I'm glad that's working well for you. Why don't you mention the name of the company that treats its customers well? I'm sure they won't mind a positive free plug. Nobody is shy to name the people who screw them, but the reason a lot of people get screwed is that it's hard to find the companies that people should want to buy from. It leaves the impression that pretty much everyone sucks. I like to think that I'm an optimist and that only 90% of people are worthless sacks of crap. Finding the other 10% can be challenging in some industries.
The majority of companies out there will do the exact opposite. For example, taking the card out and trying it in a different computer could be cited as unauthorized service that may have caused the problem. There are situations where they still have to replace something and lose money on a single customer, but if they get 10 people to go away or pay out of pocket for their problems for everyone who gets something fixed, they have a profitable business model. That attitude seems to be far more common and the experience the vast majority of people have.
How's that working out for you? Most of the support contracts that stores offer are pretty much worthless. Have you tried taking something back a few times and see how good their customer service really is? They wouldn't offer the support if they expected you to use it. Anyone can sound good in a sales pitch, but how they act after they have your money is the real metric worth noting.
Those are large organization problems. They have nothing at all to do with programming. Any group who is expected to perform the miracles promised by the marketing people react the same way. These traits exist because large organizations can afford failure.
Small companies go out of business if they try to pull this crap.
Programming, IT, computer science, etc are all about solving problems using computers. The reason people in these fields are so unhappy is that the majority of business operations are about creating problems and selling a product to address those problems.
Everyone can survive on their own. Just because we moved away from self sufficient communities and countries to a global marketplace doesn't mean there are countries that wouldn't survive. Everyone would survive the best they can, even if they had to lose some percentage of the population to make it viable.
The owners of these projects should make a deal with Microsoft to give them 30% of the revenue from the open source code in return for licensing the patents. 30% of 0 is still 0.
If you think the current crop is bad, wait until you get the kids that came from the current crop being the next one. The current thinking is that self esteem is more important than realistic self evaluation of one's capabilities. That leads to people doing things like this instead of realizing that they are not experts in how to deal with dangerous situations. The local police aren't necessarily experts either, but chances are that they would be happy to help the school and certainly are more likely to have a better thought out training plan.
You're right about how drills are supposed to work. This was anti-training. Instead of teaching people how to think about situations and how to react and testing the results, they chose to see how people react under stress. Kids react the way they are taught, and this does nothing positive to reinforce positive reactions. If anything, it taught these kids that their teachers should not be trusted and will like to them for amusement.
Doing a drill where students are taught what to do and try to react in a controlled environment might be reasonable. Whether or not the underlying idea has merit, training has to be right to have value. Executing a drill for the purpose of finding out how kids will respond is just sick amusement.
Telling the kids that it wasn't a drill and they had to fear for their lives was counter productive at best. The teachers and administration that were involved in this should all be locked up. The purpose of this act was to terrorize the children. At a minimum, each person involved should be charged with one count of child abuse for each child affected by this incredibly retarded action. The closest any of them should be to a child for the rest of their lives is asking "do you want fries with that?"
The real moral is that if you want to be a valuable geek, you have to learn enough people skills to make sure other people know. I've got a couple of decades of professional experience under my belt and am an expert in several areas, but the most valuable experience I've had professionally comes from working in a large company with a good number of untrained monkeys.
There are a lot of people who can't tell the difference between a seasoned professional and someone who would have bought a computers for dummies book if they were literate. Some of these people will be promoted into management to keep them out of the way of people doing the work. Being able to interact with people on their level is an incredibly valuable skill. It's nice to work with intelligent people who know what you do, but not everyone gets that kind of dream job. Basic communication skills are important, even if you feel like a retard when you're doing what is expected. If you don't feel like a retard, you're probably not going to effectively communicate with the business people. =)
For example, I'll send out emails to users, managers and the VP to let them know that a disk on the EMC failed, switchover to one of the hot spares occurred without incident, the failed disk was replaced and transitioned back into the array without issues and with no more than negligible performance degradation to the systems and users. No data was lost and we're back up and running. This happens once or twice a year.
