Slashdot Mirror

← Back to Stories (view on slashdot.org)

IT Practice Within Microsoft

Posted by michael on from the yummy-dog-food dept.

SilentChris writes "Good article over at CNet regarding Microsoft's internal IT practices. Some intriguing statements from the CIO, from the obvious ('It's an easy choice for me--to run Microsoft technology. We don't run Unix. We don't run Linux. We don't run Oracle.') to the not-so-obvious ('Our users are the admins of their machines. They can load whatever software they want on their machines, but we do audit the network continuously.') I wonder how much time is spent combatting spyware?"

39 of 508 comments (clear)

  1. No wonder they're laggin behind... by Folmer · · Score: 4, Insightful

    I thought that it was normal corporate behaviour to look at their competitors. Long time ago there was a story here on /. where one of the lead devs of IE admitted that he ran firefox. But when this guy doesnt run *nix and oracle, how should he be able to compete with them?

    1. Re:No wonder they're laggin behind... by ERJ · · Score: 5, Insightful

      Eh, this is talking about their IT infrastructure. It would look pretty bad if it was based on unix servers and oracle databases.

      I'll bet you anything that they have unix servers and oracles databases for comparison purposes though.

    2. Re:No wonder they're laggin behind... by fitten · · Score: 5, Insightful

      Maybe because this is the company's internal IT practices, basically what they do to run their shop. He isn't talking about the product strategy groups who go off and do exactly what you are saying.

    3. Re:No wonder they're laggin behind... by sphealey · · Score: 4, Interesting

      A few years ago I read an interview with Novell's IT Director. She stated that she had NT, Unix, etc running on her network and when asked why replied that there were two reasons: because she deployed the best application for any purpose regardless of platform, and so that Novell employees would experience what their customers experience.

      I know which philosophy I as a customer prefer my vendors have.

      sPh

    4. Re:No wonder they're laggin behind... by tomhudson · · Score: 3, Interesting
      Funny how they (Microsoft) change their story as time goes on ...

      Remember this (the original link no longer works, but a copy of the relevant text was preserved) http://support.microsoft.com/support/kb/articles/Q 80/5/20.ASP

      http://www.elists.org/pipermail/lugga/2000-May/000 468.html
      - quoted below, describing Microsoft's process for making their master CDs using UNIX:

      -snip-

      Release Insertion Into Manufacturing Network

      The master is read into a UNIX-based disk duplication system. The system creates an exact disk image of the master, duplicating the format and data. A duplicated masters is created from the original read in image. This silver master is used by the Product Group in their review, before they sign-off. The silver master is not to be used in the Release to Manufacturing (RTM) process. The golden master, delivered by the product group to the release group, is the original image, and is released to manufacturing when the final approvals are received from the product groups.

      -snip-

      Duplication Process

      Disks are duplicated on a variety of industrial strength, quality focused systems. Most of these systems are UNIX-based. The UNIX-based duplication systems used in manufacturing are impervious to MS-DOS-based, Windows- based, and Macintosh-based viruses. The few MS-DOS-based and Windows-based standalone duplication systems do not allow MS-DOS-based operating systems to access the duplication system. Virus protection systems used by these MS-DOS-based and Windows-based duplication systems strictly govern the duplication process, even when they are not running.

    5. Re:No wonder they're laggin behind... by dingfelder · · Score: 4, Informative

      errr.. they do have unix boxes:

      Although MS has replaced some of hotmail from bsd to win2k, for other portions, win2k is just not powerful enough to replace the Solaris UNIX back-end.

      Quote:

      (from http://www.freebsd-corp-net-guide.com/rejrev/pref- 1.html)

      In the first section of the Preface, I cite the Microsoft-owned Hotmail service as an example of a major production facility that uses FreeBSD. Several reviewers pointed out that after Hotmail was purchased by Microsoft, they commenced a program to eliminate all usage of FreeBSD and replace it with Windows 2000, and that citing Yahoo as being entirely run on FreeBSD (which it is) would be a better cite.

      I rejected this purely for political reasons. Most people aren't aware of this, but Microsoft itself extensively used BSD UNIX for years for Internet serving through the Windows NT 3.51 days. This continued well into the Windows NT 4.0 days, although during that time the company began hard efforts to switch away from BSD UNIX to NT. This was not done because NT was technically superior but rather because Microsoft wanted to "eat their own dog food" as the industry line goes.

