It's not Microsoft, specifically. The problem is monoculture. No matter what the dominant OS - Windows, Linux, Mac OS, BeOS - the number one guy gets picked on the most, and exploited the most.
Every Windows box in the entire world shares about 99% of its DNA with every other Windows box in the entire world. That's what is meant by "monoculture". There is a difference between
'monoculture' and 'monopoly'.
If every machine
in the world were Linux, it's not guaranteed to devolve to a monoculture because a billion different
machines won't be genetically similar:Most of the linux, bsds et all,
(and now Mac OS X) are infinitely more configurable than any Windows product. And any admin or user worth their
salt will take advantage of that configurability
to tweak, shape, direct and customize for the
local environment and specific use. You just
can't do that with M$ products. The 'monoculture'
is defined by some pencilneck in Redmond who
thinks he/she knows how best to program the computer to do the job you need it to do! That may have worked when computers were new and limited in both use and scope and that geek working for the big computer company was, in fact, the acknowledged expert in computer uses...
But the computer, and the user, have evolved. Redmond doesn't know all the uses to which a
computer will be put to use. One size no longer
fits all.
Oh, and two more things... 5) make your office
into a place that works and 6) know your users.
For #5, an office, with a workbench and all the
right tools, with storage for ALL the
CD's you need makes a HUGE difference
in your productivity. Having a workspace
for rapid assembly/dissassembly of servers is
KEY. Being able to quickly find the
right software is also key. You might find yourself saying "no" less because you can do
more. My office also has a few servers that
are for my use only. The point is to be able
to do most of your work from one spot.
For #6,you should get a feel for your users
skill level. There are some users for whom
you can say "sure, go ahead and do that." 0r,
"I'll set it up, you config it." There are
other users that make you cringe when ever
they get near a mouse. Both in servicing
requests and improving core services, if you
are able to assign weights to the requests
and the understanding behind them, you'll
be better off.
Oh, and John Coltrane... lots of John Coltrane.
No problems seem intractable when Coltrane
is playing...
"Here is my dilemma: I'm a relatively new employee (~2 months) at a software engineering shop. I am the sole IT person for a 100+ person company, with 50+ remote VPN users, 40+ developers, 30+ servers, firewalls, etc. I do it all, from desktop and application support, to security, to servers. In the past, the IT department has been seriously under-funded, and there is an absolute ton of catch-up work that needs to get done. At this point, I could work 70+ hour work weeks for a year, and still not be caught up, between project work, upgrade, documentation and day-to-day stuff.
I'm in nearly the same position. I'm an
sys/net admin for a research lab at a
university. I approach the issue in several
ways. 1) a weekly 'open-items' meeting with
my boss. 2) a clear statement of purpose
3) often detailed justifications for saying no
and/or suggested alternatives.And 4) I keep
track of requests that are made of me; if
you find patterns or duplications then you
might be able to centralize services.
for #1, it's been helpful for my boss to see
what I go through. When I've been late with
deliverables it's almost always because of
exigent circumstances (for instance, 'blaster'
has kept me quite busy...)
For #2, it's helpful, when faced with a request,
to answer the question "how does it further
research at the lab?" If it doesn't, then
I just look at them until they go away...
For #3, when faced with a request for some
service, I might say "no way, too insecure"
or "here's what it costs. Here's why it isn't
the solution for you. And here's the problems
that other admins have run into." Usually,
I'm able to suggest alternatives. For instance
a user wanted to run an NFS server from his
desktop linux box so that he could mount a
share from his home (off-campus) linux machine.
The issue was keeping his files in order:
He wanted to keep one version of his files and
one only and found that burning a zip drive or
CD was causing trouble with revisions and such.
I said no. Gave him all the technical reasons
why it wasn't a good idea and suggested rsync +
SSH. And he could do it all himself. Big win. Another user wanted a dual boot machine Windows and Linux. I said no. Told him why and suggested
vmware. Another win and he did it himself.
