Category: IT-policy

Windows 8 does not have to be a disaster

<originally a Webwereld column – in Dutch – also on HuffPo UK>

Klik voor grotere afbeelding

Gartner, IT-journalists and even former employees of Microsoft agree: Windows 8 will be a disaster. The Metro interface designed for tablets (a market that virtually does not exist in relation to MS-Windows) is unworkable on a desktop with a vertical non-touch screen, keyboard and mouse. Most office spaces still have this and most run legacy applications with interfaces that rely on a Windows PC using a keyboard and mouse. It is precisely the ongoing purchase of desktop PCs with the combination of MS-Windows and MS Office that has kept Microsoft financially afloat over the last 15 years

The combination of legacy applications (mostly proprietary) and familiarity with MS Office, led many IT organisations to automatically buy the new Windows platform, despite the high cost of licences and support. The inevitable result is a world of pain, with new interfaces, a lack of compatibility and the sudden cessation of support for critical components. IT policy is organised around coping with these problems instead of focusing on sustainable alternative solutions. And solving or mitigating these problems requires so much time and money that there is often little left over to plan further ahead. Thus, in many organisations the perfect vicious circle has existed for so long that many IT people can not even see it.

An important point here is that Windows 8 is only a disaster for those who buy it and those who are unsuccessfully trying to sell it. For the rest of us, it is irrelevant. So if you use a Windows7 PC, Mac or Linux machine, is very easy to just let all this misery pass you by. After a disastrous version of Windows is released, another (slightly less) catastrophic version (think ME/XP or Vista/7) will follow, and for those who still genuinely believe that they need a Microsoft operating system, they merely hope that a half-decent version will come along in a few years.

Organisations that (virtually) no longer have platform-dependent applications because they have (to) provide a web interface, have no reason at all to even think about purchasing proprietary operating systems. Organisations that do use these applications are better just sticking with earlier (already purchased) versions of MS Windows, so that all interfaces remain compatible and end users can continue working in their familiar environment. The IT department’s resulting spare time and money can be used to break the vendor lock between applications and platforms.

Most application vendors are now thinking about web interfaces, or APIs for tablet apps (even if it is just to keep company directors happily playing with their iPads). Application vendors who are not yet doing this should understand that in times of tough cuts IT euros can only be spent once, either with them or with Microsoft. Seems an easy choice, right? Fortunately, even company-specific applications do not last forever and when the time comes where there is something new to choose from it is useful to calculate the TCO of applications by including the underlying infrastructure costs (licences, management, security), and compare this to the TCO of applications that do not have such dependencies. Conversely, you can also say to your hoster: “I do not care what platform you run my applications on, but what would I have to pay you if it is an open source stack?”. A little negotiation is always possible in a stagnant market.

As with Vista, the main victims of Microsoft’s iPad-wannabe software are the basic PC consumers – those who buy a PC or laptop from a retailer and get a machine with a pre-installed disaster. In the coming years many IT professionals will have to deal with family, friends and acquaintances crying down the phone because they cannot find or use their favorite or essential PC applications. It will be Vista revisited. Do your friends a favour and downgrade them to Win7 if needed or upgrade them to Ubuntu if possible. The main reason why home users still want Windows is for gaming. Fortunately, people have worked hard on alternatives, including by previously mentioned former employees.

Although I dislike the iPad because of its extremely locked-down platform, tablets (with the first iPad) have presented to non-techies, for the first time in 20 years, a completely different platform to the Windows PC. So for the first time in aeons there is a widespread discussion about possible alternatives. Once we take that mental step, we open the way to discuss IT policy that really starts with the question of how best functionality is achieved at the lowest possible cost (which may also lead to discussing the underlying platform).

If Microsoft’s profit margins on the Windows/Office combo are cut back to 20% (it is currently 60-80%) the TCO figures will be more reasonable. Like IBM, over the years Microsoft will become an ordinary business providing rather boring-but-sometimes-necessary products at more normal profit margins. And that, except for the shareholders, is not a disaster.