If you know anything about EMC arrays, storage systems in general, or how to get your VCR to stop blinking 12:00, you probably realize that I didn't really have to do anything other than be aware that something happened and let the field service technician do his job. I've spent my whole career learning about technology so I am perfectly capable of doing all of the maintenance myself, but in this kind of case, I just need to let someone else do their job. This is not exactly rocket science here. However, people who don't get the technology see something like this and think "Huh, I guess something broke and now it's fixed and everything's good. Good thing he knows what to do because I wouldn't even know who to call or what to say to them." Most of the people whose opinions matter have no idea what you do.
There are a lot of arsonist-firefighter types in IT. You can be just as valuable as them without losing any shred of decency as a human being. Just let people you help know to let your boss, your boss's boss, their boss, and anyone else they know how incredibly helpful you were. Chances are that they asked for your help because they needed you to do 10 minutes of work so they could avoid trying to spend weeks trying to figure it out themselves and making it much worse before it got to you. Most people will be willing to spend 60 seconds to send a quick email to help you out.
Sure they would benefit, but who's going to train them to post "Wanted: Brains" on craigslist? Just like business people, zombies see IT people and want to chew them up and spit them out. That natural reflex prevents them from getting the support needed to establish a viable IT infrastructure that would pay them back tenfold down the road.
I have no animosity towards the television. In fact, I think it serves its role superbly. I even partake in the zombie box every now and then, though I prefer more interactive and stimulating entertainment.
The zombie box keeps all of these zombies at home every night where they should be. The last thing we need is a bunch of zombies roaming the streets because there's no television. The documentaries on zombie invasions clearly teach us that you have to shoot them in the head to make them stay down. With the rising costs of ammunition, we'd be in for a major recession if we didn't have television to keep these zombies safely at home.
Computers are great for a lot of people, but there's just no way to get the kind of market penetration that television has without more effectively catering to the zombie population.
Banks, like all other companies, are filled with large numbers of people who do things that are totally useless. For example, a marketing organization doing their own IT isn't going to lose customers' money. The worst thing that could happen here is that we would fail to produce lists of prospective new customers who need to be sent junk mail or be hounded by telemarketers. Personally, I think those kinds of catastrophic system failures would be a net benefit to the human race, but I'm biased against marketing slime. =)
CYA memos are what everyone suggests, but they seem like a tactic for those who have already chosen to fail. Is the idea that you could pull them out in court and hope some jury believes them? They sure wouldn't have any bearing on finding a new job. All they say to a prospective employer is that you CYA first and serve the company second. Realistically, what can you do with CYA memos? Go above your management and say "see, I tried to CYA, please don't fire me"? That might work if you happen to work in a company where the corruption doesn't go all the way to the top. How many CEO's do you think got in their position without having some degree of moral flexibility?
Perhaps I'm a pessimist and there are more honest people with a strong sense of integrity in senior management in most companies than all of my experience would suggest. However, I think a better bet would be to have dozens of witnesses to the numerous times I've warned our Director, VP and SVP of the extremely high risks we're taking. I'm confident that our SVP is savvy enough to lie under oath and sound credible. Our director would tell the same story, but doesn't seem very credible even when telling the truth. The administrative assistants, project managers, developers and many others who have come and gone are probably less inclined to face severe consequences for perjury if they were asked to testify if they were aware of my numerous cautions against these blatant violations of company policy.
Sure, I could be the scapegoat someday, but isn't that true of everyone? One thing I can be sure of is that this organization would not want to have me testify in open court about how they work. =)
The solution is so painfully obvious that no one will ever implement it.
Business people need to look at more than one little line item on a budget. There are a lot of jobs that pay $50-80k for a sysadmin. The vast majority of day to day things can be done by one of these people. When they get stumped on legacy stuff or something really weird, they end up spending a lot of time spinning their wheels and have a hard time getting the problem solved.
The other option is to hire the $150k sysadmin who has tons of experience and makes the hard problems look easy. These are the kinds of people who you can give 3 months to solve a problem, or you can hire a team of 5 people to work for 20 years on the same problem. If you put it in that perspective, the money is well spent.
Smart business people look at numbers and know that $150k is more than $50k, and also know that if they yell loud enough about the $100k they saved, some of it will end up in their bonus.
The thing that seems obvious to me is that you hire a bunch of the cheaper people who can do all of the normal day to day stuff, and you also hire a guru who gets all of the impossible tasks. The less experienced guys learn from the guru and the guru doesn't spend 99% of his time doing tasks that would be better suited to a college student or a shell script.
