Showing all posts tagged tech:

What is up with this message?

I get this every couple of weeks. The NAS itself seems fine - SMARTS healthy and so on, still some free space on the partition, etc. It's a ReadyNAS Duo, with upgraded 2TB drives. Starting a new backup seems to work, but I've been a bit too busy lately to test the backups, especially trying to restore something old from before creating the new backup.

Am I okay, or do I now have placebo backups only?

The Modern IT Service Desk

Email from the service desk today:

Please contact Service Desk to verify that your Outlook is compatible with Exchange 2013

This is almost a perfect example of non-user-centered process design.

Note that I'm not calling out our corporate IT department; they do some great work on the back-end systems, and individual members of IT are very helpful on internal message boards and such. It's just some of their processes that are a bit backwards.

Most IT departments work like this, with the user interaction as a bit of an afterthought. Training people won't work, because anyone who is good at both IT and people will quickly migrate out of a service desk role. The solution can only be to automate as much as possible and make IT invisible to end users.

For instance, in my case, they know what version of Outlook I use from the server logs. They also know whether that version is compatible with Exchange 2013. Also, as of this writing Outlook 2011 is the latest version available for Mac, so it's not as if they could upgrade me or something. Why, then, even ask me to contact them?

So what did I do? After scratching my head for a moment, I forwarded the email back to the service desk, adding:

Can you please verify compatibility? I am on Outlook for Mac 2011, version 14.4.5.

Let's see what they say.

Security Theatre

There are many things in IT that are received knowledge, things that everyone knows.

One thing that everyone knows is that you have to manage employee's mobile devices to prevent unauthorised access to enterprise systems. My employer's choice of MDM agent is a bit intrusive for my personal tastes, so I opted not to install it on my personal iPad. The iPhone is the company's device, so it's their own choice what they want me to run on it.

Among other things, this agent is required to connect to the company Exchange server from mobile devices. You can't just add an Exchange account and log in with your AD credentials, you need this agent to be in place.


But why the focus on mobile devices?

When I upgraded my work and home Macs to Yosemite, I finally turned on the iCloud Keychain. I hadn't checked exactly what was syncing, and was surprised to see work calendar alerts turning up on my home Mac. My personal Mac had just grabbed my AD credentials out of iCloud and logged in to Exchange, without any challenge from the corporate side.

So how is that different from my iPad? Why is a Mac exempt from the roadblock? A Mac is arguably less secure than an iPad if it gets forgotten in a coffee shop or whatever - never mind a Windows machine. Why is "mobile" different? Just because?

Many enterprise IT people seem to lose their minds when it comes to mobile device management. I'm not necessarily arguing for just dropping the requirement, just for a sane evaluation of the risks and the responses that are required.

Adventures in Screen Sharing

I'm having an odd issue, and I wonder whether anyone else has seen anything like this.

I have a headless Mac mini1, named "cooper" for reasons that should be obvious. The mini lives in a cupboard (not under the stairs), and its main job is to run iTunes and feed the AppleTV, as well as any other long-duration tasks. It also occasionally acts as a test bed for my projects, but those have been few and far between lately. Surprise! It turns out that having kids takes up a bunch of time that would otherwise be available for projects, and once they're in bed I'm usually too shattered to do anything very serious.

Because it's headless, the main way I interact with it is via Share Screen from my MacBook Air. The problem is that the mini occasionally loses the ability to advertise itself as a Shared device in the Finder sidebar.

In this screenshot, I only see the NAS. There should be another entry above that, like so:

The thing is, the mini is still reachable via VNC - just not from the Finder, because the Finder in its wisdom only allows you to Share Screen from a machine that is visible under Shared. Using the "Connect to" menu action, or for that matter iSSH on the iPad, however, I can still VNC in and see that everything is running fine.

The only fix to this issue that I have found is to reboot the mini. Since I can get in both via VNC and via SSH, this isn't a huge issue, because I can shut things down and make it a clean reboot, but it's still annoying. I haven't been able to figure out a cause, either; sometimes it happens while I'm connected via Share Screen if the Air goes to sleep, while at other times it happens if the mini is asleep - it wakes up but doesn't advertise itself in the Finder sidebar.

Both the Air and the mini are running Yosemite. Any suggestions?

