Slashdot Mirror
USDOI Goes 100% Microsoft
SatanIsHere writes: "A memo (here, here, here, and here) dated September 19th, 2002 from the Department of the Interior's Acting CIO notes the new policy of a "Department-wide standard for computer operating systems (desktop and server)" Of course the good news is that this will herald a new era in government transparancy for the Department of the Interior.
SatanIsHere Continues: "On September 13, 2002, the Assistant Secretary for Policy, Management and Budget signed the attached Findings and Determination establishing Microsoft Corporation's enterprise desktop and server software as the Department-wide standard for computer operating systems (desktop and server), office automation, and asset management software.... Benefits of establishing this new Department-wide standard include:
- Lower Total Cost of Ownership for the desktop, including lower user training costs.
- Centralized and efficient security policy administration
- Greater flexibility and management functionality from products that offer a broader range of management solutions that integrate with non-Microsoft environments
- Greater productivity and reliability attributed to less downtime.
- Extended support for a large base of software applications.
Business specific application software requirements (such as Sun/Solaris, IBM, AIX, etc.) outside the established Microsoft standard may be addressed through the OCIO waiver process."
This looks to freeze out an entire Federal Department (70,000+ employees) from non-Microsoft solutions, requiring a "waiver" to use anything non-MS. One more step to complete Microsoft World Domination. This is particularly ironic considering the problems DOI has had recently regarding IT security. If this isn't leveraging a desktop monopoly into other areas I don't know what is. :-P"
This is more or less exactly the policy implemented in my organisation five or six years ago, justified on TCO grounds. Since then, the TCO for all IT systems has increased by around a factor of ten while the amount of useful IT systems being run has perhaps doubled. Go figure. Perhaps the original TCO arguments were flawed. Smoke, mirrors, and marketing...
Ok, lets cover them one by one:
* Lower Total Cost of Ownership for the desktop, including lower user training costs.
We've got problems at my work with people thinking that they are fully fledged programmers since they can record two macros and cut'n'paste the results into a super-macro. Of course users need to be educated, otherwise they will not be able to use the applications properly. (One example is people insisting on using spaces when they try to indent text, then go to the IT department and complain about the lines not being properly aligned...)
* Centralized and efficient security policy administration.
Oh, what? Surely one can pull the TP-cable out of *nix boxes too. Even the 'central' one in the basement... Security can not be a reason to use M$ software.
* Greater flexibility and management functionality from products that offer a broader range of management solutions that integrate with non-Microsoft environments.
This is M$ key to new markets. Take a standard, implement it, expand it in your solution in order to make your app 'integrate' with others, but not the other way around. A good application should be able both to import and export data properly. (M$ Word RTFs crash my FrameMaker... portable format - not).
* Greater productivity and reliability attributed to less downtime.
Again, you do not get less downtime by buying an expensive system with big flaws. They probably pay loads of $$$ to get a guaranteed time to support arrives and press the 'reset' button. *nix usually do not fail as ofter as Win*, thus no need to advertise that support will arrive in 2.3ms. The lack of service can be because it is not needed, not because it is an ingnored flaw.
* Extended support for a large base of software applications.
Since most advertised software is commersial, and they probably do not look for software them selves (just ask for it in a formal way and have companies make offers). Just use KDE as the German government intends to do. This does not only give a better quality of the software, but also save loads of license $$$.
But since Bill payed Bush's campain, Bush has to give the money back to Bill. As he doesn't fancy paying up at few $$$, he just takes the $$$ from the tax payers. Bomb the hell out of a few arabs and the software sums looks small in the contents.
Sure, Go 100% Microsoft. It'll make the drooling MCSE's on the site titter with glee at the thought of "unifying" everything in the Microsoft way.
But you know what 100% Microsoft translates to? 100% downtime when the next "melissa" or "nimda" hits. I've BEEN there. I've worked at companies like this. Just wait--they'll get tagged by the next Outlook script and the entire site will be down for a day or two while ONE MCSE pokes at the keyboard, surrounded by one or two other MCSEs standing and staring at the guy typing--all the while pulling in huge $$$ in overtime, on top of the huge $$$ they get just for having a 4-letter Microsoft-approved title. Everything is on hold until the next virus update to "fix" the problem, since goodness knows there isn't much in terms if diagnostics and repair you can do in WinNT by itself.
