Monday, May 21, 2007

Why To Sell NOVL, Part 2 - OES Patching Issues

In January, I posted an entry out of raw frustration resulting from a series of experiences and announcements with and from Novell. The straw that broke the camel's back was related to their misguided BorderManager / Novell Security Manager statement (So long, linux - hello, NetWare). However, a huge heap of the load was due to the unbelievably poor method Novell chose for applying patches to OES on SLES.

In October of 2006, during an executive briefing I attended, I had raised this issue to a Novell OES product manager. I'm no longer certain what this title entails, since there's an awful lot of product managers at Novell, and they don't seem to talk to one another.

The product manager's expression was one of simple acquiesence - he understood that our request to split patches into several channels (rather than one, as it is today), was one that made sense and would be very simple to implement.

Fast forward 4 months, and we're in January - still no separate "stable" or "critical" OES patch channel...everything's still coming down in one big clump.

Fast forward another 4 months, and we're in May - where we've just completed another conference call with another OES Product Manager who agrees that ZLM is a poor method for applying patches to production servers, and who thinks the concept of splitting OES patches into multiple channels is a valid, actionable idea.

Novell have committed to us that they'd let us know by this week if/when they can make this happen, and if not, why. The alternative is to wait for OES 2, since that's when they intend to make this 'better', but in a way that leaves OES SP2 adopters in the cold.

It seems that there really are very few people who have made the leap from NetWare to OES on SLES as we have. Our move was one of necessity - NetWare wasn't stable enough to run the mix of services we needed on a single platform any longer. In speaking to a Collaboration SE last week, we agreed that Novell could do a better job of reducing barriers to adoption - like putting placeholder scripts on OES systems that mimic the look & feel of the old C-Worthy interfaces we enjoyed (like DSREPAIR, MONITOR, etc). Even if it doesn't look the same, it can at least tell you what options to put on the command line or present a menu of common tasks.

CoolSolutions has such a script for DSREPAIR specifically - originally written for eDirectory on Solaris, by an enthusiastic user. It's a brilliant idea, and eliminates one big reason that people have for not going to OES on SLES.

If you had to get training to learn a new server OS, would you pursue a niche product like OES, or would you just sell out and run Windows like everyone else in the world?

There's lots that Novell still doesn't understand about the market and their customers, unfortunately.

That said, we were treated to an overview of new features in OES 2, and from the sounds of it, we could really make use of those enhancements. Still waiting on more details, but our fingers are crossed.

Everything You Know About Desktop Security is Wrong

This is what Ivan Kristic told an audience in Australia at their annual AusCERT conference. Kristic should know a thing or two, as he authored ''The Official Ubuntu Book". Here's some of the more interesting things he had to say during his keynote.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9020061&source=NLT_AM&nlid=1

"Everything you know about desktop security is wrong. Desktop security is about the user not protocols and algorithms," he said, adding that 75 percent of machines are infected with malware.

"Today, there are more than 100,000 known viruses, not to mention spam and phishing and that is because we rely on users to make choices about things they don't understand."

To reinforce his point, Krstic showed how a user interprets a pop-up dialogue box that appears on their screen.

"To a user it simply says: "Blah blah, technical terms, I don't understand, blah blah."

"Then it will ask the user to press 'yes,' 'allow,' or 'permit'.

"Of course they will click on 'yes,' 'allow,' or 'permit' because it rewards them by letting them get back to work. We are training users to ignore security and rewarding them for it," Krstic explained.

Kind of makes the Mac ad where PC is constantly interrupted by a security "agent" a lot less humorous, doesn't it? Kristic asked "how did we get here", probably in reference to Linux specifically. The answer would be, "By following Microsoft." Instead of doing the hard work of either writing secure code to begin with, or the somewhat more difficult work of setting default behaviors with security in mind, Microsoft shoves the entire burden of system integrity to end users who barely know how to set headers and footers in Word.

I have no expectations that Microsoft market share will erode significantly this decade, but if past performance is an indicator of future behavior, I think it's safe to say that Microsoft will never get it...leaving itself open to marginalization by whomever gets this stuff right. Easy. Inexpensive. Secure. Feature-rich. Powerful. Fast. It simply has to happen.

Friday, March 30, 2007

Staying Red, Part 2

Back in May of 2006, I wrote about the fact that Ken Muir had taken over the GroupWise product at Novell and how his presence there alone caused us to place on hold our disdain for their flagship collaboration product.

