Business
Rupert Goodwins' Diary
IT strategy competes with worms, spacecraft and the nuclear option. Just another week for Rupert
Monday 27/1/2003
To Le Meridien in the heart of London's prestigious Piccadilly district (avoiding the dangerous coincidence of payday and Tower Records). By several twists of fate, I am to chair a BusinessWeek/European Technology Forum round-table this evening on the interesting subject of IT strategy in challenging times. This consists of sitting in the middle of a bunch of chief technology/information officers from such blue chip places as Barclay's, Vodafone, Sainsbury's and so on. So, it's on with the best tie and the closest I can get to a professional demeanour, and off we go. As a humble technology editor, I don't spend much time with strategic corporate types, so it's as interesting for me as it is -- I hope -- for the audience. For example, did you know that by going with Intel/Linux systems, companies can afford to run two identical set-ups of their major installations? One for the live system, one for development, debugging and so on. You just can't do that with the sort of licence and hardware prices the HPs and Suns of this world require, but it makes life so much easier. Towards the end, I start to relax. Big mistake, 'cos then I slip into stand-up comedian mode. Still, I got two laughs for every low rumble of disapproval -- I reckon that's an honourable ratio. After the event. I got buttonholed by one of those rather formidable women who run PR businesses through the ability to turn clients and journalists into burn marks on the carpet with one glare through their specially heat-hardened quartz-lensed five-hundred-quid spectacles. "How did you find it?" I asked, still filled with the giddy joy of having got through the evening without dropping anyone on the stage in the deep stuff. "I was very disappointed. Nobody wanted to talk about the subject," she smiled. Beneath my feet, the shagpile started to smoulder. She was right, of course, and that was one thing that came across beforehand. There was a consensus among the panellists that IT shouldn't be about strategy. I didn't believe that, nor that they believed it, but I was stuck -- should I try and stir things up by saying so, or should I go with the flow? I should have been Jeremy Paxman, but I was Martin Lewis. Next time -- if there is a next time -- I'll bring my iconoblaster. Tuesday 28/1/2003
What a mess! SQL Slammer hits the Net, triggers faults in Cisco routers, DNS falls off the edge of the world, ATMs clam up and servers break down. It gets worse: the code that's exploited might be in SQL Server 2000 -- which people know to patch, even if MS has made it so difficult that nobody, not even in Microsoft, has bothered -- but the same stuff has ended up in a wide range of Microsoft and third party products. It's not the first time that a vulnerability in a library component has surfaced, meaning that anyone who's added a function to their program by plugging in an off-the-shelf component has also added a hole. Open source is just as vulnerable to this, of course, even if the chances of the problem getting noticed and a fix produced is higher -- and it has problems of its own. With commercial software, you can at least find out everyone who's got a licence to your code and contact them -- the first stage in getting the fix installed everywhere. With open source, though, you have no idea where the errant code fragment has ended up, nor if it's been modified or how. It could easily be that there's a chain whereby someone adopts a piece of code that was adapted by someone else who copied it from a third party, and that the person who produces the final piece of software has absolutely no idea what's in that chunk of the product. Even if you put out an alert in all the places that such people should read, it won't reach everywhere it should. The more I think about it, the more it seems that we'll have to bite the bullet and exploit the vulnerabilities ourselves, writing self-replicating, self-installing patches that copy themselves around the Net -- yep, our own worms. I'm not the first person to think this, not by a long way, and not the first to find the idea dangerous, unpleasant and very much against the rules. But it might be the only way -- and if done properly, it might work rather well. Wednesday 29/1/2003
Red Hat in orbit! Space Shuttle Columbia is up there right now, flying OMNI -- Operating Missions as Nodes on the Internet. By replacing its various legacy systems with COTS (Commercial Off The Shelf) IP-based stuff, and making everything that flies above the atmosphere just another Internet destination, the agency hopes to cut costs and make things work more flexibly. Well, it's worked for us down here on Earth. And NASA is using Linux, thus proving beyond doubt that penguins can in fact fly perfectly well. Vint Cerf, one of the Net's founding fathers, has got there already, of course. He's already fleshed out the specifications for routing packets between planets, and out to distant probes on the edge of the Solar System. It's just a matter of getting the kit out there. Of course, there's no way we'll be allowed to play. If you ever wanted a limited bandwidth system, interplanetary comms is it -- we get stuff back from the most distant stuff a handful of bits at a time. And do we really want the next Mars mission data to come back filled with misspelled swearwords from 'leet doods? Which is a shame for anyone who fancies browsing the backside of the moon. There is an alternative. We already have fleets of amateur radio satellites in orbit, run and used perfectly well by hams the world over. We just need to configure a couple as routers and send 'em on out, as a sort of informal backup to the Nasa big guns. And just like the original Internet, it'll be there when its needed and the Big Grown-Up way of doing things shows signs of not working properly. Thursday 30/1/2003
