IT Practice Within Microsoft 508
SilentChris writes "Good article over at CNet regarding Microsoft's internal IT practices. Some intriguing statements from the CIO, from the obvious ('It's an easy choice for me--to run Microsoft technology. We don't run Unix. We don't run Linux. We don't run Oracle.') to the not-so-obvious ('Our users are the admins of their machines. They can load whatever software they want on their machines, but we do audit the network continuously.') I wonder how much time is spent combatting spyware?"
No wonder they're laggin behind... (Score:5, Insightful)
Re:No wonder they're laggin behind... (Score:5, Insightful)
I'll bet you anything that they have unix servers and oracles databases for comparison purposes though.
Re:No wonder they're laggin behind... (Score:2)
Not only would it look, it would be bad for the future development of Microsoft's products; if they were inadequate for even internal use, how could they hope to compete on the open market? Not even Microsoft is that dumb.
--
Re:No wonder they're laggin behind... (Score:4, Interesting)
Remember this (the original link no longer works, but a copy of the relevant text was preserved) http://support.microsoft.com/support/kb/articles/Q 80/5/20.ASP [microsoft.com]
http://www.elists.org/pipermail/lugga/2000-May/000 468.html [elists.org]
- quoted below, describing Microsoft's process for making their master CDs using UNIX:
Re:No wonder they're laggin behind... (Score:3, Insightful)
MS does not use the crappy Visual Source Safe, but an adapted Perforce
How can you compare without use? (Score:4, Insightful)
Probably they do, but how mcuh real comparison can you do without running production systems? It could be just a small piece, but to ignore what it's like to maintain other products in production is short-sighted, I would say.
Re:However (Score:3, Informative)
Re:No wonder they're laggin behind... (Score:4, Informative)
Although MS has replaced some of hotmail from bsd to win2k, for other portions, win2k is just not powerful enough to replace the Solaris UNIX back-end.
Quote:
(from http://www.freebsd-corp-net-guide.com/rejrev/pref
In the first section of the Preface, I cite the Microsoft-owned Hotmail service as an example of a major production facility that uses FreeBSD. Several reviewers pointed out that after Hotmail was purchased by Microsoft, they commenced a program to eliminate all usage of FreeBSD and replace it with Windows 2000, and that citing Yahoo as being entirely run on FreeBSD (which it is) would be a better cite.
I rejected this purely for political reasons. Most people aren't aware of this, but Microsoft itself extensively used BSD UNIX for years for Internet serving through the Windows NT 3.51 days. This continued well into the Windows NT 4.0 days, although during that time the company began hard efforts to switch away from BSD UNIX to NT. This was not done because NT was technically superior but rather because Microsoft wanted to "eat their own dog food" as the industry line goes.
The upshot of this is present even today. Microsoft uses Conexxion as their principal offsite FTP service to distribute upgrades of Microsoft Internet Explorer and other programs, purely for this reason. It is simply because NT 4.X and even Windows 2000 is not capable of serving such a large volume of files onto the public Internet. Other companies, such as Walnut Creek/BSDi and Sun, have no problems distributing just as large an amount of data because they use UNIX. Microsoft has mandated that this kind of file update only occur over NT/Win2K. As a result, it takes an entire plant stuffed to the gills with NT servers to accomplish the same thing that only a few UNIX servers are needed to do. After all, when the work is continually subdivided, eventually the limits of NT's abilities are reached. Because of having to involve so many NT servers, it turns what would be a simple task under UNIX into a giant task involving hundreds of people. In short, it cannot be done in-house anymore and must be turned over to an entirely separate company that specializes in distributing large quantities of files with Windows platforms. While every other major company that uses UNIX like Solaris or the FreeBSD operating system can distribute large numbers of files over the Internet without a lot of expense and effort, Microsoft--purely for marketing reasons--has to hamstring themselves and spend millions of unnecessary dollars. The fact that they admit this and were unable to redesign Hotmail into an Windows-only service deserves to be made obvious.
The final word on the Hotmail affair is this: FreeBSD is used as the "front end" mail processing part of the service. Sun's Solaris is used as the "back end" mail processing part of the service. Only the FreeBSD front-end has been replaced with Windows. Microsoft still cannot get Windows 2K to be powerful enough to replace the Solaris UNIX back-end.
end quote
Additionally, in their own whitepaper about the bds portion being migrated to win2k, (references here - http://www.theregister.co.uk/2002/11/21/ms_paper_
a good read
Re:No wonder they're laggin behind... (Score:4, Informative)
Re:No wonder they're laggin behind... (Score:5, Insightful)
Re:No wonder they're laggin behind... (Score:2, Funny)
I know I'm not the only person who read that as infernal IT practices.