Of course, companies don't like this idea because HR people don't want to believe that one person can be worth several times as much as another person who is referred to with the same type of job title. In HR there are no gurus, so the concept is completely foreign. After all, if someone was inclined to be a guru in any field, how would they end up in HR? =)
I strongly agree with everything you're saying. One of the 20 unofficial roles I have at a large bank is Unix System Administrator. I really only spend ~100 hours/year doing system administration, and that's only to deal with something breaking. We have enough work for a full time sysadmin, but we have management who aim to consistently do less than the minimum. I believe the fundamental problem of system administration in any business environment is that you never see the benefit of good results. You only see costs of failures and people running around putting out fires all of the time. A good system administrator tends to work himself out of a justification for a job because there's no compelling business reason to keep employing someone expensive whose benefits to the organization are invisible. Coming in on the weekend to replace hardware, fixing things that break before people notice they are down and recovering files for people who will never admit that they deleted something important are all common sysadmin tasks that are rarely acknowledged.
Micromanagement and imaginary, perceived cost savings create unsustainable environments. Here in a non-technology group of a large bank, we've got a handful of Sun servers attached to an EMC. There are numerous persistent memory errors on the Sun's that could be fixed with a service call and a small scheduled downtime. Well, in a normal environment that is all it takes. However, we don't currently have a maintenance contract. We did have a service contract years ago when the problems started, but maintaining systems is an anti-goal for management - apparently there is no profit in keeping things running. The EMC has been performing well, with the occaisional disk failure that is completely invisible thanks to RAID and automatic call home to get a replacement disk sent out. That's been our key saving grace since we don't backup anything(including production servers).
Unfortunately, this kind of short sighted, unprofessional approach to IT is common in business driven organizations. When everything comes crashing down, as it always will given sufficient time, someone will look at what happened and try to prevent it from happening again. This is the kind of sabatage through mismanagement that leads to the creation of company policies that make it hard for anyone to do their job. Our company has policies that require that system, network, security and database administrators all be separate people. The developers have to be separate as well and can't have access to production systems. There's some very good reasons for all of these policies, but business people can't resist the temptation of hiring one person to do all of these jobs. After all, who better to get things working and fix problems than a developer with root access to everything. It sure cuts down on time wasted in getting authorizations and having meetings.
Television is easy. You turn it on, maybe select a channel, and you can sit there for hours. You can change the channel if you really care about what you're watching, but it's also ok to select one channel and leave it on forever. Television doesn't care if you walk away or lay down. It will dutifully drone on in case you happen to be there. Broadcasters are even nice enough to increase the volume on the commercials to make sure that you get exposed to advertising, even if you're in the kitchen cooking dinner.
It's much harder to use a computer the same way. It's a much more interactive experience. Not only do you have to have some basic knowledge of how they work, you have to click on stuff or something. Take poor people in third world countries as an example - how long would it take to teach them to use a computer well enough to keep themselves entertained? Compare that with the level of training needed to use a television.
In both cases, the vast majority of users utilize the technology for entertainment. There are a lot of educational uses available for both technologies, but most users have no interest in that. Mindless entertainment is TV. Interactive entertainment is games/web browsing.
Not everyone wants interactive entertainment. There are a lot of people who get up, go to work, perform some dull, repetetive task, come home and want to continue their zombie lifestyle with a few beers and some background noise/visual stimulation. There's no way for interactive media like computers to compete with television in the zombie market segment.
If it's a local company that can't operate after a local disaster, that attitude is fine. However, there are a fair number of companies who can't completely stop their business due to a problem at one location. In fact, it's probably safe to say that without a way to get back up and running without that location, many companies may not have the cash flow to get that site back up and running ever, which means you're going to need a new job anyway.
Oddly enough, those of us who give a damn about whether or not the systems we administer are working tend to get paid enough to continue to give a damn. A solid disaster recovery plan actually puts everyone in a better position to attend to their family needs without neglecting their work duties.
These are good examples of where this works. All of those projects are more than high profile - they directly contribute to the ability of companies to make money. The companies who are on the trailing edge of technology can save money by leeching off of free software. However, there aren't a lot of companies with a business plan of "do what everyone else was doing 10 years ago, but do it poorly with untrained staff".
