Category Archives: News

The Solid State PC

A silent PC is one that makes absolutely no noise, and by necessity has no moving parts (including fans). Such systems usually use very low-end hardware limited to trivial tasks such as running a cash register. The system introduced today, a Solid-State PC (SSPC) is a powerful quad-core i5 PC which runs most software faster than the majority of modern PCs, yet uses less than 25W idle.

Continue reading The Solid State PC

Steve Ballmer Moving Microsoft in the Right Direction?

For those who don’t know me, let me establish a few positions that I have taken over the many years that I have been working in IT before me writing a piece I never thought I would write. First, I do not particularly care for Microsoft and have been known to go great lengths to avoid using or buying their products. I am even writing this on my Ubuntu laptop for now. And I won’t claim to be a free software preacher either. I feel that every job has a proper tool, many have more than just one.  For example when I am home browsing on the internet, that tool could be an Apple Product or a Windows Product, or an alternative such as Linux.  They all do the job well.  When I work, I use Windows 7 x64 bit because I need the memory for the work that I do.
Second, as much as I dislike Microsoft, I loathe Steve Ballmer even more. In my personal opinion, Steve Ballmer is the mouthpiece that rattles on endlessly as though possessed by an otherworldly spirit while the rest of the company appears to want to present itself in a better way. While many key people in Microsoft try to reach out to Open source communities and bring in developers or try and encourage hackers to work with Microsoft to improve security, Mr. Ballmer will spout ramblings of IP theft and threaten lawsuits just moments later and place bounties on the head of anyone who exploits security flaws. The man seems about as in control of Microsoft as a dog owner would be of a Rottweiler walking through a butcher shop. The man has been notorious for being a clown on stage and jumping around like the dancing monkey boy moniker he has earned.

Which is why as much as it pains me to say this, but I feel Sam Diaz of ZDnet is wrong on saying that Steve Ballmer should remove  himself. Over the past five years, Microsoft has suffered a lot of brain drain and replaced a great many good managers with technical goals with business men that are out for pure profit.  One such great loss include one of my personal idols Ray Ozzy.  The problem with losing those engineers, the visionaries of the company is that eventually without the visionaries, the company runs out of ideas to market and lacks direction.  Ballmer finally realized this and appears to be changing his tune.  You see, he has shown something of what I would call growth.  He made a mistake and is showing signs that he has learned from that mistake.  Much like when I tear apart a computer and for some reason, I misplace a jumper or get the wrong power supply or purchase a CPU that won’t work with the existing motherboard. I can easily just abandon the computer or give it to some one else for a discount price because I can’t make it work.  Or I can try and troubleshoot the problem, fix the computer and learn something from the experience.  Another example would be taking the star basket ball player out of the game for being a ball hog after he finally learns how to pass to the other members on his team.  Steve Ballmer seems to have learned one of the valuable lessons in running a business.  That is running a technology company with only businessmen as executives is a bad way to run a business.

Now for why I feel so strongly about this.  For the last decade I have seen more people chase after jobs in the “business” world rather than the engineering world because they didn’t want to deal with the complexities of math and feel they could get an equal or better paying job than some one who actually did the heavy thinking.  I have a co-worker that chose to be an manager of information systems instead of a computer science major for just such a reason.  Bill Gates spoke for years about the need for more H1B Visas because of the talent shortage in engineers.  Steve Ballmer didn’t do much to help the problem by showing everyone that marketing and sales were important to the business while letting the engineers disappear.  Hopefully this is a high profile enough movement and successful enough that more companies will push to get engineers and more technical people into positions of leadership.  With that notion perhaps, and this is a long shot, people will see an engineering degree as a way to make real money instead of thinking the only college degree is an MBA.

So yes,  I want Steve Ballmer to stay as the CEO of Microsoft, not because I like the guy.  Not because I like the company.  Not even because I don’t like the company.  I want Steve Ballmer to be CEO so he can put more engineers in power and hopefully set an example that sometimes the person with the engineering degree gets to call the shots, which by what I still call a long shot, but start getting more students to enroll in college as engineers.  These hopes are the reason that I feel Steve Ballmer is moving Microsoft in the right direction.

Novell’s Patents and Why CDTN Holdings Wants Them.

