Ask Slashdot: What Are Some 'Best Practices' IT Should Avoid At All Costs? (cio.com) 348
snydeq writes: From telling everyone they're your customer to establishing a cloud strategy, Bob Lewis outlines 12 "industry best practices" that are sure to sink your company's chances of IT success: "What makes IT organizations fail? Often, it's the adoption of what's described as 'industry best practices' by people who ought to know better but don't, probably because they've never had to do the job. From establishing internal customers to instituting charge-backs to insisting on ROI, a lot of this advice looks plausible when viewed from 50,000 feet or more. Scratch the surface, however, and you begin to find these surefire recipes for IT success are often formulas for failure." What "best practices" would you add?
Management Frameworks... (Score:4, Insightful)
ISO 9000
ITIL
TQM
CMM
You need to have to crawl before you can walk Management frameworks are for Olympic Class organizations.
Suggestion - Build your own policies, procedures, and get those in place so you know what the pain points are before you try to implement someone else's idea of what's ideal in IT.
Fred in IT
Re: (Score:3)
I heard people raving about ITIL so I tried to find out what it is. I still don't know because even thinking about it makes me fall alkdshjg;;dfpgsdgjgshgjpsdhfj gf skoppppppppppkgp
Re:Management Frameworks... (Score:5, Interesting)
I heard people raving about ITIL so I tried to find out what it is. I still don't know because even thinking about it makes me fall alkdshjg;;dfpgsdgjgshgjpsdhfj gf skoppppppppppkgp
I went through the ITIL Foundations course quite a number of years ago. Could not fucking stay awake.
The instructor was engaging, knowledgeable, they supplied us was a much coffee as we could stand, I kept going outside (in February) to keep myself awake and I still snored through the entire course.
Managed to retain enough, long enough to pass the exam but I couldn't tell you the difference between a process & a function (by the ITIL definition) with a gun to my head.
Re: (Score:2)
It has its uses, especially if you use tools aligned to ITIL. If you try it without the tools, it is a bunch of guidelines and jargon. Not much sense that way.
I was on a team building those tools, so we had to have the courses first, and they didn't stick well. Going through the requirements, they eventually made sense.
Re:Management Frameworks... (Score:4, Informative)
Re: (Score:3)
Interminably Ticking Inconsequential Lists.
Re:Management Frameworks... (Score:5, Informative)
ISO 9000
ITIL
I disagree. In both cases, the problem is not the framework (or standard), it's the blind trust in it and the misconception that it's going to make you deliver higher quality.
They won't. But done right, both ITIL and ISO 9000 give you one thing: predictable, repeatable output. Maybe your desktop guys are not very good at reinstalling Windows, and maybe your X-Ray QA is not good at spotting bad weld jobs on titanium alloy. But if you're an ISO 9000 or ITIL shop, the procedure will always be the same so you can know in advance that 24% of desktops will need re-imaging and that 61% of QA will give false positive, so you can adjust your planning accordingly. The actual quality is not better or worse, but it's consistent.
The alternative is to get sometimes good output, sometimes bad, depending on who gets the tasks, the time of day, was it before or after the first coffee break, etc. Maybe in such chaos you can find high quality once in a while, but it makes it very difficult to establish any kind of pipeline or planning.
Re: (Score:2)
The big problem with adopting quality frameworks* is that people adopt them to check a checkbox without understanding how they are supposed to work. Lousy but reproducible work is the result of doing the bare minimum to get certification. Unfortunately, that bare minimum is still a lot of effort because you have to document all your
Re: (Score:2)
Lousy but reproducible work is the result of doing the bare minimum to get certification.
True. And a good symptom of that is when the service delivery team becomes a "ticket machine"; it becomes like the customer service counter at a retailer where they will basically accept a dead squirrel as an alleged broken toaster if it comes with a valid receipt.
I didn't say it was easy, or that the majority of organizations get it right. But done right, it's gold.
Re: (Score:3)
"the problem is not the framework (or standard), it's the blind trust in it and the misconception that it's going to make you deliver higher quality."
This. Almost always, frameworks like ISO 9000 or ITIL are the bright idea of someone in management. The people who actually ought to live this stuff have it imposed on them. In fact, the processes turn into stacks of paper sitting in a closet, ignored except when re-certification time rolls around.
