49 comments

[ 2.6 ms ] story [ 74.1 ms ] thread
The article claims that "an internal site with old code that has sat there running fine, doing its job for years......costs zero dollars to maintain", versus upgrading to Firefox. But that is not true.

Let me tell you what the cost is. Sure, your admins can CYA for a few years, but eventually that old, unmaintained app will implode for some reason (maybe just from hardware failure, at which point you can't buy a machine that runs IE6). When it does, at a completely uncontrolled time with countless business processes dependent on it, the cost will be HUGE: maybe enough to kill the business. So by all means, go on deluding yourself that it costs nothing to keep on using outdated stuff that seems to work just fine.

Edit: I'm focusing on the zero cost argument, web apps are just one example. The costs/risks apply to any upgrade or lack of upgrade.

Furthermore, there is the opportunity cost of the site users. I had a job where I had to use IE for internal wiki's, whereas I used chrome and firefox for my actual work.

There was something seriously demoralizing about switching to IE to use an ugly, neigh unreadable and unusable wiki to document my beautiful work. i don't mean to get into a discussion on how good design and efficiency are coupled with beauty and elegance....suffice to say, i felt like the poor internal sites reflected the companies view of my work, represented our whole philosophical and prideful differences, and i ended that contract asap.

edit: ps - i accidently downvoted you when i meant to click reply AND agree with your good points. i know, it makes no sense. eit.

That's an interesting point, that the company's opinion of employees is evident through their (lack of) IT investment. I have personally come to the decision that life is just too short to put up with Windows, and if I look for a job I intend to choose it based on the existence of Mac or Linux.
I probably waste 15 minutes a day on BaseCamp's UI - it's not great, and I've written a few greasemonkey extensions to speed up my process.

And that's a 37 signals product, a pretty decent one to boot. I can't imagine how much time (for instance) my friend loses to his stupid internal IE6 app that was probably outsourced to a fourteen yea rold.

You can always put IE6 on a machine, even side by side with other versions of IE. Not saying I like IE6 or anything, just that this is a poor excuse.
You seem to be making a large mistake here. The issue in question here isn't "Upgrade a webapp" or "Only use IE6". The issue is "Upgrade a webapp for one user" or "Make that one user use IE6, rather than add another application to the list of applications to watch bug reports/updates/etc for".

Yes, the application should upgraded at some point, but just because a user wants to use Firefox is not the reason to be doing it. It is something that needs to be done, sooner rather than later, but this may not be the time, and definitely is not the reason to do it.

While I personally use Firefox, and think it would be an improvement if every used it, I would not want to be in an IT department pushing it. A large focus of the article was about limiting choice for users, which is what the complaint was. "Why can't I use XXXXXX, it just takes 5 minutes to install..." does not mean that after 5 minutes of installing it that any service will be done. Updates will need to be run, testing (should be) run to make sure it works in all the necessary cases, integration into whatever imaging/software management system the organization is using... The list goes on. On top of that, each additional application installed in the organization opens up that much more attack space, and puts the entire organization that much more at risk.

Yes, it isn't that big of a deal to let one or two users use Firefox. But once you've done that, when the next user wants Adobe Air installed, so they can have their Twitter application installed, its a lot harder to say no. Usually this snowball effect doesn't really apply, but with the ease of automated attacks it does.

Take spamming. Most users know not to trust spam. Even more may know not to click on any links. But even with a 1 in 10,000 (or lower) success rate, spamming still turns a huge profit, simply because its trivial to send out a million emails, which would result in ~100 successes. The same applies to applications. Without proper testing and updating, applications are vulnerable, and it is relatively trivial to scan a network searching for a given vulnerability.

Even if the IT department is really on top of the game, and is watching the news and finds patches right away for their products, all it takes is one application somewhere to have not taken the patch right, or to be running an older version of the software, for an attacker to gain a foothold into the organization. From there it becomes significantly easier to gain access to anything they want.

