drink the sweet feeling of the colour zero

VMworld hats


I’m a sysadmin attending a conference for sysadmins. I’m a journalist who wants to write up news, reviews and do in depth hands-on investigations of new and interesting technologies.

I’m a marketing consultant working as part of larger marketing teams organizing everything from booths at the event to the minute fiddly details of “the message”.  My clients are both startups, but one of them is parked inside the booth of a 13-billion-dollar company and I still can’t wrap my mind around the fact that not only do my ideas get airtime amongst their very experienced team, they are acted upon.

I’m a serial conference afterparty attendee but also someone who’s helping put one together. I’m a game/contest player and also someone helping organise them. I’m attending 5 webexes a day and helping run more than a few of my own.

There are even a few things I’m participating in which I can’t talk about yet because I’m under NDA. Oh, and I still have networks to take care of; at least two of which are undergoing some fairly major overhauls in preparation for the Q4 silly season.

Somewhere amongst all of this I am trying to train up some more sysadmin bloggers so that you lot can have a more diverse range of voices than just mine.  I’ve got a pair of them attending VMworld with me; others I’m bringing into interviews (or having them run interviews) in the hopes that they can skip some of the embarrassing faceplants that I had to go through.

I don’t sleep much anymore, but man, VMworld is going to be a blast.

Microsoft and the midmarket


Microsoft’s licensing is a problem; for a company that makes its bread and butter on the midmarket, they sure can seem hostile to those of us who live and work in this arena.  Indeed, Microsoft’s licensing compares more accurately to other Enterprise players.  Oracle licensing is byzantine and overtly a profit-maximization approach, but it they don’t have anywhere near as many SKUs in play as Microsoft. IBM is a good comparison; they have a similarly O_o number of SKUs in play, and no incentive to make their licensing comprehensible to normal people.

Contrast VMware to Microsoft as a “complete experience.”  Microsoft’s offerings are incredibly powerful.  As this review clearly shows, the joined-up nature of the System Center suite can enable a “total package” that overwhelms anything VMware can bring to bear.   That said, VMware licensing is simple; the products  way easier to install and work with. Truly groking Microsoft’s licensing – enough to make sure you aren’t paying a dollar more than you have to – is a career. It requires the full time efforts of an intelligent, educated individual to keep on top of. 

VMware’s products are also comparative child’s play to install and administer.  It took me three weeks of concerted effort to install a test lab with enough software to test System Center Suite 2012 against its two immediate predecessors. To contrast, it takes less than an hour to do the same with VMware.

I like Microsoft’s technology. I think they make some of the best software in the world, and inarguably the best in several fields. That being said, I go out of my way to use competing products in many places because of the complexity of Microsoft licensing.  Other vendors may (or may not) be more expensive than Microsoft. That said; when an alternative vendor’s licensing is less opaque – and better tiered! – you don’t walk away from purchases wondering if you could have gotten a better deal if you had only known the ins and outs a little bit better.

Interaction with Microsoft’s licensing department always leaves me with the impression that I’ve been had; there’s a scam afoot and I’m not the one running it.

I can’t speak to how Microsoft treats their customers with over 1000 seats. My customers are all between 1 and 1000 seats. Most are between 50 and 250 seats. What I can say is that in this area, I dislike dealing with Microsoft intensely. Microsoft doesn’t want to deal with us “irrelevant” SMEs directly. They want us to use VARs.  Frankly, I don’t trust VARs at all. Not once in my experience with VARs have I been able to find one who was willing and able to optimise my licence usage. I have saves clients tens, even hundreds of thousands over VAR quotes by doing the legwork myself.

Instead, Microsoft position their products to be appealing if you have less than 25 seats, or greater than 250. If you live in the 50-250 seat range – where most of my customers do – then the licensing is not only hard to optimise, it is outright punitive. The Microsoft ecosystem between 25 and 250 seats constitutes a barrier to entry for any company; something Microsoft has no intention of addressing in their reckless bid to drive the middle of the bell curve into a subscription model that has a far higher TCO for midmarket organisations than a perpetually licensed item. Doubly so when you consider that most midmarket companies live on refresh cycles for their equipment of 5 or 6 years, not three.