It's important to have processes that work for you and your org
Re: (Score:2)
done right, both ITIL and ISO 9000 give you one thing: predictable, repeatable output. Maybe your desktop guys are not very good at reinstalling Windows, and maybe your X-Ray QA is not good at spotting bad weld jobs on titanium alloy. But if you're an ISO 9000 or ITIL shop, the procedure will always be the same so you can know in advance that 24% of desktops will need re-imaging and that 61% of QA will give false positive, so you can adjust your planning accordingly. The actual quality is not better or worse, but it's consistent.
By that definition of "quality", a McDonalds meal is of higher quality than a french chef's 4 course menu. The burger flipper has QA measures in place to make a burger taste like the same cardboard from Alaska to Zaire while the chef never can reproduce a meal exactly to the point if he has to take into account natural variations in availability and taste of fresh and/or local produced ingredients.
Or wine... what gives the 2002 Chateau de quelque chose it's special quality is that it can not be reproduced e
Re: (Score:3)
The Commandant of the Coast Guard once told (a congressional committee?) that one COULD make a concrete life preserver according to ISO 9000 standards, so long as the paperwork was properly done.
You're correct: adherence to the standard will give predictable output in the product, the documents that accompany it, and record keeping of the process used. It doesn't mean the product will be right for the needs or even objectively good but you'll be able to determine those from the documents. Some hands-on mi
Absolutely (Score:5, Informative)
Ahh yes, the "we really suck, but we consistently suck, we've got the ISO 9000 cert to prove it" argument.
Yes. That's the whole point.
True story. I used to work for a company that did low-cost assembly for big vendors. Razor-thin margins, which means that the whole business depends on a highly efficient supply chain composed of other low-cost suppliers. When it came to a specific production line, a change of less than 1% in components rejection would either cause a financial loss on the whole batch, or create an expensive shipping buffer which also incurred unsustainable losses. So at one point the company ditched a "mostly high-quality" supplier for a consistently terrible one. Being able to tune the production line and let it run at a predictable rate was immensely more profitable than getting fewer average component rejections.
And I believe this approach also works in large organizations. You don't want to have two sets of baselines for a big project depending on "how long will it take to get working environments"; you want always the same kind of environments and use that as a reliable figure in your planning. Both ISO 9000 and ITIL include continuous improvement mechanisms, but they're not higher priority than having a predictable, consistent delivery.
Re:Absolutely (Score:5, Insightful)
"So at one point the company ditched a 'mostly high-quality' supplier for a consistently terrible one. Being able to tune the production line and let it run at a predictable rate was immensely more profitable than getting fewer average component rejections."
This is why the logic of capitalism will, ultimately, destroy us all.
Re: (Score:2)
For ITIL, I really like the VisibleOps approach.
http://www.wikisummaries.org/w... [wikisummaries.org]
Four steps that translate well to easily understood PowerPoint slides. It takes the guesswork and the "certified practitioner" scam out of the equation.
Re: (Score:2)
creator who is time? WTF is that supposed to mean?
Re: (Score:2)
Most people call him "Doctor".
Re: (Score:2)
These are "Avoid until you know what you are doing.".. and many very successful IT shops never use these. If you took the time to just stop, think about appropriate policies and procedures needed to keep IT running smoothly, enabling the business to be successful you could do away with much of this consultant crap.
Think about it...
Budget
Project & Service Requests
Change Management
Issue escalation and resolution
Get through those four and you have 90% of what IT needs to do covered.
As for the OP article -
Uh... (Score:2)
None of those were best practices...
Best practices are like, "never auto-commit schema changes, always dry run them first".
Buy not build. (Score:5, Insightful)
I am not talking about common tools such as email servers, word processing, spreadsheet...
But software core to the operation of your business. Companies will sell you massive enterprise solutions, filled with best practices and buzzword features.
However the effort in implementing this is usually much more complex and costly than a small team of full time developers to make simple solutions to solve the problems unique to the business.
These companies selling these solutions hire a team of full time employees just to support the company. Then they charge you for the software and their time plus the profit margin. So you end up paying more for features you don't use and extras that are hacked in and barely work.
Your organization offers solutions, products or services that are unique. Why would you expect software and best processes to be the same.
Re: (Score:2)
Second-System Effect. What you're really buying is a programming framework in the end.
Re: (Score:3)
Second-System Effect. What you're really buying is a programming framework in the end.