Congratulations to our comrades over on Silicon.com, who have just launched a major revamp of their service. We know how much blood was spilled -- we had to change the sawdust in the server room more than once a week at one stage -- and we look forward to snaffling as much of their brand-new sparkling code as we can get away with. I've been working in online journalism now for almost exactly half the time I spent in print, and the differences still intrigue. When we started out, we thought that online publishing would be so much more flexible, responsive and immediate -- and to some extent, it is. Matt Loney got a huge story up about SQL Slammer from his home on a Sunday morning, and it was around the world in less time than it takes to shout "Hold the front page"! But in other ways, online is nightmarish: if you want to try something radically new in print, you do the layout, write the words and... well, print it. With online, you have to work out whether your existing systems can support it, and if so how you configure them. Then you have to work out how it'll interface with everything else, such as the search, the archiving, the page rendering stuff. Then you have to find a techie with some spare time to actually do and verify this stuff (stop laughing at the back there). Then you get to lay it out and write it. I still love online publishing, and feel more than ever that it's just at the start of a few decades of planet-changing wonder. But there's so much work to be done in making the infrastructure promote, rather than limit, imagination and invention. Friday 31/1/2003
A quick end of week quiz: What is Microsoft's Palladium initiative? 1 An open initiative to develop trustworthy computing, with input from the rest of the industry. 2 An attempt to put Microsoft in charge of all computers and digital media everywhere 3 About to take over the nominally independent Trusted Computing Platform Alliance 4 Temporarily unavailable due to SQL Slammer in the code database. 5 Palladium? Never heard of it, guv. The correct answer, of course, is 5. It might have been 3, if Palladium still existed, but of course it doesn't. No, the whole thing has been Windscaled and is now called the Next Generation Secure Computing Base. All of which, one presumes, now belong to Microsoft and not us at all. It's a good rule of thumb that if you want the world to know about something, you give it a snappy name. Doing the opposite -- and NGSCB sounds like some semi-governmental organisation from the 70s -- usually means either you're terrible at marketing or you want people to stop talking about it. So we should immediately come up with a better expansion of the acronym and keep the ball in play: NoGoodnik Seattle CowBoys? Nobody's Gonna Steal Corporate Binaries? Now Grovel, Says Controller Bill? You can do better than that. You'll have to. Send in your suggestions to the usual address, and there'll be a ripped DVD full of Microsoft XP source code for the winner. (*) (*) Only kidding.
To Le Meridien in the heart of London's prestigious Piccadilly district (avoiding the dangerous coincidence of payday and Tower Records). By several twists of fate, I am to chair a BusinessWeek/European Technology Forum round-table this evening on the interesting subject of IT strategy in challenging times. This consists of sitting in the middle of a bunch of chief technology/information officers from such blue chip places as Barclay's, Vodafone, Sainsbury's and so on. So, it's on with the best tie and the closest I can get to a professional demeanour, and off we go. As a humble technology editor, I don't spend much time with strategic corporate types, so it's as interesting for me as it is -- I hope -- for the audience. For example, did you know that by going with Intel/Linux systems, companies can afford to run two identical set-ups of their major installations? One for the live system, one for development, debugging and so on. You just can't do that with the sort of licence and hardware prices the HPs and Suns of this world require, but it makes life so much easier. Towards the end, I start to relax. Big mistake, 'cos then I slip into stand-up comedian mode. Still, I got two laughs for every low rumble of disapproval -- I reckon that's an honourable ratio. After the event. I got buttonholed by one of those rather formidable women who run PR businesses through the ability to turn clients and journalists into burn marks on the carpet with one glare through their specially heat-hardened quartz-lensed five-hundred-quid spectacles. "How did you find it?" I asked, still filled with the giddy joy of having got through the evening without dropping anyone on the stage in the deep stuff. "I was very disappointed. Nobody wanted to talk about the subject," she smiled. Beneath my feet, the shagpile started to smoulder. She was right, of course, and that was one thing that came across beforehand. There was a consensus among the panellists that IT shouldn't be about strategy. I didn't believe that, nor that they believed it, but I was stuck -- should I try and stir things up by saying so, or should I go with the flow? I should have been Jeremy Paxman, but I was Martin Lewis. Next time -- if there is a next time -- I'll bring my iconoblaster. Tuesday 28/1/2003