There's a reason why I gave up being a sysadmin--100% Microsoft is mostly why. Can anyone else stuck in 100% Microsoft/MCSE land corrorborate the above story? I'd be surprised if the exact same song-and-dance didn't happen at every Microsoft site.
OK, since my earlier attempt at taut humor met with a troll mod, I will attempt to elaborate what I meant by "Brilliant Tactic: Now they can blame MS for their abysmal performance".
/. the sites. Just google for some combination of: Department of Interior, Native American, Environment, Pollution, Oil, and - if you really want to loose the gates of heck - throw in Gale Norton by name.
DOI has cultivated a reputation for being total mongos for decades, and since Gale Norton came on board, all pretenses of their mandate to protect US natural and cultural resources have been pretty much dropped. Their handling of Native American and environmental issues have been atrocious (so much so that they were recently called to task by a federal judge for their incompetence) and their recently publicized network security problems are just icing.
I would post links, but why
In short, the DOI is largely derided as an incompetent bunch of bumbling boobs, hence my weak attempt at humor noting that installing a uniform MS environment would be an excellent diversion and scapegoat.
Trouble making decisions? Just flip for it.
The biggest joke is perhaps the part about lower costs from more reliable services. Sorry, but I don't know of anyone who has knowledge of Unix and Windows systems than can attest to better MS reliability, ever. It would seem that it would have been just as valid for the report (when naming reasons) to say, "MS has cool commercials" and "The trees around Redmond are really pretty this time of year."
Windows is definitely the solution in the case of desktops, especially with users already used to Windows. However, for backend reliability Windows has proven that it is only reliable in attracting exploiters and malicious code. This is just another example of blind bureacracy in action. The licensing costs alone will put the budget to a point that the equivelent agency that runs Linux backends would be able to buy 100's of more computers. I would like to see some detailed studies by the DOI as to backup their financial claims. However, they do have one point that is valid. If starting from scratch, it is indeed easier and cheaper to train administrators (at least to a partially competent technician level) in Windows than in any *nix. Call everyone monkeys if you wish, but the fact that a well organized GUI can be quickly adapted to by many will produce much more technicians than the unorganized mess (usually the fault of app/package and distro producers admittingly) that is *nix. Too many times, people trying to simply get the damn thing to work will ask, "where do I find out all the details on how to make X happen?" Often the answer is not there, or buried deep within a chaotic cavern of unorganized information and references. When asked about the silly redundancy (good example is Apache, where in writting to the httpd.conf you must often put certain definitions and features in multiple places) I can't answer except say, "Well I think someone just wanted it that way." (don't get me wrong, I love Apache... but that is an oft repeated question by many)
Since Linux and open source in general is a grounds up movement its hard to fight for Microsoft. They target the big players instead. When the snowball starts and some big agency adopts linux and it falls out well there will be no way in h'll to stop it. Microsoft needs to fight general adoption of linux. The day linux get widespread is the day when all the other players curently developing for windows only will throw an eye onto linux too.
One thing i have hard to understand is how they can prise interoperability on one hand and not demand open standards at the same time.
HTTP/1.1 400
I personally beleive the Federal Government should be banned for ten years from buying any NEW products or services from any company which has been found guilty of being an illegal monopoly, when there are alternatives available from other companies.
"Our products just aren't engineered for security,"
-Brian Valentine,VP in charge of MS Windows Development
I contracted for the Texas Dept of Human Services, they, like most government shops, had a policy standardizing on MS products. What the higher ups quietly ignore is their critical WAN infrastructure is mostly linux. A small insular group of network guys set it up (the DNS server had a 9 month uptime and was still running a 2.0 kernel). Most of them were not experts, just guys who had setup Linux early and then kicked back and relaxed (not an ideal system from a security standpoint).
Email went down for three days while they blamed the Exchange box, I had explain MX records to them and prove that it was disk overload on their primary MX (sendmail +Redhat 5.2). They couldn't even remember who had the root password.
What I discovered was that government is still the last big company around. The place where no one ever gets fired, or laid off. Where the new technology approval board is run entirely by people whose only IT training is in Cobol and Unisys 2200. The few really smart people are full of great ideas, but they are rendered inert by the great mass of "lifers".
In Texas, most of the real IT work gets done by big name consulting firms, at extraordinary costs and questionable quality.