The web was a buzz earlier today with news that Microsoft wasn’t the only company being involved in CDTN Holdings and some including ZDNet and ComputerWorld blogger Steven J. Vaughan-Nichols tried to speculate just what patents each of the member companies of CDTN Holdings would want and why.
First many thought that VMware would jump at the opportunity to get an OS to complete their stack and as I found out talking to a few PR employees from VMware, they pretty much already have everything they need from Novell, or so they say. Of course, VMware is owned by EMC who is a partner in CDTN holdings, so the VMware reps didn’t exactly inform me accurately.  After a quick search I did happen to find patent number7,793,101, which is Verifiable virtualized storage port assignments for virtual machines . I think I could see why VMware might want a crack at that patent portfolio now. I noticed that there are several more storage based and virtualization based patents for VMware and their parent company EMC to hand pick through. Keep in mind that Microsoft is also competing in the virtualization space as well.
In the storage space there are a few other gems including:

  • 7,844,787 Techniques for data replication with snapshot capabilities
  • 7,844,580 Methods and systems for file replication utilizing differences between versions of files
  • 7,809,910 Backup archive management
  • 7,774,568 Clustered snapshots in networks

VMware is also dabbling in identity management, also something that Microsoft has been working with for some time. Oracle and Apple also have identity management needs and would probably not hesitate to pick up a couple patents for their own related products.
With Identity Management we have a whole slew of goodies to pick through including:

  • 7,770,204 Techniques for securing electronic identities
  • 7,774,826 System and method for determining effective policy profiles in a client-server architecture
  • 7,793,340 Cryptographic binding of authentication schemes
  • 7,793,342 Single sign-on with basic authentication for a transparent proxy
  • 7,774,827 Techniques for providing role-based security with instance-level granularity

All four companies might be interested in improving their application deployment technologies with the following patents:

  • 7,730,480 System and method for creating a pattern installation by cloning software installed another computer
  • 7,739,681 Delayed application installation
  • 7,730,179 System and method for policy-based registration of client devices

The point I am trying to make is that each of these four companies have much to gain for the capital they put together to get access to these patents.
Many of us know that Microsoft is all about their Operating System, their Active Directory architecture, Search, their entry into Cloud computing.
EMC is the storage giant, but they also own VMware, RSA, Atmos, vBlock, Mozy, RecoverPoint, Documentum and have just as much if not more to gain than Microsoft.
Oracle while everyone knows is a database company, has bought more companies than anyone else, and leverage patents from Identity Management to Virtualization. Don’t forget that they own Sun Microsystems and happen to have Virtual Box.
Lastly we have Apple, who seems to stand out as while being worth more than anyone in this venture, appears to have the least to gain. However, when considering identity management, Apple would be quick to take advantage. Novell has quite a few data synchronization patents that could help out their MobileMe services. Single SignOn could be a big plus for them as well. They don’t really seem to have as much to gain from what I can tell, but then again, Apple doesn’t think like most companies. We could see them try dive into the enterprise with some of these patents or perhaps they could push themselves to the cloud.
All in all, we have four companies that are going to benefit greatly from the jewels of Novell, their patents. And while everyone was too busy worrying about the UNIX copyrights, the patents which I consider much more important were being handed over pretty much going unnoticed by the media.
Trying to figure out the direction that Attachmate will take Novell is very scary, especially handing out all of the patents like they did. As a Novell customer myself, I am concerned. Then again, who really knows the direction of the tech industry in the long term.

The Aftermath of this transaction is most interesting. Novell was a real hot potato that no one company wanted entirely. The market share of Novell has been slipping since the 90’s, and their recognition is even less. When talking to a salesman for a backup software company, he failed to even recognize the name and recommended that I speak to a tech. Yet, much to the dismay of many, when the patents for Novell were up for grabs, these four companies were first in line.  Microsoft, Apple, EMC, and Oracle are bitter enemies on several fronts, and yet they put aside their differences to pick apart this former powerhouse.

Online publishers need to understand interactivity

I have noticed a very interesting trend amongst a number of online writers, which is that they completely ignore commenters. I understand why they do this. But by not participating in the comments sections that are attached to their articles, they are doing themselves and their readers a great disservice, and along the way, missing major opportunities for improvement.

I understand why writers do this. As a fellow professional author, the finances around writing are horrible. In my experiences, monitoring and reading the comments on an article can often take 10% – 20% of the time it took to write the article. For a very popular article, that percentage is much higher. To actively participate in the comments and respond as appropriate takes substantially more effort. I have had articles where I personally posted 20 or more comments in response to people, and some of those comments were as long, thought out, and researched as much as the original article. Clearly, when an author works like this, their per-hour rate starts plummeting. After all, we get paid by the article, not by the comment!

