tag:blogger.com,1999:blog-136722272024-03-13T23:12:37.566-05:00Diary of a ZEN MasterAn enterprise IT manager tells it like it is.Unknownnoreply@blogger.comBlogger105125tag:blogger.com,1999:blog-13672227.post-86146408079404418922014-10-06T12:22:00.004-05:002015-08-10T09:07:44.703-05:00How To Foil Chinese HackersI saw the news article today where FBI director James Comey drew an analogy between Chinese hackers and drunken thieves. If only there were a way to totally insulate one's self from attacks which emanate in hostile foreign countries. </sarcasm><br />
<br />
If you have custody over a network with internet accessibility and don't have Country Blocking capabilities, get a new firewall that has this feature. Sophos' UTM appliance is a good example. <br />
<br />
Additional diligence by network administrators - especially when there is no legitimate opportunity or use case requiring access to or from China as an example - could render much of the discussion about Chinese hackers moot.<br />
<br />
Looking at websites like Norse that do data visualization for internet attacks on an awesome, 21st century version of the "War Games" big map (see http://map.norsecorp.com), show that the U.S. is under constant attack from foreign countries. Most attacks originate from predictable sources. Blocking any and all communication to or from those countries with prejudice is pretty effective, and if we're honest, has very little downside to a vast majority of private network operators.<br />
<br />
For our part, we have blocked incoming access from just about every country where we have no business interests (most of them), as well as outgoing access to many of those countries. This limits the attack surface for compromising machines, and limits the ability of any compromised machine to communicate with whomever is controlling it if they're offshore.<br />
<br />
In the movies, doing many hops between controlled systems to hide your tracks is made to look extremely simple - in reality, very few people have the time or inclination to pull this off. They're usually looking for targets of opportunity - don't give them any, and they'll move along.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-67732912890114316982014-10-01T15:35:00.001-05:002014-10-23T08:54:11.374-05:00The Fallacy of "Secure Email"We're having a rollicking good time lately working with emails that are coming to us using some form of "secure" delivery platform, as an alternative to actually encrypting email end-to-end, which everyone knows is not fun.<br />
<br />
Some background...companies big and small are increasingly offering some sort of secure email feature, especially if you use cloud providers like Symantec, Mimecast, Microsoft's Office365, etc. <br />
<br />
It sounds great - you don't have to do all of that pesky server configuration, etc., and you like your provider, so it'll be awesome, right? The thing is, they don't actually encrypt email delivered via SMTP. Which means, things are about to suck.<br />
<br />
Set aside for a moment the fact that "secure internet email" is an oxymoron of nearly biblical proportions - if you don't host your own email, someone else is reading all of it; if you do host your own email, someone else is still reading all of it, <i>but you at least know who that someone else is;</i> if you send email over the internet, someone else has read it - whether their geopolitical beliefs, conscience, and motives fit yours or not is scarcely relevant to the question of security. Email isn't secure. <a href="http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#History" target="_blank">Never has been.</a><br />
<br />
So naturally, if a company starts selling a solution to an impossible problem, someone is going to give it a shot. After all, nobody ever went broke by underestimating the intelligence of the average consumer, blah blah blah.<br />
<br />
How then, do you solve this impossible problem? Simple, you lie.<br />
<br />
When you compose and send a secure message through one of these platforms, the recipient doesn't actually get your message. They get an email containing a link informing them that a secure email message with subject such-and-such is ready for them to view. If they click the link, the friendly website will "securely" show them the sensitive contents.<br />
<br />
....<br />
<br />
Yes, you got it. The recipient has to create an account the "secure email delivery" service's system.<br />
<br />
Yes, they have to use the email address at which they received the message as their login ID.<br />
<br />
Yes, they get to create their own password.<br />
<br />
No, you don't get to make that password policy match your own.<br />
<br />
No, you don't get to do single sign-on between their service and your authentication system.<br />
<br />
No, you don't get to control how long those messages are stored on their service.<br />
<br />
No, you don't get to lock out that account when the employee leaves your company. Yes, if that person gets fired, they can still - potentially forever - get to the sensitive information that was sent to them, at the email address belonging to your company.<br />
<br />
Yes, if an attacker had already compromised the recipient's mailbox or credentials, they would also have the ability to control the account at these services and gain unfettered access to this sensitive information.<br />
<br />
<br />
Lots of unpleasant and colorful terms spring to mind as descriptors of what systems like this really are.<br />
<br />
The recipients don't know any of this, and shouldn't have to. They just need the information to do their jobs, so naturally they aren't very receptive to information security lectures by IT. But we can't just roll our eyes and sigh and 'fix it' - this isn't fixable. Using these stupid services wasn't our decision. We have no control over it, we just know it is an absolutely terrible idea, is totally unsupportable, opens up dozens of new areas of risk, and adds zero value for all the effort.<br />
<br />
There are, or may be, some services that bypass this patently idiotic system of creating additional attack vectors for identities altogether. One interesting method is that the email is printed to a PDF, secured with a password, and delivered directly to the recipient. The recipient would need to contact the sender for the password. It's a far, far better idea - no third party websites or accounts to worry about managing, no transmission of information in clear text, an attacker with mailbox access wouldn't be able to see the contents without the password (transmitted by phone in-person), and even sysadmins wouldn't reasonably be able to see the contents on either side.<br />
<br />
This would be a viable solution, but Microsoft doesn't offer this service to O365 customers (or anyone). Their one redeeming quality, if you happen to be an O365 customer already, is that through Azure AD and Dirsync configuration, you can at least - sort of - do single sign-on management of login accounts used by recipients. That of course assumes the recipient knows not to create a new Live ID when they receive an email, and have been trained on the (as of this time undocumented) steps to login with their company-managed account.<br />
<br />
Many other banana-headed services that have barraged us lately don't offer secure PDF delivery either, unknowingly victimizing plenty of well intended but utterly ignorant companies buying the latest flavor of silicon snake oil.<br />
<br />
And to think, there's so much opposition to teaching critical thinking skills in our public schools...<br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-79964237681230011192014-09-30T22:02:00.001-05:002014-09-30T22:07:46.440-05:00Microsoft Windows Phone 8.1's Insipid KeyboardI can't believe how few search engine results there are for the question of how to disable the stupid, pointless, idiotic smileys / emoticons / emojis button on the Windows Phone 8.1 keyboard. Typing using any method other than the swipe or tapatalk method is absolutely futile - it is the worst touch keyboard I have ever used, and matters aren't helped at all by the inclusion of a "smiley" key.<br />
<br />
Located perilously close to the comma, shift, Z, and number shift key, the stupid "smiley" key pops up randomly - usually as I'm expecting a comma to appear, and given that I can type in excess of 80wpm, the result is a string of unintelligible miniature images that add absolutely no value whatsoever to adult businesspeople. If the kids want it, fine, but why in the heck can we not turn it off - or download another keyboard 'language' that doesn't include this dumb thing? Why is information on this question so hard to come by?<br />
<br />
I know that Ballmer is gone now and that huge companies don't change overnight, but it's difficult to take seriously much of what Microsoft is trying to do as innovators when they don't take themselves seriously.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-35203069521101010712014-09-15T16:26:00.003-05:002014-09-15T16:26:36.183-05:00Eulogizing the LudditeIn the early 19th century, the advancement of technology was seen as a threat by some people who feared it would take away their jobs. Rather than viewing technologies as tools to help them do more with less effort and better results, they took the view that their cherished and long-honed skills were meaningless and viewed it as a threat. Rather than embracing the potential benefits, they opposed them vociferously. These people were referred to as Luddites (history varies as to why).<br />