Update: in the week after publishing this column a few dozen Dutch governments organisations promptly made my point with the total loss of network functionality from a nasty Windows virus. The infection is still going on and the dataloss and privacy implications of the breach is still being investigated. many sysadmins have been working overtime to contain the problem. Of course there will be another one of these six months from now and so on and so on. This has been going on for years.


Opensource policy needs a ‘Why’

Tux in PeruIn 2002 Peru had a coherent action plan for open standards and open source. That went way beyond the Dutch action plan of five years later and was probably far ahead of its time. Where the strengths of the Dutch plan lie in focusing on practical operational goals such as interoperability, market forces and strengthening the local economy, the Peruvian plan made no attempts to hide its political mission.

As Peruvian Senator Dr. Edgar Villanueva described in a famous response to a lobbying letter from a proprietary supplier, these are the fundamental IT considerations for any democratic government:

  • Free access to public data for citizens
  • Digital preservation of data
  • Safety of the State and its citizens

The idea is that a democratic government must in the first place be accountable to its citizens concerning its actions. This makes control over, and insight into, the software that implements the law a political issue. Free access to public data and digital preservation are mainly the areas of open standards and it seems that this battle is pretty much won. The importance of open standards is generally accepted in 2010, even by the parties (you know who you are) that have actively blocked its implementation for many years.

Security of the state and its citizens is a lot harder. What security and against which threat? The state must protect itself from unwelcome outside influences. If it can be externally influenced outside the democratic will of its citizens, then there is not much point to democracy. Full access to the source code is a good guarantee of a high level of control and independence. This access means the right to view, modify and redistribute those changes. The government must have, if it wants, its own "gold master" to make critical pieces of software. With a certified, public checksum of the code so that a simple and transparent process exists for verification. This makes the government truly independent of foreign companies or countries that would like to exert influence through undocumented loopholes.

Citizens must be protected from both external and internal robber barons (this is why we have nation-states in the first place!), and against the government itself. Because we know that even democratic governments sometimes just lose their way when it comes to human rights etc. This is why access to source code is also crucial. With an open platform you, the citizen, can protect yourself with heavy encryption on your data(traffic). And that crypto can be checked by someone you trust not to have any back doors. Free software (also known as open source) is therefore just as natural as the use of open standards for any innovative, democratic and sovereign country that deserves the title. For a company this independence and freedom to innovate may also be a strategic matter. And more and more companies are discovering that.

Such a policy is not, as certain parties often state, discrimination against the business model or suppliers. The business model of a software supplier is not relevant to a government. But the term&conditions of product delivery are and those may be set by governments. It is then up to the supplier to decide whether he wants to meet those conditions. Or not. No one is forced to deliver against their will.

The lack of a political mandate in the current Dutch policy is a limiting factor. Without a clear political strategy detailing the ‘why’, IT discussions will always depend on migration plan details and total cost-of-ownership-for-3-years. It may be totally against the zeitgeist to discuss the principles of democracy, national sovereignty and civil rights. But if we do not continually make these points, we might just as well outsource the governing of the Netherlands to Blackwater/Xe and Halliburton.


A tale of two elections

stolen elections There were two elections on my news radar the last two weeks. One in an African country now rapidly sinking into an economic crash and possible civil war, the other in the heart of the civilized west; the OOXML election by ISO standards body in Geneva. Aside from the locations and prices of hotels for journalists the differences were few. Bribery, fraud and intimidation were applied to achieve a specific outcome, never mind what the majority wanted. In the OOXML election even the standards organizations of proper democratic countries like Norway and Germany were unable to withstand the well-oiled lobby machine of the worlds most convicted software monopolist. In the Netherlands Microsoft was actually a member of the committee and prevented a committee consensus. So instead of voting against the standards, as 21 out of 22 members wanted, the Netherlands voted ‘abstain’. The list of irregularities is endless but try some of the links above to get an idea.