Be mindful that you are paid to be the expert
and that your users will MORE OFTEN THAN NOT come to you with a solution they don't fully understand ill-fitted to a problem they don't full comprehend. If they understood both the problem space and the solution space well enough, you'd be out of a job.
For #4, I often have different people come and
ask me for the same thing. Noticing patterns
and eliminating duplications of effort will
make your life, and theirs, immeasurably more satisfying.It can also serve to consolidate your base services and scope.
For your particular situation, I would also add
that, in my experience, there is no such thing
as an "underfunded IT shop". That is to
say, if you have 30+ servers and 50+ VPN, etc,
somebody has been footing the bill. It
just hasn't been centralized in any meaningful
way. I would undertake some sort of review to
discover what surely must be rampant duplication
of efforts and inefficient implementations...
Worms like this spread by seeking out more systems to infect. If 95% of the systems are running Windows, a worm can spread a lot faster than if it is looking for a fraction of that other 5%. A similar worm on Linux would take a _lot_ longer to spread and would give us more time to react and put a stop to it.
95% of the Linux systems out there don't share 99% of
their configuration. 99% of the Windows out there
share 99% of their DNA. They are clones. There is a
build... and there is precious little ability to deviate from
that build.
For 10 given linux systems you'll find 22 different configs (that's right, twenty-two, including backups, failsafes and testsets, if you're a good admin...)
The only security parrallels between Windows and
Linux is the susceptibility to lazy users. If you don't
patch... you're dead in the water and you deserve
it. Linux, windows, whatever.
That's where the similarities end. Linux is inherently
more organic, configurable, stable and open. Windows
has an upper limit on the config bashing you can do and
the efficacy of doing so.
If I, with my Linux box
have a vulnerabiltiy that that vendor, or code monkey
who wrote the thing, doesn't have a patch for... not a problem. I can do any one of a thousand things to make
my linux system either more secure or less susceptible
including looking for alternative programs that do the same thing. From the kernel to userland... I have control. It's more work, perhaps, but so is police work.
Windows. Please. I'm at their mercy. Their patches.
Their schedule. Their patches to their patches. Bah!
Look at it this way: Windows is a prefab house. It
comes in one flavor. Once shape. and one color. It
is architected (sic) in the hopes of being able to
withstand a wide range of climates.
Linux, or any of the unixen, can be a tent you use
to climb Everest. Or a mansion in Palm Beach. Or
a Hotel in Monaco. Or a skyscraper in NYC.
Whatever you want. It's up to you and how hard you are willing to work.
He tells me that an alumnus has agreed to donate $2.4 million initially (and up to $800,000 each succeeding year for 10 years) to the school for computer equipment and staff if the school agrees not to renew any contract and to buy no products or services (either directly or through an intermediary like Gateway) from Microsoft.
I can't comment on the legality of the gift, tho' I
find it suspect. I will say that, I think it's rather
confrontational and exclusionary. I would rather
see the money spent on getting other platforms
on campus: be pro quality, vs anti-MS. That's the way in which MS dies. By
direct, unfettered comparison to other OSes.
And I hope you don't have any CS faculty, or any tenured faculty, smitten by MS largesse. Indeed, it's only a very
recent occurence that many research funders accept
proposals in.pdf rather than exclusively.doc.
I'm told that this isn't the enormous amount of money that it sounds like and that a change-over to non-Microsoft products would be costly.
There are significant hidden costs to microsoft. Specifically
in tech support, longer downtimes and maintenance/upgrades. This amount
of money will go a much longer way towards non-MS products than it would towards anything MS
I think it'd be great for college students to use computers apart from Microsoft, but I'm told that the board will look at the decision in terms of cost, not for benefit to the students. Does the Slashdot community have any points that I can give my grandfather to present to the Board next month?"
As much as I am disgusted with MS and the crashingly
mediocre products they offer. I would counsel your
grandfather to not submit such a proposal to the board
but rather re-negotiate the terms with the alumnus donor.