<br />
Today, a true Luddite would be a pretty rare spectacle indeed - shamelessly decrying technology as a threat to their livelihoods, failing (perhaps on purpose) to see how it could allow them to achieve things they would not have been able to otherwise. <br />
<br />
However long ago the eulogy for the Luddite was read, their kind have not vanished from the landscape. They're still among us today, as something far worse - the apologetic, self-hating Luddite.<br />
<br />
There's a line in time that serves as an almost insurmountable fence separating those who can develop a working mastery of information technology, and those who cannot for one reason or another. In my experience it seems to start with those born before 1965 - 1970, with those born later having generally no problems at all utilizing technology to meet their desires, and those born before having generally no affinity nor use for technology in their daily lives.<br />
<br />
Here's the rub - lots of people born at or before that line in time have jobs as professional knowledge workers, requiring them to be proficient with technology.<br />
<br />
These people are perhaps the single biggest reason IT support organizations exist and remain busy. In the 30 or so years that information technology has been "a thing" in the enterprise, one constant has remained across time - lots of people don't get it, or don't want to get it, and most of them are old.<br />
<br />
We can spend forever attempting to determine why this is, and how to fix it, as though being a Luddite is an illness and we just haven't been able to cure it yet. My opinion is a lot more harsh, and it's borne from decades of being in the business - decades of doing grunt work for someone else making far more money than me, whose job I could do in my sleep, but who would drown within hours of attempting to do mine. That fundamental disparity leaves no room for sympathy.<br />
<br />
Time is marching on. Technology isn't going to plateau, nor slow down its advances, for anyone. At what point is it no longer acceptable for a person to be incapable of utilizing technology to accomplish their duties efficiently?<br />
<br />
Let's use the paradigm of technology as it applies to other tools & trades. How apt are we to hire, let alone pay a premium due to tenure for, a carpenter who is able only to use handsaws while young journeyman apprentices use power saws and the like with all the resulting increases in productivity? How apt are we to employ a fleet of salespeople who have leather-bound books to contain prospect lists and business cards instead of those familiar with Outlook and CRM solutions? How much patience would we have for automobile mechanics who were flummoxed by the array of sensors on modern vehicles, or who refused to avail themselves of pneumatic tools? How about the arborist who refused to use chain saws? How long will a factory last that won't employ machinery to perform rudimentary tasks such as pipe bending, stamping, etc?<br />
<br />
The rest of the world, in a larger majority every day, is employing technology to their benefit - be it information technology, machinery, robotics, automation, etc. In order for business plans to make sense and be competitive, there's an implicit mastery of technology written into the numbers. Efficiency isn't a great gift, it is an expectation. <br />
<br />
So the question remains, for those who don't get it - those who call their helpdesks to figure out how to use Excel, or send an email to several people, or print something that will staple and collate, and who all sheepishly say "I'm not very good with computers" as though that makes it all okay - how much longer do you expect the world to buy your excuses? How much longer will we have to carry your sorry, heavy, expensive butt?<br />
<br />
It's always easier to just help you out - meaning, do it for you, because if you understood it you'd have learned how to do it yourself the last time. But every time we do, believe us - we'd be a lot happier reading <i>your</i> eulogy.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-10769710210917862602014-07-18T15:58:00.005-05:002014-07-18T15:58:46.128-05:00Netgear ReadyNAS 516 is Not Ready for Enterprise NetworksI've been saddled with one of these dreaded things with a gun pointed to my head. Nothing can be worse.<br />
<br />
In any event, if you were to unbox and connect a Netgear ReadyNAS to your corporate network, and said ReadyNAS came from the factory with OS Version 6.0.8, and said network had a firewall that didn't allow any and every HTTP request to flow through it unfettered, you would have the same odd experience I had.<br />
<br />
You would log in with the default admin credentials, and be prompted to run through a wizard. You could cancel out of it or complete the steps - wouldn't matter. Either way, when the wizard exits, you would get a continual 'flashing' or cycling webpage. It would flash between a hint of the admin console, a box saying "Connection Lost", and the splash screen for the device. You would never be able to click on anything with any success. You could restore the OS, restore to factory defaults, and basically end up in the same death spiral.<br />
<br />
If however you looked at said firewall to see what traffic, if any, was hitting it from the IP used by the ReadyNAS, you'd see lots of HTTP requests going to subdomains of netgear.com and readynas.com, and even the stray IPv4 address. You might try to open them one at a time a la "whack-a-mole", or you would just allow all traffic from that IP address - like I did - which works.<br />
<br />
Thanks bags, Netgear, for again making the lives of IT professionals everywhere just a little more gruesome and unbearable.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-5563883926541423442014-04-29T08:29:00.002-05:002014-04-29T08:29:56.157-05:00On the Tail Wagging the DogI saw an article in Tech Republic today that rubbed me the wrong way. I probably should have ignored it, but it comes up so often, I had to capture my thoughts.<br />
<br />
The article was entitled "IT self-sabotage: Don't be your own worst enemy". By itself, that sounds like it may be valuable, but the article took less time to write than it did to read, and rehashed the same nonsense that has become pervasive in corporate America. Namely, there's no value in enterprise IT, so don't fight consumerization.<br />
<br />
http://www.techrepublic.com/article/it-self-sabotage-dont-be-your-own-worst-enemy/<br />
<br />
I could not disagree more with this mindset. It's nothing more than salve for the souls of the inadequate. The difference between a company with a strong IT leader who maintains their principles and doesn't succumb to every trend for which he has no immediate answer and a company willing to flop around like a water hose at full blast going wherever the flow takes it may not be immediately evident from the outside, but it will be startlingly clear to anyone who has been in both types of shops.<br />
<br />
Who is supposed to benefit from this article? Who is the audience? Certainly no-one in the enterprise space with a management role would be so obtuse as to adopt hardline stances absent any other mitigating factors; surely no-one is so facile and ill-equipped as to believe for a moment that the role of corporate/enterprise IT is to let the tail continually wag the dog, which is clearly what this article advises. Rubbish.<br />
<br />
IT has a unique perspective in many companies, in that it sees the broadest possible picture. IT recognizes benefits of standardization and architecture that extend beyond the interests of individual business units, who themselves are often unaware and/or unsympathetic to the fact that those interests can be at conflict with one-another. Deferring to the needs of the business as a policy means abdicating the important job of managing risk and ensuring that the entire organization runs smoothly and cost-effectively. It's ridiculous to dismiss that in favor of myopic trends such as 'consumerization', or in the name of being more friendly. Just because you can do something, it doesn't mean that you should. Consumerization for example, is a trend borne from a combination of overzealous, unqualified para-technicians masquerading as executives, and the eagerness of the technology sector to profit from them by legitimizing an otherwise (and historically) illegitimate tactic. The herd mentality on full display in all of it's resplendent glory...all the while, nobody has remembered to ask whether any of this stuff A) solves a real problem, and B) helps us generate more revenue, operate more profitably, and reduce (not simply rename) our risk.<br />
<br />
In my experience, if a company runs into an IT department which says "no" too often, it's because the company isn't asking the right questions - meaning that they aren't applying careful, critical thought to the decisions facing them, or even willfully ignoring the obvious, underlying problems which seldom if ever have anything to do with technology. IT might not (and should not) have all the answers about how to run a business, but they will certainly know when the business is about to dig themselves an enormous hole. If IT doesn't speak up (and say "no"), they aren't doing their job.<br />