Today, Ken commented on that post and asked if I'd provide an update on our experience with GroupWise since 7.0 SP1. Despite my other issues with Novell's general direction and execution, as hoped, GroupWise has been polished into a state nearly befitting a crown jewel.

We run GroupWise 7.0 SP1 exclusively on Linux, and since my days here, our GroupWise systems have never been as stable or feature rich. SP1 was a home run for Ken and his team, proving that he's able to lead and deliver excellence in both gilded halls and gloomy basements.

As you've no doubt read, I've converted to a MacBook Pro recently...it's now my sole production computer. I've cleared my desk of the IBM T42p, the docking station, second monitor, external keyboard and mouse, etc., in favor of two cables - the Mag Safe power supply, and my external speakers. Sure, I had to deploy 802.11g access points, but people have been asking for that anyway (grin).

The Mac client for GroupWise isn't bad per se, but it's not on-par with the features in the Windows GW7 client. It's very much like GW 6.5 on Windows, but slower (thanks again, Java). I know Ken intends for GroupWise to be feature-identical on all platforms, and I sincerely hope that happens soon with a native-binary version of GW on OSX. I must however say that a recent e-mail discussion with Novell's John Dragoon was a bit more tepid toward Mac's than Ken and his group. Ken, I sincerely hope the pro-Mac mindset prevails - at least until SLED is a realistic competitor in the non-Windows space.

During the Mac evaluation, I was using their native Mail application (along with Mac's iCal and Address Book) over IMAP. I was frustrated by the way iCal in particular looked for appointments from Mail, and quickly found myself missing features like "Forward as Attachment". What GW lacks in visual appeal, it more than makes up for in functionality.

I wasn't in attendance at BrainShare this year, so I cannot speak to the new release of GroupWise and what it intends to do with regard to Exchange/Outlook feature parity and collaboration in general (much more important than keeping up with the Redmond Joneses to me). Ken provided some links, which I've included below, for those who may find themselves among the masses abandoning the S.S. Microsoft.

GroupWise "Bonsai" Demos - http://www.gwava.com/gwavacast/?p=14

Friday BrainShare 2007 Keynote w/ GW Demo - http://www.novell.com/brainshare/general_sessions07.html (about 1:10 minutes into the stream)

Per Ken, "As always, you and all customers have an open line to me. kmuir@novell.com"

Ken remains excited for Novell's future, and in so far as he's able to rally people elsewhere in the company around his principles and standards, he's probably right to be. There's still a very, very long row to hoe in Utah.

Monday, March 26, 2007

Of Fruits and Vegetables

For several months, my VP and I have been having somewhat informal, tongue-in-cheek discussions about adoption of Mac systems. We've been so frustrated by Dell (in the past), and now IBM, in addition to being faced with an avalanche named Windows Vista, that we're ready to look at any alternative.

I'd evaluated SLED 10 from Novell late last year, and found it to be somewhat half-baked. I had to re-install GroupWise twice, and rebuild the entire system three times in the span of about a month. Simple stuff like dual-monitor support and switching wireless networks from work to home were exceptionally cumbersome on my IBM T43p eval system. I gave up and went back to Windows XP on my now two-year-old T42p.

So, the frustration had been mounting again, and I offered that I could get a MacBook Pro to evaluate from Apple's refurb store for relatively cheap. My VP wasn't at all hesitant to OK the endeavor. And so now, here I am, updating this Blog on a shiny new-to-me 17" Glossy MacBook Pro. 2GB of RAM, 8x SuperDrive, AirPort Extreme wireless, 160GB HD, 2.33GHz Core 2 Duo processor, etc.

I can sum up my impression of the MacBook I've been using for the past month in one word. Unbelievable. This is EXACTLY how technology is supposed to work. Call Steve Jobs whatever you want, the end result is the most evolved, refined, performant, and impeccably crafted work of functional art ever to communicate on a LAN. EVERYTHING about it is art. EVERYTHING about it's interface and operation is frighteningly simplified. It's as if Apple has been studying human behavior for the past 20 years, and developed an OS interface that plugs directly in to your psyche.

The challenge isn't in learning how to use it, the challenge is in learning how to break it. The shackles we bear from years of Windows use are tough to shed, but the feeling is very rewarding when you eventually do something you'd have thought wasn't possible. This is what drag-and-drop is supposed to be. This is what plug-and-play is supposed to be. This is what a computer is supposed to look and act like. Forget everything else you've been using - I've used them all, too, and I'm here today to tell you this: they're all toys.