The problem is, the audience does not see it this way. In the audience’s mind, if an article appears on a Web site, and has a comments section, certain expectations are reasonable:

  • Any comment they leave, so long as it is within the boundaries of good taste, is on topic (varies widely, but to me, that means: “follows logically as a response to the original post or another person’s comment”), refrains from baseless ad hominem attacks, should be published on the site.
  • Any comment which challenges the author’s basic facts and calls the article’s accuracy into question should be responded to.
  • Any comments made in private to the author (email, private messaging system, phone call, etc.) should, at the very least, be acknowledged.

Now, some might ask, “who declared these to be the rules of online writing?” Well, it’s simple. These are the rules of courtesy in “the real world”. Why should the Internet be any different? Imagine that you are at a dinner party, and someone says something based on incorrect facts (I don’t know what… perhaps that the Amazon River is not very long). And when someone responds and says, “look, the Amazon River is really long, here’s the Wikipedia article on my phone that shows its length”, the person who made the comment walked away. What would you think of that person? You might think that they were merely rude, but it would not be unexpected to think of them as a coward, or someone who is afraid to admit when they made a mistake. You certainly wouldn’t think, “gee, they’ve got an awful lot of people to speak to here, I can’t blame them for not having the time to participate in this discussion.” What if this person said something highly controversial, and immediately left the room? You would think that they are a complete, utter jerk.

The New York Times has an article today blaming their inability to meet these expectations on a lack of staff. And yeah, I get it. The NYT had a huge problem with open forums, with tons of inappropriate comments being made. It’s how things go. The problem is, their current approach (shutting down comments, restricting the articles that comments can be made on) is infuriating to their readers. In their mind, comments on, say, a travel article talking about trips to Barcelona are less important than comments on Paul Krugman’s latest essay. I can see why. But the funny thing with comments is, you never know where reader-generated value will come from or what it will appear on. Maybe a reader of that travel article knows of a fantastic restaurant in Barcelona that is really inexpensive to eat at and is tourist-friendly? How many comments on the typical Krugman article are written at a level of knowledge (as opposed to knee jerk, emotional reactions both pro and con) that really add value to the discussion? It could very well be, that for the NYT, they would get more aggregate utility from allowing comments on all of their articles except the really big ones. Unlikely for sure, but possible. But they will never find out, will they?

The reality is, for any given site, there will be some articles that generate hundreds of comments, but the overwhelming majority of articles won’t (other than spam bots). What this means, is that the NYT‘s policy is greatly flawed. They should be able to open up their entire site to articles, with a relatively low overhead added to their monitoring efforts.

I recently read an article providing a technical tip. The tip was highly flawed, dangerous, and treated information that was situational as being globally applicable (it said to make certain registry changes, but those entries only existed if you had a particular kind of hardware). Many readers (including myself) responded with all sorts of follow up questions, concerns, and so on. The original author did not respond to any of these comments. You know what message this sends to the readers? That the author shoots out poorly researched articles, and when questions are raised, the author dodges the criticism because they are too busy writing another poorly researched article. The publication’s credibility takes a hit in the process, because the readers see the author’s name a lot less prominently than the site logo.

The real problem here, is the flawed business model that many publishers bring with them when they move online. And even for online-only publications, I can tell you that the economics are wrong. Any publication operating online needs to build into their financial plans the need to accept all reasonable comments and properly respond to them when appropriate. What does that mean? It means that if you are going to rely upon dedicated human moderators, there needs to be enough money in the budget to have enough of them. It also means that you need to include “responding to reader comments as appropriate” in the job title of the writers, and include an evaluation of this in the writers’ regular performance reviews. You have to have your editorial staff doing “spot checks” of the comments to see if the authors are ducking out on this responsibility. All of this needs to be factored into your financial decisions when you are setting up your business.

And many of these comments, especially the critical ones, are quite important to improving the site long term. Maybe there is a writer who is consistently producing outstanding work, and the site would benefit from featuring them more prominently? Perhaps a particular author has a bad habit of mangling facts, and is damaging the reputation of the site? Sometimes an author makes the same silly mistake over and over again, and should fix it (I used to spell “Joel Spolsky” wrong all the time, until a reader pointed it out to me, for example). There are lots of really good reasons to keep an eye on the comments, not just the author, but the editors or producers of a site as well. Does every gripe or complaint need to because “to do” item? Of course not. Do you need to fire every author who gets a lot of criticism? Not at all (and it depends a lot on the nature of the criticism, too). But complaints should be acknowledged (this is called “customer service” in layman’s terms) and aggregate temperature readers of the audience’s feelings to an author should be taken. An author who is taking a lot of legitimate heat on a regular basis… well, maybe it’s time to replace them.