I think you're right, but I really just wanted to focus on the zero-cost claim that I quoted from the article. Firefox is just one example of an upgrade, and the logic applies anywhere: it's a trade-off, where "never" assumes too much risk (which is an expense), and "hourly" is also a very risky upgrade schedule. The sweet spot is naturally somewhere in between.
And the problem is that every new application installed is something else which needs to be balanced in that schedule, and makes the entire IT job more complicated.
(comment deleted)
An internal site with that code running there is probably going to be tested if any browser updates will be performed.

Upgrading to Firefox will mean that you will effectively have to perform these checks twice.

(No, you are not going to get everyone to use Firefox, it is a different browser, hence "scary" for most users.)

"When it does, at a completely uncontrolled time with countless business processes dependent on it, the cost will be HUGE"

Couldn't that happen with any app, even the new ones? I don't quite get the "risk of legacy" debate. Sure it would be nice to get rid of legacy stuff, but should it always be priority 1? I rather doubt it, especially since new stuff becomes legacy very quickly, too. You'd end up wasting all your resources just trying to keep up with the latest developments.

The risk of legacy is fairly simple: when your brand new app crashes, you have most of the team there, ready to fix it. When your 10 year old legacy app has a catastrophic failure, you have a maintenance programmer, one of a long line of maintenance programmers who all added their own code to it.

Basically, the older an app is, the less any person knows about it and the more convoluted it has become.

And the more likely you are to have trouble porting it in one jump from ancient to new hardware.
Upvoted for presenting a perspective I've not read too often with enough vitriol to keep it interesting. I confess to giving IT guys a hard time every now and then. I feel a little better informed for dealing with those situations now.
> "enough vitriol"

i stopped reading because i correlate "unprofessionalism" with "thoughtlessness" and "one-sided-ness" and general "youthful-anti-wisdom." i tried reading a bit more after reading your comment. i don't mean to offend when i ask the following--i almost always miss online sarcase so i have to ask: Is your comment sarcastic?

maybe i've missed the point. What have you learned for dealing with "these" [IT upgrade] situations?

Though masked by the author's sophomoric attitude, this post does contain hints of the kind of problems IT has to solve: "Does it have LDAP? In medical institutions, what are the HIPAA risks? In credit-card processing companies, what are the SOX and PCI risks? What happens when it breaks?" So, a user reading this article could conceivably come away understanding a little more about the IT worker's plight.
No, I wasn't being sarcastic.

Had he left out the unprofessional bits, this would have been a really boring story about IT stuff that I may have ignored. Instead, the post was somewhat humorous, which pulled me on through it and let me know how serious the guy was about what he was saying.

As to your second point, the sheer fact that he was able to lay out a host of possible reasons why something that would seem obvious to an IT consumer might not be a good idea was enough to encourage me to pause before badmouthing IT again.

badmouthing anyone is a bad idea. it's mean and shortsighted.
This looks like a FUD rant to me.

I work for an organization (thousands of employees/higher ed) that has zero restrictions on what programs you can install and use on your computer. For example, I use Thunderbird instead of Outlook. It works out fine for IT because the vast majority of users who need help with things like security patches and document formatting or management, do not go out of their way to use firefox, open office, or google docs. They use the programs installed on their computers by IT, and only change when an update is pushed onto their machine.

The people who seek out these other tools tend to be savvier and need nearly 0 IT support time (The only time I've had to seek out support was due to hardware failure). The people who need the greatest level of support don't know how to use the pre-installed software (Word/Outlook/PowerPoint/IE), or get frustrated with it.

A question: how often do you have problems not directly related to the use of the software?

I work in a similar situation (thousands of employees/higher ed) with little restrictions (some departments set their own restrictions on their users). Working in the IT department, I can tell you that while direct support of the applications is very small, around 75% of my daily work if from users being allowed to whatever they want. If it isn't a virus they got from what they "thought was a safe site" (and which was almost always non-work-related), it will be some application triggering the virus scanner (to every user who has installed 5+ search toolbars: STOP. They don't help any, and are giving away your internet history).