<br />
To write up an article with insipid 'suggestions' such as these is of no more value than talking to someone for two minutes in a coffee shop line about their philosophy for enterprise architecture. There is so much assumed, so much not considered, that it hardly makes sense to waste the time publishing it.<br />
<div>
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-61219849923892166502012-06-27T09:12:00.004-05:002012-06-27T09:14:53.967-05:00On The Big SwitchThere is a school of thought, being echoed by no less a technology behemoth than Microsoft, that maintaining your own IT infrastructure will one day be as antiquated as maintaining your own power generation capability. In the past, they remind us, companies had to generate their own power - until reliable utility power generated centrally for broad use came to be. Suddenly it was no longer cost effective to make your own power. The problem comes from the leap of irrationality they make in drawing an analogy between that step in our industrial evolution, to the current practice of a company maintaining their own IT infrastructure leading inevitably towards a cloud model.<br />
<br />
On the surface, and only on the surface, this might counterbalance the fear of the "new" some folks might have. People didn't trust utility power at first, but they eventually learned that it was great and the cost savings were worth the risk. As it applies to utility power, certainly this is a sound argument.<br />
<br />
Two things to keep in mind though.<br />
<br />
1) Electricity is fungible; data isn't.<br />
<br />
2) Companies still have backup power systems for when (not if) the utility fails.<br />
<br />
<br />
The cost of maintaining redundant power is pretty reasonable. And in some cases, the cost of maintaining redundant data systems is reasonable. There are certainly use cases for cloud computing, but technology leaders are still exactly right to be critical of those who argue everything can, should, and will eventually be "in the cloud". If they end up being right, it will be by accident and will probably not look anything like they imagine it today. For now, outside those few "low business impact" use cases representing the lowest hanging fruit, the opinion of this technologist is that SaaS / Cloud / Web Hosted solutions struggle to do significantly more than exchange one set of problems for another. Not that there's anything wrong with that.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-9291999901032092602011-12-12T09:14:00.001-06:002014-09-30T22:04:45.698-05:00How Confused SysAdmins Are Rendering SPF UselessThe idea behind Sender Policy Framework (SPF) is to eliminate the possibility for spammers to send messages which appear to come from a given company or entity, even though nobody at that entity sent it. <br />
<br />
SMTP allows for this kind of impersonation because, by itself, nothing in SMTP ever checks to see that you are who you say you are in the FROM line. Remember that SMTP has been around longer than most system administrators and was built in a time when everyone on the internet knew everyone else by first name. "Trust" was never a design principle for the internet, and we've been dealing with the fallout ever since. The bottom line is that, as far as SMTP goes, you are who you say you are because you say so. If only it were that easy in real life.<br />
<br />
Enter the Sender Policy Framework. SPF is implemented by both senders (<a href="http://www.zytrax.com/books/dns/ch9/spf.html" target="_blank">as a DNS entry, saying "mail from me is going to come from the following addresses only"</a>), and receivers (by checking the IP address of the sender connecting to your system against the list of valid addresses for the domain they say they are at). Simple.<br />
<br />
The problem is this - if you don't implement SPF properly at both ends, it ends up causing more problems than it solves. Confused system administrators are likely to get this wrong, and are likely to be even more confused when you explain to them why they got it wrong and how to fix it. It's happening more and more often, and it's a pain.<br />
<br />
The bane of a mail administrator's existence is the false positive - that is, a message which is legitimate, but that got blocked or bounced erroneously by the cocktail of email protection mechanisms they employ. <br />
<br />
If as a receiver, you are not properly evaluating SPF for incoming messages, you are creating a problem for your users and the people trying to communicate with them by creating false positives in droves.<br />
<br />
Worse yet, if your default action when you think there's an SPF issue is to <b>bounce the message</b>, you eliminate any chance that a human being can spot the problem and bring it to your attention.<br />
<br />
Such is the case with tons of Barracuda anti-spam appliance users, who are responsible for a rash of "550 Rejecting for Sender Policy Framework" replies reaching support desks around the world.<br />
<br />
A proper implementation of SPF will evaluate the <b>IP address of the connecting system</b> against the list of allowed IP addresses for that sender's domain based on their DNS record for SPF. No more, no less. In the case of the Barracuda, their devices are erroneously evaluating not just the IP address of the connecting system, <b style="font-style: italic;">but the IP addresses of every hop along the way.</b> It is as if they inherently assume that even if the connecting system is in the SPF list, it is an open relay and is being abused by a spammer.<br />
<br />
We've seen screenshots of Barracuda administrative consoles, and for messages they blocked as false positives due to "Sender Policy Framework", the details reveal that an IP address of a server involved early in the relay was NOT in the SPF record for that domain - even though the server establishing the connection to the endpoint WAS in the SPF record for that domain. If you use a smarthost configuration, whereby your public-facing mail server always relays to a service "in the cloud" for anti-virus scanning, etc, you are very likely having this problem or will soon. Postini is a good example of this type of setup, but there are others.<br />
<br />
So both sides are using SPF, and both think that problems with SPF "violations" are the other one's fault. How do you tell who is right? Well, if you've already <a href="http://www.kitterman.com/spf/validate.html" target="_blank">validated your record against an SPF query tool</a>, a good source of arbitration is for a sender to send a message to <a href="http://www.port25.com/domainkeys/" target="_blank">Port25's SPF check service.</a> They'll send you a return message with full details about whether your message complies with SPF properly and if they'd have delivered it. Ours, for example, does comply with SPF properly. And largely, we have no issues, but lately we've seen a rise in bounced messages due to reported SPF problems, and in actual fact, they have all (every single one) come from Barracuda appliance owners.<br />
<br />
Plainly, if you are so dim witted as to put a Barracuda anti-spam appliance in place, little if any of this is making any sense. And that's the problem. What you're trying to do is admirable - cut down on spam. What you're really doing isn't - you're blocking legitimate email because you don't understand how this stuff works. Stop it. If you have a Barracuda, turn off SPF checking. It's broken, and you're eating up a lot of our time chasing issues that aren't in our sphere of influence. If you are unwilling to turn it off, see if you can adjust the default behavior for SPF violations to be something other than <b>BOUNCE. </b>Amateurs.Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-13672227.post-81599726077846153262011-11-16T11:14:00.000-06:002011-11-16T11:14:57.130-06:00You Can Toucha The MangoI've used enough iOS devices to know them inside and out. Simple, clean, no frills - much like Windows for Workgroups 3.1. It doesn't do a heck of a lot other than let you launch apps, and the apps don't really do much outside of their sandboxes.<div><br />
</div><div>Same with Android, with the exception of being able to tweak it to look and behave how you'd like. You can't really cover up the fact that it's little more than a platform for launching apps. The cases and screens may change, but at the end of the day, they appear to me no different than iPhones or iPads.</div><div><br />
</div><div>Both iOS and Android are essentially software showcases. They provide developers a nifty, powerful, portable stage to do their thing and a solid commerce mechanism to help them get paid. They're giant digital flea markets (or malls if you will) with everything you need from anyone who makes it, in one convenient spot. The iOS mall is very exclusive, and the Android mall is kind of like the run down joint in the bad end of town where the owner doesn't seem to know or care what happens as long as he gets his cut.</div><div><br />
</div><div>Color me uninspired. The Apple fanbois and Google fandroids can argue about which app launcher / flea market is better than the other. It's like arguing the difference between off-white and eggshell.</div><div><br />
</div><div>Enter (of all people) Microsoft. Yes, the same Microsoft who only ever accidentally trips over an extremely successful product. The same Microsoft with a total lack of coherence, consistency, or a compelling vision for how their products should improve people's lives. Slowly, it appears, they have been coming to grips with the world in which Apple and Google would see us live.</div><div><br />
