Computer rants

Here are articles on Computer rants

When is password security not security?

In a wondrous attempt to increase security, more and more vendors are now requiring me to choose passwords of many characters with mixed case, numbers and punctuation. My bank does one better, where I have five different question/answer combinations they ask, then once I’ve passed their quiz, they display an image that I’m supposed to recognize as the “right” image. Plus, everyone wants me to change my password every 30 days.

This is a great example of security professionals gone brain-dead. Yeah, if my bank were the only website in the world that I used, there’s a slim chance I might be able to remember all that. But they’re not the only one. Every credit card company, insurance company, and bank account has a web login. Not to mention commerce sites, Amazon, eBay, etc.

When you put all that together, it’s very quick to see that the only way a sane human can possibly cope with five challenge/responses plus a mixed-case password that changes monthly is to write the whole thing down and keep it around.

The result? Far less security than before! Because all a thief has to do is find someone’s 50-page notebook of current passwords and voila–all security gets compromised in one easy step.

Security geeks: chill out. You’re undermining your own cause by going for theoretical purity and ignoring the way real people behave in the real world. Let me choose something that’s hard to guess, but easy to remember. Like my mother’s favorite record album in French, spelled backwards. And let me keep the password long enough to memorize it.The current high-security practices, alas, fail miserably.

Upgraded my Macintosh. Super-stressful day. … Not!?

Bought a new Mac. Wanted to duplicate the config on my old one. Figured it would be 16 hours of reinstalling, reconfiguring, etc.

Turned on the new Mac. It asked if I was migrating from an existing machine. I said Yes. It said “Copying…” Copying happened. Then the machine booted, completely configured, set up, and ready to go exactly as if it were the old machine.

With my last Windows system, it took literally three times as long just to reinstall the operating system than it took to completely migrate to a new Mac  and copy 100Gb of iTunes, media files, data, and preferences.

I then spent a stressful four hours hunting frantically for some application that must surely have broken in the copying. Some preference that didn’t get transferred. Some critical system file that got overwritten.


All that stress Microsoft had trained me to have, totally wasted. Apple did with a software team one tenth the size what Microsoft hasn’t managed for 15 years. (And don’t give me some crap line about how Microsoft has to support so many open architectures. They’ve deliberately ignored, adapted, and “extended” standards since 1993 precisely to insure consumers were forced to choose between compatibility and Microsoft software.)

The amazing thing is that I know many excellent software engineers who have gone to work for MSoft over the years. Really, really good people. Somehow, their genius hasn’t made it to the world of actual shipping software. All that talent, design ability, and skill made irrelevant and useless.

Now the question is: do I do a Get-it-Done Guy column about this? It really represents a HUGE efficiency gain, but I don’t want to provoke religious wars. Hmm…

No one really knows how to measure software productivity

I just ran across this article on how consultants (mis-)measure productivity in software development.


Sad to say, I couldn’t agree more with the article. I started my career as a software engineer, and I’ve met very few people who understood what software is or how to measure it. When it comes to measuring productivity of software development, give it up entirely. The best software engineers can be 100x to 1000x more productive than merely “good” engineers, if you measure productivity as debugged-line-of-code-written-per-hour. If you measure ability-of-code-to-meet-business-goals, the best engineers can be ten thousand times more productive or even more. Much, much more.

The problem is that software is the codification of a business process. The best engineers take the time to understand the business, so what they codify can meet business goals. People Express airline ($1Bn in sales in year 2) went out of business, according to its CEO, because their reservation software had constraints that kept them from strategically changing their pricing. If their original programmers had understood the link between their software and the business, a single design decision would have had multi-billion-dollar implications and saved the business. What would the productivity be of the engineer who made that connection?

Similarly, the best managers understand that software development is, itself, a business process. The engineers hired, their skill sets, the languages they use, etc. all affect the speed to create, deploy, and support the software. As it is, I’ve only seen one manager (an ex-engineer) who understood the connection enough to use a specific programming language for business reasons. He made a couple hundred million from that decision, by the way… (It was Paul Graham of Viaweb. Read about it here.)

So if you’re a manager, take the time to understand the strategic implications of who you hire and how you have them design your product.

If you’re a programmer, you might be amused by learning to connect your coding with the business implications so you can save your company two billion dollars. But unless you work for the manager in the previous paragraph, don’t even expect anyone to understand your contribution, much less appreciate it. Even if your manager “gets it,” expect at most .01% of the bonus that she gets. Sadly, the business world is built to reward them, not you. (You can find the Harvard Business School admissions office by clicking here.)