Another side effect from letting most of the users install whatever they want is a general slow down of their computers. Most users don't seem to understand that all the applications installed on their computer do, in fact, slow it down, and are shocked when their brand new computer, which they got because their old one was so slow, ends up slowing down after a few weeks of use. From what I have seen, the areas that are locked down as to what employees can install have around a 4-5 year new hardware schedule (purchasing new computers for the staff, usually replacing 20-25% per year), while the areas that allow the users to install their own software tend to have around a 2 year replacement schedule (and tend to support that schedule by only purchasing new computers for a small fraction of the users, and passing all the old machines down, which tends to make the people on the bottom of the pile very unhappy, and using 5-6 year old machines).

I'm a programmer, so desktop support/management is out of my purview. I just spoke with one of our IT staff, though, and she confirmed what you state here. She said that in my department, support is close to zero because developers are better at managing their computers, but the majority of her work is made up of fixing the computers of assistants and researchers who've managed to do something silly, and do not have the knowledge or skill to back out the change. Also, these are the same people who forward dangerous, non-work emails through Outlook, or get caught in a phishing expedition using IE.

So it's clearly not as simple a problem as it seems from either side. I assume there's a cost/benefit ratio that might be (additional productivity) - (additional IT staff) > zero. That said, I like the freedom to use the tools that work for me. I'd be pretty angry if IT policy changed, so my perspective is colored.

And that, unfortunately, is the biggest problem with IT policy. It is deceptively easy to give permission for an application for one or two people, but once you start trying to take anything away you have a total shit-storm on your hands. This is the primary reason IT policy tends towards white-listing (you can only use the applications/sites wee say you can) rather than blacklisting (you can use any apps/sites, except...). IT already takes a lot of crap from the users, adding in the complaints from users who have been told "No, you can't use the app you've relied on for years" is generally a bad idea.
Imagine a company where information flows have to be closely monitored and/or guarded. Like say, a hospital, a bank, or a financial corporation. Any leaking of information in any which way is going to be a severe loss for that company

So they will not just allow users to do what they want with their computers. In this case you do have to assume the worst and assume that users are stupid and will install stuff left and right.

Sure, there are exceptions and common sense should prevail.
I don't follow.

Of course you want common sense to prevail. And I'm not saying that you should always treat users as if they are stupid. But you do have to assume the worst when you're dealing with these kinds of severe business risks. And these business risks are not just for a small group of companies.

What I mean is this: if a computer is used to process or access very sensitive data, then the user of that computer cannot have as much leeway as other users. It's possible, and sensible, to have flexible policies depending on business usage.
Okay, I have literally never badmouthed an author of an article posted on this site before, but this guy is really just a major league asshole. I can't believe he characterized the Slate writer as propagating "cuntacular" tripe, when he could have just provided a few paragraphs of calm, rational explanation.

When I clicked the link to the Slate article, I was prepared to enter Delta Rage. "Wow," I thought, "Old John Welch here is really pissed off. This Farhad Manjoo guy must be his own class of ignorant and self-centered. I can't wait to read what must be a classic flame-bait article!" But no. Turns out, the Slate writer is just another frustrated office worker who--just like he mentioned--resents IT experts because he perceives their rules as arbitrary. Why does he have a silly misconception like that? Because the IT staff, like friendly Bynkii Blogger here, are too saturnine and sarcastic to actually explain things to a mere mortal.

Impressive, really. FTA: "Big old stupid IT knows nothing about your job." Never has a lack of empathy been so startlingly revealed by someone sardonically pointing it out in an attempt to say otherwise.

EDIT: You know, I feel so strongly that this author failed to express himself constructively that I want to provide an alternate version of his post. Call it a "TA;DR" (Too Asinine; Didn't Read) version:

"A lot of the harsh decisions that office workers assume to come from IT are actually made up in management, and are merely implemented by IT, who are just as upset about them. Trust me: We feel your pain. In terms of the other complaints, the IT staff would love to allow people to use any application they wanted, but every new program added to the mix creates another potential point of failure, which will inevitably end up costing the IT staff time, and thus cost the company money. Keeping a company's technological ecosystem balanced is very hard work, so IT departments are necessarily reluctant to change or expand standards."