Now, there are some authors that are really good about self-monitoring. And what I’ve seen is true across them, is that they happen to make money by writing, but they would be doing it in one way or another even without a paycheck attached. In fact, many, if not most of them, self-publish some thing that they see no (or negligible) revenue on, but is outside the realm of their paid writing. Not to hold myself up as an ideal example, but I can relate my personal experiences. I write for TechRepublic (which is something like 90% of my writing income), here (free, not even ad revenue), a Web site for weightlifters (I also host, maintain, and run the site at my own expense, zero revenue on it), and some additional freelance writing here and there that I get paid per-piece on. My pay at TechRepublic is the same regardless of how much I respond to reader feedback, but whenever I think about the financial end of things, I never look at it as getting paid merely to write a piece. I have been told many times by the staff that they really appreciate that I respond to reader feedback. While I hope that this comes into play in any internal decisions they make, it is not why I do it. I simply feel that all reader comments deserve to be read by the author, and responded to if they merit a response. It is that simple.

Do I sometimes get nasty comments from readers? Sure. I try my best to handle them with respect and courtesy. As a result, I see relatively few comments that I think cross the line. When I do get one like that, I simply respond to their factual assertions as best I can, always be willing to admit to a mistake and consider that I might be wrong, and state that I am keeping it “above the belt” and appreciate the same. It also helps that the articles I write are almost overwhelmingly factually based; when you stick to talking about facts (how-tos, tips, “my experience with XYZ”, etc.), there really isn’t much that people can get nasty about.

What this revolves around is the fact that a lot of people simply do not understand how to do business on the Web. They feel like the Web is great because it allows them to tweak and tune their existing business models. Old school companies like the Web because they can scale back their call centers and data entry operations, under the guise of giving the user control. And yes, that is a very real benefit to the Web. some companies are really happy because it lets them extend their reach to places that they couldn’t do business before, cut back their traditional advertising costs, and so on. But users don’t go on the Internet with the hope of doing their own data entry or to provide usage data to a vendor. They are there to save time and money. Much of the time, the needs align well. When a company’s site allows users to put in the data themselves, it is almost always faster and easier than having them call a phone number and provide it over a phone, so everyone is happy.

When a user goes to a site to read content, as opposed to reading it in a magazine or newspaper, what are they really looking for? Well, they are looking for a) convenience (fast lookup and delivery, easy access via links to related information) and b) interactivity. By following a model in which the reader feedback is throttled (like the NYT is doing), readers are left only with the convenience of reading it online. Guess what? That is a commodity. Few sites offer a unique mix of content on a consistent basis. That is why I post so infrequently here, because I don’t like to post something here that you couldn’t find elsewhere with a quick search (or would have to pay to get through other sources). For example, if I spend hours fixing a bug on a server because there are only three search results for the error code and none offered a proper fix, I’ll post the fix here (especially if I had to open a vendor ticket to get a fix). My opinions and analysis… well, this is the only place you can find them (hope you like them!), since my writing elsewhere is pretty limited in scope and generally is not opinion/analysis. What this means for publishers, is that if you annoy your readers, they go elsewhere. I don’t have to read the New York Times for anything other than their local news coverage (and hey, I haven’t lived near New York City in a while) and unique editorials/op-ed stuff. I read that publication out of sheer force of habit more than anything else (I subscribed to the email newsletter something like 10 years ago). I used to read the Washington Post as well, but when they stopped sending the newsletters, I stopped reading. That’s how fickle tastes are. I didn’t even notice after a few days that anything was different, other than having a few more minutes in my day.

What can a publisher do? Well, some are obviously choosing human moderation combined with author passivity, and it is clearly a mess for the NYT. Others choose a basic, community monitoring system combined with human moderators. TechRepublic does this, and I think it works out really well. They have a few human moderators who spot check forums, look at stuff flagged as spam, and so on. Other sites (Slashdot always comes to mind here) take it one step father, allowing users to up or down vote each other and their votes count for more after they’ve accrued trust from the community. Personally, I think that the TechRepublic system works the best. Giving the community a lot of control (Slashdot, Digg, etc.) in where content (not just articles, but comments as well) appears, how prominent it is, etc. leads to folks gaming the system. Too many people spend their time on these sites not working for the greater good of the community, but to gain some sort of advantage for themselves.

And again, publishers need to take a hard, honest look at their financials and authors. Can they afford to compensate their writers to not just write, but to spend the time reading and responding to articles? Do they have authors who have the ability to read and respond to articles and keep things professions? A “no” to the first is a sign that they need to change their business model. A “no” to the second indicates that they should consider a different mix of writers.