What a mess! SQL Slammer hits the Net, triggers faults in Cisco routers, DNS falls off the edge of the world, ATMs clam up and servers break down. It gets worse: the code that's exploited might be in SQL Server 2000 -- which people know to patch, even if MS has made it so difficult that nobody, not even in Microsoft, has bothered -- but the same stuff has ended up in a wide range of Microsoft and third party products. It's not the first time that a vulnerability in a library component has surfaced, meaning that anyone who's added a function to their program by plugging in an off-the-shelf component has also added a hole. Open source is just as vulnerable to this, of course, even if the chances of the problem getting noticed and a fix produced is higher -- and it has problems of its own. With commercial software, you can at least find out everyone who's got a licence to your code and contact them -- the first stage in getting the fix installed everywhere. With open source, though, you have no idea where the errant code fragment has ended up, nor if it's been modified or how. It could easily be that there's a chain whereby someone adopts a piece of code that was adapted by someone else who copied it from a third party, and that the person who produces the final piece of software has absolutely no idea what's in that chunk of the product. Even if you put out an alert in all the places that such people should read, it won't reach everywhere it should. The more I think about it, the more it seems that we'll have to bite the bullet and exploit the vulnerabilities ourselves, writing self-replicating, self-installing patches that copy themselves around the Net -- yep, our own worms. I'm not the first person to think this, not by a long way, and not the first to find the idea dangerous, unpleasant and very much against the rules. But it might be the only way -- and if done properly, it might work rather well. Wednesday 29/1/2003
Red Hat in orbit! Space Shuttle Columbia is up there right now, flying OMNI -- Operating Missions as Nodes on the Internet. By replacing its various legacy systems with COTS (Commercial Off The Shelf) IP-based stuff, and making everything that flies above the atmosphere just another Internet destination, the agency hopes to cut costs and make things work more flexibly. Well, it's worked for us down here on Earth. And NASA is using Linux, thus proving beyond doubt that penguins can in fact fly perfectly well. Vint Cerf, one of the Net's founding fathers, has got there already, of course. He's already fleshed out the specifications for routing packets between planets, and out to distant probes on the edge of the Solar System. It's just a matter of getting the kit out there. Of course, there's no way we'll be allowed to play. If you ever wanted a limited bandwidth system, interplanetary comms is it -- we get stuff back from the most distant stuff a handful of bits at a time. And do we really want the next Mars mission data to come back filled with misspelled swearwords from 'leet doods? Which is a shame for anyone who fancies browsing the backside of the moon. There is an alternative. We already have fleets of amateur radio satellites in orbit, run and used perfectly well by hams the world over. We just need to configure a couple as routers and send 'em on out, as a sort of informal backup to the Nasa big guns. And just like the original Internet, it'll be there when its needed and the Big Grown-Up way of doing things shows signs of not working properly. Thursday 30/1/2003
Congratulations to our comrades over on Silicon.com, who have just launched a major revamp of their service. We know how much blood was spilled -- we had to change the sawdust in the server room more than once a week at one stage -- and we look forward to snaffling as much of their brand-new sparkling code as we can get away with. I've been working in online journalism now for almost exactly half the time I spent in print, and the differences still intrigue. When we started out, we thought that online publishing would be so much more flexible, responsive and immediate -- and to some extent, it is. Matt Loney got a huge story up about SQL Slammer from his home on a Sunday morning, and it was around the world in less time than it takes to shout "Hold the front page"! But in other ways, online is nightmarish: if you want to try something radically new in print, you do the layout, write the words and... well, print it. With online, you have to work out whether your existing systems can support it, and if so how you configure them. Then you have to work out how it'll interface with everything else, such as the search, the archiving, the page rendering stuff. Then you have to find a techie with some spare time to actually do and verify this stuff (stop laughing at the back there). Then you get to lay it out and write it. I still love online publishing, and feel more than ever that it's just at the start of a few decades of planet-changing wonder. But there's so much work to be done in making the infrastructure promote, rather than limit, imagination and invention. Friday 31/1/2003
A quick end of week quiz: What is Microsoft's Palladium initiative? 1 An open initiative to develop trustworthy computing, with input from the rest of the industry. 2 An attempt to put Microsoft in charge of all computers and digital media everywhere 3 About to take over the nominally independent Trusted Computing Platform Alliance 4 Temporarily unavailable due to SQL Slammer in the code database. 5 Palladium? Never heard of it, guv. The correct answer, of course, is 5. It might have been 3, if Palladium still existed, but of course it doesn't. No, the whole thing has been Windscaled and is now called the Next Generation Secure Computing Base. All of which, one presumes, now belong to Microsoft and not us at all. It's a good rule of thumb that if you want the world to know about something, you give it a snappy name. Doing the opposite -- and NGSCB sounds like some semi-governmental organisation from the 70s -- usually means either you're terrible at marketing or you want people to stop talking about it. So we should immediately come up with a better expansion of the acronym and keep the ball in play: NoGoodnik Seattle CowBoys? Nobody's Gonna Steal Corporate Binaries? Now Grovel, Says Controller Bill? You can do better than that. You'll have to. Send in your suggestions to the usual address, and there'll be a ripped DVD full of Microsoft XP source code for the winner. (*) (*) Only kidding.