Get other platforms in the door without being specifically
exclusionary and MS dies a slow death. If the alumnus is truly interested in helping out the school, rather than simply being provacative, that's the way to go.
Slashdot Mirror
It's not Microsoft, specifically. The problem is monoculture. No matter what the dominant OS - Windows, Linux, Mac OS, BeOS - the number one guy gets picked on the most, and exploited the most.
Every Windows box in the entire world shares about 99% of its DNA with every other Windows box in the entire world. That's what is meant by "monoculture". There is a difference between 'monoculture' and 'monopoly'.
If every machine in the world were Linux, it's not guaranteed to devolve to a monoculture because a billion different machines won't be genetically similar:Most of the linux, bsds et all, (and now Mac OS X) are infinitely more configurable than any Windows product. And any admin or user worth their salt will take advantage of that configurability to tweak, shape, direct and customize for the local environment and specific use. You just can't do that with M$ products. The 'monoculture' is defined by some pencilneck in Redmond who thinks he/she knows how best to program the computer to do the job you need it to do! That may have worked when computers were new and limited in both use and scope and that geek working for the big computer company was, in fact, the acknowledged expert in computer uses...
But the computer, and the user, have evolved. Redmond doesn't know all the uses to which a computer will be put to use. One size no longer fits all.
Oh, and two more things... 5) make your office into a place that works and 6) know your users.
For #5, an office, with a workbench and all the right tools, with storage for ALL the CD's you need makes a HUGE difference in your productivity. Having a workspace for rapid assembly/dissassembly of servers is KEY. Being able to quickly find the right software is also key. You might find yourself saying "no" less because you can do more. My office also has a few servers that are for my use only. The point is to be able to do most of your work from one spot.
For #6,you should get a feel for your users skill level. There are some users for whom you can say "sure, go ahead and do that." 0r, "I'll set it up, you config it." There are other users that make you cringe when ever they get near a mouse. Both in servicing requests and improving core services, if you are able to assign weights to the requests and the understanding behind them, you'll be better off.
Oh, and John Coltrane... lots of John Coltrane. No problems seem intractable when Coltrane is playing...
"Here is my dilemma: I'm a relatively new employee (~2 months) at a software engineering shop. I am the sole IT person for a 100+ person company, with 50+ remote VPN users, 40+ developers, 30+ servers, firewalls, etc. I do it all, from desktop and application support, to security, to servers. In the past, the IT department has been seriously under-funded, and there is an absolute ton of catch-up work that needs to get done. At this point, I could work 70+ hour work weeks for a year, and still not be caught up, between project work, upgrade, documentation and day-to-day stuff.
I'm in nearly the same position. I'm an sys/net admin for a research lab at a university. I approach the issue in several ways. 1) a weekly 'open-items' meeting with my boss. 2) a clear statement of purpose 3) often detailed justifications for saying no and/or suggested alternatives.And 4) I keep track of requests that are made of me; if you find patterns or duplications then you might be able to centralize services.
for #1, it's been helpful for my boss to see what I go through. When I've been late with deliverables it's almost always because of exigent circumstances (for instance, 'blaster' has kept me quite busy...)
For #2, it's helpful, when faced with a request, to answer the question "how does it further research at the lab?" If it doesn't, then I just look at them until they go away...
For #3, when faced with a request for some service, I might say "no way, too insecure" or "here's what it costs. Here's why it isn't the solution for you. And here's the problems that other admins have run into." Usually, I'm able to suggest alternatives. For instance a user wanted to run an NFS server from his desktop linux box so that he could mount a share from his home (off-campus) linux machine. The issue was keeping his files in order: He wanted to keep one version of his files and one only and found that burning a zip drive or CD was causing trouble with revisions and such. I said no. Gave him all the technical reasons why it wasn't a good idea and suggested rsync + SSH. And he could do it all himself. Big win. Another user wanted a dual boot machine Windows and Linux. I said no. Told him why and suggested vmware. Another win and he did it himself. Be mindful that you are paid to be the expert and that your users will MORE OFTEN THAN NOT come to you with a solution they don't fully understand ill-fitted to a problem they don't full comprehend. If they understood both the problem space and the solution space well enough, you'd be out of a job.