      The upshot of this is present even today. Microsoft uses Conexxion as their principal offsite FTP service to distribute upgrades of Microsoft Internet Explorer and other programs, purely for this reason. It is simply because NT 4.X and even Windows 2000 is not capable of serving such a large volume of files onto the public Internet. Other companies, such as Walnut Creek/BSDi and Sun, have no problems distributing just as large an amount of data because they use UNIX. Microsoft has mandated that this kind of file update only occur over NT/Win2K. As a result, it takes an entire plant stuffed to the gills with NT servers to accomplish the same thing that only a few UNIX servers are needed to do. After all, when the work is continually subdivided, eventually the limits of NT's abilities are reached. Because of having to involve so many NT servers, it turns what would be a simple task under UNIX into a giant task involving hundreds of people. In short, it cannot be done in-house anymore and must be turned over to an entirely separate company that specializes in distributing large quantities of files with Windows platforms. While every other major company that uses UNIX like Solaris or the FreeBSD operating system can distribute large numbers of files over the Internet without a lot of expense and effort, Microsoft--purely for marketing reasons--has to hamstring themselves and spend millions of unnecessary dollars. The fact that they admit this and were unable to redesign Hotmail into an Windows-only service deserves to be made obvious.

      The final word on the Hotmail affair is this: FreeBSD is used as the "front end" mail processing part of the service. Sun's Solaris is used as the "back end" mail processing part of the service. Only the FreeBSD front-end has been replaced with Windows. Microsoft still cannot get Windows 2K to be powerful enough to replace the Solaris UNIX back-end.

      end quote

      Additionally, in their own whitepaper about the bds portion being migrated to win2k, (references here - http://www.theregister.co.uk/2002/11/21/ms_paper_t outs_unix/) they themselves state all sorts of advantages of unix, such as kernel stability, processing ability and complexity of windows.

      a good read :)

    6. Re:No wonder they're laggin behind... by YU+Nicks+NE+Way · · Score: 3, Informative

      Except that statement is no longer true. The back end migrated to Win 2K about two years ago. All the FreeBSD servers are long gone.

  2. Longhorn? by kmmatthews · · Score: 5, Funny
    I wonder how much time is spent combatting spyware?

    Aha! So that's why longhorn is taking so many years to write..

    --
    feh. stuff.
    1. Re:Longhorn? by alw53 · · Score: 4, Funny

      At least their marketing department has figured out how dumb it is to name an OS for the year of its anticipated release.

    2. Re:Longhorn? by mallardtheduck · · Score: 3, Informative

      NTFS was first used in Windows NT 3.1... Its more like 10 years old...

  3. Misquoted by HungWeiLo · · Score: 5, Funny

    "We don't run Linux....we run GNU/Linux"

    --
    There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
  4. Comedy... by NecroPuppy · · Score: 5, Funny

    users are the admins of their machines.

    So even Microsoft has realized you can't do crap under a limited login in XP.

    --
    I like you, Stuart. You're not like everyone else, here, at Slashdot.
  5. Admins of their own machines by enkafan · · Score: 4, Informative

    If you follow blogs.msdn.com, you'll find that while many people are admins of their own machine, they rarely actually run as admin. I think all they are saying is that they don't take away the power of the user to be able to install their own hardware or software. But the vast majority of people working at MS seem to understand the risk involved as running as an admin at all time.

    1. Re:Admins of their own machines by LurkerXXX · · Score: 3, Interesting
      Apparently you can't read. He didn't say they were Administrator if their DOMAIN. He said they were the admin of their own machine. HUGE difference. Apparently you have no clue how MS domain/security works.

      And as far as for being an admin of your machine, it does not mean you are running as admin all the time. Locally most folks here have an admin username they can log into to install software on their machines when needed. They also have a regular normal username they use to log in as a normal user to do their work.

  6. No, that one is obvious too by PhysicsGenius · · Score: 5, Insightful
    Our users are the admins of their machines. They can load whatever software they want...

    That's the only way to run a network of computer-savvy users. Imagine a metalworking shop that wouldn't let the machinists adjust their own wrenches. You'd have to put a call-ticket in to "Tool Technology Support" and after a few hours (if you are lucky) or days (if you aren't) some kid comes over who doesn't know anything and tries to adjust your hammer.

    1. Re:No, that one is obvious too by Doctor+Crumb · · Score: 3, Insightful

      Most programmers are not sysadmins. A better analogy would be a metalworking shop that wouldn't let the truck driver adjust the wrenches. He may or may not be qualified to do it, but it's not his job.

      If you are one of those rare programmers with sysadmin skills, get a job as a sysadmin and you will quickly learn that most users should not be let anywhere near a computer, let alone given admin.

    2. Re:No, that one is obvious too by IceFox · · Score: 3, Insightful

      It all make sense!