The companies that invest in these projects are doing it to help themselves. They get the features they want implemented when they want and how they want. The more fingers they have in the pie, the more they can drive the future direction of the project. And by sharing something that they're doing for their own use, they get good PR from being a contributing member of the open source community.
I think having people paid to work on these projects by the companies that use them makes perfect sense. The projects that no one cares about don't get paid because they're irrelevant. Likewise, someone who only contributes a little isn't likely to be hired for one of these jobs, and certainly won't keep it long if they just spend their time goofing off.
Our project manager is drawing up a risk memo about the backup and system maintenance problems. I seriously doubt anyone will acknowledge, let alone sign it. I don't think being in any way associated with worst-IT-practices-EVER is something anyone would put on a resume.
However, there are dozens of people who are aware of the problem and have been in on discussions with our VP and SVP when the risks were discussed. Our technologies group always references the SarbOx boogeyman as the reason to be afraid of everything, but our management considers malicious noncompliance to be some sort of sport. As a contractor, I don't think there's much they could do to me in a civil or criminal liability sense. And it's not like they would want to chance me having to testify in open court about all of the things that I know. =)
"Why waste time and money arguing for things like backups or disaster recovery plans when your personal disaster recovery plan can be to drive across town and get a job with a company that didn't have a disaster."
This is not only a Dilbertism, but it's the sad/funny/haha-only-serious official backup/disaster recovery plan at work. We've gone for more than 3 years without backups and management is giddy with all of the perceived cost savings. It's amazing how many hardware failures you can pretend didn't happen if you have a good disk array for all of your primary storage. Fortunately, we're only the marketing organization for a major bank, not something that would be missed if all of the data and people vanished one day.
And the way it will be for the next 100. Haven't you noticed that the people saying it is only 20 years out are in fields that need a lot of funding and don't produce results? Hint: in 20 years, they'll be retired.
I'm sure there is no way to implement your idea into law, but I do like the idea of being inversely proportional to the protection provided. Companies don't spend money on making the data or systems secure because it's simply not cost effective. Putting some senior management in jail and finding the company for this kind of carelessness would be nice, but there's just no way it would work.
The best a law can do is create a new market for people claiming to sell solutions. If a company goes with a system backed by another large company with a lot of clients, they can say they were diligent. There is really no good way to determine who is going through the motions, who is genuinely trying (but still sucks) and who is doing a good job, except through failure. And if two companies lose your data and someone commits fraud, both have plausible deniability for the damage caused.
If you ever end up in court, do you want to be tried by a jury of people too dumb to get out of jury duty? Read up on jury nullification. Without people knowledgeable and willing to perform jury duty, you end up with a crowd of people who votes the way the court directs them to vote.
In many cases, like the type you cite, it's pretty simple. But you don't get to throw a monkey wrench into the types of cases you care about if you're not willing to serve on any jury.
Good has to be diligent and honest to be good. You can argue shades of gray, but that's just another way of saying degrees of evil.
When you decide to be a vigilante group and dish out your style of justice for others' perceived sins, you are at best what Machiavelli describes astutely as "other than good."
I'm a sysadmin, so if I were a juror and your "other than good" tactics landed you in court, I would not in good conscience be able to vote to convict you for trying to do something about these idiots. However, you should realize that good faith is not inherently good, and frequently creates the good intentions with which the road to hell is paved. If you're willing to live with possible consequences for your "other than good" tactics, I'm willing to look the other way. After all, the net harm would have to be less than the botnets are causing now.
Because good has to be much more diligent, and that is orders of magnitude harder.
When you're working for evil, you don't have to worry about collateral damage. If you cause one system out of 100 to stop working completely, or just have some incompatibility that makes it less useful to the user, you don't care. If they didn't want to be infected, they'd have better security. Propagating evil viruses, trojans and worms is easy because you can be careless and expect the rest of the world to reboot if you have a bug.
This is also why large organizations have people to test that patches don't break the necessary functionality in their supported applications. If something breaks, they have to support it, so they make sure it's not going to come back to bite them. This takes a fair amount of time, people, and all of the supported configurations to ensure that things are safe. It's a real pain in the neck (or other body part) to do a good job at this.
The most secure machine is one that is turned off, unplugged and locked in a room that has an armed security guard with standing orders to shoot everyone. That's not the computer usage model that any of the companies listed want to encourage. They want the user to be insecure to different degrees.