Doing something vs. talking about it

Recently on Facebook, there has been this odd meme that says if you change your picture to that of a cartoon character from your youth, it will help the fight against violence to children. Quite frankly, I think this is total, utter, nonsense. I talked about this with a friend, and he found the following picture which sums up the absurdity of it perfectly:

Changing your Facebook picture doesn't help kids

I am someone who likes to give to charity. In fact, I do so on a regular basis. Every December, in the midst of buying gifts, I like to send donations to a carefully picked list of charities. I pick these charities based on the fact that their mission is hands-on and there is no profit motive to get involved. Things like Smile Train, Room to Read, and One Simple Wish get the nod for me.

So, what does this have to do with my usual topics here?

My company, Titanium Crowbar LLC, has written a number of WP7 applications. I have committed the company to donating 10% of gross revenues (as in, “before Microsoft takes their 30% cut”) from November 3rd (when the store opened) to March 1st, 2011 to the charity One Simple Wish. Right now, the applications we sell are “Name That Nerd” and “Local Crime Rate”, with a few more in the pipeline. OSW is a great organization. They work with local social workers, orphanages, abused children’s shelters, and so on to identify things that these kids need to simply lead a little more normal life, and get them for the kids. For example, they run a drive to collect dresses, and give them to the girls so they can go to the prom. A child who got pulled out of an abusive, neglectful home might get underwear and a jacket. They might buy a young boy a bike. To some, this might be just getting a kid “stuff”. But to these kids, who are already feeling like the world has nothing for them, it brings so much joy and happiness to be able to have at least some of the things that “normal” kids like. To me, this is an important charity.

Let’s face some facts. Few independent mobile developers are making “real money” on their applications. I’ve crunched the numbers in the Apple App Store, for example, and the average application is making only a few thousand dollars. Hardly enough to justify the time doing the work. Most mobile development is a passion or hobby to do new and interesting things, and it happens to bring in some income to justify the time being spent on it. The independent mobile developers think of the income as a “nice to have” not a “feed my family and put a roof over our heads”. So I am calling on each of you out there to consider doing the same thing that I am doing, with the charity of your choice. Pick a charity, and commit a percentage of the revenues (gross, net, whatever!) over a timespan to go to this charity. If your mobile development efforts are like mine, and mobile development revenue is essentially “found money”, I think it can’t hurt you to seriously consider this.


Where I have been for the last six months

I know, it’s been a long time since I’ve posted anything here! There’s been a lot going on, and I hope to be able to give in-depth tips and analysis based on my experiences lately. Here’s a quick summary of what’s been happening:

Rat Catcher

The biggest news of all is that the project I’ve been working on the side for a while now is really coming together. It is called Rat Catcher, and it is designed to help content producers and publishers ensure that their content is not copied. It has two major uses. First, when someone submits an article to a publication, the publication can make sure that it is 100% original work. Plagiarism is a huge problem in this industry, especially when dealing with authors in Communist, former Communist, and a variety of Asian areas where the cultural attitudes on copyright and intellectual property are significantly different from what they are in the West. In and of itself, this functionality is useful, but it is not the meat and potatoes of the application; there are lots of other applications which can do this. The real value add is that it can run reports on a regular basis and help you find people copying your work. For someone like myself or George, where our ability to put a roof over our heads or food in our families’ mouths depends on our writing being “valuable”, it is critical to us to make sure that the only places our writing appears is where we are getting paid for its usage. Rat Catcher is currently in a free, public beta test, and I encourage you to check it out and provide me with any feedback (good or bad) about it.

The Agile Platform

Over the last year, I’ve come to start using OutSystems’ Agile Platform a lot. A quick disclosure: OutSystems paid me to write about my experiences using this tool in writing Rat Catcher, and they licensed those articles to TechRepublic (and possibly other outlets); in no way did they request that I make changes to the articles beyond basic factual corrections, and those articles were critical at times of the product. With that out of the way, I will say this: the reason why I wanted to write those articles is because I love this product. If you need to write Web based applications, I suggest that you give it a very good look. The Community Edition is more than enough for most needs, I may add, so do not let the pricing model deter you. Rat Catcher has taken me less than a year of nights and weekends, typically with me spending about 10 – 15 hours a month on it (some months more, some much less). I know that with any other tool, I would be nowhere near where I am now on the Rat Catcher project. I consider Agile Platform to be the best decision I’ve made in years in terms of tech choices.