My interest flailed around and died when I tried to read your last paragraph, the 'sanitized' version that you think should have been written.

Your post is simply the Kindergarten Teacher's clarion call for people on the internet to "be nice to each other!" Sorry, dude. That's not how it works. It's not even how it worked pre-internet. Read Martin Luther. Or the good bits of Plato. Effective rhetoric is a twisting knife in your victim's soul.

I made it all the way through the article because of the raw vitriol and clear prose. Not something I usually do with something that long.

I do not conflate "being nice" with "respect." I'm absolutely fine with someone swearing and hurling any quantity of invectives, as long as they are LISTENING before they speak. This guy completely missed the point of Mr. Manjoo's article. Mr. Manjoo himself missed the point of his own article, which was not "IT are such jerks," but in fact, "IT does not adequately explain their decisions, and this feeling of powerlessness, and being ignored, is making me unhappy."
While meanness and name-calling make for some fun drama, it really gets in the way of communication.

Or, to rephrase this comment in a more interesting way for you: while meanness and name-calling make for some fun drama, it really gets in the way of communication, you stupid prick.

Well of course it fails to work when the reply's tone isn't warranted. In this case, the article was bemoaning IT and blaming all the problems of The Working Man on that department, which has been a theme probably since IT became a department. After dealing with these sorts of uninformed gits for 20 years, I would expect a rebuttal to have a little feeling to it, and it would have been rather boring, without it.

Sometimes complaining about name-calling and meanness are warranted; most of the time, they're just cases of outraged people being outraged. Which is exactly what the thread OP came off as. I happen to really like visceral, biting rants against ignorance (so long as they're couched in logical arguments).

Sometimes name-calling and meanness are warranted; most of the time, they're just cases of outraged people being outraged.
In point of fact, it didn't. I read all the way through the original article. I gave up on Mr. pseudo-Nice Guy. I ignored the guy who didn't call me a prick.

Therefore, in contradiction of your argument, meanness and name-calling enabled communication with me. And therefore your premise blows its own brains out in disgust at its own self-contradiction.

Now, it helps when it's actually well done in contrast to your last line about me being "a prick" -- and I am, by the way. Always remember to make that beautied muse Creativity your ho when insulting a man.

If you're really interested in conflict and drama above all else, I suggest you navigate to one of the many web discussion forums that are suited to that kind of thing--there are many of them and any one will do. As for this issue, it appears that when calling people cunts is the most interesting thing one can say, the issue probably falls far below any level of genuine intellectual curiosity and has no place here. Your citing of Plato and Martin Luther as examples only strengthens my point--Plato was a bullshit artist to the highest degree and Luther was above all things the instigator of some of the most dramatic religious wars in history. Neither of them had anything to say about reality, and those of us who do discuss reality would do best to ignore their examples.
You go off and be intellectually curious in the kiddy pool then. I'll stick around the deep end, even if there might be sharks sometimes.

And contrary to your pronouncements about its nature, Hacker News is not any sort of kiddy pool.

I feel like you're using child similes to the exclusion of actually reading other people's posts. You keep saying that everyone else are "Kindergarten teachers" playing in the "kiddy pool," but I believe that real men--real adults--are capable of disagreeing with each other without ascribing their differences to a deep inner flaw in the other man's personality. You have provided no evidence or argument to the contrary.
Nice. You insinuate that I'm childlike and not a "real man" for insinuating things about other people. Love your style, brother Pot.

-- Kettle

It seems pretty clear that you are going to find a way to make this debate personal no matter which direction it's going in. However I still feel compelled to note: I had no intention of insinuating even the slightest thing about you. I know absolutely nothing about you. I simply disagree with your contention that I am being childish and naive. If my opinions come off as an ad hominem attack, it is only because the subject we are discussing involves very personal choices.
Ah, it was all my fault that you said what you did.

All of the personal nastiness, the name-calling, on this thread is coming from you and Phil. He introduced it, calling me a "stupid prick." Your claim that I wasn't an adult or even a "real man" was similarly low.