How much privacy should businesses guarantee?

Andy Wibbels reports that AOL has released data on hundreds of thousands of users’ queries. Reasonable? Of course, since they include no personally identifiable information.

But how reasonable is it? When you type in a search query, do you expect that search will be completely anonymous, not even matched up with other searches you do?

We’re in a world now where we leave electronic trails all over the place. Many aren’t even intentional. Toll booths, for example, use FastPass to provide the convenience of not stopping to pay cash. But the FastPass records who went where and when. Presumably, those records could be subpoena’d and used as evidence in a court case.

“So what?” you cry, “I’ve done nothing wrong.” Nope, you haven’t. Which is why you should be concerned that those FastPass records are unhackable, completely accurate, and unforgeable. But they aren’t. To the extent we even have legally enforced standards for data integrity, companies rarely even mention when they have security leaks, much less pay any kind of penalty for it.

My credit card number was one of the ones that got accidentally leaked last year. That could have resulted in identity theft. But the company wouldn’t be liable for the direct or indirect costs to me, despite it being their own negligent information protection that caused the problem.

So when someone trusts you with their information, be worthy of that trust. Either take the steps to keep their info private, and really use tight security so you know it’s private, or destroy it completely when you’re done with it. The issue isn’t whether people have done something wrong; it’s whether someone could be harmed by a misuse of their data.

Privacy isn’t just about hiding what you do. It’s about confidence that collected information can’t be falsified, forged, or misused.

Ballmer announces Microsoft’s “Multicore strategy” … which sounds sadly like pathetic flailing…

Steve Ballmer has announced that Microsoft will be following a multicore business strategy going forward. His horribly strained anology, likening Microsoft to a parallel computer processor, suggests that Microsoft will be tops in lots of businesses at the same time. Me thinks Mr. Ballmer is just a little bit looney.

In fact, he says “There really is a Sony that lives inside of us…an aspiring Yahoo! or Google… s an IBM mainframe-software business… a desktop-software business… … I want Microsoft to be in all of the good, important big-growth businesses in the world.”

What a recipe for utter disaster! It’s hard to be tops in multiple markets. And to be in all the good, important, big-growth businesses in the world? Hogwash.

This so-called strategy won’t work for the most basic of business reasons. When you make an extra dollar, you have to decide where to put it. If you have two businesses, one producing a 10% return and another producing a 15% return, you’d be insane to put it in the 10% business. You’ll make the most by investing in the 15% business. If you’re public, your shareholders can even blast you for wasting money in sub-par businesses.

Now imagine Ballmer is in “every good, important, big-growth business” in the world. Some of those businesses will do better than others. As Microsoft makes money, they should put it into the best businesses. Gradually, resources and people will move into the high-margin business, starving the low-margin business. And why not? Any other way you split your money, you’ll be making less.

Microsoft started in desktop software, the highest-margin business in the world. Once the software is developed (a largely fixed cost), each incremental copy costs virtually nothing, while Microsoft sells it for hundreds of dollars. Average business consumers don’t know enough about computers to make good purchase decisions, so Microsoft has invested much more in marketing to drive sales than in creating high-quality, user-friendly software(1).

Microsoft wants to be a Google? Give me a break. Google thrives on technological innovation. Microsoft has always been a me-too technological player, with their innovation being in strategy, channel development, marketing, and anti-competitive fraud. Even their recent “Cleartype” technology is just a slight modification of technology from the circa-1978 Apple ][, where Steve Wozniak used the same technique to produce more colors on a TV screen than the system could directly create.

Microsoft wants to be an IBM Mainframe software developer? Maybe they can do it through market power, but through software? Not likely. For all their faults, IBM has become a superb service company, and their software is pretty darned solid. Horrible to use, but solid. Microsoft has neither the service orientation nor the technical skills(2) to compete on those fronts.

Microsoft wants to be Sony? Should I even dignify that with a response? Microsoft’s grand contribution to the world of electronics is a Microsoft-branded mouse and an ergonomic keyboard. Where do they have the capability to compete in a world of Sony?

And oddly, Ballmer didn’t even mention game consoles, where the XBOX—a very late entrant into the world of console games—is successful, but pushes the edge incrementally rather than inventing any fundamental new product category.

In short, this Multicore strategy seems like a rotten idea. Maybe they’ll prove me wrong, but I think Microsoft’s decades-long devotion to winning by FUD (Fear Uncertainty and Doubt), channel manipulation, and technological copy-catting has to shift fundamentally for them to win in any markets in the future.