Re:No wonder they're laggin behind... (Score:5, Interesting)
I know which philosophy I as a customer prefer my vendors have.
sPh
Re: (Score:3, Interesting)
Re:No wonder they're laggin behind... (Score:3)
Re:No wonder they're laggin behind... (Score:3, Informative)
Longhorn? (Score:5, Funny)
Aha! So that's why longhorn is taking so many years to write..
Re:Longhorn? (Score:4, Funny)
Re:Longhorn? (Score:3, Informative)
I wouldn't want that guy's job (Score:3, Funny)
In light (Score:2)
Spam (Score:2, Insightful)
Re:Spam (Score:2)
No shock (Score:5, Funny)
Misquoted (Score:5, Funny)
Well we already knew (Score:2)
Re: (Score:3)
Hmm (Score:2)
Re:Hmm (Score:5, Interesting)
Neither our admin. assistants or QA people had any restrictions either, but I don't know about the receptionists. They sure seemed to play a lot of those boring built-in Windows games, so maybe they weren't allowed to install other software. I never asked them.
Re:Hmm (Score:3, Funny)
Re:Hmm (Score:2)
Comedy... (Score:5, Funny)
So even Microsoft has realized you can't do crap under a limited login in XP.
Re:Comedy... (Score:3, Funny)
users are the admins of their machines.
But are they masters of their domain?
I suspect not.
Re:Comedy... (Score:3, Insightful)
I know it's a joke, but when you need to do stuff like kernel debugging, testing stuff with GDI, yes, you need Admin privileges. It's unavoidable. However (I worked there as an intern this past summer), they do emphasize non-admin accounts when possible, and certainly for application-level work it's doable. I did it at work, and I do it at home.
A lot of people complain about Microsoft making Windows unusable with non-admin privileges, but I honestly am using it fine with such privileges. Sure, every once i
Re:Comedy... (Score:3, Informative)
Regular users and developers don't usually need admin access to their workstations.
You can design the workstation in a way that lets a regular user install software, but still keeps the rest of the system protected. They can install software to their home directory, or you can create a special partition named '/devel', with
That way, they can
Re:Comedy... (Score:3, Informative)
No surprise here (Score:3, Funny)
Of COURSE they allow users to admin their own machines at Microsoft. Half of their software won't run correctly in XP unless the user has Administrator privileges.
Re:No surprise here (Score:2, Insightful)
I get so pissed when I hear that some third party application requires admin to run... now I find out the people writing the OS are running it as admins. So much for these bugs coming out in the wash... then again, for MS, the end user is considered "the wash".
For someone who has to deal with these problems all the time, reading something like this is very discouraging.
Admins of their own machines (Score:5, Informative)
Re:Admins of their own machines (Score:4, Interesting)
And as far as for being an admin of your machine, it does not mean you are running as admin all the time. Locally most folks here have an admin username they can log into to install software on their machines when needed. They also have a regular normal username they use to log in as a normal user to do their work.
Common (Score:3, Interesting)
Now, in all fairness, there is a way around it (and we're exploring it). The problem is, that while revoking local admin rights for our users would save us lots of time and effort in combatting spyware, etc, we'll use that time manually updating the AS400 client software.
No, that one is obvious too (Score:5, Insightful)
That's the only way to run a network of computer-savvy users. Imagine a metalworking shop that wouldn't let the machinists adjust their own wrenches. You'd have to put a call-ticket in to "Tool Technology Support" and after a few hours (if you are lucky) or days (if you aren't) some kid comes over who doesn't know anything and tries to adjust your hammer.
Re:No, that one is obvious too (Score:2, Insightful)
Re:No, that one is obvious too (Score:2)
That's the only way to run a network of computer-savvy users.
Sure, but on the other hand, I suspect this is probably at the root of why Microsoft can't really grok why their products are so hard to use in typical enterprises. Very few of the non-technical workers in most enterprises are competent at managing their machines, so tools to make this easy and effective to do centrally are a must. Microsoft are beginning
Re:No, that one is obvious too (Score:2)
Mind you, I work in a call centre where it doesn't really apply in the same way.
Re:No, that one is obvious too (Score:4, Insightful)
If you are one of those rare programmers with sysadmin skills, get a job as a sysadmin and you will quickly learn that most users should not be let anywhere near a computer, let alone given admin.