To quote an ISO insider: "?OOXML?s BRM process is irretrievably broken; complete, utter, unadulterated bullshit?" (Tim Bray). The ISO process is dead and that is bad. Even though ISO was far from perfect it’s open process did help many nations to agree on thousands of standards on anything from steel manufacturing to surgical gloves. These kinds of standards are crucial for a globalized high tech society.

It would seem that those in favor of the OOXML standard (Microsoft and a few of it’s partners) did not have so much confidence that their 6000-page specification would make it to ISO standard status that they trusted a transparent en democratic process to take it’s course. There way of treating the process was much like an African dictator with a chest full of medals. Utterly lacking in legitimacy but high on power as a consequence of an unlimited bribery budget and a willingness to bully anyone in the way of their goal. If they were not so much trouble you’d almost feel sorry for them.

Microsoft is of the opinion that everything went fine. Neelie Kroes and the EU have a different view of the matter. I feel another mega-fine around the corner. Not that any of this matters a lot to the fastest growing parts of the world. Brazil, China, India, Iran voted no. They represent a big chunk of the global population (as opposed to yes-voters such as Malta). If I were an applications vendor I’d make sure I stay ODF compatible. Several countries such as the Netherlands and Norway (that is now appealing their stolen vote) have already formally chosen ODF as the document standards for government. Others are looking to follow this lead. It’s not entirely clear what Microsoft has achieved by gaining the ISO label. The governments that already choose ODF are not going back and Microsofts well documented behavior is not going to make then many new friends.

UpdateiconklThe EU appear to have been investigating the OOXML ISO certification process for some time now. Documentation from countries with where very clear breaches of protocol occured will strengthen the case for further antitrust investigations and possible additional fines or other measures. The victory of OOXML may turn out to be very costly indeed. And any credibility of OOXML as an ‘open’ standard has already been severely damaged by the deluge of reports about bribes, fraud and other forms of misconduct by Microsoft over the last year. A Pyhrric victory if here ever was one.


Public Transport card fully hacked

What experts foresaw last December and the Dutch research institute TNO denies was possible in their recent report has been done. The deepest level of data-encryption on the NXP Mifare RFID chip has been hacked. Cash from cards can now be copied to other cards through cloning and that makes this system utterly unsuitable for serious applications involving real people and real money.

But this is essentially old news. The more interesting news as far as I’m concerned is the fact that TNO was immediately re-hired by the company implementing the card system to do more research on the validity of the hack. You have to wonder what the thinking is here. This company dropped the ball on at least three separate occasions in this area so why do they get another chance to write a big rapport to claim ‘there is no problem’ ? And this is not the first time, on the sensitive subject of voting computers (now banned in The Netherlands) they also kept telling us ‘all is well‘.

If you merely want a paper to reassure yourself just ask the secretary to print out a pretty picture from the Interweb with a caption that says ‘everything will be ok’. That’s a lot cheaper then hiring a company like TNO, and apparently just as valid.

Does TNO just write down whatever the customer asks of them or do they really not know any better? Either alternative is troublesome. As an important expert-adviser to the governments we should hold TNO to a higher standard. When faced with an impossible request from a client they should respectfully decline the job explain that the client’s request is either technically impossible or not in line with laws concerning citizen privacy and such.

Our government (and parliament!) allowing such organizations to indirectly guide technology policy is a real problem that will continue to cost us dearly (in real money, privacy violations, theft and missed technology opportunities).

Next up for big IT-projects is a road-toll system that should allow for more flexible costs of (pay-as-you-go) owning and using a car. Hopefully it won’t be as insecure as this project, that could be expensive for government or the citizen (or both).

Updateiconkl Tomorrow there will be a meeting in parliament on this matter. The independent experts (the ones that got it right from day 1) have decided to boycott this meeting since they are not allowed access to the ‘secret’ paragraph of the most recent TNO rapport. They wisely refuse to legitimize more ‘security-by-obscurity‘ bullshit.