My advice to Ballmer? Find a strategy and stick to it. Don’t try to be all things to all people. The desktop-dominating strategy worked because the operating system and applications markets drove each other. That game is over. Now you have to produce products people want at a price they’re willing to pay. And how about products that are technically solid, reliable, and secure? Master that game in one market, then worry about being in every good, important, high-growth business in the world. Because until you can do that, the idea of you sticking your hand into other important businesses leaves one shuddering with fear. I do not want my airplane’s navigation system running on Windows, and neither should you.


(1) [Flame on] This is a religious issue with me, so I’m not open to reason or discussion. And even if you catch me in an open-minded mood on the topic (unlikely), if you got into computers post-1990, your arguments will fall on deaf ears. You’ve only worked in the post-Microsoft computer world, so you have no standard for comparison. The Pre-Microsoft world was a happy one. Operating systems were rock solid and never crashed. Installing a new application didn’t overwrite half your operating system. And if things got trashed (unlikely, because systems back then had real protection), you just reinstalled the OS and didn’t need to reinstall every application in existence. Viruses were unheard of … I could go on. Back then, UNIX was laughed at as a silly, toy, sad little operating system. It’s a grand joke of the marketplace that we’ve come to a place where UNIX is considered the technically sophisticated alternative. [Flame off] back

(2) No, Veronica, Microsoft doesn’t produce technically solid products. Mostly, they buy and repackage products (I used to use Powerpoint before Microsoft bought it… in the 15 years since, they’ve done almost no innovation to the basic feature set except to add productivity-wasting “builds”). The next Windows release is years late because Microsoft for decades shoved poorly-written, unmaintainable software out the door. It was the right strategy for dominating the market. And now it’s time to pay the piper. Their systems are so needlessly bloated and complicated that they can barely work on the next version. They conscious traded off quality for market timing and money, and now they’re suffering the consequences. The founders, however, still managed to pocket billions. back

Motivate each person according to their values!

A friend just sent me this link about how to be a Technical Lead. It is written for technical people by a technical person, but it really applies to anyone running a company that depends on technologists.

Especially note “Mistake #2,” which discusses motivation. One of the most common things I’ve found is managers who don’t take the time to find out what is motivating to their particular people. They assume that everyone wants the same recognition they do. Or they assume everyone thinks a football outing is the be-all-and-end-all of bonding.

This is important stuff! Over time, you can demotivate someone by consistently “rewarding” them with things they don’t appreciate. One engineer used to bust his butt working late, putting in heroic efforts to deliver an over-scoped, under-funded project on time. A gift certificate to Computer World, a new laptop (cost: $1000) or a few days off would have made him happy and appreciated. Instead, he got a public award and notice at the next all-company meeting. Big mistake. It turns out he had been raised that pride is a sin. Far from motivating him, public notice felt like a slap in the face.

This story ends poorly. The engineer left, feeling unappreciated and angry at management that “didn’t care” and was “just going through the motions.” His managers were puzzled at his seeming indifference to their recognition. And it cost the company several hundred thousand dollars to replace him, not to mention get his replacement up to speed on the project.

The solution is simple: take the time to find out from everyone around you what makes them feel appreciated. If they say, “Gee, I’d love a flat-screen TV,” remember that. If they say, “Gee, I love spendin time with my family,” remember that, too (a family week at Disneyworld is cheaper than you think). Then show appreciation by doing something that the recipient will appreciate.

Are engineers living on another planet? Don’t they use their software?

Ok, I admit it. I spent 17 years as as engineer before going to business school and becoming a dyed-in-the-wool non-techie. It’s hard to remember the years as a programmer, rather like trying to remember early childhood. My brain was just too different back then. My brain of today won’t process that way any more.

Today I purchased an upgrade to my video editing software. Being an upgrade, it requires you to have the previous version installed already. But there’s a problem: my disk isn’t big enough to hold both the upgrade and the original.

With a small program of only a few megabytes, this oversight can be forgiven. After all, one can usually free up some space with a little detective work. But when the install is multiple gigabytes, it’s sheer sloppiness not to think through the issue of an install that eats up so much of the drive.

I like to think I was never that sloppy as an engineer. I like to think I used my own products and made sure they at least installed and ran smoothly. And since my whole goal today is to bitch about my frustration with Studio’s inability to install, my memory paints only a glowingly happy memory of being such a responsible, user-oriented programmer. And lost in my haze of manufactured memory, I can feel as self-righteous as ever, as I wait on hold (20 minutes and counting) for tech support to bail me out of this mess…