Are you sure you didn't mean the Inner-Platform Effect [wikipedia.org]? (Although if you're really lucky you could end up with both simultaneously :) )
Re: (Score:2)
I did mean that, but forgot the name. But I'm pretty sure that it's the first stepping stone on the way to Inner-Platform Effect anyway. Very likely you have both.
Re: (Score:2)
Re: (Score:2)
They are hostage to their developers when they hire 20 to build the thing in half the time, then lay off 90% when done, rather than hiring a team of 5, taking 4 times longer, and having a small core of good people, kept around forever, working on updates, upgrades, and continuous improvement on what they built.
Faster, cheaper always win over quality.
Re: (Score:2)
Your organization offers solutions, products or services that are unique. Why would you expect software and best processes to be the same.
Spot on. Being the best at implementing whatever is in Gartner's magic quadrant is not a difference maker.
Implementing this kind of enterprise product is often a minefield, especially since those products assume that:
1) your business process are in line with the industry
and
2) you actually have well-defined business processes that apply to the whole organization
which is almost never the case. Even inside a large, somewhat stable organization, rolling out a big ERP a la SAP is a nightmare because Branch X has
Re: (Score:2)
I only want to add the caveat that you have to have someone with some kinda clue how to evaulate the solutions your programmers are making.
I've had a 'software developer' melt down because :
1) The mere thought that the system java is updated because he need a very specific version, even tho he doesnt write aganist the system JRE
2) The queries are to complex for jdbc/odbc and can only be done via the full Oracle client
3) incapable of understanding that NTFS is the default file system for Windows XP, but is t
It's always tempting to outsource (Score:2)
Re:It's always tempting to outsource (Score:5, Informative)
When you spend $1M on IT and IT collects $5M on chargeback, making the "Service" profitable, at the expense of logic and reason, and leading to outsourcing.
If chargebacks reflect the cost of providing the service, and are lower than can be obtained elsewhere, then it will only be a good thing. It demonstrates the value, and prevents budget squeezing.
Re: (Score:2)
I've seen the chargeback rate so high, it was easier for the developers drive to the store and pick up a Dell Server (or whatever), and install that instead of buying the IT Server Service.
What if the chargeback rate is the real IT cost? Then picking up a off-the-shelf server would actually be the right choice for the company since it's so much cheaper.
Re: (Score:2)
What if the chargeback rate is the real IT cost?
Then fire your IT director/manager/CIO and hire someone competent. Done right, contractors are always more expensive.
How can it cost more for the IT department to buy a Dell than someone with a credit card and no business account? How long does it take a programmer to build a server to a good standard? Will it be properly patched and supported after? If your IT department is actually more expensive than paying a programmer to buy and build his own server, then you are doing something wrong.
Though, I'v
Then you have piles of "rogue servers" running... (Score:2)
Lots of different types of servers needing individual TLC is stupidly expensive in the long run...
Adoptin Technology you don't understand.. (Score:5, Informative)
ALWAYS avoid adopting technology that you don't understand just because somebody on your staff or a salesman with some glossy sales flyer says it will be great! If your manager shows up with the idea, convinced that it's going to be the solution to all his problems and won't take your advice on the matter, update your resume....The devil is ALWAYS in the details...
There is no silver bullet... Trust me, I've looked for years... However, that doesn't mean you cannot shoot yourself in the foot with a plain old lead round.
ITIL (Score:5, Informative)
From bitter personal experience, trying to implement the entire ITIL manual down to the tiniest detail instead of treating it as a guideline for what might be applicable.
Case in point: my former employer had a dated-but-usable change management and helpdesk system they'd used for years. It was due for replacement. They brought in a non-IT project manager to design it. Mrs. Non-IT Project Manager proceeded to treat the ITIL guidelines as some sort of roadmap, demanding the most granular, process-laden, cumbersome, needlessly-complex system I've ever seen. It was universally reviled. Nobody understood it. Nobody was properly trained on it. Tasks that used to take hours now took days. People started working around it, not using it, in order to get even basic stuff done. The system required a complete overhaul -- this time using actual input from the people who would be using it and/or served by it -- and eventually became usable at a cost and schedule far beyond the original mandate.
Meanwhile Mrs. Non-IT Project Manager was given a raise and promoted to somewhere where she couldn't do that kind of damage again.
Re: (Score:2)
Sounds sadly common. Project managers shouldn't own the requirements in the first place, just delivery against agreed requirements.
Re: (Score:2)
SlashDot (Score:2)
And blindly following banal best practices that may or may not apply in any given circumstance. In other words, learn from others, but always use you best judgement.