Re:No, that one is obvious too (Score:3, Insightful)
The point is that centralizing common and simple tasks wastes everyone's time - the support guy and machinist alike.
Helpdesk is probably u
Re:No, that one is obvious too (Score:3, Insightful)
Your assumption, 'that sysadmins know what they are doing and programmers do not' is a fallacy.
Just as there are inept users, there are inept sysadmins - and even good sysadmins can have their moments. I have seen sysadmins do really boneheaded things - primarily because they are focussed on the OS, as opposed to understanding how that OS interacts with applications and services running on the machine.
The real answ
The problem is that many savvy users aren't (Score:5, Insightful)
We have a Internet Technologies Lab. This is the lab where they study networking and so on. These are the engineers taht study this, they have degrees in this. However they have the most piss poor understanding of network fundimentals and security I've ever seen. They get boxes hacked all the time, they continually have problems with simple things like getting their subnet set correctly, and if their switch goes down plugging it in is too complecated a concept.
Just because somone works ina computer related field, doesn't mean they are good at the support end of computers. I'd like to think that programmers and engineers ought to know enough to avoid spyware and such, but I know from experience that's not the case. Just because they can write good code doesn't mean they are good system administrators.
Re:No, that one is obvious too (Score:4, Insightful)
So this is why users in the real world need admin! Until internally they force their developers to only use user account there will always be problems. As a developer I can bet you that if I always have admin I will take the shortcut and not bother making sure it works 100% if I run it as a user that has no admin right. I always wondered why so many of their apps (MS Word needs write access to win32/ ???) require that you let them touch (not just read) files outside of your home directory. Know I know.
Well I am happy. With this knowledge I know that Longhorn wont force users to only write to home directories like in Unix/Linux and virus's/bugs/spyware will continue to exists and they will only cause their Microsoft own downfall. This was the only feature that I figured would save Microsoft.
-Benjamin Meyer
Re:No, that one is obvious too (Score:3, Interesting)
Actually, he is called a tool setter, and that IS how its done.
Re:No, that one is obvious too (Score:3)
In a Unix environment, a developer does NOT need the ability to install software. "Installing" software in Unix means putting it in a central place where all users can access it. As a developer, you don't need to do this; you just need to put it in your local directory and develop and test it there. If other people want to try it out, they can go there and try it as well (assuming you gave them read permission). When you're ready to deploy it to the entire comp
Software Audits? (Score:5, Funny)
Our users are the admins of their machines (Score:2)
Nice Knee-Jerk (Score:5, Informative)
I am a software consultant. The first thing I usually need when I go to a new client is to have local admin to run various coding tools (app servers, for example).
Do those clients have spyware running rampant? No, because the people that have local admin aren't idiots. I'm sure MS spends time educating non-techies on what to d/l and what not to. Its not surprising nor do I necessarily think its a bad thing for people to have local admin on their machines.
Of course, if this wasn't about MS, I'm sure no one would care... but some people simply need someway to stick it to MS....
A Sound Knee-Jerk Reaction (Score:5, Insightful)
So while people might not be idiots, most should never be trusted with elevated privilages. But Windows does give you an option (or they are very painful) so load up the maintaince costs with all sorts of software and network monitoring because MS refuses to learn lessons painfully realized 20 years ago.
For the love of all that is good and holy, I wish MS would abandon certain technologies (Active X hosting in application frameworks), I wish MS would stop requiring user level tasks with elevated privilages, and I wish people would stop making excuses for MS. Reinstalling from a backup image is not the proper way to fix problems on a platform that is supposed to be "enterprise enabled".
Re:Nice Knee-Jerk (but accurate) (Score:2)
You think a company, ANY company, doesn't have its share of non-techno-savvy idiots installing spyware? I work with people who are somewhat tech savvy, yet they still get spyware. Do you actually think that a com
Don't run unix, eh? (Score:5, Interesting)
We were allowed to pretty much install anything we wanted to. I had tons of command line tools, perl and other stuff installed along the way.
Oh, and lots of guys had Linux boxes running at their desks along the way as well.
We don't run Unix. We don't run Linux. (Score:5, Insightful)
Re:We don't run Unix. We don't run Linux. (Score:2)
So why did Microsoft pay all that money? Officially, to protect Microsoft (but not Microsoft's customers) against claims from SCO.
Re:We don't run Unix. We don't run Linux. (Score:4, Informative)
Of course Interix or whoever MS bought the thing from probably paid the piper already, but knowing SCO's proclivity for lawsuits, I don't blame MS for doing it again.