On Intellectual Property

TAGS: None

Copyright is about providing a temporary monopoly over intellectual works in order to extract economic value from those efforts in the hopes of spurring the creation of additional creative works. It must also inherently recognise the need for works to pass into the public domain (while they are still culturally relevant!) and it must contain rational fair use exceptions.

Copyright infringement is wrong, and society needs protections against it. Putting aside the loaded word “deserved,” there is a strictly pragmatic reason for us to compensate creators: if we don’t, both the volume and quantity of new works being created will decrease dramatically. These people have to make a living too; with 7 (soon 10) billion of us, the competitive pressure for resources is so high that we simply cannot support a renaissance-era category of creators who “simply create in their spare time.”

Nobody has spare time; to avoid destitution you either inherit enough wealth to get a great start to life, or you work 12-16 hours a day. Given the economic context; copyright infringement is unjustifiable; it directly deprives society of the talents of creators by creating an environment in which there is no realistic way for them to be able to devote adequate time to creation.

But copyright maximalism is equally ethically bankrupt. It attempts to shift the balance the other way; making creators into a special category of individuals whose labours are valued more highly than those of systems administrators, doctors, lawyers or teachers.

If I help build a road, I am paid for my labours per hour…but that road belongs to society. We all get to use it. Other roadworkers may come along and build on top of my work, learn from my technique or destroy it in order to lay pipes/repair faults/what-have-you.

If I fix a server, I am paid for my labours, but that server is then used by other users who benefit from my efforts. Other systems administrators may check the logs to see how I fixed things, alter my settings, or combine my efforts with theirs to create something new.

Neither the road worker nor the systems administrator gets to tithe their work beyond the initial payment for their labour. The roadworker does not get a toll for every person who passes over the patch he laid, nor the sysadmin a % of the ad revenue generated by each view.

Creative works are built upon those works that went before. Nothing is created in a vacuum. The whole of human experience is built upon the tropes and memes of our antecededents, whether through genetic memory or learned behaviour.

To suddenly claim that the labours and efforts of one category of people – intellectual property creators – is so important – that these intellectual property creators must simply be so privileged – that we must immediately reverse the whole of the human learning, experience (and yes, the creative process itself!) to protect their “moral economic rights” is beyond lunacy. It is arrogance. Arrogance born of nothing more interesting than greed.

Creators need to see economic benefit from their creations. Most people on this planet will agree with this. But this does not translate to the either notion that for creators to see economic benefit they must have complete unrestricted control over all use cases of their works nor that they should retain this control indefinitely (and by extension that this control should be infinitely heritable.)

Balance is required. The needs of the individual weighed against the needs of society at large. The people will no more tolerate autocratic control over knowledge and experience than we will accept that same level of protectionism or exceptionalism for any other special interest group.

You may stone me for saying so; but the writer is no greater than the road worker. The singer no more deserving than the sysadmin.

And if I am a filthy freetard for saying so – and for espousing the beliefs above, which appear to be both the original basis for copyright and increasingly the stance taken by post-aughties copyright legislation – then I accept the label with pride.

Windows 8


My beef with Windows 8 goes beyond just the limitations imposed by Metro.  I am very unhappy with how Microsoft has handled criticism.  They have played the “it’s just a beta” card several times.  When that didn’t work, they moved on to it’s for our own good, followed by if you don’t like Metro there’s always the classic desktop.

Yes, the desktop is still available in Windows 8, but for how long?  Out one side of its mouth, Microsoft tells us that the desktop will be a first class citizen, and out the other Microsoft limits its entry-level development tools to Metro-only.

Metro is clearly the favored child; and with good reason.  Metro provides a unified interface across all devices, something Microsoft has made very clear is critical to their strategy.

In the face of this, I believe that it will not be long before critical applications start appearing in Metro-only versions.  This statement triggers an instant attack by any fanboy: this is speculation and thus invalid.  Arguments must be restricted to what exists today and what has been said in official statements by Microsoft.

Sorry, but no.  The real world doesn’t work like that.  I am a systems administrator, and a significant portion of my job is planning the infrastructure of today in the face of a plethora of information about the future.  What I buy today impacts what I will end up using tomorrow.

At this point, everything boils down to trust.  Microsoft fanboys the internet over are quick to point out that we are not forced to use Windows 8.  Windows 7 will be around for a long time; should we dislike Windows 8, we can just exercise downgrade rights and stay with 7.