Slashdot Mirror
I'm glad that's working well for you. Why don't you mention the name of the company that treats its customers well? I'm sure they won't mind a positive free plug. Nobody is shy to name the people who screw them, but the reason a lot of people get screwed is that it's hard to find the companies that people should want to buy from. It leaves the impression that pretty much everyone sucks. I like to think that I'm an optimist and that only 90% of people are worthless sacks of crap. Finding the other 10% can be challenging in some industries.
The majority of companies out there will do the exact opposite. For example, taking the card out and trying it in a different computer could be cited as unauthorized service that may have caused the problem. There are situations where they still have to replace something and lose money on a single customer, but if they get 10 people to go away or pay out of pocket for their problems for everyone who gets something fixed, they have a profitable business model. That attitude seems to be far more common and the experience the vast majority of people have.
How's that working out for you? Most of the support contracts that stores offer are pretty much worthless. Have you tried taking something back a few times and see how good their customer service really is? They wouldn't offer the support if they expected you to use it. Anyone can sound good in a sales pitch, but how they act after they have your money is the real metric worth noting.
Those are large organization problems. They have nothing at all to do with programming. Any group who is expected to perform the miracles promised by the marketing people react the same way. These traits exist because large organizations can afford failure.
Small companies go out of business if they try to pull this crap.
Programming, IT, computer science, etc are all about solving problems using computers. The reason people in these fields are so unhappy is that the majority of business operations are about creating problems and selling a product to address those problems.
Everyone can survive on their own. Just because we moved away from self sufficient communities and countries to a global marketplace doesn't mean there are countries that wouldn't survive. Everyone would survive the best they can, even if they had to lose some percentage of the population to make it viable.
The owners of these projects should make a deal with Microsoft to give them 30% of the revenue from the open source code in return for licensing the patents. 30% of 0 is still 0.
If you think the current crop is bad, wait until you get the kids that came from the current crop being the next one. The current thinking is that self esteem is more important than realistic self evaluation of one's capabilities. That leads to people doing things like this instead of realizing that they are not experts in how to deal with dangerous situations. The local police aren't necessarily experts either, but chances are that they would be happy to help the school and certainly are more likely to have a better thought out training plan.
You're right about how drills are supposed to work. This was anti-training. Instead of teaching people how to think about situations and how to react and testing the results, they chose to see how people react under stress. Kids react the way they are taught, and this does nothing positive to reinforce positive reactions. If anything, it taught these kids that their teachers should not be trusted and will like to them for amusement.
Doing a drill where students are taught what to do and try to react in a controlled environment might be reasonable. Whether or not the underlying idea has merit, training has to be right to have value. Executing a drill for the purpose of finding out how kids will respond is just sick amusement.
Telling the kids that it wasn't a drill and they had to fear for their lives was counter productive at best. The teachers and administration that were involved in this should all be locked up. The purpose of this act was to terrorize the children. At a minimum, each person involved should be charged with one count of child abuse for each child affected by this incredibly retarded action. The closest any of them should be to a child for the rest of their lives is asking "do you want fries with that?"
The real moral is that if you want to be a valuable geek, you have to learn enough people skills to make sure other people know. I've got a couple of decades of professional experience under my belt and am an expert in several areas, but the most valuable experience I've had professionally comes from working in a large company with a good number of untrained monkeys.
There are a lot of people who can't tell the difference between a seasoned professional and someone who would have bought a computers for dummies book if they were literate. Some of these people will be promoted into management to keep them out of the way of people doing the work. Being able to interact with people on their level is an incredibly valuable skill. It's nice to work with intelligent people who know what you do, but not everyone gets that kind of dream job. Basic communication skills are important, even if you feel like a retard when you're doing what is expected. If you don't feel like a retard, you're probably not going to effectively communicate with the business people. =)
For example, I'll send out emails to users, managers and the VP to let them know that a disk on the EMC failed, switchover to one of the hot spares occurred without incident, the failed disk was replaced and transitioned back into the array without issues and with no more than negligible performance degradation to the systems and users. No data was lost and we're back up and running. This happens once or twice a year.