Personal Browser Usage
A while back, I talked about my experiments with Chrome and Firefox. Firefox is a total stinker in my mind, sorry to say. It’s fine at a technical level, but it combines a horrible UI with a lack of features in a way that makes it unacceptable for my use. No matter how many times I tried to force myself to use it, I couldn’t use it. Chrome, on the other hand, also lacks a pile of features. But unlike Firefox, it has a lot more usability. It still has three UI quirks that I dislike:

  • The lack of a title bar to make it easy to click on with my dual monitor setup
  • The lack of tab coloring/grouping that IE has
  • I prefer IE’s order or “which tab is selected next” when you close tabs

When IE 9 gets out of beta, it is very likely that I will switch back to IE. It’s not those little features that are nagging me, it’s the big stuff… most notably, OneNote integration. I stopped using OneNote for the most part when I switched to Chrome, and it bothers me that I don’t use it as much.

WP7 Development
Over the last few months, I’ve gotten into WP7 development. I’ll say that while the development side of it is not perfect, it is the best experience around compared to iPhone, BlackBerry, and Android development in terms of the tooling (although the emulator is limited to the point where you need to buy a phone for a lot of things). TechRepublic has asked me to write once a month about WP7 development, and you can follow that in their Smartphones section. That being said, the experience outside of the development is an absolutely horror story. Microsoft is a lousy “partner” to their developers. And the WP7 APIs are very, very lacking. Some of it is deliberate (for security reasons), some of it is simply a lack of time to get to market. I know that the APIs will get much better soon, but for the time being, developers can’t do much with the device’s hardware. WP7 has the potential to be the premier phone gaming platform, by the way, if developers put their minds to it. The #1 problem with WP7 development, though, is the sales numbers. Microsoft is not giving devs sales/download numbers until February. My guess is that they are trying to hide poor sales numbers, and don’t want developers saying, “gee, my app is #381 on the list and has only sold 139 copies” which would obviously discourage others from writing apps. The lack of attraction to the platform shows in the app store too. While it already has more apps than Windows Mobile did, the apps are almost universally low value. An interesting side story is that Microsoft has been paying developers to develop apps (and subsidizing development contests to bribe developers) in a desperate effort to seed the app store with apps. Without these kinds of incentives, no sane person would invest time in the WP7 platform until they knew that it was selling handsets at a much better pace than what has been reported.

My guess is that I will make more money writing about WP7 app development than 95% of developers will make writing WP7 apps. If it’s any consolation, it’s also true for Android developers and iPhone developers… the average sales numbers are awful on those platforms too. But that’s the concern with WP7 development. If an iPhone or Android dev makes a few thousand bucks on an app they worked hard to put out, with as many handsets out there as there are, who is going to make money in the much smaller WP7 pool?

Microsoft CRM, Kentico CMS
For most of this year, I have been involved with a project to integrate MS CRM with my employer’s upcoming Web site rewrite (going from an ugly site using static HTML, to a much better looking site on the Kentico CMS). Along the way, I have learned a lot about Microsoft CRM. It is a total, utter, inexcusably bad piece of garbage, and I urge everyone reading this to avoid it at all costs. The next version (MS CRM 2011) looks like it addresses many of the worst issues in version 4.0. Honestly though, this is probably one of the worst applications I have ever dealt with. It combines the worst sins of “enterprise class software” into one horrible package. I am not going to air our dirty laundry in public, but I will say that we are making major changes internally to ensure we never, ever end up with an application this bad again. I will go into much deeper detail on why MS CRM is so bad in the future, hopefully soon. For now, if anyone in your organization seriously suggests MS CRM as a choice, take them to the woodshed, pronto.

Kentico is not a bad CMS, but I do not like working with it. I worked with it a few years ago to try to rejuvenate our Web site, and it was horrible then, lots of unacceptable flaws (like if you changed the price of a product, any existing orders would show the new price, not the price when it was ordered). It has substantially improved. But it is still not very good as a platform to develop against. It has too many places and ways to make changes (“Modules”, “Templates”, “Web Parts”) and it is not clear which is the best way to do things at any given time. It is also a BEAST of an application. It is insanely heavy. The problem is, it is currently the best (that I’ve found) .NET CMS out there, and one of the best in general. The fundamental problem is that some folks 10 years ago decided “this is how a CMS gets written” and their decisions were driven more by the limitations of the technology than designing for quality. And every CMS since then has copied these bad decisions.

ISA 2006 to Threat Management Gateway 2010 Upgrade

I just wrapped up this upgrade (well, “migration”). It wasn’t bad, but I found a number of important stumbling blocks that no one else has discussed. I hope to write about them either here or on TechRepublic in the next few weeks, and hopefully make someone else’s life easier.