Re: (Score:2)
I agree. I'd pick "right practices" over "best practices" any time. Unfortunately, the bigger the organization, the more difficult it is to get decision makers to embrace common sense over whatever 2 minutes of googling tells them.
And the ugly trick is... (Score:2)
If you follow those "best practices"; you are basically doing what you can to act like a contract or outsourced IT service provider despite being an internal unit. If that's the best relationship the department can have with the rest of the company, yeah, odds are that it isn't going to go all that well. Best ca
Password Changes (Score:5, Insightful)
Forced password changes every X days. This just leads to people picking really shitty passwords. At one company I worked at for a while, they mitigated this by simply doing "simple word" + month + year. TOTALLY hard to figure out!
Re:Password Changes (Score:5, Informative)
Re: (Score:3)
And that's the problem! How can these certifications be taken seriously if they require policies that will either lead to even worse passwords or (if you try to enforce better passwords AND regular changes) to Post-It notes under everyone's keyboard!
Re: (Score:2)
And the answer is that HIPAA, SOX, and CJIS are all legal standards. IOW, they were drawn up by politicians, not by anyone with any understanding of IT.
Re:Password Changes (Score:5, Funny)
The mandatory online security training we did the first day at GoDaddy actually recommended satisfying the mixed-case/symbols requirements by using an initial capital letter and an ending exclamation point.
Course, Go Daddy is also the company where they fired one of the five guys on my team, didn't replace him, and then the next week started having daily meetings to discuss how our productivity had gone down 20%. Math was not management's strong suit.
Re: (Score:2)
Forced password changes every X days. This just leads to people picking really shitty passwords. At one company I worked at for a while, they mitigated this by simply doing "simple word" + month + year. TOTALLY hard to figure out!
If you want to know what will happen if you don't force users to change passwords, just look on Facebook for their pets/kids name. I'm certain you won't find 80% of your passwords there or anything...
(Oh, and don't forget to keep that a secret. We wouldn't want hackers to TOTALLY figure that out!)
Re:Password Changes (Score:5, Informative)
Enforce a single-sign-on long and complex password.
That you rarely (years) require to be changed.
Forcing a password change every 60 days doesn't accomplish anything but either create easily guessable variations, reducing the password space, or create lists of passwords, generally in something insecure for most people.
Re: (Score:2)
Don't think that user selected forced password change policies are the worst. I can literally log in as anybody in the company.
Re: (Score:2)
Enforce a single-sign-on long and complex password.
That you rarely (years) require to be changed.
Also, require 2FA with a convenient hardware token. Something like a Yubikey Nano.
The problem with passwords alone, even long and complex ones, is that it's too easy for an attacker to acquire the password via phishing or social engineering. Adding the hardware token eliminates remote phishing attacks, and makes social engineering dramatically harder. It's odd, but people are much more reluctant to share a physical object than a password, even when they believe the the requester is legitimate. And even if
Re:Password Changes (Score:4, Funny)
As a Post-It shareholder, I resent this observation. We have campaigned long and hard for the 60 day password change philosophy, and share price is important to our pension funds.
NIST 800-63-3B changed that (Score:5, Informative)
As of NIST 800-63-3 forced password changes based solely on time interval is no longer a 'Best Practice'. Now the Best Practice is to expire passwords only when there is suspicion of account or system compromise.
Sadly it will take some time before the many organizations who copied the old best practice into their own documentation can step up to current best practice.
Re: (Score:2)
Also, the old best practice was copied into a number of laws, including HIPAA and SOX, and it will likely be even more time before any of those are changed.
Re: (Score:2)
As of NIST 800-63-3 forced password changes based solely on time interval is no longer a 'Best Practice'. Now the Best Practice is to expire passwords only when there is suspicion of account or system compromise.
Sadly it will take some time before the many organizations who copied the old best practice into their own documentation can step up to current best practice.
I'm assuming you're referring to this stupidity found in DRAFT NIST SP 800-63-3B:
"Verifiers SHOULD NOT impose other composition rules (e.g., mixtures of different character types) on memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically) and SHOULD only require a change if the subscriber requests a change or there is evidence of compromise of the authenticator."
I've read through the DRAFT publications, deal with 27001/CSC/NIST standards on a daily basis, and this is the one of the dumbest recommendations I've ever read when it comes to password policy and system security.