If you know anything about EMC arrays, storage systems in general, or how to get your VCR to stop blinking 12:00, you probably realize that I didn't really have to do anything other than be aware that something happened and let the field service technician do his job. I've spent my whole career learning about technology so I am perfectly capable of doing all of the maintenance myself, but in this kind of case, I just need to let someone else do their job. This is not exactly rocket science here. However, people who don't get the technology see something like this and think "Huh, I guess something broke and now it's fixed and everything's good. Good thing he knows what to do because I wouldn't even know who to call or what to say to them." Most of the people whose opinions matter have no idea what you do.
There are a lot of arsonist-firefighter types in IT. You can be just as valuable as them without losing any shred of decency as a human being. Just let people you help know to let your boss, your boss's boss, their boss, and anyone else they know how incredibly helpful you were. Chances are that they asked for your help because they needed you to do 10 minutes of work so they could avoid trying to spend weeks trying to figure it out themselves and making it much worse before it got to you. Most people will be willing to spend 60 seconds to send a quick email to help you out.
Sure they would benefit, but who's going to train them to post "Wanted: Brains" on craigslist? Just like business people, zombies see IT people and want to chew them up and spit them out. That natural reflex prevents them from getting the support needed to establish a viable IT infrastructure that would pay them back tenfold down the road.
I have no animosity towards the television. In fact, I think it serves its role superbly. I even partake in the zombie box every now and then, though I prefer more interactive and stimulating entertainment.
The zombie box keeps all of these zombies at home every night where they should be. The last thing we need is a bunch of zombies roaming the streets because there's no television. The documentaries on zombie invasions clearly teach us that you have to shoot them in the head to make them stay down. With the rising costs of ammunition, we'd be in for a major recession if we didn't have television to keep these zombies safely at home.
Computers are great for a lot of people, but there's just no way to get the kind of market penetration that television has without more effectively catering to the zombie population.
Banks, like all other companies, are filled with large numbers of people who do things that are totally useless. For example, a marketing organization doing their own IT isn't going to lose customers' money. The worst thing that could happen here is that we would fail to produce lists of prospective new customers who need to be sent junk mail or be hounded by telemarketers. Personally, I think those kinds of catastrophic system failures would be a net benefit to the human race, but I'm biased against marketing slime. =)
CYA memos are what everyone suggests, but they seem like a tactic for those who have already chosen to fail. Is the idea that you could pull them out in court and hope some jury believes them? They sure wouldn't have any bearing on finding a new job. All they say to a prospective employer is that you CYA first and serve the company second. Realistically, what can you do with CYA memos? Go above your management and say "see, I tried to CYA, please don't fire me"? That might work if you happen to work in a company where the corruption doesn't go all the way to the top. How many CEO's do you think got in their position without having some degree of moral flexibility?
Perhaps I'm a pessimist and there are more honest people with a strong sense of integrity in senior management in most companies than all of my experience would suggest. However, I think a better bet would be to have dozens of witnesses to the numerous times I've warned our Director, VP and SVP of the extremely high risks we're taking. I'm confident that our SVP is savvy enough to lie under oath and sound credible. Our director would tell the same story, but doesn't seem very credible even when telling the truth. The administrative assistants, project managers, developers and many others who have come and gone are probably less inclined to face severe consequences for perjury if they were asked to testify if they were aware of my numerous cautions against these blatant violations of company policy.
Sure, I could be the scapegoat someday, but isn't that true of everyone? One thing I can be sure of is that this organization would not want to have me testify in open court about how they work. =)
The solution is so painfully obvious that no one will ever implement it.
Business people need to look at more than one little line item on a budget. There are a lot of jobs that pay $50-80k for a sysadmin. The vast majority of day to day things can be done by one of these people. When they get stumped on legacy stuff or something really weird, they end up spending a lot of time spinning their wheels and have a hard time getting the problem solved.
The other option is to hire the $150k sysadmin who has tons of experience and makes the hard problems look easy. These are the kinds of people who you can give 3 months to solve a problem, or you can hire a team of 5 people to work for 20 years on the same problem. If you put it in that perspective, the money is well spent.
Smart business people look at numbers and know that $150k is more than $50k, and also know that if they yell loud enough about the $100k they saved, some of it will end up in their bonus.
The thing that seems obvious to me is that you hire a bunch of the cheaper people who can do all of the normal day to day stuff, and you also hire a guru who gets all of the impossible tasks. The less experienced guys learn from the guru and the guru doesn't spend 99% of his time doing tasks that would be better suited to a college student or a shell script.