Sadly, the vegetables in this story are the vendors in the enterprise management space. I know far too little about how to manage Apple equipment. Perhaps I'm well ahead of the curve for the first time since beta-testing ZEN 1.0...but I don't think I should be. OS X is a mature operating system, not some garage-based skunkworks project. The mystery to me is that vendors like Novell, etc. haven't woken up to the fact that they build the eggs from which these chickens will hatch. Apple won't find mainstream adoption in heterogeneous environments based on the state of our industry today. That can only mean two things...1) a lifetime of a Microsoft-based, super-homogenous, mind-numbing, unrewarding IT as a whipping-post approach to IT, or 2) a lifetime of an Apple-based, equally homogenous, mind-numbing, smash a square peg into a round hole approach to IT. Neither is very attractive.

Here's hoping the fruits can influence some of the vegetables to grow some seeds.

Wednesday, February 21, 2007

Wasting Energy on Energy Preservation

The ridiculously myopic Energy Preservation Act of 2005 mandated that Daylight Savings Time - a predictable fixture for longer than I've been alive - would be modified to start sooner and end later.

Hilarity ensues.

Unlike the Y2K issue, EPA2005 approached rather unexpectedly. Much like Y2k, however, it highlights the remarkably poor, closed-minded job software companies do at planning and developing software.

As one might expect, nothing is immune from the DST change. And, as cynics would bet, patches for this issue wouldn't be available until mere months before the change was to take place - spinning IT departments into instant crisis mode. "Yes, we would have fixed this sooner, but *none* of our vendors got it right." Keep in mind that this was the Energy Preservation Act of 2005. It's now firmly 2007, and we're just now in possession of all the patches we require.

So, again, the entire IT industry looks like a bunch of children who couldn't plan their way out of a wet paper bag. This should be a very, very easy problem for IT departments to fix. OS vendors would simply issue patches that contain the new DST start and end dates...we apply them...end of story.

W r o n g .

Turns out that very few applications rely on their host OS to tell them the correct time.

. . .

So, the fun begins. The insidious plague - the scourge of mankind - the boil on the face of IT known as Java - keeps it's own time. Each JRE keeps it's own time. And as you've read here before, seems like Sun has never embraced "backwards compatibility" as it applies to Java. So in short, just about everything we have that runs on Java needs it's own patch. Nice.

It gets worse.

Novell GroupWise needs patches too. Again, it runs on servers whose time MUST be kept in synchronization with one another. I understand that WebAccess might need to know the new parameters....actually, no I don't. I also don't understand why the GroupWise SMTP server, or GWIA, can't just ask the OS "Hey, what time is it?" now and again. I don't understand why the GroupWise CLIENT, which runs on WINDOWS, which KNOWS THE TIME, can't figure out from the OS itself what time it is, let alone the DATE.

It all confuses me. It's all ignorant. It's an embarrassment for anyone other than an OS vendor or hardware platform vendor with a proprietary embedded kernel (like Palm, RIM, etc) to require patches for the changes to DST. If you have custody over an IT shop of any size and haven't figured out NTP, you're a bozo and need to turn in your resignation right now. If you're a software developer and think that YOU know better than anyone else how to track time, you need to smash your computer with a sledge hammer and never ever touch one again. The sooner, the better.

In the mean time, those of us whose laps receive the problems and challenges that nobody else has the guts or brains to tackle - the enterprise IT professionals - will dutifully go about cleaning up someone else's mess....again.

Monday, February 05, 2007

Computerworld's "Vista" About Face

Interesting how the tone & tenor of Computerworld regarding Windows Vista has changed post-launch.

An article on Vista today begins like this:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9010188&source=NLT_AM&nlid=1

Microsoft is losing consumer operating system market share to Apple for many reasons, but most of those reasons can be oversimplified thus: Mac OS is simple, and Windows is complicated. That's why it may be such a costly error for Microsoft to make the Vista upgrade such a confusing mess.

Until today, even experts couldn't tell you off the top of their heads the differences between each of the many Vista versions -- or even how many versions there are -- or what the basic requirements are for the Upgrade versions. Ordinary consumers are baffled to the point of paralysis.

I have to say that my next PC will probably be an iMac, as my 8-year-old HP Pavilion is showing it's age. The 24" version is particularly stunning. That said, a MacBook Pro isn't out of the picture.

Back to the press...in Big 12 country, the Sooner State is again a bit ahead of the curve...pity for them. Listen to the way Computerworld opens this article:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9010230&source=NLT_PM&nlid=8

Unlike most large organizations, the University of Oklahoma plans to deploy Windows Vista on more than one quarter of its 65,000 PCs by the end of this year.