That's true if the machines aren't connected to the Internet, and if they're not heavily utilized workstations, etc.
In practice, a connected server needs to be rebooted more often than that, if only to apply the latest security patches.
Heavily utilized WinNT/2K/XP workstations need to be rebooted regularly to overcome kernel memory leaks and the like.
If you'd like to see this for yourself, try this test: load enough copies of IE that you run out of kernel memory or other resources. You'll know you've reached that point because it will silently refuse to open another window. Now close all the windows you've just opened. Carry on using the machine and see how long it is before you find that new applications can't be run, that menus don't drop down, etc. To get some sense of what's happening, monitor the numbers on the performance tab of the task manager while you're doing all this, particularly kernel memory - it goes up, but mostly doesn't come down. That might be fine if it was reusing the allocated memory, except that it doesn't - it ultimately cripples the machine.
The bottom line is that Win2K/XP is fine for light-duty use and applications not connected to the Internet. For serious computing, though, you need a real operating system.
Actually, the announcement is probably going to be blatantly ignored by all the DOI Bureaus/Empires. They are all their own little fiefdoms. I retired from the DOI Office of the Secretary IT network/web team team about 3 years ago. At that time, the DOI "Webmaster" did not know HTML, much less CGI or anything else; he used Front Page to build a little office home-page. It had animation bouncy things on it. He had no *nix nor any web experience of any kind when he was hired. ?? The Office of the Secretary Webmaster (my boss) needed to spend most of his day developing and maintaining a COBOL-based personnel administration application. He did not know any *nix nor did he care to learn it. (To be fair, he didn't have the time.) Each of the Bureaus headquartered in the DOI Headquarters building in DC had (has?) a seperate LAN/WAN system and seperate Internet access points. The DOI web site was funded by the Public Affairs office, which was/is not really sure what to do with the web. After working at GSA and FEMA, two orgs. with outstanding IT teams, the DOI lack of interest in IT, lack of qualified IT leadership, and the resulting mediocrity was very disappointing. However, the idea to "invest" in M$ is not very surprising. They had already begun to move that way, years ago. It's what the contractors use. It's what the contractors told them to use. Their lack of IT expertise means they must trust the contractors to provide their IT leadersthip. Apparently, they picked the wrong contractors and are just getting ate up. I could go on and on (and probably already have). Don't place too much emphasis on this "announcement". The Bureaus won't. It's just a way for that office to get its name in lights for a little while. Sad, but true.
pfS.
[Ironically, when the DOI web site was heavily attacked by the Chinese after we accidentally blew up their embassy in Bosnia, our Unix-based Apache web site, a left-over from a previous webmaster (bless his unix-loving butt), administered by a new-to-unix admin.(me), faired pretty well while the Park Service's M$ IIS4-based web site was hammered through an anonymous ftp account and was down for weeks. (Everything was secure but the gifs. I thought I had everything buttoned up, but for some reason, when I uploaded files to the server via Hummingbird, the gifs (& only the gifs) permissions were set to 'w' for everyone. So we had little Chinese flags all over DOI Home page for about 12 hours. Coulda been worse. Oddly, the Chinese sent tons of XXX-rated mail to the webmaster email address. Ow, ow. ]
The rumor is that this was actually caused by someone blaming lack of standard email servers (Lotus Domino and Groupwise) for screwing up a email greeting/distribution from the Secretary. This problem was probably actually caused by network connectivity problems, rather than standardization issues. I got it fine from my Groupwise POP server.
Thus this unfunded mandate to move to some standard platform.
Given that there is no money behind it, and we're talking 40+ mill in LICENCES ALONE!!!
I don't see this happening anytime soon.
On the other hand, it is almost easier for Linux to interoperate with MS stuff than Novell, except Exchange/Outlook, which does have a non-free solution (Evolution).
Further, we have several pieces of Unix only software, and I don't see those being ported soon.
------ Nope, Not me, you can't prove I said that!
What happens when a government organizaton decides to use Microsoft products and has to shut down all operations for N days because:
a) The authentication server at MS crashes or screws up so all the Windows XP desktops can't phone home to get Bill's permission to run?
b) One of those lovely IIS virii starts sending sensitive documents out to every pr0n vendor in anyone's mail spool?
c) The DRM system determines that a critical bit of multimedia presentation, which might decide the creation of a policy, can't be shown since it hasn't been authorized and therefore MIGHT be a violation of someone's copyright?