Over the next month or two, I hope to go more in depth on all of these topics, both here and on TechRepublic. If I don’t have anything before the end of the year, happy holidays and best of luck in 2011!


San Francisco Vs Fastfood and a Positive Approach.

After much discussion with a few coworkers, I have come to the conclusion that Americans want to take the same approach about any subject as they do with politics. Sorry for the generalization, but the new American way seems to be that if you don’t like something, have the government ban it. And while I feel that today’s children as well as adults seem to be out of shape in poor physical health, the approach of banning everything bad for you seems to be, pardon the pun but, in bad taste.

I agree that something needs to be done about parent giving their children food that is on par with the food that we feed our animals. But banning something only creates a black market for that object that is banned. Making that object completely unobtainable only makes people want that item more. Prohibition is a classic example of taking a bad substance and making it illegal. People want that substance more, and being from a capitalistic country, someone is always willing to supply their desire for a price. Fast food will not be any different. Just because you take the toy out of the meal doesn’t mean the child will want the meal any less. More than likely, many people will travel just outside of San Francisco to get their child a happy meal just to quiet their child about the latest McDonald’s toy in the happy meal. While I don’t see the majority of parents doing this, I don’t see this as a solution to the problem either. There are more positive ways to push people and companies into doing something that is good for them.

So if I am so quick to dismiss the ban, what then is a better solution? One would be quick to point out the energy tax credits and how quickly people have been buying new and more efficient ways to insulate and heat their homes. I for one am already enjoying the benefits of replacing my windows and plan to also replace my gas furnace as well. While my heating bill will not recuperate the costs of heating my home for a couple more winters, the tax credit was enough of an incentive to move where previously I had not the desire to spend the money needed to replace the furnace and windows. I propose to San Francisco to consider a similar measure.
I have of course a couple of options, and feel free to choose which one you like best. They are yours at no charge, just feel free to give me a nod if this goes to national media:

  1. Raise taxes on all fast food.  Then,  give tax cuts based on the amount of the menu is based of of healthy items. If their menu is 100% junk food free, give them a 50% tax break.  If the menu is 50% healthy, give them a 25% tax break, and break it down that way.
  2. Raise taxes on all fast food, and then based on sales of menu items, give the vendors a tax break.  That way the fast food joint will not only try to make their menu healthier, but they will also try to steer their customers towards these menu items as well.

While all of these suggestions would probably create a bit of a headache for government as well as creating additional posts in San Francisco for monitoring menu items and sales,  monitoring bans of happy meals is not much different.  Plus most restaurants who want any tax credit could probably easily pull inventory on how many burgers or salads they sold at any given period just to save a few dollars.  Businesses love tax credits, and only a minority really likes a ban on anything.

So there you have my two ideas.  Take them as you will.

Terry Childs, network admin convicted.

Update – It seems the same juror Jason Chilton that commented on slashdot is the real deal and gave a very compelling case as to why Childs was convicted.  Childs had emailed passwords to the COO before but when he found out that he was being reassigned, he stopped being cooperative.  The next day he even taunted his boss and COO that they didn’t have access.

“So he knew nobody else could get in, and I think he had the assumption that they would say, “We need you back to maintain this network.” And that obviously did not happen.”

So Childs was refusing to give access to the COO who he gave access in the past when his job wasn’t threatened.  But because he didn’t want to be reassigned, he was now holding the network hostage and refused to give access despite demands from human resource, the police, his boss, and the Chief Operating Officer.  This whole excuse that there was no formal policy in place is nonsense because most tasks in the workplace aren’t explicitly spelled out.  If HR, the COO, and the police want you to relinquish custody, you do it unless you want to risk prison and that should be common sense.

Now Chilton said in the interview that Childs is a good trustworthy person and that it was his managers fault for giving him so much free reign.  Well I’m sorry to disagree with Mr. Chilton, but loose management is not an excuse to be a punk.  The fact that Childs had withdrew $10,000 and left for Nevada the day before his arrest tells me that this man is scum and should never be trusted with any company’s equipment.

The jury has found Terry Childs, a former network engineer for the city of San Francisco, guilty.  Childs had refused to grant the city access to the city’s Wide Area Network (WAN) and served several month in jail for his refusal to cooperate.  Now if you’re a network engineer, you might ask why didn’t the city simply perform a password reset/recovery on the equipment and I’m wondering the same thing too.  If I had to guess, they didn’t want to risk losing the configuration of the network and the easiest way was to get Terry Childs to give them the password.