      So this is why users in the real world need admin! Until internally they force their developers to only use user account there will always be problems. As a developer I can bet you that if I always have admin I will take the shortcut and not bother making sure it works 100% if I run it as a user that has no admin right. I always wondered why so many of their apps (MS Word needs write access to win32/ ???) require that you let them touch (not just read) files outside of your home directory. Know I know.

      Well I am happy. With this knowledge I know that Longhorn wont force users to only write to home directories like in Unix/Linux and virus's/bugs/spyware will continue to exists and they will only cause their Microsoft own downfall. This was the only feature that I figured would save Microsoft.

      -Benjamin Meyer

      --
      Do you changes clothes while making the "chee-chee-cha-cha-choh" transformation sound?
    3. Re:No, that one is obvious too by Stradivarius · · Score: 3, Insightful

      A closer analogy would be that the machinist has a better wrench out in his truck but isn't allowed to just bring it in the building and use it. First he must put in a call-ticket, then hope that the helpdesk is willing to send somebody out to his truck, carry the new wrench inside, and put it in his working area. Because "it's not the machinist's job" to do that stuff.

      The point is that centralizing common and simple tasks wastes everyone's time - the support guy and machinist alike.

      Helpdesk is probably understaffed, and almost certainly has (at least from their perspective) more important things to do. Meanwhile, the machinist is stuck with an inferior tool until he can work the bureaucracy to get the new wrench in.

      The company loses too because it's using inferior tools, simply because the guys who use them aren't empowered to change their work environment.

      And not only is it extraordinarily difficult to bring in new but known-to-be-better tools (sometimes even free ones!), but forget trying to experiment with a tool to find out if it's better. Try convincing an overworked support guy that you really need this application installed because you want to try it out. You'll see snowballs in hell before that tool gets installed. Not through any fault of the support guy - he's just being rational and allocating his limited time to higher priorities. But the system is clearly flawed.

      In contrast, if the developer could admin his own machine, he could install something, try it out, and if it's helpful other developers could start using it too.

      Now is it possible that the developer could accidentally install malware if he has admin? Sure. But that's why Microsoft monitors their network - they can catch and correct mistakes that happen. They no longer handicap the developers, and IT doesn't have to babysit on simple things like application installs. The company reaps the productivity awards accordingly.

      Car manufacturers and other corporations learned years ago that giving the person closest to the problem the power to solve it lets them avoid bottlenecks and reap massive productivity gains. Somehow, the conventional wisdom on IT management hasn't quite caught up yet with the rest of the management world.

  7. Software Audits? by EdwinBoyd · · Score: 5, Funny

    "Well Johnson, we found the latest build of Firefox on your machine and a copy of OpenOffice. Clear out your desk by noon"

  8. Nice Knee-Jerk by FortKnox · · Score: 4, Informative

    They can load whatever software they want on their machines, but we do audit the network continuously.') I wonder how much time is spent combatting spyware?

    I am a software consultant. The first thing I usually need when I go to a new client is to have local admin to run various coding tools (app servers, for example).
    Do those clients have spyware running rampant? No, because the people that have local admin aren't idiots. I'm sure MS spends time educating non-techies on what to d/l and what not to. Its not surprising nor do I necessarily think its a bad thing for people to have local admin on their machines.

    Of course, if this wasn't about MS, I'm sure no one would care... but some people simply need someway to stick it to MS....

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
  9. Don't run unix, eh? by TheGrayArea · · Score: 4, Interesting

    I guess that means they finally upgraded the phone system. Back when I worked there in Developer Suppport (98-03) the phone system for our incoming customer calls ran on a Unix system. To run the phone monitoring application and see the various queues you had to run an X-desktop emulator (Hummingbird I think) to run the monitoring app. I always thought that was funny at the time.
    We were allowed to pretty much install anything we wanted to. I had tons of command line tools, perl and other stuff installed along the way.
    Oh, and lots of guys had Linux boxes running at their desks along the way as well.

    --

    This space for rent.
  10. We don't run Unix. We don't run Linux. by Zocalo · · Score: 4, Insightful

    So, if "We don't run Unix. We don't run Linux.", then WTF did Microsoft feel the need to pay SCO all those millions of dollars for UNIX licenses? Unless, of course, the money actually came out of the "Marketing/FUD" budget instead the "Software Licenses" budget...

    --
    UNIX? They're not even circumcised! Savages!
    1. Re:We don't run Unix. We don't run Linux. by justins · · Score: 3, Informative

      http://www.microsoft.com/windows/sfu/

      Of course Interix or whoever MS bought the thing from probably paid the piper already, but knowing SCO's proclivity for lawsuits, I don't blame MS for doing it again.