Try as I might, I cannot see the logic in this argument.  “Staying with Windows 7” implies continuing to purchase Windows 7 licenses to meet future needs.  But to what end?  Microsoft has given no indication that they care about my concerns regarding their desktop interface.  I see zero reason to have blind faith that it will somehow be addressed come Windows 9.

For me to continue to buy Windows 7, continue to develop new applications for the Windows platform and continue to invest in applications that run exclusively on Windows I need to have a great deal of trust that Microsoft will continue to produce a product that meets my needs well into the future.

Operating systems may refresh every few years.  But accounting packages, industry specific software, custom middleware and so forth can last decades.  I am no longer prepared to bet my business on Microsoft’s magnanimity, especially when their attitude towards legitimate criticism from their user base is at best dismissive and arrogant.

When the accounting package gets creaky and we start looking for a replacement, “requires Microsoft Windows” will be a deal breaker.  Instead of investing in the next generation of Windows, it makes a lot more sense to spend the same money moving the last few Windows-only applications I have to something standards-based and cross platform.

Anything else just seems like gambling.

BYOD: Manage the band, not the box

Tags: , , , , , ,

I have recently been involved in an interesting debate focused on the concept of “Bring your own device” computing.  I argue that no company will go out of business implementing BYOD, while others argue strenuously against the entire concept excepting under very narrowly limited circumstances.

Previous iterations of the argument focused on the costs of BYOD (is it cheaper?) the security (isn’t BYOD a security threat?) demand from end users and/or resistance from IT.

I make the argument in the latter case that there are enough unemployed IT guys out there right now that resistance from IT is functionally irrelevant.  IT operations staffs are functionally disposable; there are so many of us that for every one you fire a dozen more are willing to step into the position.  That varies by region, but I feel that on a global scale this is largely accurate.

IT staffing deficiencies are largely in development, Big Data, niche virtualisation deployments, Metal as a Service (MaaS) or in specialisations such as CCIEs, high-end storage and so forth.  Sysadmins are a dime a dozen, and this is a fundamental premise to be borne in mind when reading the below.

BYOD policy MAY be more expensive, but this is not guaranteed.  There are many high profile examples of successful deployments.  (Intel and Google spring to mind.)  Thus when the business side of the company comes to IT and says “make it happen,” they know it’s possible.  The question is “do your extant IT staff have the skill to pull it off properly?”

If they don’t, you fire them and you get new IT staff.

Think Small

Most businesses are small and medium enterprises.  They aren’t running 1000 seats and they don’t need their data screwed down tighter than Fort Knox.  In fact, on the lower end of the SME side of life, the time has come for them to bid adieu to their IT departments altogether.  They can have IT delivered to them as a service cheaper and more securely than they are getting it now.

One argument against BYOD is that “you must open up more information to the internet.”  I’m going to call bollocks here.  Done even halfway competently, BYOD allows you tighter control of your information than most businesses currently have.

Let’s consider the average SME today.  The average SME today has one (maybe two) overworked sysadmins.  When they are not trying to prop up the ancient servers, they are rebuilding (again) some desktop or stuck on some support call with a twit who can’t remember that “clicking” and “double clicking” are different.

These companies exist in an environment where half the company runs as local administrators because – despite their warnings against these behaviours by IT – alternative methods are simply less convenient.  SMEs are companies where the IT is in nearly every case not “proper” to begin with.  They aren’t set up by whitepaper and they aren’t managed and locked down like a fortune 500 company.

There are orders of magnitude more of these companies than there are organisation who are “doing it right” today.

Let’s centralise that

So what does a BYOD with VDI and SaaS approach bring?  Well, first off it allows you to put everything in a single location.  No information arriving or departing by USB stick, CD, DVD or other physical manner.  The endpoints don’t get to talk to the core network unless they are locked down.  Everything else comes through an RDP session.

I’ve been running VDI on dozens of SMEs since 2005, and in all but one case, I haven’t had a single person notice that they can’t move files off the network (except through the internet) yet!  They just don’t care.  Everything they’d want to do with those files they can; through RDP.  (Yes, we block RDP file transfer, USB pass-through, etc.)

AHA, you say!  A weakness in his argument!  They can move files around using the internets!  The internets are scary and filled with lolcats!  We must prevent this at all costs!