Speaking as a former IT professional, nearly all of us with the exception of Mr. Childs have enough common sense to know that when the owner of the system or when a boss issues a direct order to grant access to the company system, we do it.  For that matter if the boss asks for something within their authority (short of something criminal), and especially if they have the blessing of their boss and up, we do it.  We might lodge a formal protest if the thing we’re asked to do will endanger the security of the company, or something that would cause the company to lose money because the boss is an idiot, but we do it after our formal protest is acknowledged.  The other option, voluntary or not, is that we leave the company.  But if we’re asked to leave the company, we have to hand the keys over.  If we try to hold an IT system hostage, that’s against the law.

Yet despite this common sense, it seems that many in the slashdot community have rushed to Terry Child’s defense as some kind of “stick it to the man” cult hero.  But one particular post form someone claiming to be a juror on the case, who actually looks the part judging by his comments, had some interesting things to say below.  (Note that since this is an informal blog, I didn’t track the man down and verify authenticity like I would have when I was formally a journalist.  Please excuse me for being lazy here.)

Now that I am able to speak about this case, I can give you my take on the matter as having been a juror on it. Having not been able to read about the case during its duration, I can’t replay to everything that’s been said about it, but I will at least provide my perspective.

This case should have never come to be. Management in the city’s IT organization was terrible. There were no adopted security policies or procedures in place. This was a situation that management allowed to develop until it came to this unfortunate point. They did everything wrong that they possibly could have to create this situation. However, the city was not on trial, but Terry Childs was. And when we went into that jury room, we had very explicit instructions on what laws we were to apply and what definitions we were to follow in applying those laws.

This jury was not made up of incompetent people or idiots. Every single person on there was very educated and well-spoken. I myself am a network engineer with a CCIE and thirteen years experience in the field.

This was not a verdict that we came to lightly. There were very difficult points to overcome in reaching it. We were not allowed to let our emotions or biases determine the matter, because if they could there may have been a different outcome. Quite simply, we followed the law. I personally, and many of the other juror, felt terrible coming to this verdict. Terry Childs turned his life around and educated himself in the networking field on very complex technologies. One different decision by him, or more effective management by the city could have completely avoided this entire scenario. But those are not factors we could consider as a jury. We applied the law as it was provided to us and our verdict was the unfortunate, but inevitable result.

I’m sure many people posting are of the mindset that he’s not guilty because he shouldn’t reveal the passwords, some policy says this or that, or whatever. You’re entitled to your opinion, but let me tell you that I sat through FIVE MONTHS of testimony, saw over 300 exhibits, and personally wrote over 200 pages of notes. I will guarantee you that no matter what you think of the matter, you do not have the full story, or even 10% of it. I am confident that we reached the correct verdict, whether I like it or not.”

Later he added

“One really important thing to note here is that it wasn’t a concern that he did not provide “his” passwords. The real problem is that he did not provide access — in any form, even in the form of creating new accounts for those requesting it.”

The gentleman also added that he actually agreed with the law, and thought that Mr. Childs broke it.  But as far as I’m concerned, if it takes the Mayor of the city to visit your jail cell and nearly two weeks to divulge the key to the city’s equipment, he’s legally and morally guilty of obstructing the city unless we’re talking about the city of Berlin circa 1944.

The thing that many IT people forget is that they don’t own the system.  The owner of the system is the user of the system who report to their superiors who ultimately report to the owner of the company.  The IT person is merely the Shepard of the system and they ultimately have to allow the owner make mistakes if the owner insists on it.  IT people also forget that without the business, there would be no system to protect in the first place.  Mr. Childs forgot this and he took ownership of a system that he did not own against direct orders of everyone in the chain of command above him.

It would be as if a limo driver refused to hand over the keys of the car to a 19 year kid who is prone to fast driving.  But the kid doesn’t like that driver so he gets his father to fire the limo driver, but the driver refuses to hand the keys over to the father.  The father fires the driver and hires a new limo driver, but the original driver even refuses to hand the keys to the new limo driver.  At that point the limo driver has effectively commandeered a car that does not belong to him which makes him legally and morally wrong.

The driver has a moral and legal case to refuse the 19 year old, but he certainly can’t refuse the father much less the police even if the father might be wrong for spoiling his child.  We simply cannot give employees that kind of power over their employer’s property.  Imagine what every IT person in danger of losing their job would do if Childs had been vindicated by the courts.  So it doesn’t matter if a few Internet geeks cheer him on as someone who “stuck it to the man”.  If they were in a similar situation and I were on the jury, they would be convicted.