The nastiness that you anti-nastiness warriors dish out here says something, I think.

I find it amusing that you continue to provide an object lesson against your own point.
I'm going to start using "TA;DR". Brilliant.

Also, I hope this guy doesn't need to look for a job any time soon. I'd never hire him after reading that kind of rant online.

Especially not for a job where he actually had to support users.
The sad thing is, I mostly agree with what he's trying to say: IT guys aren't assholes, they're just doing their best to keep the whole damn network infrastructure of their workplace from tumbling down around them. He's clearly chosen to identify himself with the "fuck everyone who disagrees with me, I'm a badass sonuvabitch who doesn't care what they think" persona, but it's just a poor platform for communication. It works for satirists like Maddox (thebestpageintheuniverse.com), but you need to be able to respectfully disagree with people on the job, you know?

Honestly, he actually seems like a pretty cool guy. I think he's just a little bit Zed Shaw.

They both miss the point, I think.

Mr. Manjoo related a story about Firefox, and the crowd cheered. If there was really that much demand for it, then it was a failure on the IT department's part to know that it was wanted, and if they knew that, not at least acknowledging it clearly. There's plenty of good reasons not to upgrade.

What Mr. Manjoo missed is that there are tradeoffs to the freedom to install whatever you want, most of them related to support. A lot of IT policy is driven by how much they have to provide that support. Less money means coarser support - heavily locked down machines, aggressive re-imaging, or similar. Things that don't require a lot of people time.

The confirmation bias that both articles triggered in me, though, was that it clearly showed that in neither case is the IT department and the users communicating.

Good IT is hard, not just because of the technology involved, but because you have to make long term decisions which will permit you to react to users ever-changing needs and wants.

Remember, we're here for them, not the other way around. When I walk into a shop that doesn't live that attitude, I know I'll find a lot of problems.

I'm going to bookmark that post as a perfect negative example for students. "You want to know how your rant might make you look to other people?" (For example, consider prospective employers or colleges.) "Take a look at this..."
The problem with Firefox: Keeping it updated when your users don't run as Administrator.

Sure, Firefox is easy when you're running as administrator on an XP box. But if that's what you're doing, haven't you already disqualified yourself from having any opinion about System Administration?

Internet Explorer is a breeze to keep up-to-date for limited users because it's updated with the rest of Windows. I can use my WSUS server to do it. Microsoft leveraging its OS monopoly? Sure. Luckily, I don't care about politics.

Firefox unhelpfully supplies no msi packages even to ease patch deployment.

As an administrator, I have to ask myself which is more secure, patched IE or unpatched Firefox? Hint: it's generally the first since Microsoft is good about zero-days.

Now, from the resources available to me, which are limited, should I expend some to install Firefox and keep it patched for all of my users? Well, that depends on whether or not I have anything more important to do. Often, I do, surprisingly enough.

On the other hand, for our Linux clients, Firefox is packaged by the distribution, and deploying and patching it is a breeze.

This person was an idiot. First, would you ask the CEO of GE the same question? No. Why? Because you wouldn’t expect the CEO to be familiar with the advantages and disadvantages of this browser vs. that browser. Yet somehow, the secretary of state is expected to know this. Really. This wasn’t someone striking a blow for freedom, this was someone who couldn’t get his way, and didn’t understand that the State Department and the NGI are two different things, so decided to pull a fast one, in the hopes of getting the ‘CEO’ to start something for him. Fail.

What does this passage even mean? Manjoo wasn't implying that Clinton would know what Firefox was. He was demonstrating that concerns over browsers were top-of-mind for workers. He's working from exactly the premise that the author of this blog post is working from: that it is crazy for a CEO to get questioned about browsers. Unlike this blogger, instead of shutting his brain off, Manjoo interprets it as a sign that something is amiss in IT.

I guess fair is fair. Some sysadmins assume by default that the users are dead stupid and will lock them down hard. And some users will think sysadmins are evil creatures from the inner circles of hell taking massive pleasure in this.

At least the users seems to think the sysadmins are competent in what they do :)