If you thought your Government was lazy before... man!
And as a fellow DOI employee, my take on this is they did no scoping or internal comment or ANYTHING to base this decision on. I do not think it is going to fly, in the long term.
My entire IT office is up in arms about this. With NO comments from the rank and file, many people are upset.
------ Nope, Not me, you can't prove I said that!
- New (note I said NEW) contractors looking to work with the DoI will see this as an indicator that NEW stuff will be done on a Microsoft platform.
- MILLIONS will be spent by vendors, contractors, etc. in training and otherwise getting up to speed on said Microsoft platforms
- A lot of CIOs will take their cue from this and do the same thing
- Microsoft will market the S%*t out of this, using it as an argument against other government departments (not just US ones) who are pro-OSS
- Other US departments will follow suit...and it will all repeat
Now, I'm not saying OSS is dead in the DoI. But I am betting OSS will be slowly phased out if this policy stands, as any NEW projects will be hard pressed to justify those waivers.But I admit: I could be wrong.
When I was a young SW Engineer working on military systems, I frequently had "great" ideas involving hardware "shot-down" (pun intended) because the system requirements from the gvt. demanded components that had a "second source." This prevented the system from being dependent upon a sole provider of a component. So even if more technically advanced hardware was available, that did not matter because a single supplier placed the whole system at risk... the risk that we may not be able to replace that component in the future - rendering the whole system useless based upon the unavailability of one component.
I believe open source needs to be looked at the same way...and, in fact, many gvt's around the world are doing just that.
Stop saying that requiring open source EXCLUDES MS. It does NOT. The problem is that MS does not have any products which meet the customer's system requirement for multiple sources for system components.
MS (the company) is not excluded, their closed-source products are. If they wish to compete for systems that require multiply-sourced components,they should make products for that market.
I want to be alone with the sandwich
There is a strong case to be made for conformance of systems.
.NET Server 2003 comes out then. What do you do? You either have to upgrade all of your servers (and probably patch your desktops) or stay with a now old server OS.
One problem, conformance of systems usually means that you have to use older systems to ensure conformance. To get conformance right now you'd have to throw out most of your current PC's and buy/upgrade all of the desktops to the latest version of Windows XP. Additionally, you'd have to migrate all of your servers to Windows 2000. With that accomplished you would now have a conformant layout.
Then, you'd have to avoid making any upgrades to the systems. All you could do is patch and make sure every box had all the patches. Sounds great. So, this whole process gets completed somewhere around Q3 2003 (being generous time-wise).
Windows
BTW, this part hasn't even started to go into the actual applications being run on the desktops and servers let alone the hardware being used by them.
Basically, "conformance" is impossible. Hardware changes too quickly. Software changes too quickly. You'll either need to freeze everyone in time or just deal with the fact that everyone will be running different OS's.
Finally, considering the DoI's current track record with security (couldn't even put the Indian records into a DB) I find it very hard to believe they would be able to stay up with the patch-wave that is MS.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
What you will find is that if there is a M$ solution regardless of cost or funstionality, you will be required to use that. I have run into this before and logic does not play a role.
Doubtful. The relationship between contractors and many government agencies is changing. We're moving away from old models where government personnel were actively involved in technical aspects of day-to-day work and into a new model called PBC (Performance-Based Contracting.) In that model, the government serves more of an oversight role (in terms of things like budget and schedule) and assumes a more hands-off role when it comes to how the work is actually done.
This is, of course, how it should be.
We're going down, in a spiral to the ground
When I worked for DOI in the late 80's and early 90's, they tried to force everyone to only use "standard" software. Wordperfect, DOS, (no Windows or any GUI). When I pointed out, on a DOI mailing list, that the software then "required" for submitting travel vouchers was bloated, cost a fortune, was so poorly designed that it was crashing PC's, AND that there was a much more efficient program available at a fraction of the cost, I was severly chastized that I was NOT AUTHORIZED to inform other government employees that there was a better alternative that would be more efficient and would save the government money!!! The managers "responsible" for making decisions about software acquisitions nearly had a cow that someone not of their ilk and "authority" would have the audacity of providing such information to others. The competing software vendor felt that a decision had been made to only authorize the use of software from a vendor who had a political inside track.