Unless you enforce it, users WILL NOT choose complex passwords. If you need further evidence of this, take a look at those Top 10 Worst Passwords lists that have been published over the last 20 years. They fucking n
Re: (Score:2)
People are always, always, the weakest link.
If you let people choose passwords, they'll choose very bad ones. If you force them to change them regularly, they'll choose bad passwords with easily predictable permutations. If you force them to use generated good passwords, they'll write them on sticky notes and put them in email.
I used to work with a guy who specialized in information security. He would run cracking programs against our systems and report any bad passwords to the appropriate manager. One of m
Re: (Score:2)
Are you suggesting we should change he users every 60 days? I'll vote for that!
Re: (Score:2)
You're missing the point.
There have been hundreds of database breaches [haveibeenpwned.com] in the past few years. Every password in those databases should be considered compromised. However, it's most likely that an attacker will use the dumped passwords as a dictionary, or at most try a few simple variations for a known user. It's far less likely that they will be able to guess the "simple" password if it's different and random for every organization.
Password reuse is a threat, and it's becoming more prevalent every day. The
Re: (Score:2)
Good thinking on that Password Manager front! https://it.slashdot.org/story/... [slashdot.org]
Best practices to avoid (Score:5, Funny)
If there's a best practice to avoid then avoiding it becomes a best practice, and then you should avoid avoiding it. Or something.
Re: (Score:3)
This. A thousand times this!
Nobody ever got fired for buying IBM (Score:4, Insightful)
therefore, buy IBM
Rapid anything, Do It All At Once, NoRollbackTest (Score:2)
1. Anything with rapid in it's name. Rushing stuff means it breaks. It may not break today, but it will break under heavy load when you're trying to do payroll.
2. Do It All At Once. Trying to change multiple things at the same time inevitably means you didn't understand the implications of the massive retraining, the fact that the sales force can't complete transactions fully, and the fact that the world ain't perfect like the software and hardware think it is.
3. Not having either rollbacks or testing, or c
Strict OO architecture (Score:2)
Re: (Score:3)
It seems "web architectures" are just becoming unnecessarily complex, perhaps because architectural purists are over-doing pet concepts (not just OO), or because we are all waiting for a new web UI/standard to be invented so that "web apps" are not so damned Rube-Goldberg-ified.
"We have to do it that way because the web has no state and is not a real GUI." We'll, let's find a way to give it real state & real GUI then, instead of fake it with blindfolded twirling back-flips, turning CRUD into Braille roc
Don't verify that web-apps follow your standards (Score:5, Insightful)
Or have very bad standards in the first place. That way, you are going to enjoy all "Web Application Worst Practices" that people can think of. I am currently assisting a customer wading thorough such a mess.
Also nice: Fire people that created and understand the application after they have finished, but before anything is documented.
And to top it off: Declare the proof-of-concept to be the final application. It is much cheaper!
Disagree with Bob's # 6: Charter IT projects (Score:2, Insightful)
I disagree with Bob's #6, that it is a mistake to charter IT "projects."
He says:
>
The problem is that IT does not have control over something like "increase sales effectiveness." It's nice to push that as a goal and justification for a project, but all IT can be held to is "implement Salesforce.com." That is our expertise and what we can deliver. Of course you can partner with other departments, but you shouldn't commit to nebulous goals that depend on them having their shit together and excelling.
Do not label printers with network names for user (Score:4, Insightful)
Re: Do not label printers with network names for u (Score:2)
Do not treat your users like customers (Score:2)
Laying off old people (Score:5, Insightful)
/ not bitter
Stop treating IT as a cost center (Score:2, Insightful)
Companies usually define IT as a cost center because money goes into the pit and no money comes out. They prefer putting $100 into something and getting $200 out of it. Give the sales staff a huge expense account and huge sales commissions and the money just pours in. Give the IT staff entry-level pay and continuously cut their budget because all you ever see is money going down the drain quarter-after-quarter. At some point they determine they really don't need IT and they save even more money. #Fail
Oracle (Score:2)
Oracle, SAP, IBM and other expensive licensing deals.
Let's put it all in the cloud! Why? "CCLLOOUUDD" (Score:2)
Sysadmin: "Does it make sense to put it in the cloud?"
Boss: >Holds up a CIO magazine with a picture of a cloud on it< "Because it'll be in the CLOUD"
Sysadmin: "What's this application going to do? What type of data is it going to be handling?
