Slashdot Mirror
Computer Makers Cater to Big Business, IT Depts.
Carl Bialik from the WSJ writes "By some estimates, twice as many computers are in the hands of individuals and very small organizations than are in the control of corporate IT departments, Walt Mossberg writes in the Wall Street Journal. Yet the computer industry caters too much to big businesses and their IT staff, Mossberg argues: 'The computer industry loves, and caters to, the IT segment because it buys machines in large quantities and is run by a geeky priesthood that speaks the industry language. By contrast, the non-IT camp, even though it is larger in the aggregate, buys one, two or three machines at a time and tends to be nontechnical. ... This focus on the corporate world can have real, and sometimes negative, consequences for consumers and small businesses. For example, some of the big security problems in Microsoft's software in recent years came because the company included features used only by corporate IT staffs in the products it sold to everyone. One was a communications feature, meant for network administrators, which sleazy operators misused to bombard people with ads. Why was that on my PC in the first place?'"
I take it by 'communication service' the article was on about the Messenger service. I agree with this completely, but the reverse is true too - I installed Windows Server 2003 on a new server at work last week and IE has all the usual MSN radio links built into the favourites. WTF? And why is the indexing service built into a consumer OS when nobody uses it?
I usually don't care for Microsoft bashing but they especially need to learn how to differentiate a consumer and corporate OS rather than through having different splash screens.
Home computer:
price: $1100
retail profit: $150
wholesale profit: $100
manufacturers profit: $50
cost: $800 (includes warehousign and shipping)
Office desktop:
price: $1100
retail profit: $0 (sold directly)
Wholesale profit: $0 (sold directly)
manufacturers profit: $300
cost: $800 (includes warehousign and shipping)
net result: The manufacterers care lessd about you.
"There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."
That the hardware and software vendors cater to IT departments because "they're geeks and they speak the industry language" is bullshit.
They cater to IT departments because the vast majority of them are run by total incompetents who have no idea what they're doing, and have no idea how to value hardware and software. I run a small business' IT department. Hell, I *am* the IT department. 40 some-odd servers, 20 or so desktops, 10 or so laptops. I do all the purchasing, and let me tell you, they sure as heck don't cater to *me*. They cater to the people who're willing to spend $80,000 on a crap piece of software which could be done by one of our dozen in-house coders (we're a software development shop) in a weekend. Or by me for maybe $2500 worth of time.
They cater to morons who think that "Fibre Channel" drives are better than SCSI, and so are willing to spend $3000 for a 150GB drive. They cater to people who think that there's something magical about SCSI, and so think that even if 10kRPM 300GB drives were available with SATA connectors instead of SCSI, the SCSI drives would still be worth $1500. (Here's a hint - the differences between Fibre Channel drives and SCSI drives is the connector. They may do some extra QA on FC drives, to up the MTBF, but this is what RAID is for.)
Vendors do NOT cater to IT departments because IT departments "know the language". They cater to IT departments because they tend to be massively over-funded for what they provide, and they're willing to piss away huge quantities of money.
That's the thing I hate most about the IT industry right now. Prices aren't set by competitive pressure between the vendors, they're set by twits not knowing that it's silly to pay $50,000 for some shared storage they don't need. Why should IBM sell me a 10kRPM 150GB SCSI drive for $500 when they can sell it to an idiot for $1500? (They'll sell them to me for $1000, and that's the lowest they'll go. I still think it's horribly overpriced.)
Barclay family motto:
Aut agere aut mori.
(Either action or death.)
Just a couple of comments...
Sometimes you can't allow a technology while still keeping things secure. In the example of IM, you could run an internal IM server on Jabber, or what not, and avoid many potential problems. If you want access to AIM/Yahoo/MSN/etc with the outside world, then you open up another avenue for compromise, and one that you can't secure. You might not lose an entire machine, but the user account is compromised, and any data they have access to. Once that compromise is on the network, it can move to try to compromise other hosts. This is a very severe problem, and you have to do what you can to avoid it.
Content filtering is another wonderful item. Sometimes you are required by law to filter, sometimes the order comes from upper management, seeking to reduce unproductive hours. A whole lot of users will play games and surf the web for hours a day. Management doesn't like that. Most of the time, the decision to filter content does not come from IT, but from above them.
It's the same story when users find out what kind of data you have to log (depending on what sector you're in). This could be anything from backups of all data, to what internet sites are being access, to emails, and the content of those emails, perhaps phone call logs, etc. In general, IT doesn't want to log this stuff, because doing that, and backing it all up, is a big hassle. Sometimes you just have to do it, though.
BTW, noticeably absent from this Mossberg column was the "Katherine Boehret" byline - she has done a lot of the heavy lifting for a while (older columns often said "contributed by") and glad to see that not that long ago, she moved up to the byline.
Hulk SMASH Celiac Disease
I think the difference here is that you are a sysadmin. Even if you don't run a Unix desktop, you likely keep up with the worms, viruses, and vulnerabilities on a daily basis; I know that one of the first things I do when I start in on a sysadmin gig is to sign up to every security mailing list related to the software that I administrate. You also likely know what trojans are, take care to not use insecure software, and also, use your computer for work during working hours, with occasional posts on Slashdot.