</div><div>The living room is kind of where it all started. The XBOX 360 platform has been extremely popular, for all the right reasons. It works well. It looks dynamite. It's cheap. It's great with media. It has access to streaming content. It's audiophile and home theater enthusiast-friendly. It's small. It's WiFi. The games are compelling. The multiplayer Live experience is impressive. You don't need to be a rocket scientist to work it. Everyone has one. People continue to trust Microsoft to get it right, whether or not they realize it. A console from two or three years ago will still hang with the latest games, no issues. Brilliant. New stuff like Kinect works with any XBOX 360, no matter how old. Brilliant! Executives across the nation have ditched their Harley helmets for copies of Halo and Modern Warfare. It's cool to be a gamer...finally.</div><div><br />
</div><div>In another part of Redmond, another group of people appeared to have been told "find a spot in the mobile market where nobody else dares go, and own it." The result is impressive. Very impressive. Even if nobody knows it yet, it's <i>fantastic.</i></div><div><i><br />
</i></div><div>Windows Phone 7 was the best mobile user interface of any device ever, period. And it was flawed in some significant ways. There were lots of things you couldn't do with it that you should have been able to do, but at its core, WP7 was a completely different approach to smartphones. Revolutionary, really. Yes, there were some sandboxes, but the difference was that there were also cool Habitrail tunnels connecting them, and very smart hamsters trained to run back and forth.</div><div><br />
</div><div>For example, on WP7, a contact becomes an incredibly powerful thing. The phone almost magically combines everything you know about a person from every source you feed it - Exchange, GMail, LinkedIn, Facebook, etc, so that a person is represented in one "object". You don't need to download a bunch of apps to do it - it just knows, out of the box, that you're probably on several of those services.</div><div><br />
</div><div>Because of this, any action related to a contact is available just about everywhere. You can write on their Facebook wall, send them a tweet, a text message, an email, call them, pull up a map of where they work - all in one place. And you get to do it in what must be the best implementation of graphic arts ever employed in a user interface. It looks great, and it works phenomenally well.</div><div><br />
</div><div>Common bits of information are recognized everywhere. An address, for example - whether it be part of a contact, or your current location (the GPS is <i>freakishly </i>fast and the street address resolution feature is <i>freakishly</i> accurate) - is understood as an address. When you tap on an address, what should happen? A map should appear. What might people want to see in addition to a dot on a map? How about a list of nearby restaurants and things to do? What information should show up if you tap on one of those links? Everything. Phone number, hours, reviews from popular websites, who has checked in there on Facebook, spoken turn-by-turn driving or walking directions, etc. Everything of interest, that you would most likely want to do or know about a place or a person, has been captured and gorgeously integrated in an incredibly simple interface. Two taps simple.</div><div><br />
</div><div>The dependency on tethering to a computer appears to be somewhat diminished, but you will need Zune on PC (or the Mac plugin thingy) to do some things. The good news for PC folks is that the latest Zune is also beautifully designed and simple to use. Microsoft is doing some absolutely remarkable things in terms of user interface. It just works. Hardly a row/column table to be found anywhere. There are definitely feature issues in Zune, but someone else can dive into that. I'm just happy (actually, ecstatic) that Microsoft is demonstrating a capability approaching mastery of the user interface and that the penny has dropped for them in terms of making deep, meaningful interoperability of their various products and platforms <i>a priority. </i>SharePoint, Lync, Office, Exchange, Windows 7, Server, and now Windows Phone. They are all connected. No, <i>really connected.</i></div><div><br />
</div><div>I am now using the Samsung Focus S. Yes, there are still gaps I'd like to see addressed, but the Mango release has done an amazing job of addressing the most common issues people doing an evaluation would run into. You have to dig at least a little bit to uncover the dead bodies now, whereas before you had to step over them. If I had no interest in connecting to corporate email or no concerns about managing them, I would never use another phone. The app marketplace is not on-par in terms of absolute quantity, but what is there is of high quality and the selection is broad enough to facilitate more time wasting and work-from-Starbucks activities than you can probably justify with a straight face.</div><div><br />
</div><div>For the first time in as long as I can remember, I love my phone.</div>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-13672227.post-71631394112411808292011-11-11T15:32:00.000-06:002011-11-11T15:32:57.032-06:00Froyo SnackinsIt took careful explanation by a "fandroid" over lunch one day to understand Froyo, Gingerbread, and Ice Cream Sandwich. Are they even trying? Is there a dartboard somewhere in Google headquarters with a dessert menu stapled to it?<br />
<br />
If you struggle like me with all the TOMS shoe-wearing meme-ery going on around the Android camp, you'll be happy to know that each subsequent "major" version of an Android operating system gets a new name, and each new name starts with the next letter in the alphabet. Froyo begat Gingerbread, which begat Ice Cream Sandwich (F-G-I).<br />
<br />
Given that, the next Android OS name will begin with a "J", the one after that a "K", and so on. Which got me to thinking...if I were to be as dopey as possible, what names would I come up with for future Android releases?<br />
<br />
The following is the fruit of that labor.<br />
<br />
<br />
<ul><li>J - tough call, but either Jelly Roll or Jujube</li>
<li>K - should be Key Lime Pie, but with these people you might well get <a href="http://allrecipes.com/recipe/kaiserschmarrn/detail.aspx" id="ctl00_CenterColumnPlaceHolder_rlvRecipes_rptRecipeList_ctl03_recipeListItem_lnkRecipeTitle" style="background-color: white; border-bottom-width: 0px; border-color: initial; border-left-width: 0px; border-right-width: 0px; border-style: initial; border-top-width: 0px; color: #0066cc; font-family: Arial, Helvetica, sans-serif; font-size: 15px; margin-bottom: 0px; margin-left: 0px; margin-right: 0px; margin-top: 0px; outline-color: initial; outline-style: initial; outline-width: 0px; padding-bottom: 0px; padding-left: 0px; padding-right: 0px; padding-top: 0px; text-align: left;">Kaiserschmarrn</a></li>
<li>L - Ladyfinger? Maybe, but that ruins tiramisu later. I'm going with Lemon Bar</li>
<li>M - Mincemeat Pie. Yes, going for stupid intentionally. Tough to out-stupid "Froyo".</li>
<li>N - They like cold stuff don't they. Neapolitan Sundae?</li>
<li>O - would ABSOLUTELY HAVE TO BE Oreo Cookie, but if that would cost them a cent, you'll get Orange Sherbet and like it.</li>
<li>P - Peanut Butter Fudge</li>
<li>Q - um, let's hope the next great thing is out by then.</li>
</ul><div>Happy Friday.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-91313331879646526542011-10-06T10:20:00.000-05:002011-10-06T10:20:16.100-05:00On the Passing of Steve JobsOn the day after the passing of Steve Jobs, it's popular to say what an incredible innovator and pitchman and pioneer he was. And he was all of those things. It's also popular to say that his legacy, in the form of Apple Computer, puts him into a league of his own in terms of accomplishments in affecting the technology industry, and society at large. His importance as an American businessperson cannot be overstated.<br />
<br />
Looking ahead though, it's not difficult to harbor grave fears for the long-term future of Apple. That company lived and died with Steve Jobs, and the truth of that is evidenced by the financial performance and market capitalization of Apple during his periods of tenure versus its performance in his absence.<br />
<br />
What made Apple remarkable was Steve Jobs. That's easy to say but perhaps harder to understand. Jobs had an unyielding sense of what made a product great, and an almost pathological inability to tolerate anything which fell short of his standards. He set the bar at Apple, and continued to raise it higher and higher over time. He was uninterested by bureaucracy, deadlines, investor expectations, or anything else that would result in Apple delivering a less-than-perfect product. Was he always right? No. But, any deficiency in an Apple product - especially a new one - could never be blamed on an attitude of "just push it out now, we'll fix it in the next version." That is the singular quality of Steve Jobs which, paired with his remarkable ability to envision technology operating in such a way as to be compelling to huge swaths of people, resulted in Apple becoming the largest, most valuable company in the world. Steve Jobs was bigger than everything other than God, and there's a good likelihood that even God uses an iPad.<br />