Bah, I say.  This is what IDSes are for.  Have you met Palo Alto networks?  (http://www.paloaltonetworks.com/index.php).  They have IDS/IDP systems that wreck everything everyone else can bring to bear in this space.  Dirt cheap, application aware, simple to configure.  Even my precious Linux boxen configured as network-sniffing IDS/IPS systems simply can’t compete.

Suddenly, I can manage the band instead of the box.  Sure, you can move information off the network using the internet, but I can monitor and restrict it with an appliance.  A simple plug-and-play appliance that a twelve year old could manage.  Here is a great example of the commoditisation of IT.  What 10 years ago was deep voodoo now comes in a nice pre-canned box that simply does the thing for you.

So now we’ve got a great big ball of everything living in the datacenter, maybe with a few select SaaSy apps on the web.  It all goes through an awesome IDS/IPS which allows me to filter it, and I even work with my SaaS providers to ensure that our instances of the SaaSy applications have logins restricted to selected IPs.

The only way you are getting information off of this network is to take a photograph of someone’s screen while they are RDPed in.  If you are honestly concerned about this; if this is a legitimate security threat to you, then you are either dangerously paranoid, or you work in the kind of organisation that has enough qualified and competent IT personnel that you should be talking to them about this topic instead of reading my blog.  (Suffice it to say that even this risk is one that can be mitigated using any of a number of different technologies.)  This is a realm of infosec paranoia that is simply out of scope of this post.

I want my computer, and my data too!

The inevitable argument is “well, that’s not true BYOD!  In a real BYOD environment, people can use files on their computers!”

Quite right.

But that’s where BYOD gives awesome options.  Most people don’t need this, so they can (and will) use RDP.  If you want to do things local to your system, then you have to accept some restrictions.  Management software has to be put on your PC, and it will restrict what you are able to do.  Mobile Device Management for the cell phones and tablets, Puppet for  Macs and Linux boxen and Active Directory join for my Windows boxes.

The choice is up to the end user.  BYOD and third-party management software has allowed me to provide greater security than I would otherwise be allowed to provide by the business owners under a more traditional model.  Why?  Because BYOD gets the convenience part of the security/convenience equation right.

The argument that BYOD is usually/probably “bad” is rooted in several assumptions that just don’t hold true for the vast majority of the world.  The first: that BYOD is being implemented in an environment that is properly setup already.  This is almost never the case.  The second, that IT has the kind of pull within an organisation that they can set things up properly and manage by fiat and edict.  Again; when are you from, 2000?

Circle the wagons

In these organisations, BYOD is probably not a consideration.  IT still has their little empire, and they will viciously and vociferously defend it against all comers.  Here, we have the talent and knowledge to pull off BYOD properly if they so choose, but they won’t if they can possibly avoid it.

And frankly, who cares?  These companies have something that works, proper security…they just don’t get any real benefit from BYOD beyond staff retention and a modification of CAPEX as a line item.  BYOD will cost them more than their current setup if for no other reason that you will have to cram it down the throats of IT.

In such a scenario, IT will make the entire project as miserable as possible, most going to far as to actively sabotage it.  Unless the company is willing to functionally jettison their entire IT department (some have) in order to see the project through – and thus changing how IT is delivered across the company – BYOD holds no value.

Fine, cool.  Wunderbar.  We have proven that BYOD is not a magic solution for all companies in all cases.  Who has ever claimed that it was?

My previous arguments on this topic have argued – quite simply – that no company is going to go out of business for deploying it.  SMEs either have or they don’t have the talent to deploy this.  If they do have, then their guys will probably jump all over it as a chance to (finally) do some real security in the enterprise.  If they don’t, then they will bring in consultants/contractors – myself, say – who know this stuff cold and deliver the transition as a proper service.

If the company is large enough (and with a well enough set up extant IT apparatus) that the benefits of BYOD are marginal to begin with, then they already have the IT guys who are fully capable of pulling this off properly and securely, should they choose to do so.

BYOD is not a risk.  It isn’t a security threat.  It isn’t a disaster waiting to happen and it isn’t automatically – or even in most cases – a negative approach to computing.  Quite the opposite, for the vast majority of organisations it provides the opportunity to significantly simplify their IT delivery.