Of course, companies don't like this idea because HR people don't want to believe that one person can be worth several times as much as another person who is referred to with the same type of job title. In HR there are no gurus, so the concept is completely foreign. After all, if someone was inclined to be a guru in any field, how would they end up in HR? =)
I strongly agree with everything you're saying. One of the 20 unofficial roles I have at a large bank is Unix System Administrator. I really only spend ~100 hours/year doing system administration, and that's only to deal with something breaking. We have enough work for a full time sysadmin, but we have management who aim to consistently do less than the minimum. I believe the fundamental problem of system administration in any business environment is that you never see the benefit of good results. You only see costs of failures and people running around putting out fires all of the time. A good system administrator tends to work himself out of a justification for a job because there's no compelling business reason to keep employing someone expensive whose benefits to the organization are invisible. Coming in on the weekend to replace hardware, fixing things that break before people notice they are down and recovering files for people who will never admit that they deleted something important are all common sysadmin tasks that are rarely acknowledged.
Micromanagement and imaginary, perceived cost savings create unsustainable environments. Here in a non-technology group of a large bank, we've got a handful of Sun servers attached to an EMC. There are numerous persistent memory errors on the Sun's that could be fixed with a service call and a small scheduled downtime. Well, in a normal environment that is all it takes. However, we don't currently have a maintenance contract. We did have a service contract years ago when the problems started, but maintaining systems is an anti-goal for management - apparently there is no profit in keeping things running. The EMC has been performing well, with the occaisional disk failure that is completely invisible thanks to RAID and automatic call home to get a replacement disk sent out. That's been our key saving grace since we don't backup anything(including production servers).
Unfortunately, this kind of short sighted, unprofessional approach to IT is common in business driven organizations. When everything comes crashing down, as it always will given sufficient time, someone will look at what happened and try to prevent it from happening again. This is the kind of sabatage through mismanagement that leads to the creation of company policies that make it hard for anyone to do their job. Our company has policies that require that system, network, security and database administrators all be separate people. The developers have to be separate as well and can't have access to production systems. There's some very good reasons for all of these policies, but business people can't resist the temptation of hiring one person to do all of these jobs. After all, who better to get things working and fix problems than a developer with root access to everything. It sure cuts down on time wasted in getting authorizations and having meetings.
Television is easy. You turn it on, maybe select a channel, and you can sit there for hours. You can change the channel if you really care about what you're watching, but it's also ok to select one channel and leave it on forever. Television doesn't care if you walk away or lay down. It will dutifully drone on in case you happen to be there. Broadcasters are even nice enough to increase the volume on the commercials to make sure that you get exposed to advertising, even if you're in the kitchen cooking dinner.
It's much harder to use a computer the same way. It's a much more interactive experience. Not only do you have to have some basic knowledge of how they work, you have to click on stuff or something. Take poor people in third world countries as an example - how long would it take to teach them to use a computer well enough to keep themselves entertained? Compare that with the level of training needed to use a television.
In both cases, the vast majority of users utilize the technology for entertainment. There are a lot of educational uses available for both technologies, but most users have no interest in that. Mindless entertainment is TV. Interactive entertainment is games/web browsing.
Not everyone wants interactive entertainment. There are a lot of people who get up, go to work, perform some dull, repetetive task, come home and want to continue their zombie lifestyle with a few beers and some background noise/visual stimulation. There's no way for interactive media like computers to compete with television in the zombie market segment.
If it's a local company that can't operate after a local disaster, that attitude is fine. However, there are a fair number of companies who can't completely stop their business due to a problem at one location. In fact, it's probably safe to say that without a way to get back up and running without that location, many companies may not have the cash flow to get that site back up and running ever, which means you're going to need a new job anyway.
Oddly enough, those of us who give a damn about whether or not the systems we administer are working tend to get paid enough to continue to give a damn. A solid disaster recovery plan actually puts everyone in a better position to attend to their family needs without neglecting their work duties.
These are good examples of where this works. All of those projects are more than high profile - they directly contribute to the ability of companies to make money. The companies who are on the trailing edge of technology can save money by leeching off of free software. However, there aren't a lot of companies with a business plan of "do what everyone else was doing 10 years ago, but do it poorly with untrained staff".
The companies that invest in these projects are doing it to help themselves. They get the features they want implemented when they want and how they want. The more fingers they have in the pie, the more they can drive the future direction of the project. And by sharing something that they're doing for their own use, they get good PR from being a contributing member of the open source community.