      --
      Now before I get modded down, I be to remind whoever might read this that what I am saying is FACT. - bogaboga
  11. There's definite pockets of non-Microsoft use... by argent · · Score: 3, Informative

    If you read MSDN blogs you occasionally come across references to people using non-Microsoft software, including Firefox, Apache, and *nix. Hotmail uses UNIX tools running on Interix... which includes the "viral" GCC.

  12. Software company, not bozos by dazedNconfuzed · · Score: 5, Insightful
    ('Our users are the admins of their machines. They can load whatever software they want on their machines, but we do audit the network continuously.') I wonder how much time is spent combatting spyware?"


    Pardon me for standing up for them, but ... it's MICROSOFT. They have a lot of smart talented software engineers who are just as capable of administrating their own computers as those writing for /. - and whatever is missed, like some spyware, gets picked up by the continuous network audit.


    Peeves me off when the people writing the software are not trusted to administrate their own computer which they are writing software for (or some equivalent thereto). What's with this growing American sentiment that nobody should be trusted with tools, that only someone special should be (without noting the perversity that if nobody can be trusted, then nobody can be trusted)?

    --
    Can we get a "-1 Wrong" moderation option?
  13. No *nix? by anderiv · · Score: 4, Insightful

    We don't run Unix. We don't run Linux. We don't run Oracle. We're 100 percent Windows, SQL Server.

    That makes for a great testing environment for Windows Services for UNIX, huh?

  14. Best practices by RealProgrammer · · Score: 3, Insightful

    With every user at MS an Administrator of their own machine, it's no wonder that it's so hard to implement any other security model using Windows.

    I hope some of those users are smart enough to give themselves a luser account and run under it ... but wait, that doesn't work well in an enterprise using Active Directory, does it?

    Maybe they have an enforced policy of using anti-spyware and anti-virus software ... but Microsoft doesn't make any.

    Maybe they have extensive training classes with stock options going to those who don't spread viruses (sort of like those "accident free days" campaigns you see at some companies). But wait, no one wants their stock any more ...

    Oh well, they're Microsoft -- they must know what they're doing.

    --
    sigs, as if you care.
  15. They STILL use some UNIX systems..to Compile Win.. by TheCeltic · · Score: 3, Interesting

    Is it not true that they use Suns to compile windows itself? Because they need the huge multiprocessor power of a real computer (130+ cpu's)? What about (noso)hotmail? There are still BSD systems running there. I guess the article is only talking about workstations?

    --
    =-=-=-=-=-=-=-= - The Celtic - =-=-=-=-=-=-=-=
  16. A Sound Knee-Jerk Reaction by EXTomar · · Score: 4, Insightful

    The people often bitten the worst by Spyware/Malware are very smart, very computer savy people. The problem is they don't realize all of the tricks that they will use to get onto your system. Besides, it can't happen to them! Many times people will recognize they've been bitten right away by an accident misclick but by then its too late.

    So while people might not be idiots, most should never be trusted with elevated privilages. But Windows does give you an option (or they are very painful) so load up the maintaince costs with all sorts of software and network monitoring because MS refuses to learn lessons painfully realized 20 years ago.

    For the love of all that is good and holy, I wish MS would abandon certain technologies (Active X hosting in application frameworks), I wish MS would stop requiring user level tasks with elevated privilages, and I wish people would stop making excuses for MS. Reinstalling from a backup image is not the proper way to fix problems on a platform that is supposed to be "enterprise enabled".

  17. Re:From the article by Twanfox · · Score: 4, Insightful

    One big thing I heard comes from Oracle. Oracle (the company) runs Oracle (the database). It was a mandate put down from on high and seems to make at least a modest amount of sense.

    Think of it this way. The biggest way that you figure out that something should be tweaked is if you are the user of the system. Those admins that never use the systems that they deploy and work on have quite a big harder a time trying to understand just what the program is trying to do, and what to do about it when it fails. To add to that, they never come across bad quirks that noone mentions because they're just that, quirks. It doesn't cause the system to fail or halt or mangle any data, but it sure is annoying when it does it.

    To live and die by your own software is not a bad thing. It gives you not only the developer's perspective of design and impliment a solution, but also allows you to see whether or not what you made is actually useful. Don't read too much into this post, like I support Microsoft totally (they can be quite an ass of a company), but the mentality is sound and used in more companies than just Microsoft.