For #4, I often have different people come and ask me for the same thing. Noticing patterns and eliminating duplications of effort will make your life, and theirs, immeasurably more satisfying.It can also serve to consolidate your base services and scope.
For your particular situation, I would also add that, in my experience, there is no such thing as an "underfunded IT shop". That is to say, if you have 30+ servers and 50+ VPN, etc, somebody has been footing the bill. It just hasn't been centralized in any meaningful way. I would undertake some sort of review to discover what surely must be rampant duplication of efforts and inefficient implementations...
Worms like this spread by seeking out more systems to infect. If 95% of the systems are running Windows, a worm can spread a lot faster than if it is looking for a fraction of that other 5%. A similar worm on Linux would take a _lot_ longer to spread and would give us more time to react and put a stop to it.
95% of the Linux systems out there don't share 99% of their configuration. 99% of the Windows out there share 99% of their DNA. They are clones. There is a build... and there is precious little ability to deviate from that build.
For 10 given linux systems you'll find 22 different configs (that's right, twenty-two, including backups, failsafes and testsets, if you're a good admin...)
The only security parrallels between Windows and Linux is the susceptibility to lazy users. If you don't patch... you're dead in the water and you deserve it. Linux, windows, whatever.
That's where the similarities end. Linux is inherently more organic, configurable, stable and open. Windows has an upper limit on the config bashing you can do and the efficacy of doing so.
If I, with my Linux box have a vulnerabiltiy that that vendor, or code monkey who wrote the thing, doesn't have a patch for... not a problem. I can do any one of a thousand things to make my linux system either more secure or less susceptible including looking for alternative programs that do the same thing. From the kernel to userland... I have control. It's more work, perhaps, but so is police work.
Windows. Please. I'm at their mercy. Their patches. Their schedule. Their patches to their patches. Bah!
Look at it this way: Windows is a prefab house. It comes in one flavor. Once shape. and one color. It is architected (sic) in the hopes of being able to withstand a wide range of climates.
Linux, or any of the unixen, can be a tent you use to climb Everest. Or a mansion in Palm Beach. Or a Hotel in Monaco. Or a skyscraper in NYC. Whatever you want. It's up to you and how hard you are willing to work.
He tells me that an alumnus has agreed to donate $2.4 million initially (and up to $800,000 each succeeding year for 10 years) to the school for computer equipment and staff if the school agrees not to renew any contract and to buy no products or services (either directly or through an intermediary like Gateway) from Microsoft.
.pdf rather than exclusively .doc.
I can't comment on the legality of the gift, tho' I find it suspect. I will say that, I think it's rather confrontational and exclusionary. I would rather see the money spent on getting other platforms on campus: be pro quality, vs anti-MS. That's the way in which MS dies. By direct, unfettered comparison to other OSes.
And I hope you don't have any CS faculty, or any tenured faculty, smitten by MS largesse. Indeed, it's only a very recent occurence that many research funders accept proposals in
I'm told that this isn't the enormous amount of money that it sounds like and that a change-over to non-Microsoft products would be costly.
There are significant hidden costs to microsoft. Specifically in tech support, longer downtimes and maintenance/upgrades. This amount of money will go a much longer way towards non-MS products than it would towards anything MS
I think it'd be great for college students to use computers apart from Microsoft, but I'm told that the board will look at the decision in terms of cost, not for benefit to the students. Does the Slashdot community have any points that I can give my grandfather to present to the Board next month?"
As much as I am disgusted with MS and the crashingly mediocre products they offer. I would counsel your grandfather to not submit such a proposal to the board but rather re-negotiate the terms with the alumnus donor.
Get other platforms in the door without being specifically exclusionary and MS dies a slow death. If the alumnus is truly interested in helping out the school, rather than simply being provacative, that's the way to go.