Because of those early migration plans, Dennis Aebersold, the university's CIO, is already well versed in the new operating system's volume activation features.

But Aebersold was disappointed to find that Microsoft Corp. has yet to release its Volume Activation Management Tool, which the school needs in order to use a proxy server to centrally activate multiple Vista desktops via a single connection to Microsoft's systems.

To meet Microsoft's requirement that Vista be activated and validated on systems within 30 days of installation, the university also plans to use an internally hosted Key Management Service developed by Microsoft to support automatic activations.

But Matt Singleton, the school's director of IT services, voiced concerns about that method of activation as well. He said Microsoft's KMS offers no user-based authentication, so to enable students who aren't connected to the university's network to activate Vista, the IT department will have to customize its firewall rules to allow only authorized users to access the system running the KMS.

"We believe the new volume-activation process can be beneficial for license compliance purposes," Aebersold said. "But the existing tools need more work and should have been released sooner."

Sooner...(chuckle).

Regular readers of this blog (all of whom have too much free time on their hands) will note that I view just about everything from Redmond as suspect...it's the stuff from Speen St. that I usually trust a bit more. In my opinion, Computerworld's coverage of Microsoft as it applies to Vista has been all over the map - especially as it applies to their electronic content - to the point that one could make a good case against them as a reputable, independent journal.

Having corresponded with Don Tenant, I know he'd find this troubling and unacceptable. I hope he has a chance to see how wide an arc his publication has travelled with regard to it's "positions" on Vista.

Monday, January 29, 2007

On SOA and Windows Vista

There have been a couple of headlines recently in a Computerworld "First Look" e-mail I receive at least once a day during the work week, that I found humorous in a "well duh..." kind of way.

The first (well, pair) indicated that IT Execs weren't sold on Vista, and questioned whether or not Vista presented a realistic ROI case for companies.

I'll save you some reading. IT Execs aren't sold on Vista because it doesn't present a realistic ROI case.

There's absolutely no compelling reason to dive into Vista and the accompanying support & engineering issues it will cause, much less Office 2007 (which completely and arbitrarily changed a very familiar user interface to one that is, well, obfuscatoryd at best), when 95% of corporate users don't use 10% of the product's capabilities. It's no secret that most people need simple formulas, a spell-checker/grammar-checker, maybe mail-merge, and that's about it.

OpenOffice is a technology looking at square miles worth of fertile black soil in which it can grow. Microsoft, just like Novell, have finally leapfrogged their customers by a significant enough distance to give it a real opportunity. Microsoft seem to think that people are so keen on SharePoint that they'll move heaven and earth to get better integration with it. I'm not sure they've seen the numbers contrasting Office seats to SharePoint seats, but I'm pretty sure it's a damned big gap.

Fortunately, Computerworld has finally been changing it's spin on the Vista story to one reflecting the skepticism that exists rather widely within the professional ranks, from one that had praised it (in nothing short of a biased manner) as the second coming of distributed computing. I almost stopped reading these e-mails because they were becoming an incessant Vista lovefest - something I don't think Don Tenant would particularly relish, but something I don't think he oversees directly.

The second article was buried as a "Tech pick", and was titled "What's holding back SOA?".

"Since about 2003, service-oriented architecture (SOA) has been touted as
the network-based, next-generation computing environment, replacing the
client/server architecture of the 1990s.

Industry leaders like Bill Gates have made brave predictions about a future in which their applications will live across the Internet, and developers will meet specific needs by combining functions from these networked applications on an almost ad hoc basis.

So what has happened in the past three or four years? On the surface, it might seem
very little. "Looking back, a lot of people were talking about this, and even among the vendors, you hear a variety of interpretations as to what SOA will be and what you will need," says Ettienne Reinecke, group chief technology officer at global IT solutions provider
Dimension Data."

Well, duh. SOA represents a remarkably esoteric theory for how you can keep developers from 'reinventing the wheel' - not just theirs, but any wheel. It's not anything you can buy, just a suggestion for stuff you should do if you develop a lot of web software. (Mainstream, eh?)

Ideally, if you're Amazon.com, you wouldn't need to write software that handled credit card transactions for your website - you could use someone elses (a bank, for instance), which they've offered as a "Web Service".

The problem is twofold - first, you have to ensure that just about everything you've ever written can be compartmentalized in such a way that software others in your company write *and* software others in the world write, can use the components of your code that they need without having to rewrite it themselves.