UPDATE: Ars Technica did publish a deeper investigation than I got into. It seems that the root of the problem is indeed in discovery, as I had surmised. With Yosemite, Apple switched from mDNSResponder to discoveryd, and it looks like the latter has some issues.

That said, the Ars suggestion of restoring mDNSResponder seems insane to me. I guess I will just muddle through until Apple fixes discoveryd.

  1. Yes, that is the correct capitalisation, TYVM. 

Tinkering with Black Boxes

Louie Mantia makes some excellent points:

Just the other day I was wondering… what happens now? Not with me, but with the next fourteen-year-olds who are ready to be inspired. Do they look at Dribbble and decide to make things? Do they jump in and make an app?

I started by tinkering, customizing. Just as an engineer might. You start with something that exists and you change it to understand it. You do things on your own. But now… companies like Apple have locked down things like theming. It’s so hard today that no one even bothers. Changing icons is hard too. With some apps you can’t even do it without an app breaking because of code signing.

Most of the people I know listed above have a similar story. Maybe young people will be inspired by our apps, maybe they’ll be inspired by our art. But will they be able to tinker like we could?

I can't claim results anything like Louie Mantia's, but I also got into computers through tinkering. I took a course in elementary school writing BASIC on Olivetti 286es, and our programs were superficially indistinguishable from system built-ins. When I graduated to Macs, I soon discovered ResEdit and started playing around with that. When I got an after-school job that required me (among other things) to do data-entry on a FileMaker Pro database, I improved the UX in several places, fixing things like the tab-order, then adding validation logic and primitive auto-completion.

My initial reaction was "how do kids today get into tinkering?". Then I realised I was looking at the wrong level of the stack. Kids get into tinkering with Minecraft or by messing around with web pages. So what if I didn't hand-wind my own resistors or learn to count in hex until much later? The point is the learning and the playing. Some - even most - will stay at the top levels of abstractions, but many will be prompted to dig deeper.

I look forward to seeing what treasure they bring back.

One more time

I have worked all my career in enterprise IT, either as a sysadmin, or for vendors of enterprise IT tools. There are many annoyances in big-company IT, but one of the most frustrating is when people miss key aspects of what makes corporate IT tick.

One area is the difference between a brand-new startup whose entire IT estate consists of a handful of bestickered MacBooks, and a decades-old corporation with the legacy IT that history brings. Case in point: Google is stealing away Microsoft’s future corporate customers.

Basically, it turns out that - to absolutely nobody's surprise - startups overwhelmingly use Google's email services. Guess what? Running your own email server for just a few users is not a highly differentiating activity, so it makes sense to hand it off to Google. Big companies on the other hand have a legacy that means it makes sense to stick with what they have and know, which generally means Microsoft Exchange.

So far, so good. The key factor that is missing in this analysis is time. What happens when those startups grow to become mid-size companies or even join the Fortune 50 themselves? Do they stick with Google's relatively simple services, or do they need to transition at some point to an "enterprise" email solution?

It is now clear that Google does deep inspection of email contents. So far, this appears to be done for good: Paedophile snared as Google scans Gmail for images of child abuse. However, if I were in a business that competes with Google - and these days, that could be anything - I would feel distinctly uncomfortable about that.

There are also problems of corporate policy and compliance that apply to proper grown-up companies. At the simplest level, people often have their own personal Gmail accounts as well, and with Google's decision to use that login for all their services, there is enormous potential for bleed-over between the two domains. At a more complex level, certain types of data may be required to be stored in such a way that no third parties (such as Google) have access to them. Gmail would not work for that requirement either.

Simply put, startups have different needs from big established corporations. The impact of full-time IT staff on small startup is huge. The alternative of doing your own support doesn't work either, because every hour spent setting up, maintaining or troubleshooting IT infrastructure is an hour that you don't spend working on your actual product. For a big corporation with thousands of employees, on the other hand, it makes a lot of sense to dedicate a few to in-house IT support, especially if the alternatives include major fines or even seeing managers go to jail. The trend Quartz identified is interesting, but it's a snapshot of a point in time. What would be more interesting would be to see the trend as those companies grow and change from one category to another.

Corollary to this is that business IT is not consumer IT. Trying to mix the two is a recipe for disaster. Big B2B vendors end up looking very silly when they try to copy Apple, and journalists look just as silly when they fail to understand key facts about the differences between B2B and consumer IT, and between small-company IT and big-company IT.