I think having people paid to work on these projects by the companies that use them makes perfect sense. The projects that no one cares about don't get paid because they're irrelevant. Likewise, someone who only contributes a little isn't likely to be hired for one of these jobs, and certainly won't keep it long if they just spend their time goofing off.
Our project manager is drawing up a risk memo about the backup and system maintenance problems. I seriously doubt anyone will acknowledge, let alone sign it. I don't think being in any way associated with worst-IT-practices-EVER is something anyone would put on a resume.
However, there are dozens of people who are aware of the problem and have been in on discussions with our VP and SVP when the risks were discussed. Our technologies group always references the SarbOx boogeyman as the reason to be afraid of everything, but our management considers malicious noncompliance to be some sort of sport. As a contractor, I don't think there's much they could do to me in a civil or criminal liability sense. And it's not like they would want to chance me having to testify in open court about all of the things that I know. =)
"Why waste time and money arguing for things like backups or disaster recovery plans when your personal disaster recovery plan can be to drive across town and get a job with a company that didn't have a disaster."
This is not only a Dilbertism, but it's the sad/funny/haha-only-serious official backup/disaster recovery plan at work. We've gone for more than 3 years without backups and management is giddy with all of the perceived cost savings. It's amazing how many hardware failures you can pretend didn't happen if you have a good disk array for all of your primary storage. Fortunately, we're only the marketing organization for a major bank, not something that would be missed if all of the data and people vanished one day.
And the way it will be for the next 100. Haven't you noticed that the people saying it is only 20 years out are in fields that need a lot of funding and don't produce results? Hint: in 20 years, they'll be retired.
The music industry is a caricature of itself, so why shouldn't Spinal Tap be both?
I'm sure there is no way to implement your idea into law, but I do like the idea of being inversely proportional to the protection provided. Companies don't spend money on making the data or systems secure because it's simply not cost effective. Putting some senior management in jail and finding the company for this kind of carelessness would be nice, but there's just no way it would work.
The best a law can do is create a new market for people claiming to sell solutions. If a company goes with a system backed by another large company with a lot of clients, they can say they were diligent. There is really no good way to determine who is going through the motions, who is genuinely trying (but still sucks) and who is doing a good job, except through failure. And if two companies lose your data and someone commits fraud, both have plausible deniability for the damage caused.
If you ever end up in court, do you want to be tried by a jury of people too dumb to get out of jury duty? Read up on jury nullification. Without people knowledgeable and willing to perform jury duty, you end up with a crowd of people who votes the way the court directs them to vote.
In many cases, like the type you cite, it's pretty simple. But you don't get to throw a monkey wrench into the types of cases you care about if you're not willing to serve on any jury.
Good has to be diligent and honest to be good. You can argue shades of gray, but that's just another way of saying degrees of evil.
When you decide to be a vigilante group and dish out your style of justice for others' perceived sins, you are at best what Machiavelli describes astutely as "other than good."
I'm a sysadmin, so if I were a juror and your "other than good" tactics landed you in court, I would not in good conscience be able to vote to convict you for trying to do something about these idiots. However, you should realize that good faith is not inherently good, and frequently creates the good intentions with which the road to hell is paved. If you're willing to live with possible consequences for your "other than good" tactics, I'm willing to look the other way. After all, the net harm would have to be less than the botnets are causing now.
Because good has to be much more diligent, and that is orders of magnitude harder.
When you're working for evil, you don't have to worry about collateral damage. If you cause one system out of 100 to stop working completely, or just have some incompatibility that makes it less useful to the user, you don't care. If they didn't want to be infected, they'd have better security. Propagating evil viruses, trojans and worms is easy because you can be careless and expect the rest of the world to reboot if you have a bug.
This is also why large organizations have people to test that patches don't break the necessary functionality in their supported applications. If something breaks, they have to support it, so they make sure it's not going to come back to bite them. This takes a fair amount of time, people, and all of the supported configurations to ensure that things are safe. It's a real pain in the neck (or other body part) to do a good job at this.
The most secure machine is one that is turned off, unplugged and locked in a room that has an armed security guard with standing orders to shoot everyone. That's not the computer usage model that any of the companies listed want to encourage. They want the user to be insecure to different degrees.