<br />
And now that's gone. There's no-one left at Apple who made the name for themselves that Jobs did - there couldn't be. What does that mean? Can they really maintain that level of inspiration among Apple employees, and that fierce dedication to quality above all else? Can they really continue to fan the flames of true innovation indefinitely, as Jobs had, or are we in for a long future of repackaged/reshuffled products in the catalog as it appears today?<br />
<br />
To me, this more than anything, will be his legacy. A leader has many obligations and duties, and one of them is succession. Has Jobs adequately instilled a sustainable culture at Apple, and has he done a good job at surrounding himself with people who can seamlessly carry on his vision and prepare the next generation of leadership, indefinitely? Has he really built an Infinite Loop in Cupertino? Only time will tell.<br />
<br />
In the mean time, we will mourn the passing of a technology icon - a man without whom the world as we know it would be a lot worse. Rest in peace, Steve.Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-13672227.post-38557965472011921702011-09-01T09:57:00.002-05:002011-09-01T10:29:51.509-05:00They LiveEver since finding out about Google Cloud Print embedded into the Chrome browser, I feel like I'm living in a Sci Fi movie. I've discovered a nefarious secret plot, and nobody else is onto it yet. When you search for information on it, you see nothing but happy people who think it's cool but probably haven't used it.<div>
<br /></div><div>I tried to use it, and it scares the hell out of me.</div><div>
<br /></div><div>Our firewall and proxy servers are pretty well bolted down. They don't allow any traffic we don't explicitly name, and we blacklist a ton of URL's above and beyond what the filtering software blocks. Google Chrome's Cloud Print just works, right out of the chute, in ways that are difficult to track down exactly.</div><div>
<br /></div><div>From a firewall standpoint, we were able to shut it off entirely, but through the proxy, it's a far trickier operation. The conversation essentially goes from client to google.com directly. It hops to SSL pretty much right away, meaning you have no idea what's going on from a packet capture standpoint. It's all on port 443, and it just works. Google can see behind your firewalls and into your enterprise, using Chrome as a spy agent.</div><div>
<br /></div><div>I am not a fan of that for a lot of reasons that should be obvious. I'm even less of a fan of the fact that I cannot cleanly and easily lock down that capability. The options I have are draconian and will definitely result in an internal shit-storm.</div><div>
<br /></div><div>Apparently "do no evil" is an increasingly subjective and malleable standard for the Google juggernaut, because this is pretty damned evil.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-13096047153207050402011-07-11T14:24:00.004-05:002011-12-12T09:23:05.039-06:00Everyone's a Cloud ExpertIn case anyone wonders why discussions of Cloud Computing are met with such broad skepticism and cynicism, I submit to you Exhibit "B" in the case against the cloud. (Exhibit "A", of course, is the question of "what happens if you, the service provider, end up being terrible?")<br />
<div><br />
</div><div>This example demonstrates how tenuous a grasp even those selling and advocating cloud technologies seem to have on the concept. They end up prattling on ad nauseam with a collection of garbled nothing-speak that causes the eyes to roll back in one's head.</div><div><br />
</div><div><a href="http://www.marketwatch.com/story/why-cloud-computing-must-evolve-2011-07-11?link=mw_home_kiosk">http://www.marketwatch.com/story/why-cloud-computing-must-evolve-2011-07-11?link=mw_home_kiosk</a></div><div><br />
</div><div>"Why Cloud Computing Must Evolve" - wait, what? It has barely been born, yet you talk about it as if it were a foregone certainty.</div><div><br />
</div><blockquote class="tr_bq">The adoption of cloud computing — with businesses running a significant portion of their applications in the cloud — is on the verge of becoming ubiquitous. This marked increase in the use of the Internet for accessing computing resources will necessitate an evolution in the cloud computing network, which will include accessing public and private data.</blockquote><div><span class="Apple-style-span"><span class="Apple-style-span" style="font-size: 14px; line-height: 19px;"><b><br />
</b></span></span></div><div><span class="Apple-style-span"><span class="Apple-style-span" style="font-size: 14px; line-height: 19px;"><b></b></span></span></div>"On the verge of becoming ubiquitous." Really! Eddie's in the space-time continuum, you say?<br />
<br />
<br />
<div>Hogwash.<br />
<div><span class="Apple-style-span"><span class="Apple-style-span" style="font-size: 14px; line-height: 19px;"><b></b></span></span></div></div><div><br />
</div><div>The rest of the article is a thinly-veiled effort to drum up interest in the author's company, and as an advertising piece goes, it is pretty lackluster. It seems to me that those who will be successful in marketing their product, will be able to do so in simple terms anyone could easily understand.</div>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-13672227.post-12512734894824610712011-04-28T08:10:00.003-05:002011-04-28T08:24:25.644-05:00That Took Long EnoughIt's tough to imagine that it's been eight years since Novell appointed the single least effective C-level officer in the history of modern business, John Dragoon, as its head of marketing. Today, at last, and perhaps far too late, they are free of him.<div><br /></div><div><a href="http://www.novell.com/company/blogs/cmo/?p=594">http://www.novell.com/company/blogs/cmo/?p=594</a></div><div><br /></div><div>It's interesting that the chief marketing officer of a (formerly) great technology company like Novell could go 6 months without updating his blog, after having done so fairly regularly at least in the beginning. This speaks to his utter failure to move the needle even the slightest bit despite having all the time in the world and a canyon full of cash to spend.</div><div><br /></div><div>Novell's best marketers have always been its customers. That is a sad truth, because its customers have no business being the primary marketing vehicle. It was as if Novell was content with the status quo. Rely on a fickle and often under-equipped channel to deploy and maintain increasingly complicated products (a model that should have disappeared with the emergence of NetWare 4 and NDS, since hardly anyone understood what was happening until they attended expensive training); and allow the people who know and use the products - customers - to sell the advantages over Microsoft.</div><div><br /></div><div>At the time, Microsoft's data-center (ha!) offering was incredibly weak. No-one who did an objective and thorough evaluation of Novell vs. Microsoft for file & print services would have bothered with Microsoft until roughly 2003, at which point it was becoming clear Microsoft was doing a better job of integrating all their stuff, courting developers, and (ding ding ding) marketing - than Novell. Eight years on, John Dragoon's complete and miserable failure is evident. Novell is almost a distant memory, and even the most loyal key Novell employees and customers have jumped into Microsoft's warm waters. And guess what, it's really nowhere as bad as we had been making it out all of those years. Not now it isn't.</div><div><br /></div><div>Dragoon is far from alone in taking the blame for Novell's inexplicable failure to dominate the enterprise IT microcomputer landscape. The board of directors has installed one feckless leader after another, and none of them seem to understand the value of what they have. Sure, they're good business people and have a lot of relationships, blah blah blah, none of that matters (or mattered, more appropriately) as we can plainly see.</div><div><br /></div><div>But John Dragoon had a real chance to make a difference and stem the tide. He had the enthusiasm of a lot of passionate people to build upon, all of whom were begging and pleading for Novell to do a better job selling the story into the board room rather than relying on grass-roots, organic growth to occur in every customer's IT shop. The most we got out of him was some magazine ads that looked foreign to even Novell employees. Nobody had any idea what they were selling. It looked like buzzwords in search of problems. In many, many ways, Novell continually missed the mark.</div><div><br /></div><div>It is sad to see what was a company of such bright people doing such amazing things become a wilted husk of its former self. I am glad to see Dragoon gone, but I know it's too late for it to make any difference. It's hard to know where Novell should go now, but I think we have enough data to know with certainty that this path leads nowhere for them.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-78637033929473963002011-04-21T16:34:00.000-05:002011-04-28T08:30:28.871-05:00Chipotle!It was announced today that Chipotle would replace Novell in the S&P 500 index.<div><br /></div><div>No, Chipotle is not some new technology company, or the result of the Novell-Attachmate merger. It's a national chain of fast casual dining restaurants.