Boss: "But it'll be in the cloud, it'll be <looks quickly in magazine> a fully virtualized extensible angular flask framework!"
Sysadmin: "You're just reading buzzwords!"
Boss: "Let's senergize our git repos w
Lareg copanies (Score:2)
The last large company I was in (a major bank) was indeed doing, I think, all of the recommended 12 practices - oh, hang on, you mean those are things we should not do? Damn!
Those daily SCRUM meetings, including half a dozen people on speakerphone from what sounded like a busy market square in downtown Mumbai somewhere (complete with cow noises) - yup, they went really well.
Everything on IT-Security Best Practice (Score:3)
No joke. It's a surefire way to grind your IT department to a halt and the rest of the company along with it.
Number one on that list should be "Make people remember ridiculously long passwords, force them to change them every other day and make sure that they have to invent new passwords every time, with no semblance to any of the past 1000". Not only will you ensure that your help desk is drowning in "I forgot my password" calls, especially after days like Thanksgiving when there's a 4 day weekend, it will keep people busy coming up with new passwords.
Number two is of course "and don't write it down". So you can make sure that people not only get creative in how they note down those 12+ character word salad you dished out to them, you can also make sure that they don't dare to talk to you anymore lest you learn where they wrote it down.
I think you can easily take it from here. Make sure you don't forget to keep the storage team busy with ridiculous "Best Practice" backup requirements that are impossible to fulfill and you should be the best CISO ever. Well, at least on paper. And we all know you only make big leaps in your payment when you switch jobs, something you'll do often if you heed the IT Security Best Practice recommendations.
Because you'll leave sunken companies behind you.
Re: (Score:3)
Er... actually... almost all the recent security advice is NOT to do that with passwords. People are catching up and even domestic security agencies are recommending to stop that nonsense to government agencies, etc.
Don't write it down - that's subjective. Granddad at home, where someone burgling him will get hold of his Facebook password that's used to look at grandkid photos? Yeah, not an issue. Office workers sharing logins in an open book? Not a good idea.
In fact, I recommend that every workplace w
Hiring (Score:2)
Be like the other guys! Be like Zynga! (Score:2)
My last IT employer had a vast set of milestones they wanted to hit by 2012. Goals! ha
One of them was to make the company be just like Zynga. Mind, Zynga was already in failure mode long before this visionary goal was born, and the work we did had absolutely nothing to do with anything Zynga did. .Very different products and markets.
Apparently the people who did the goals only looked at revenue or some sort of number where Zynga looked great on paper. But some of us knew the truth and openly laughed
Re: (Score:2)
Re: (Score:2)
That's #9...
Re: (Score:2)
Outsource the IT to India.
You didn't RTFA. That is on the list.
Re: (Score:2)
Outsource the IT to India.
You didn't RTFA. That is on the list.
You must not have read the article to the very end: #13: Don't read the article, just assume from the title and move one like you know what it said.
Re: (Score:2)
Re:Outsource (Score:5, Informative)
Also, Insource the IT from India.
Seriously, it's like every Architect, Developer, and Tester is Indian. The BAs too lately. Same problem as outsourcing through... no speed, no creativity, no ownership, no quality. Just confusion and half-assed results. And immigration for the whole familty. Good luck taking the PM roles from the angry middle-aged white women though!
Re:All of them (Score:4, Insightful)
Best practice is code word to stop complaining and do it my way.
Re: (Score:2)
Have you quantified the strategy of only using measurable policies vs. using "best practices" based on some other measure to determine if it is, in fact, a better strategy?
Re:All of them (Score:5, Interesting)
From a book on Photographic Technique:
"Best Box. The Photographer has their Camera Bags. The Assistant has the Best Box. "Best" in this context is lost in History, but was generally considered as containing the most important Lighting goodies. The term dates back to Shakespeare. In Cinema, the person responsible for the Best Box is known as the Best Boy, regardless of gender. (Before "Boy" had any specific youthful gender assignment, it referred merely to a Servant or somebody useful, and maintains this definition in Ireland, where such people are known as "Boyos".) About two decades ago, a new term emerged, stolen right from Cinema- "Best Practices"; originally concerning Lighting. Anybody using this term these days off-stage is a fraud, and "Best Practices" is a phrase best commonly employed in the game of "Bullshit Bingo"."
Re: (Score:3)
That's an interesting made-up story.