Secondly, you have to figure out how you will determine when someone makes a request of your service, what information you need from them, what you'll send back, how you'll secure the transmission of that information, etc. Of course, the methods you work out here will need to be the same for everyone who may potentially ever use them, and vice-versa.

So the question answers itself. It's not going anywhere because, much like EDI, there are only a fraction of companies and people in the world who can understand all of the details that go into making SOA work, and who can use SOA in such a way that the time invested in using SOA is significantly less than the time it saves future development efforts.

If you only develop software for your own company, why in the world would you care how reusable your components are using Web Services standards or protocols? If you do care, and you have the resources to understand and implement SOA principles (because SOA isn't a product, it's an idea), what are you waiting for?

Tech writers love to latch on to SOA and predict that it'll be "everywhere" and be "revolutionary", much the way Steve Jobs predicted the Segway scooter would change the way cities are built, and very unlike the way Bill Gates thought nobody would ever need more than 640k of RAM in a personal computer.

I guess boring, accurate stories don't sell magazines. Pity, that.

Friday, January 26, 2007

Why to sell NOVL

The 'break' over the holidays has been very refreshing, at least until this week. A half-dozen small issues & developments served to remind me that some things will never change. I typically speak out against the pessimistic mindset that causes people to stop challenging their environment, limitations, etc. Today, a little part of the optimist in me is dead.

At my own company, we've gone from projections of excellent financial performance across the board to a "batten down the hatches" mantra where any expenditure must be absolutely necessary - somewhat frightening for a company as static, mature, and large as ours.

Worse yet, at Novell, the message regarding the death of Novell Security Manager by Astaro as a product offering was bred with the announcement that the formerly deceased BorderManager on NetWare would be reincarnated. BorderManager is a notoriously bad enterprise firewall product - bad in that it had great potential that was amputated by horrible design decisions (not the least of which was running an IP-based appliance on a kernel to which IP is foreign). So now it's back, and as of 2/1/07, you won't be able to buy a Linux-based firewall product from Novell...the world's leader of Linux solutions. Eventually they'll have a Linux-based product that does some of what BorderManager/NSM does, but that'll be much later. Worse yet, as owners of NSM, you'll have to re-purchase Astaro should you choose to remain on that product.

Bind this with the as yet unresolved problems of OES Linux patches coming down in giant snowballs filled with new issues top-to-bottom (suddenly, things break, and YaST - the big SuSE differentiator - has to be mothballed if you use RUG); GroupWise's continuing decline in market share (now roughly 5%) and growing feature gap relative to the major e-mail systems (SharePoint anyone?); the utter inability for Novell to have capitalized on any of the positive momentum with which they were bestowed in the Linux space...and the piece de resistance - my sweetheart product, the cornerstone of my career as an engineer, is decoupling itself from eDirectory.

That's right - ZENworks will no longer support eDirectory natively.

You'll hear it referred to differently, but they're basically eschewing eDirectory, ConsoleOne, and iManager in favor of their own mini-directory and web-based management interface. It will presumably synchronize in some fashion from eDirectory, but will definitely present brand new challenges from the standpoint of delivering applications for those of us who have "followed the rules" for the past decade.

The culmination of these recent discoveries combined with the wisdom of hindsight have led me to the following conclusion. Novell is a company without leadership capable of governing and channeling their product development efforts. They develop methods and technologies, and run them unbridled to their logical ends at a pace 4-5 times faster than customers can adopt them. Their history is rife with examples (except for GroupWise). Novell Portal Services - dead before it had a chance. DeFrame (the ZEN component that seamlessly integrated delivery of terminal-server based applications) - similarly fated. (Sounds cool, doesn't it? Well, you can't have it anymore). SilverStream / exteNd - not exactly pushing this anymore, are they. Don't worry, you'd never have been able to do the stuff they showed at BrainShare anyway.

If you're still carrying stock, you missed your chance to bail out and take the tax break before 12/31/06. So you have two choices. Bail out now and send a message, or wait until your tax picture for 2007 becomes clearer and bail out then. But whatever you do, DON'T hold NOVL long hoping for a turnaround. It won't happen. Ever. Not Ron Hovsepian, Chris Stone, or Jesus H. Christ himself could change the culture significantly enough in Happy Valley to keep Novell from shooting itself in one foot as it sprints ahead of it's customers with the other.

It's a sad day when someone like myself - a former Novell employee, and long-time champion of their vision & product set - says to his VP (of our Novell products) "If you told me tomorrow to get rid of all this crap, I'd say 'fine'." You fight for the people who fight for you - the people who back you up and make you look good for choosing them. It's just not a fight worth choosing anymore.