BYOD offers the chance to properly secure the IT of these organisations; what’s more, it offers the chance to do both in a convenient way that won’t see the sort of end user and management push-back that results in insecure IT in the first place.

Just who are you, really?  And why are you here?

More interesting to me are those organisations that steadfastly and ardently resist BYOD.  What else are they resisting?  How “integrated into the needs of the business” are these fiefdoms of nerdly hegemony?

Are they organisations that practice DevOps?  Or are they siloed, each department peering over the rafters with a suspicious eye at the next, carefully protecting their budgets?  Are these departments agile?  Capable of adapting rapidly to changing demands?  Or are they rigid, inflexible, with a well established “change request system” whose primary function is to prevent change through the implementation of excess bureaucracy?

Are these IT departments that care about the good of the company, or is “them” separate from “us?”  Are they providing optimal service to the business with their extant systems, or are they an anchor that has to be tugged at any time change needs to occur?

In my personal experience, IT departments that are most integrated with the needs of the businesses are ones that were doing DevOps before DevOps had a name.  They are ones where the head sysadmin isn’t just a sysadmin, but is in fact a full participant of the business-side meetings.  IT in these organisations helps plan company strategy and has the corporate security clearance to know what’s coming down the pipe.  This close integration allows IT to plan to meet business needs not just now, but 6 months, a year, 5 years from now.

IT delivery in these agile organisations is shaped not against a whitepaper, or to protect someone’s job…but to meet the exacting and specific requirements of the business in the most efficient possible way.  IT here isn’t a department, and they aren’t a “cost center.”  They aren’t a silo or an empire.  They are part of the team.  They work hard to make the business perform, and they are rewarded accordingly.

IT in these agile organisations isn’t really “IT” at all.  They aren’t grunts twiddling with boxes and networks, they are fully fledged members of the management hierarchy.  The IT services they provide are generally either off-the-shelf pre-canned appliances, provided by contracts that the internal IT department project managed, or are customer in-house solutions developed and maintained in a DevOps style.

Also in my experience, the larger the company gets, the LESS likely it is that this sort of agility and business-line integration exists within the IT department.  And again, also in my experience, the IT departments that have this level of integration with the business would read this post and laugh their asses off.

They’d laugh because they went BYOD before BYOD had a name.  These sorts of integrated, agile IT departments didn’t implement BYOD to jump on a trend.  They implemented BYOD so they could get out of the businesses of playing nursemaid to endpoints and focus on the business of growing the business itself.


Tags: , ,

I have had the opportunity to play around with Tweetwipe.  It’s an interesting webapp with a sole purpose: to delete all the tweets in your Twitter account.  It – more or less – does what it says on the tin.  There are a few caveats; some by design, some beyond the control of the tool’s developer.

The first caveat is that Tweetwipe does not delete any of your retweets.  Personally, I think that’s a decent feature, but not everyone will agree.  A tickbox for “nuke the retweets too” would be useful.

The other caveat is that it simply is not going to work all in one go.  If you have more than a handful of tweets, the Twitter API will blow up somewhere.  Refreshing the page and restarting the process does work.

This second caveat is interesting.  It allows for a weird method to map out the load demands placed upon twitter.  Some passes would delete 150+ tweets after leaving the tool open for an hour, some passes would delete less than 4.

A bizarre item that I discovered is that Tweetwipe will delete far more tweets/hour if you occasionally refresh Twitlan’s delete tool.  The only explanation I can come up with is that since the Twitlan delete tool creates a list of as many tweets as you specify, it must cause twitter to cache all your tweets.  This makes them available to Tweetwipe within whatever bizarre timeout limits are hindering its use of the Twitter API.

Overall, it took me about 48 hours to delete ~2000 tweets.  That is onerous, and I find the entire concept interesting.  What of those who – today – are in their early teens?  Making public fools of themselves for potentially years, and then later reaching an age where they would like to erase their past digital transgressions as they prepare for the job market.

Already, there have been numerous instances of people being fired – or even sued – because of what they have posted on social media.  That it should be so difficult to “unpost” things in bulk – for whatever reason – has interesting long term social implications.

© 2009 drink the sweet feeling of the colour zero. All Rights Reserved.

This blog is powered by the Wordpress platform and beach rentals.