of the good doctor's phrase) in IT is happening now. And it is tending to be more of the result of the old adage, "if you want something done right, do it yourself".

Now, since our company specializes in consulting and training, one might think such a change means our death. Quite the contrary. Instead, it means companies will want to bring full IT facilities in-house to avoid repetitive costs, and therefore must turn to facilitators like us to teach them how to do so, or consult with us on the ways and means. In fact, this approach is a sound one financially for the company, since its result is that you have more control over how quickly "bleeding edge" technologies are adopted -- or if they are even looked at -- and how essential the migrations to newer methodologies are. Cost effective notions, as well as proper planning that can easily fit into budget forecasting.

So if you are a business or an individual that hears the constant barrage of "bigger, better, faster, more" from vendors or the IT community as a whole, think twice. You have control of the IT evolution that represents your niche. It doesn't mean you will reach "extinction" because you aren't keeping up...it means your evolution will be a gradual and longer lasting adoption of the critical IT elements and technologies, since you ARE managing them. And the role of the consultant or trainer is one of assisting that evolution...not hastening it towards the realm of the dodo.

Going through security...

"Just a song before I go..." begins a song from a legacy band of the late 60s - Crosby, Stills, and Nash. The song is of a transit time we all face in leaving a loved one for a voyage and its apprehension. At the time this song was written, 9/11/01 was ten or so years into the future, so the ability for the singer to hold his loved one while going through security can no longer happen.

"Going through security
I held her for so long
She finally looked at me in love
And she was gone"

Today I was on the phone to a client calming them down about their PCs being "invaded" by the plethora of nasties out and about. They are an all Windows shop, and pretty much had what they thought was sufficient lines of defense -- exterior firewall, interior DMZ, router using NATs, individual PCs coated with Norton Internet Security and AntiVirus, Webroot's Spy Sweeper, XP SP 2 and its firewall turned on, etc. Took me all of three minutes to go past it all and freely read files on all of their machines using openly-posted tools built by hackers just for that purpose -- and I'm sure there are those out there that could have done it in less time with less steps...but the point was that I COULD get in past all of their "security" and reach their mother lode.

In desparation, they felt worse than better...but I reassured them in the fact that, by finding out their weaknesses, I could show them how to close these gaps and be wary of others. The Discovery Channel has a program that "stole" its title from a 1960's TV show, "It Takes a Thief" to legally rip people off in the hopes they will learn how to handle it...nifty premise, but far too expensive for a normal homeowner to use.

When it comes to PC security, Rule One is that NO operating system is 100% foolproof. Rule Two is that if ANYONE wants to get in and knows ALL of the tricks, they WILL get in. You mission, Jim, should you decide to accept it, is to judge what to do with your belongings, not how to put your PC into total uselessness by overloading it with security shells. What does this mean? Well, if you encrypt your sensitive documents, if you block your PCs outbound network sharing, if you change your passwords regularly or use a biometric key, then no matter how they get in, what they find is next to useless. Do they have time to decrypt documents? Break internal VPN passwords? Hack around the biometrics?

I'm not saying you throw down all of the defenses...you just make their approaches meaningless. Folks want to hack to FIND something...not to do it and just brag that they did. If they don't have proof (by modifying web pages, stealing personal info, etc), then no one believes it.

There are many tools to encrypt files and information that use the strongest methodologies known to mankind. Trying to decrypt this with programs even would require twenty years of compute time...and then the information inside them would be useless. There's a UK group that announced they finally decrypted a sixty-plus year old Enigma message that WASN'T created by a computer, but a machine with human-movable parts. They offer a downloadable applet to use your "free" computer time to help decrypt the rest of these messages. For what purpose? To say it could be done? To add a historical footnote?

Your choice of security methodologies needs to be more than the thickness and armor around the outside of the city. The right catapult will smash your armies to death within the walls without having to use a battering ram -- the defense approach you thought would be needed. Look into the encryption techniques...the configuration for the internals of the system...and you will find the mentality of the hacker will change and start to leave you alone.