The 'average office user' is nowhere near as attentive to any of this; they don't get why it's a bad idea to install a screensaver they got in an email from someone they don't know, or why they shouldn't look at that 'funny picture' that some random person sent them over IM. The idea that they can cause millions of dollars in damage through their carelessness never enters their mind, because a computer is nowhere near as dangerous-looking as a forklift or scalpel.
Being a programmer doesn't make you immune, either; at my last job, one of the senior coders brought in a CD with some software from home, including a screensaver...yep, trojaned. Because he was senior, he had access to a lot of data, and it took us (the IS staff) about three full-time days to assess and deal with all the damage; I'm just happy it was a Unix shop, with tight security (we found the worm because it was banging against our firewall trying to phone home). If we had been an all-MS shop, there would have been a months' worth of damage control.
The way I usually handle this is that I provide a Jabber server for internal users to chat amongst each other, and limit outside IM access. If I can get them, I ask for computers in the employee breakrooms, lock those down tightly, and then allow both IM and unrestricted Web access so that people can chat with friends and check their personal mail on break. This has worked fairly well, both with management[1], and with the users[2]
[1] It's a 'no-cost' option that adds an employee 'perk' *and* increases system security.
[2] People want to do this at their desk, of course, but usually respond well to the argument of 'Well, it's either the kiosk, or we have to monitor and log all of your IM conversations...'.
--
I Hit the Karma Cap, and All I Got Was This Lousy
The rash of Microsoft security problems isn't because it was targeted at the corporate market, it is because it never had a security model to begin with
Not entirely true.
When they started developing applications with the vision that they will only ever be used in the context of a corporate intranet, they let things slip past them.
Example?
Outlook.
I have a CD of Office 97 which includes MS Outlook. This early release of Outlook has NO support for POP or IMAP. None at all; it was intended for use on an MS-based corporate intranet using Exchange server.
The Outlook application was designed from the ground up to be open to whatever scripted content came its way since, *obviously* (so far as the developers were concerned) if an email arrives containing scripting, its intended to be run without bothering the reader (it probably contains some important piece of information overload from your pointy-haired boss).
And there starts the opening for email viruses and trojans.
Later on, MS released updates and enhancements for this version of Outlook allowing it to use POP and IMAP mail services. And hence opened the old pandoras box since now people use Outlook to read email that comes at them from who knows where, and *still* accepts whatever scripted content comes your way.
True, MS have adapted Outlook over the years, but thats where it came from and thats the reason that so many MS applications are such filthy crack-whores. They may have started life as corporate geishas but now they are on the street, as it were.
In the free world the media isn't government run; the government is media run.
Around 1994, corporate management sat down, looked at the cost, and outsourced the whole kit-and-kaboodle. I went back to the engineering department; it was sad to get calls from my coworkers begging me to come over and fix something for them. No can do - it isn't my job anymore, and I am back on the timesheet myself.
Now, you can say corporate management was right or wrong to do that. I would say, probably wrong in that case (in the end the oursourcers cost them more than we did, for substantially worse service). But the plain fact is no organization with a budget can afford the amount and particularly quality of computer support that end users demand.
Now that I manage business software systems, I get requests all the time for deskside tutoring. The associates and 1st line managers want a person to go to each desk, and sit with each person for individual tutoring. The tutor should have a deep understanding of all the organization's business processes, a complete knowledge of the software, a detailed knowledge of the tutee's tasks and responsibilities, and be a first-class teacher, trainer, procedure writer (did I mention the super-guy should write all the procedures?), and of course a report writer able to use the vulcan mind-meld to extract business requirements from peoples' minds. And he needs to be able to fix any PC hardware problems that might come up, and get rid of that annoying virus that the associate installed while surfing at lunchtime.
Now, a few such people exist. They typically work for consulting firms, charge $250/hr, and burn out on the whole tutoring thing after 18 months. But I am supposed to have a force of these supermen who will arrive at a deskside at a moment's notice at zero cost to the business unit? And oh yeah, my own budget is cut 20% this year.
Riiiight. Methinks this just might be the "we need someone to blame syndrome".
sPh
The needs and requirements of the IT industry are very different from the home and small mom and pop shops. For example big IT has a requirement for zero downtime, 24x7x365. They need to be able to run apps that are decades old, not because no one is around to reprogram them, but because they continue to work. They cannot simply have an application "stop working" because of a small system upgrade. Nor can they have applications just crash just because someother application was installed and messed up a library, etc.
To use an analogy, there are millions of cars on the road, used by everyday ordinary people, however there is a different audience which requires heavy duty trucks, and no, I'm not talking about the SUV's, but dump trucks, logging trucks, etc. There is overlap, and one will find common features, however, there are features that an ordinary person would not want or need. Same as there are features found in a small car that say a mining company would not want or need in a dump truck.
The real "problem" is when people try to cater to both audiences with a single product. While I don't mind having certain comfort features in my car, having something like cruise control in a logging truck might not really be a great idea, on the flip side, having airbrakes on a heavy truck does make sense, I wouldn't see it on a car.
The same should be true for certain types of software. The needs of an IT shop are different from the needs from a home user. An IT shop does have it's geeky crew of people who maintain it, same as a large industry probably has their own group of mechanics who repair and keep the fleet working. And yes, comming from a long IT background, some of the features found in small systems are not really wanted or desirable in an IT environment. On the flip side, as a home user, I would expect a certain amount of "just plug it in and let it go" type of a system and set of applications.