IT Entering the Dark Ages (Again)

Historians have described the period following the collapse of the Western Roman Empire (400 to 1400 AD) as the “Dark Ages.” Existing knowledge was lost and society regressed to a more primitive organization and technology.

In IT, we do not learn from history. We routinely throw away existing knowledge to start over, constantly emerging from each dark age only to enter a new one.

I was just reminded of this unfortunate tendency when I opened The Economist on my iPad. I used to read the magazine in traditional form on dead trees (aka paper) but moved to their iPad app to get my magazine on the publication date and not two days later. Their first iPad app reproduced the magazine layout with several narrow columns of text, re-using centuries of typographical knowledge. But in the new version, the clueless digital natives have decided to make the text one wide column with the lines way too close together, which makes it much harder to read.

Next time you get the bright idea to change something that has worked well (a page layout, a business process, or an IT framework), reflect on whether the change will really make it easier for the system to fulfill its promise.

Why You Want to be Down With Amazon

Part of the supposedly unbreakable Amazon cloud was down, and the world didn’t end.

What did happen was that a swarm of the best operations people in the world rapidly descended on the problem, diagnosed and fixed it. You can be sure the issue had top management attention, because Amazon’s brand, reputation, and business rides on their infrastructure.

With all due respect to your infrastructure and operations team, they are unlikely to have the manpower, specialization, and training that Amazon cloud engineering has. If the same issue had hit your own in-house data center, it would have taken you much longer to find and fix it.

That’s why you want to be in the cloud. As long as you can move to another cloud.

Re-use is not Always Good

It is drummed into every aspiring developer that duplicating code is bad, and re-use is good. Seen from the organization hiring the developer, that is true. But seen from a developer under pressure to meet a deadline, it makes perfect sense to write his own code, even if the same functionality has been implemented before.

Optimal reuse

If you want to promote re-use across teams in your organization, you need to do three things:

  • Document all services with examples. For REST web services, you can use a tool like Swagger.
  • Implement the policy that old versions of services are not retired until nobody is calling them
  • Enforce a policy of calling services instead of writing them over.

 

This is an excerpt from the monthly Technology That Fits newsletter. Sign up here

You Urgently Need a Cloud Exit Strategy

Moving your software to a cloud vendor has always been an act of faith. You believe the vendor will honor their promises, fulfil the SLA and stay in business.

That’s why many are choosing the big names like Amazon, Microsoft and Google.

Gartner MQ IaaS Aug 2016
Gartner MQ IaaS Aug 2016

Oracle wants to extend its brand into Cloud computing as well, but they are not even on Gartner’s radar, and with their recent decision to double the cost of running Oracle on Amazon, they are not endearing themselves to customers.

No matter which cloud vendor you choose, make sure that you establish an exit strategy in advance. You need to be able to keep your systems running even if your cloud vendor suddenly folds. That means that you need to establish a procedure to continually transfer data from your cloud to a third part (or back to yourself). Don’t get stuck in the cloud.

Internet-connected Hair Brush

In my popular “Everything that’s wrong with IT” presentation, I use various technical gadgets as examples of the traps we tend to fall into when developing IT.

My favorite example of too much technology for technology’s sake has been my internet-connected socks. Unfortunately, these RFID-equipped wonder socks were discontinued after I started making fun of them. But I think I’ve just found a new favorite: A bluetooth-equipped hair brush.

hairbrush-kv

This brush is so advanced that it can’t even be called a brush – it is a “hair coach.”

Don’t over-engineer your solutions.

 

Locked, but not Secure

On a recent site visit, I went to the printer room to dispose securely of a draft of my confidential report. As expected, there was a container for confidential papers. As expected, it was locked. Unfortunately, the lock was only put through the bracket on the lid, not the container itself.

locked_but_not_secure

If I wanted to, I could have rummaged through all the departments’ confidential papers.

Much security is like this: Locked, but not secure. The organization suffers from all the impediments of spotwise strict security while overall security is still lacking.

The only way to build a secure IT infrastructure is to have someone regularly verify the security, including everything from the padlocks to the installation of vendor patches. This can be an internal compliance team or an external service – as long as the verification is not done by the people responsible for implementation.