Image by Philipp Henzler via Unsplash

Phone features

So1 I'm in a corporate strategy exercise. A fellow participant was searching for an analogy to make his point, and took the iPhone as an example. So far so normal - the iPhone is now deeply embedded in the enterprise, to the point that there was only a single BlackBerry holdout in the room.

The interesting thing is that my colleague went on to list ten features of the iPhone - and did not include voice calling! POTS2 is no longer the most important feature of these devices, or even the most frequently used one. I know I use an order of magnitude less than Skype and Lync even for voice communications. FaceTime still lags slightly, because I mainly use that for video calls and those are not always appropriate.

When is a phone... not a phone?

  1. Don't you hate people who begin stories with "So..."? I know I do. 

  2. Plain Old Telephone Service, in case you didn't know - because you hardly ever use it any more. 

Cloud Elephant

There are fashions in IT (and don't let anyone tell you us nerds are all perfectly rational actors). That goes double in IT marketing, where metaphors get adopted rapidly and even more rapidly perverted. If you need an example, look no further than the infamous "cloud computing" itself.

There is a new trend I am seeing, of calling cloud "the elephant in the room". I heard this the other day and went off into a little dwam, thinking of the cloud as an actual elephant.

There's an old story about six blind men who are asked by a king to determine what an elephant looked like by feeling different parts of the elephant's body. The blind man who feels a leg says the elephant is like a pillar; the one who feels the tail says the elephant is like a rope; the one who feels the trunk says the elephant is like a tree branch; the one who feels the ear says the elephant is like a hand fan; the one who feels the belly says the elephant is like a wall; and the one who feels the tusk says the elephant is like a solid pipe.

The king explains to them: "All of you are right. The reason every one of you is telling it differently is because each one of you touched the different part of the elephant. So, actually the elephant has all the features you mentioned."

Cloud is much the same. All the rival "cloud experts" are blind men feeling up different parts of the cloud elephant and describing radically different animals. Here is my little taxonomy of the Blind People1 of Cloud.

Public Cloud Purists

There is no such thing as a private cloud!

If I had a euro for every tweet expressing that sentiment… well, I could buy my own Instagram for sure. I have already set out my own view of why they have got hold of the wrong end of the elephant (TL;DR: Must be nice to start from a clean sheet, but most people have datacenters full of legacy, and private cloud at least lets them use what they have more efficiently).


Servers are out, platforms are in! Point and laugh at the server huggers!

Alright, clever-clogs: what do you think your "platforms" run on? Just because you are choosing to run at a far remove from the infrastructure doesn't mean it's not there. SaaS is great for getting stuff done fast with fairly standard business processes, but beyond a certain point you'll need to roll your own.

Cloud FUDdy Duddies

The cloud is insecure by definition! You can't use it for anything! The NSA and the Chinese military are vying with each other and with Romanian teenagers to be the first to take your business down!.

Well, yes and no. I'd hazard that many traditional datacenters are quite a bit less secure than the big public clouds. Mostly this is a result of complexity stemming from legacy services, not to mention lack of sufficient dedicated resources for security - but does that matter for every single service? I'm going to go out on a limb here and say no.

Cloud Washers

Email with a Web UI in front of it - that's cloud, right? Can I have some money now?

Thankfully this trend seems to be dying down a bit. It's been a while since I have seen any truly egregious examples of cloud-washing.


I was doing the same thing on my Model 317 Mark XXV, only with vacuum tubes! Now get off my lawn!

Sorry, mainframe folks - this is a little bit unfair, because the mainframe did indeed introduce many concepts that we in the open world are only adopting now. However, denying that cloud is significantly different from the mainframe is not helpful.

Flat Clouders

My IT people tell me all the servers are virtualised and that means we have cloud, right? When I send them an email asking them for something, the response I get a couple of weeks later says "cloud" right in the subject line…

Cloud is not just an IT project, and if it's treated as such, it'll fail, and fail badly. However I still hear CIOs planning out a cloud without involving or even consulting the business, or allowing for any self-service capabilities at all.

This elephant is pretty big, though, and I am sure there are more examples out there. Why don't you share your own?

  1. Because it's the twenty-first century, and we believe in giving women equal opportunities to make fools of themselves. Somehow they mostly manage to resist taking that particular opportunity, though…