</div><div><br /></div><div>This today as I listen to a former Novell whiz kid and ZEN Master address an audience of CIO's about (gulp) Microsoft products.</div><div><br /></div><div>How far the mighty have fallen.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-2024988207769142342011-04-11T13:37:00.004-05:002011-04-11T16:56:43.900-05:00Of Smartphones and SycophantsNaturally, like everyone else in the world, we are faced with the fact that people want to use their own gadgets to do work stuff. The chants are increasing and getting higher up the ladder, which has made for an interesting set of philosophical conversations around the importance of technology to the business - conversations we've never really had.<div><br /></div><div>It started, predictably, with the iPhone 3. Immensely popular, that was the sound of the first shot so to speak. IT had plausible deniability though - lack of encryption support would undoubtedly result in company data making its way into unscrupulous Russian hackers who walked by with Bond-esque electronic plot devices. With the advent of the the 3GS, IT had to work a little bit harder to stem the tide - they would be difficult (i.e. expensive) to manage, and wouldn't have the same controls as our beloved BlackBerries.</div><div><br /></div><div>But the screens were <i>awesome</i> on these things, and old eyes kept begging..."Please, please give me more than a postage stamp-sized display for my e-mail, since I can only read it at 72pt."</div><div><br /></div><div>This whole time, RIM was working on their strategy - an iPhone imitator with all the warm fuzziness of BlackBerry Enterprise Server security & controls. "Awesome!" said the IT department, "That'll shut 'em up!"</div><div><br /></div><div>We were wrong.</div><div><br /></div><div>The device RIM delivered was called the "Torch", and it sucked. It sucked worse than anything has ever sucked before. How in the world did the brilliant minds at RIM - the people who created the damned smart phone to begin with - end up laying such a huge turd? Who knows how, but they did. It was bad by all accounts, universally decried as slow and clumsy and a really poor effort from a company that appeared to be well past it's prime.</div><div><br /></div><div>Crud.</div><div><br /></div><div>We didn't even bother buying any - we knew people would hate them and the demands would arise anew, but louder, for iPhones. Oh, and Droids! Don't forget the Android devices! We love them, they tell us, because they have an app that turns my phone into a level and it's "open" - nyah nyah, take that Apple f4nb0yz!</div><div><br /></div><div>How do you explain to people who are operating at <i>that level,</i> that there is A LOT more to supporting these things than simply pointing them at Exchange ActiveSync? They aren't going to get it, and don't really care.</div><div><br /></div><div>If only there was another option...</div><div><br /></div><div>Enter the Windows 7 Phone. or Windows Phone 7. I keep flip-flopping on which I like less. I suppose there were Windows Phones before this one, but I don't know anyone outside of Redmond who used them - and even they seemed to do so grudgingly.</div><div><br /></div><div>It has the same form factor as the Androids. It has the same pretty display, the same touch-screen feature, the same glossy interface gestures as iPhone, but it's just a little different. It has a number of negatives, to be sure - there aren't nearly as many things you can do with it in terms of App availability (I can't believe I have to capitalize App now so that people know what I mean). But, it is made by Microsoft, which means it should work really well with all this other Microsoft stuff we have. Right? Wait, no...right???!?</div><div><br /></div><div>Facepalm.</div><div><br /></div><div>It has Word, which is cool. It has Excel and PowerPoint even, and OneNote - nice. It has Outlook, which works well with Exchange as one might expect. But it trips over itself going the extra mile. Want to read PDF's? Create a Live ID and sign-in - hey, it's good enough for Apple! - even though the app is completely free. So much for appealing to enterprise customers at all.</div><div><br /></div><div>If Microsoft ever figures out what an incredible platform they have in Windows 7 Phone / Windows Phone 7, it will be a dark day somewhere in Canada where incredibly nice people are failing miserably to make a compelling 21st century mobile device. There are a handful of options, probably not difficult to implement, that would make this consumer "also ran" into the dominant, if not singular option for corporate customers. Which, by the way, are the ones who have all the money.</div><div><br /></div><div>Windows Phone 7 does a lot of things very well. The interface is well thought out and is a refreshing alternative to iOS. <i>It looks good.</i> You like using it. It's fast, at least on the Samsung and LG devices we've tried. It has a big screen that is easy to read. The camera is brilliant, and the video capture & playback are also fantastic. It does social well, even if you don't want it to.</div><div><br /></div><div>Old fogies who use BlackBerry handhelds don't give a rip about Apps. That means this device would be perfect for them, because it doesn't have many. If only I could provision them complete with a handful of free apps like Acrobat reader and settings for our corporate wireless standard over the air, not require Live ID's, and not require Zune for updates. If only I could have them act as if they were on our private network - like BES phones - where our content filter and internal servers would be available to them. If only I could join them to my domain and have them controllable via GPO, or at least use NTLM authentication to our SharePoint 2007 sites (rather than making us re-deploy on 2010 with forms-based options enabled, which we can't do today). If only there were native integration with OCS 2007 or Lync for updating presence, having video chats, etc. If only there were a built-in RDP client.</div><div><br /></div><div>It's an incredibly powerful <i>platform, </i>but not an especially good phone. If I'm lucky, Microsoft will figure this out and actually leverage it to embrace and reward enterprise customers...because the consumer ship has sailed, and it's flying an Apple spinnaker.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-9119098733358224092011-03-08T14:49:00.003-06:002011-03-08T15:07:10.035-06:00To Virtualize Desktops......or not to virtualize desktops. That, is the question.<div><br /></div><div>I'm embarking on a journey of discovery regarding all things VDI lately. Our use case scenarios here are probably heavier than normal, and our organization's layout is definitely more WAN dependent than "normal". So we need to find out what is real, what is hype, and what (if anything) will work for us in this space.</div><div><br /></div><div>Found a good resource here: <a href="http://www.virtualdesktopalliance.com/validated-design-resources">Validated Design Resources</a>. This is the best collection of technical docs I've found covering NetApp, VMWare, and Citrix Xen Desktop - on Cisco hardware, which seems a little bit like an odd marriage. You can tell where the funding came from.</div><div><br /></div><div>VMWare View and PCoIP appear to have some real potential for us, especially in the graphics-intensive environments, but it remains to be seen what kind of scalability we would experience given our workloads. More to come as we learn it.</div>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-13672227.post-29769050005651041032011-02-22T16:50:00.002-06:002011-02-22T17:02:32.522-06:00Crazy IvanWe recently had a departure of a senior resource that prompted us to go through all of our administrative passwords for the (frankly, surprising number of) systems we manage and update them.<div><br /></div><div>The great fear and apprehension we and everyone feels about changing root or admin passwords is that it's never really crystal clear - I'm talking about vendor documentation in particular - what might break when you do. Like many small-to-mid size shops, we don't do this very often, because it doesn't add money to the bottom line and we have more work than we can handle just keeping the important stuff running smoothly.</div><div><br /></div><div>But there is value in the exercise. Not for the stuffed-shirt security-Nazi / audit-police reasons, but because it's easy to lose sight of hundreds and thousands of incremental additions and changes to the network - even if you have a careful change control process.</div><div><br /></div><div>So we did the password change, and by and large, we did a good job of identifying important systems we knew to be using the passwords and prepare them accordingly. In one instance, we missed one, but knew exactly what was wrong and were able to quickly find where it had stored admin credentials. Another surfaced later in the week, that shouldn't have been using admin credentials at all. Sometimes, if you're not real careful, a lab effort can go so well that you just move straight into production rather than re-build everything from scratch. Time is money, after all. Easy enough to fix, create a new set of credentials for that system and move on.