 

 

Man vs. Machine

For as long as we’ve had computers, we have instigated competitions between the humans and the machines. In chess, world champion Garry Kasparov won over specialized chess computer Deep Blue in 1996, only to loose against an improved algorithm in 1997.

Many experts believed the game of Go, with its many more possibilities for each move, was unbeatable by a computer. However, dispensing with the brute force approach of earlier systems, the AlphaGo computer program beat the Go world champion.

Unfortunately, we are also facing less benign man vs. machine battles. Large parts of the internet were temporarily inaccessible to humans due to a DDOS attack  coming from large number of badly protected IoT devices like webcams, DVRs and printers.

You want to be part of the solution, not part of the problem. If you have the responsibility for computers, websites or IoT systems, make sure you have hardened them appropriately.

 

 

Side note: When I checked this site, I realized that my anti-spam protection worked, but I had neglected to restrict new user registration. I had 15,777 registered users (!) and had to install a bulk delete plug-in to get rid of them. So if you’ve commented on my posts in the past, I regret to inform you that you’ll have to re-register to comment again (now with Google reCAPTCHA)

Why I Won’t be Going into the Oracle Cloud Yet

After some persuasion, one of my customers was ready to experiment with the Oracle cloud. So I signed him up for a trial Database Schema Cloud service and built him a little APEX application to show how fast and easy it was to get rid of some spreadsheet-based business processes.

no_cloudThis morning, my customer called me to say that the service didn’t work. Indeed it didn’t. I had  neglected to put the expiry date into my calendar, and when your 30 days are up, Oracle will wipe out your instance. There is no warning email and your instance is gone without any possibility of restoring it.

So the demo was gone, and with it that potential Cloud customer.

My fellow ACE Director Tim Hall said recently on his blog:

Having used Amazon Web Services, Microsoft Azure and Oracle Public Cloud for quite some time I have to say that Oracle Public Cloud lags far behind the other two in user experience.

I fully concur with that opinion. Additionally, when your process for trials is to wipe them out without warning, you are making it really hard for even your most enthusiastic supporters to recommend you.

Oracle still has a lot of work to do on their cloud services.

If You Don’t Test, You Don’t Know

I’ve just started my Private Pilot’s License project, and the first order of business was to get a Class 2 medical. Being a triathlete and considering myself fairly healthy, I expected that to be a formality. To my surprise, the examiner detected that my blood pressure was too high, and I’ll have to work on getting it down before I can fly solo.

Similarly, I’m sure that Delta Airlines considered their data center fairly healthy. Unfortunately, they did not test. So when the power supply disappeared, they discovered that 300 out of 7,000 devices were not properly connected to backup power. And 2,000 planes were grounded.

If you don’t test, you don’t know.

Ostrich Syndrome – IT Putting the Business at Risk

IT suffers from Ostrich Syndrome: The belief that if you put your head in the sand and refuse to face facts, nothing bad will happen. Real ostriches don’t do this, of course – that would soon make them extinct. But IT does.

Finding the right amount to spend on all elements of IT (security, testing, fault tolerance etc) requires proper risk analysis. This is taught in Project Management 101, but recent events show that not everybody in IT understands this.

For example, the Democratic National Committee apparently thought that nobody would bother to attack their systems. After all, it just contained boring political emails, right? Wrong.

Boeing_767-332ER,_Delta_Air_Lines,_Amsterdam_-_Schiphol_(AMS_-_EHAM)_23.01.10Similarly, Delta had apparently forgotten to attach about 300 computers to their uninterruptible power supplies, making their system very interruptible indeed. The had to cancel more than 2,000 flights.

Last month, it was Southwest Airlines who cancelled 2,000 flights, supposedly because a router went down. Talk about single point of failure…

Network segmentation, security patching, high availability, and disaster recovery all costs money. But being hacked or down also costs money. Did DNC, Delta and Southwest make the right call? I don’t think so. Maybe it’s time you looked at your risk analysis. Because you do have one, don’t you?