Re:We don't run Unix. We don't run Linux. (Score:3, Funny)
There's definite pockets of non-Microsoft use... (Score:4, Informative)
Pain (Score:3, Funny)
combatting spyware (Score:3, Insightful)
Also, quite a bit of spyware will simply install itself to the user profile (hotbar, etc.), the only way to combat these types of spyware is to utilize Mandatory Profiles.
Spyware is an ongoing problem with ANY Windows machine, whether it is "secured" or not.
Software company, not bozos (Score:5, Insightful)
Pardon me for standing up for them, but
Peeves me off when the people writing the software are not trusted to administrate their own computer which they are writing software for (or some equivalent thereto). What's with this growing American sentiment that nobody should be trusted with tools, that only someone special should be (without noting the perversity that if nobody can be trusted, then nobody can be trusted)?
Re:Software company, not bozos (Score:3, Insightful)
If you run as root when you don't need to then either you are an idiot or those that built your system software are.
Re:Software company, not bozos (Score:3, Interesting)
Sure, they are similiar concepts but in practice they're very different. Windows is
Re:Software company, not bozos (Score:3, Interesting)
The death of administering (Score:3, Informative)
Is it just me, or is the word "administering" being slowly replaced by "administrating"? Administrating seems to be the wrong tense to me.
No *nix? (Score:4, Insightful)
That makes for a great testing environment for Windows Services for UNIX, huh?
Re:No *nix? (Score:3, Interesting)
> to make sure Microsoft products are the best products in the
> world. It's an easy choice for me, in that sense--to run
> Microsoft technology. We don't run Unix. We don't run Linux.
> We don't run Oracle. We're 100 percent Windows, SQL Server.
100% Windows? Wow, that must make the Macintosh BU [microsoft.com]'s development efforts pretty hard.
Although I agree that Microsoft should use their own products wherever possible, the interview with the
So, do they run Great Plains or Axapta? (Score:2)
100% Microsoft my foot.
Anyone have Weblogs with MS IP Ranges? (Score:2)
This makes sense and is consistent with the CIO's statement. Since each user is their own administrator, they are allowed to wipeout windows and run any Linux distro they want. They probably use use VMWARE or VirtualPC to host their Windows OS and quickly switch to full screen whenever a manager is around.
Spyware... (Score:2, Insightful)
Best practices (Score:4, Insightful)
I hope some of those users are smart enough to give themselves a luser account and run under it
Maybe they have an enforced policy of using anti-spyware and anti-virus software
Maybe they have extensive training classes with stock options going to those who don't spread viruses (sort of like those "accident free days" campaigns you see at some companies). But wait, no one wants their stock any more
Oh well, they're Microsoft -- they must know what they're doing.
They STILL use some UNIX systems..to Compile Win.. (Score:3, Interesting)
Famous last words (Score:2)
No skills? (Score:2, Insightful)
We do [...] have an open-source client running--just for competitive analysis. As an IT organization, I have no skills and no ability and no purchasing of those products.
So he's an IT manager with no skills in the IT industry other than MS-related? Someone could call this "to be blind and overconfident".
Me, I call him a lucky guy that is probably paid >= 4000€ a month to say to the world "I don't know a thing about IT, but with MS my income has doubled". Heck, being on Bill's bill, McBride can
Totally Incoherent Answers (Score:5, Interesting)
Re:Totally Incoherent Answers (Score:5, Funny)
Re:Totally Incoherent Answers (Score:5, Insightful)
The point is they're eating their own dogfood. They may not have the absolute best product in the world, but it does everything they need it to do. If the only way to get feature X is to install Oracle WhizBangPro 5.0, they refuse to do it: they just write that feature into their own software. And thus, their software has all the features they need.
Given that the IT needs of Microsoft probably rival or surpass almost any other organization, I'd say that probably qualifies their products as at the very least among the best.
Who came up with this strategy? (Score:2, Insightful)
Microsoft Sun (Score:2)
http://news.netcraft.com/archives/2004/12/11/wwwg e orgewbushcom_switches_to_selfhosted_freebsd_server _wwwsuncom_upgrades_to_solaris_9_not_10.html [netcraft.com]
Of course if the Sun admins are going by what the www.sun.com webpage says, they're probably just as confused as I am about when the real version of Solaris 10 is coming, why they had a "release event" without releasing the actual product, why all those "Solaris 10" links go to Solaris Express beta download
Re:Microsoft Sun (Score:2)
Time spent combatting spyware? (Score:2)
While I service a lot of Windows machines, my own WinXP box remains free of such contamination due in part to my own browse habits (I don't click "yes" to everything and I don't visit a lot of weird sites all of the time.) as well as the browser that I use.