</div><div><br /></div><div>That latter scenario - something breaking that never in a million years would have been expected to be using admin credentials - repeated itself twice. The people responsible for it are, interestingly, the people responsible for us wanting to change the passwords in the first place.</div><div><br /></div><div>In the movie "Hunt for Red October", the captains of Russian submarines would spontaneously make a sharp turn one direction or the other. This prevented them from getting a false sense of security - the natural tendency when everything is going well to consider it a result of intention rather than chance. "If it ain't broke, don't fix it." The maneuver was called a "Crazy Ivan", and an experienced U.S. submarine crew knew to expect it and keep following undetected - but only if they knew which way to turn.</div><div><br /></div><div>If it's been a while since you've changed admin passwords, consider doing a Crazy Ivan of your own - not because you should distrust employees, but because you should distrust your ability to remember whether or not everything you put into production is following best practices.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-86681229681482244432011-01-07T14:26:00.005-06:002011-01-07T14:45:42.253-06:00The Year of the PadIt doesn't take a genius to figure out that 2011 will be the year of the tablet computer. Some people still think this means Windows-based tablet edition PC's or laptop hybrids/convertibles, but it really means the NEW tablet - Pads.<div><br /></div><div>My worst fears have become a reality - the iPad has been ridonkulously successful and has spawned an entire industry of me-too Johnny-come-lately impersonators. So reality being what it is (inescapable), we'll have to adjust.<div><br /></div><div>CES this week showcased Google's latest Android OS, which is being called Honeycomb in a manner consistent with their irritatingly quirky penchant for naming their releases. Froyo is as stupid to say as it is to write, and whoever had that idea should be punched someplace tender for a few hours (or at least once for every time an IT executive has been forced to use the term).</div><div><br /></div><div>Its goofy name aside, it did look impressive in the live demo. It was running on Motorola hardware, and one would fairly imagine that any and every Apple competitor will be cheaper than Big White. If the ActiveSync support is good, well, it's hard to say no.</div><div><br /></div><div>In quite an about-face, we've actually been talking about supporting these things. Even down to the iPhone. There have emerged some very compelling business apps that bring a sort of Star Trek futurism into the present day. It's amazing how powerful information can be when it is easy to access and truly portable. If only wireless networks were worth a damn. There are a couple of SharePoint apps that do a fantastic job of present collaboration spaces in Apple's intuitive (and almost ubiquitous now) touch interface. With iOS at least, handling PDF's and Office document types requires no configuration at all. Modifying lists is simple and fast. And if all else fails, you just fire up Safari and do things the old fashioned way.</div><div><br /></div><div>I would still not personally pay for an iPad, but if the company provides one, I'm confident I would be able to replace my laptop with it for daily use. Or perhaps go to a modest desktop configuration and travel only with the iPad. I've done enough testing with it to have become used to them, and my shoulder / back would definitely appreciate it. The apps are 95% there, and improve far more rapidly than their shrink-wrapped counterparts. For all the concerns bandied about, I really do see these as far easier to manage than traditional computers. In the right environment, they would be a brilliant way to augment virtual desktop initiatives.</div></div><div><br /></div><div>Some polls show people flocking towards standardization as if that is what IT needs to be able to effectively manage these devices. I can't personally see why that would be the case unless you plan on doing A LOT of development - certainly far more people advocate standardization than I imagine really need it. ActiveSync with Exchange 2007 or later is really adequate for most small-to-medium organizations right out of the box, and it puts the onus on the device - not the admin - to work properly. The most IT would NEED to do is plainly state which OS platforms and versions it wants to support based on their risk profiles.</div><div><br /></div><div>The only constant is change. Customers first. Antidepressants are fun!</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-80172573877023596982011-01-07T14:18:00.002-06:002011-01-07T14:23:20.320-06:00You're Being ThrottledOne of the things you become aware of when you buy more internet bandwidth than you need, is that no matter how fast your connection is, the other side is probably throttling you down. Big sites do this all the time - we have 50Mbps here, and a single download will rarely exceed 6-7Mbps from Microsoft, VMWare, Novell, IBM, etc. as we get patches or ISO's for products. There is a point at which, no matter what, your downloads will not get any faster. It's not a CPU, memory, or LAN bottleneck on your firewalls, not a latency issue, not 70% or more of network overhead - nothing but simple traffic control implemented at the far end.<div><br /></div><div>Never turn down more bandwidth for less money if you can get it, but definitely be cognizant of the fact that if you're not using all the bandwidth you have today - even during spikes - things won't get faster just because you buy more. If you have a big pipe and internet sites still aren't fast enough, it's probably out of your hands.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-86729493435775525842011-01-06T09:43:00.002-06:002011-01-06T09:58:03.603-06:00If you think about it......GUI's like Windows and the original Mac OS pretty much destroyed any real ability a company had to secure its data from walking away. Going back in time, the last instance I can think of where information was not portable was in custom-apps or databases on character based terminals or PC's. Of course you could argue that the dot matrix printer would have probably been the real death knell of distributed computing information security. It's not like you could lock that stuff down back in the day.<div><br /></div><div>In modern times though, the ability to cut & paste in browsers, command prompt windows, etc. means you have to jump through enormous hurdles to institute a truly read-only security level for your data, meaning it only exists within an application and can only be read on-screen. If it's possible at all (it may be and I just don't know what products one would use to perform Windows surgery to disable any cut/paste ability anywhere).<div><br /></div><div>All of the effort an administrator could go through would still be vulnerable to something that renders the measures moot - either that or you have so greatly impacted user productivity that the question becomes why let them come to work at all?</div><div><br /></div><div>Just once in a while it seems like it would make sense if it were at least a little easier for companies to say "you can see this, but you can't do anything else with it" - especially in browser based apps. Yes it may be possible with a lot of custom coding or third-party products, but they're all essentially working around a fundamental oversight in information security inherent to GUI's. Can't we patch that? Like a GPO setting that disables the ability to select text in a DOS window on a per-user basis, or that disables text selection per-user or per-URL wildcard entry in a list. I bet people would use it if they had it.</div></div><div><br /></div><div>Computers - especially networked systems - are inherently insecure. Data breaches and loss should really be expected, frankly. If your data is really <i>that valuable</i>, don't put it on a computer. At least not until OS manufacturers start to take it seriously.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-47673169871247306772010-10-08T09:30:00.003-05:002010-10-08T09:47:06.336-05:00Why Communication MattersYou've probably heard your fair share of cliches about the importance of communication. How "it's impossible to over-communicate", etc. And there is some value in reinforcing the fact that bad things happen when people take for granted that everyone around them knows what is going on. The advice you hear is usually centered around communicating status, or effectively managing change.<div><br /></div><div>What happens if you can't - not because you aren't good at it, but because, well, you just can't. </div><div><br /></div><div>Healthy and effective communication are dependent upon healthy and effective relationships. You can "communicate" until you're blue in the face - if you do not have the respect of the people you're addressing, it won't matter.</div><div><br /></div><div>If you're a leader in particular, it's crucial to go out of your way to establish strong relationships with your subordinates, peers, and supervisors. I have an example of why I feel so strongly about this.</div><div><br /></div><div>If you have a chilly relationship with a co-worker, where conversations are tense or cold or generally unpleasant, you will not communicate with them as often as you should. Consciously or sub-consciously, you will begin a futile effort of trying to anticipate their reactions to whatever you have to tell them, and because humans do that which is least painful, you'll avoid communicating with them until you get too far down the path (or worse, go in the wrong direction).