  18. Totally Incoherent Answers by warriorpostman · · Score: 5, Interesting
    Obligatory rant here...how do they know it's the best product if they never run anything non-microsoft.
    As a policy, I don't run anything that competes with Microsoft. My goal is to make sure Microsoft products are the best products in the world. It's an easy choice for me, in that sense--to run Microsoft technology. We don't run Unix. We don't run Linux. We don't run Oracle. We're 100 percent Windows, SQL Server.
    What does the following mean? Other than an incoherent repetition of the above.
    We do, in areas on the client, have an open-source client running--just for competitive analysis. As an IT organization, I have no skills and no ability and no purchasing of those products. We don't even run J2EE. Everything is .Net.
    This guy really earned his title as Chief Information Officer. When I read this interview I got flashbacks of video clips of Iraq's Minister of Information making all those bizarre claims about the invasion.
    1. Re:Totally Incoherent Answers by hunterx11 · · Score: 4, Funny

      The Linux boxes are not here. They are not anywhere. They are segfaulting in the parking lot as we speak. I must now inform you that you are too far from reality.

      --
      English is easier said than done.
    2. Re:Totally Incoherent Answers by Jester99 · · Score: 4, Insightful

      Obligatory rant here...how do they know it's the best product if they never run anything non-microsoft.

      The point is they're eating their own dogfood. They may not have the absolute best product in the world, but it does everything they need it to do. If the only way to get feature X is to install Oracle WhizBangPro 5.0, they refuse to do it: they just write that feature into their own software. And thus, their software has all the features they need.

      Given that the IT needs of Microsoft probably rival or surpass almost any other organization, I'd say that probably qualifies their products as at the very least among the best.

  19. Re:Hmm by Mundocani · · Score: 4, Interesting

    I'm a former MS developer/employee and we could install anything we wanted period. There were never any restrictions other than the stuff you'd expect such as no pirated software, etc. There were login scripts which ran every time you signed into corpnet and you were required to run anti-virus software (eTrust). Bridging to the public internet from corpnet was also prohibited for obvious reasons. Beyond that, it was a very trusting environment. Even WiFi was deployed many years ago on campus, something a friend at Oracle says they aren't allowed to have to this day.

    Neither our admin. assistants or QA people had any restrictions either, but I don't know about the receptionists. They sure seemed to play a lot of those boring built-in Windows games, so maybe they weren't allowed to install other software. I never asked them.

  20. How can you compare without use? by SuperKendall · · Score: 3, Insightful

    I'll bet you anything that they have unix servers and oracles databases for comparison purposes though.

    Probably they do, but how mcuh real comparison can you do without running production systems? It could be just a small piece, but to ignore what it's like to maintain other products in production is short-sighted, I would say.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  21. The problem is that many savvy users aren't by Sycraft-fu · · Score: 5, Insightful

    I work for an Electrical and Computer Engineering department. Now one would think that the Computer Engineers at least would be competent. Well, not so much actually. Most of them are... how to put this... MORONS when it comes to computers.

    We have a Internet Technologies Lab. This is the lab where they study networking and so on. These are the engineers taht study this, they have degrees in this. However they have the most piss poor understanding of network fundimentals and security I've ever seen. They get boxes hacked all the time, they continually have problems with simple things like getting their subnet set correctly, and if their switch goes down plugging it in is too complecated a concept.

    Just because somone works ina computer related field, doesn't mean they are good at the support end of computers. I'd like to think that programmers and engineers ought to know enough to avoid spyware and such, but I know from experience that's not the case. Just because they can write good code doesn't mean they are good system administrators.

  22. No shock by overshoot · · Score: 4, Funny

    Considering that "billg@microsoft.com" is hard-wired into quite a few tools for use with anonymous FTP ...

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  23. Re:WTF? CIO implies little talent here in USA? by Tet · · Score: 3, Insightful
    There are (supposedly) a gazillion out of work or underemployed computer scientists. The idea that they can't find what they want here in the states is just preposterous.

    A gazillion out of work and a gazillion that I'd want to employ are two very different things. I have a hard enough time recruiting for a department of 15, let alone trying to do it at the sort of scale he's talking about. The truth is that Sturgeon's Law holds just as well for IT staff as for anything else. In fact, if my experiences are anything to go by, he was being optimistic...

    --
    "The invisible and the non-existent look very much alike." -- Delos B. McKown
  24. I admin my own box by Pop69 · · Score: 3, Funny

    I'm an accountant for an insurance firm and I admin my own machine AND the dead rat mail/dns/webserver as well.

    That's because all our "technical" people only know how to admin Microsloth products. If a couple of reboots doesn't fix it they re-install from scratch.