Re: (Score:2)
Make sure you FUND things like back-up tapes and document-security-review-and-inspection-staff. Certain parties like to cut their funds to sub-bare-bones.
Re: Avoid directory service, aka AD (Score:5, Informative)
A directory service is good in theory but most it departements isn't competent enough to hande it, i.e. it will cost more than not using it. .
So every computer and server in the company should have separate accounts and passwords? I ask because having a common source for accounts and passwords across an enterprise (or even a small business) is one of the primary things a directory service does for you. Thinking about using Google, Facebook, or Microsoft accounts for you employees to log into company resources? Those are (outsourced) directory services as well.
Secondarily, directory services provide the ability to group users together for various permission granting. You grant rights to accounting resources to your "accountants" group and then you place your accountants in that group. When you hire a new accountant, you just put them the the group; when an accountant leaves the company or moves to a different job function, you take them out of the group. How would you accomplish this reliably without some sort of directory service?
If you are talking Microsoft's directory service (AD), you also have the ability to maintain consistent workstation configuration, which can be quite difficult without a directory service.
I believe it would cost you more in terms of time, effort, and mistakes you will make if you *don't* have a directory service.
Re: (Score:2)
I believe you're right, but there is a tipping point. As with many things, working well small does not equal working well large.
An office of three people may be better off without trying to manage AD where every OU has to be customized for one person. At three hundred, that same management style will break down in a never-ending cycle of fixing dozens of issues every day that could have been avoided with group policy.
The trick is knowing when a system will save you work vs when it will cost you more. Our of
Re: (Score:2)
This all depends on the size of your organization and competency / bandwidth of your IT department.
For an organization with 10s of thousands of employees located at hundreds of sites around the world, yes, AD is priceless (if, still somewhat less than 100% up to expectation at times.)
For an organization with 10s of employees located at a single site and an IT "department" of one or two guys... ummm.... been there, done that, no, AD was NOT worth the time and apparent effort - maintaining separate passwords
Re: (Score:3)
Active Directory is good, until it's landed with too many insane Group Policy Objects. Seriously, it'll make some people's lives just a living hell, especially developers. It's astounding what will fail to install when you can't check for updates. But, then again, you can put them and their machine in a different group with a different set of policies, but I haven't been to a shop yet that realizes that's totally a thing.
And yea, let your developers have the latest OS and updates. Make them the canaries in
Re: (Score:2)
And In return you basically get only password synchronization. Even group membership management is not important anymore unless you are still using Samba. And AD doesn't automate a lot of important tasks like setting up wireless connectivity, installing updates and so on.
Re: (Score:3)
No technology will help if you have shit processes and petty politics. Don't blame the tech, blame the shitheads.
Re: Avoid directory service, aka AD (Score:2)
Re: (Score:3)
Flash is a horrible flaming turd of an application/platform that is depreciated and can't die in the fiery pits of hell as fast enough. They could never figure out what it wanted to do so they they tried to have it do everything and to sell it, they gave PHBs everything they asked for that could technically be rammed into code (notice, I didn't say "work"); thus causing today's problems. Please try to help along its demise as expediently as possible by getting it out of your organization.
[I know, tell you
Re: (Score:2)
Offline backups are fine, you don't have to do them on tape anymore. Most people however have never worked or cannot afford modern tape. A backup is better than a badly working, slow or intervention-prone backup which is synonymous to cheap tape system offers ($100k)
Re:Avoid Tape Backup (Score:5, Interesting)
If $100k is a cheap tape system then I've got a cheap bridge to sell you.
LTO5 drives come down in price a lot since the newer LTO types have come out, and you can hold a lot of stuff with staggered backups over a few of those 1.5Tb tapes at less than $30 each.
It doesn't take a massive amount of data before the combined drive and tape cost beats external USB drives.
The important thing is so long as you have something that is not actually connected when disaster strikes. A tape or USB drive that is not physically connected to the machine when things go wrong is the idea.
Re: (Score:2)
Got some inadequacy issues to deal with?
Re:The #1 practice sure to sink your business (Score:5, Funny)
I spend a lot of money paying Internet trolls to trash-talk linux in public forums so that my competitors won't run it.
Re: (Score:2)
Dude, you deserve a prize; I've been a Slashdotter since the 90s and these useless troll-posts of yours have been attached to every news story on here without fail since then.
For nearly 20 years, trolling uselessly, without any content or point.
It's pretty impressive