</div><div><br /></div><div>You may try overly hard to perfect whatever you're working on for your supervisor if you simply cannot get comfortable dealing with them, and what you end up with will have taken longer and not be as good as it could have been if you were working more closely - communicating more frequently and in smaller chunks.</div><div><br /></div><div>Progress is impossible without collaboration; collaboration is impossible without communication; communication is impossible without relationships. People can have respect for leaders without liking them - that scenario may be fine in the military where collaboration is scarce or where matters of life-or-death put the importance of friendliness on the back burner, but it's a recipe for inefficiency and mediocrity in the enterprise.</div><div><br /></div><div>If you're a leader, or you are subordinate to someone with whom you do not have a great relationship, do everyone a favor and make a renewed effort to get there. </div><div><br /></div><div>People who have talent and respect for themselves do not want to work someplace where their efforts do not result in success. Talented people live for the chance to successfully meet challenges. If that's you, recognize the truth of this - you will never, ever get it done as well by yourself as you can with a team of people who share strong relationships. You owe it to yourself as a leader (by fiat, de facto or otherwise) to do whatever it takes to put differences or past issues aside, focus on the positives with everyone, and break down barriers to communication.</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-39803422161271969232010-08-26T09:35:00.002-05:002010-08-26T09:46:53.344-05:00The TorchI've been evaluating a BlackBerry Torch for the past few days. It's a pretty phone, but I can certainly understand what people were talking about when the early reviews came in blasting it as not ready for prime-time.<div><br /></div><div>The interface is somewhat clunky to operate - distinctly unlike BlackBerry's of the past. It's slow, in about every respect - perhaps because you're used to things working instantly on a traditional RIM device. It is buggy - I've had the screen lock in sideways mode just pulling it out of my pocket, and couldn't get it un-stuck but to press the dial button. The layout and operation takes some getting used to, and the screen is so sensitive, you often finding it doing things you had no intention of it doing. This device would turn a 30 year old systems engineer into a 70 year old car salesman...muttering, "what dit...why?...no, go back...how did I..."</div><div><br /></div><div>The screen is good, and people I call say I sound great in either handset or speakerphone mode, but that's where the compliments begin and end. I constantly hear my own voice in a robotic, almost water-in-the-ear "echo" when using it as a handset phone, and it's really irritating. Then of course, we have the AT&T network's propensity to drop calls at will - so it's obviously not a device problem.</div><div><br /></div><div>We did learn you can press ALT+"n m l l" to have the handset display the actual signal strength in dBm (I think it's dBm). It's at least more useful than counting bars. I see it bounce between -70 and -130 sitting at my desk, immobile. When it does say -70, it's typically not doing anything - as soon as you start hitting the mobile network, it falls like a stone. Still goes back and forth between GPRS / EDGE and 3G - I've probably talked about this before.</div><div><br /></div><div>Anyway, we won't be deploying them, and that's all that matters. We have a couple hundred RIM handhelds, and I don't want a fleet of people who have devices they hate. Probably for the first time ever, we'll start looking into MobileIron or Good for Enterprise to open the gates a bit. When Amazon starts chopping the price of a new smartphone in half less than a week after it debuts, it's not a good sign. RIM is, as Gordon Ramsay would say, "Deep in the $#!+".</div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-48245367999522360732010-05-18T13:35:00.002-05:002010-05-18T13:48:10.163-05:00This iPad NonsenseI hope to look back at this post in a few years' time and think of the iPad as the Newton - really cool at the time but totally over-hyped. I fear that this will not however be the case.<br /><br />It's a neat device like everything Apple does. The appeal of a $650 gigantic iPod Touch remains lost on me however. Yes, books and magazines look great. Yes, through WiFi, it's quick. Mostly. Yes, there's tons of unproductive stuff you can make it do. This should all be a given at $650.<br /><br />Here's what's irritating me. The 3G service. AT&T's network double-live sucks. Period. I've not found a non-AT&T employee who thinks otherwise. It stinks on ice. It is biblically bad. Epic fail. I have a drawer full of retired BlackBerry devices and a building full of similarly disgruntled coworkers to prove it.<br /><br />The 3G part of this iPad is so God-awfully slow, I've considered taking advice from Sleep Talkin' Man and eat a blend of razors & lemons rather than wait for it to load web pages or start Apps with an internet dependency. Again, on WiFi, it's quick. 3G, not so much.<br /><br />What I find most interesting of all, is the signal strength meter. I've yet to see the iPad report anything fewer than five bars (5 bars for Googlers) of service. Ever. My BlackBerry shows between one and five most times, and it fluctuates a lot. It's hardly ever five, even right next to the iPad, which seems almost <span style="font-style:italic;">programmatically indifferent</span> to the reality of long range CDMA radio transmissions.<br /><br />Had I yet another device with the capability to quickly take an image of my BlackBerry and iPad together, or better yet, a video, I'd post it. But, as with all things, I realize I'm not ever going to be the first to experience something and be irritated by it if it's bad, so I don't even bother looking for other examples online. I just decide to let this post serve as a stand-alone testimony to the crappiness of the AT&T network, and the literally laughably optimistic character of the iPad when it comes to how good the 3G signal is. Everywhere. AT&T may cover 97% of the U.S., but the iPad has 5 bars of 3G coverage in 100% of places that have any 3G coverage at all. Remarkable.<br /><br />Anyway, the experiment with the iPad is distracting and irritating because I don't want one personally and wouldn't spend that kind of money even if I did, and I know that the person who will ultimately use this will curse it to eternal damnation because it cannot read their minds and it is mediocre at best when it comes to brewing tea and they are already sick of bullshit, and it will undoubtedly be me who has to answer the "how do I do this" call from memory. Sigh.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-13672227.post-29782815219674424732010-04-26T10:37:00.002-05:002010-04-26T10:46:10.949-05:00SharePoint on a Shoestring - DoneIt's been a Herculean effort to get all of the loose ends wrapped up and to go live with our SharePoint infrastructure, but we have done, and the end results are fantastic.<br /><br />Adoption early on was at least as aggressive as we'd hoped for, confirming that there was a huge well of latent demand for better collaboration tools. Some pockets of users are finding some very innovative and exciting uses for the system with no real training at all - a great sign, and further indication of just how badly this system was needed here.<br /><br />We have been successful because we had a great team of people contributing, not just in the IT department, but throughout the company, in truly meaningful ways. It has been a very gratifying endeavor. We've not even really scratched the surface in terms of capabilities - nothing but default content approval workflows, no Excel services to speak of, no KPI's, etc. Just a basically bone stock deployment, but with some very snazzy dynamic look and feel treatments that customize the appearance for every company we support (allowing us to present a tailored experience on a single farm / set of site collections).<br /><br />I sometimes surprise myself after answering SharePoint questions, because I know the answer is right, and it actually sounds like I know what I'm talking about. I'm so used to hearing consultants give me such answers, that it's a little disorienting to hear them come from my own mouth. I can adjust audience settings, troubleshoot article publishing issues, manipulate crawls & profile imports, secure document libraries...I'd better stop, I'm scaring myself again.<br /><br />We know enough about SharePoint to know we'd do a few things differently next time...site collections, for us, are overkill and make some things very difficult. We also know enough to know we want things fixed in the 2010 release - but aren't holding our breath.<br /><br />The next year will see us attempting to leverage all of these tools and really take things to the next level. Done right, this can be game-changing, business-changing stuff that gets us very tightly aligned with the companies we support. In short, cool stuff.Unknownnoreply@blogger.com0