My users are a different story... I keep fairly busy with it.
they must be admins (Score:3, Interesting)
Note the subtle line of reasoning there -- what he implied to say is "Our users are the admins of their machines *so* they can load whatever software they want on their machines". Which is perfectly obvious, because it appears that on Windows, to do anything even slightly more advanced (like, say, installing new non-trivial software), you have to be an admin. Personally, I don't know of any Windows development shop where the programmers aren't admins and don't each have their own personal single-user PC...
I like this question: (Score:3, Interesting)
As a policy, I don't run anything that competes with Microsoft. My goal is to make sure Microsoft products are the best products in the world.
Ah, the old 'bury your head in the sand' technique. It works well. Maybe if they actually *tried* linux they could see what pisses disenfranchised Windows users off or where these TCO numbers come from.
That's bullshit, I worked there, I know (Score:3, Informative)
We don't run Unix? (Score:3, Informative)
Disks are duplicated on a variety of industrial strength, quality focused systems. Most of these systems are UNIX-based. The UNIX-based duplication systems used in manufacturing are impervious to MS-DOS-based, Windows- based, and Macintosh-based viruses. The few MS-DOS-based and Windows-based standalone duplication systems do not allow MS-DOS-based operating systems to access the duplication system. Virus protection systems used by these MS-DOS-based and Windows-based duplication systems strictly govern the duplication process, even when they are not running.
That KB article has since disappeared... smirk... ;-)
10% Security (Score:3, Insightful)
A: "It's hard to capture the overall time spent on security, but 10 percent is probably about right."
This is exactly what is wrong with Microsoft Security. It needs to be the total responsibility of a few individuals who work closely with the larger security community, clearly when security is everyone's problem and they spend 10% of their time on it, then it is really nobody's problem. (Except that then it is everybodys problem! )
Microsoft could save money and improve it by outsourcing security. Rather than trying again to fix a broken culture, why not just admit it's broken and realize that other companies use outside resources and it works fine for them. For example, would you but an extension cord without it first having been researched by Underwriters Labs? Would you go to a hospital that was not inspected by JCAHO?
"We don't run Linux" (Score:3, Interesting)
I admin my own box (Score:3, Funny)
That's because all our "technical" people only know how to admin Microsloth products. If a couple of reboots doesn't fix it they re-install from scratch.
Re:Lesson Here (Score:2)
Re:From the article (Score:5, Insightful)
Think of it this way. The biggest way that you figure out that something should be tweaked is if you are the user of the system. Those admins that never use the systems that they deploy and work on have quite a big harder a time trying to understand just what the program is trying to do, and what to do about it when it fails. To add to that, they never come across bad quirks that noone mentions because they're just that, quirks. It doesn't cause the system to fail or halt or mangle any data, but it sure is annoying when it does it.
To live and die by your own software is not a bad thing. It gives you not only the developer's perspective of design and impliment a solution, but also allows you to see whether or not what you made is actually useful. Don't read too much into this post, like I support Microsoft totally (they can be quite an ass of a company), but the mentality is sound and used in more companies than just Microsoft.
Re:Social Reinforcement within MS (Score:2)
Having worked there, there are a lot of really smart people there. However, it is a large corp, so I'd say 90% of the employess are not the 'uber geeks' that you picture them as. Most people that work there are only slightly more techno-savy than the average white collar workers.
Several years ago while working there, I had to explain what an
uh, try 4 years ago. (Score:2)
Re:LIAR (Score:3, Informative)
Re:LIAR (Score:3, Insightful)
Re:WTF? CIO implies little talent here in USA? (Score:4, Insightful)
A gazillion out of work and a gazillion that I'd want to employ are two very different things. I have a hard enough time recruiting for a department of 15, let alone trying to do it at the sort of scale he's talking about. The truth is that Sturgeon's Law holds just as well for IT staff as for anything else. In fact, if my experiences are anything to go by, he was being optimistic...
Re:Weak (Score:3, Insightful)
I don't like Microsoft products, overall, but purely for technical reasons. There's no place for emotions or politics in solid-state circuitry. (I've heard that stressed silicon does better than regular, but I don't think that's the kind of stress they mean.)
However