Tom Petrocelli's take on technology. Tom is the author of the book "Data Protection and Information Lifecycle Management" and a natural technology curmudgeon. This blog represents only my own views and not those of my employer, Enterprise Strategy Group. Frankly, mine are more amusing.

Tuesday, October 27, 2009

FTC Is Okay By Me

I'm fired up about the new FTC rules regarding bloggers. I didn't say I was mad or annoyed about it. Actually, I'm happy and excited. For those who don't pay attention to what goes on in the blog world (and yet you're reading this... whatever.) there are new rules in the U.S. regarding how you present certain information about products in blogs.

The U.S.Federal Trade Commission, commonly called the FTC, is charged with insuring fair trade in the United States. Part of their mission, I would argue the most important part, is consumer protection. These are the federal watchdogs that make sure that business doesn't take advantage of the average consumer. That is precisely what they are doing with the new rules for bloggers. In a nutshell, if you get paid to write good things about products, you have to reveal that. If you talk about the results of a test or a consumer experience that you know are not typical, you have to say what is typical. If a company comps you with free products, services, or tickets to a Buffalo Bills game, you have to reveal that too. Okay maybe not the Bills tickets this season. (I live in Buffalo, NY so no hate mail please. You know it's true.)

Basically, if you are being paid to say nice things, it is a paid endorsement and that has to be disclosed. It doesn't matter if the payment is money or in-kind. You have to let people know that you may be influenced by that compensation. This is not a privacy issue, it's a commercial one. It is important that someone reading a blog know what conflicts of interest may exist that could effect what the blogger says. This is not about free speech. It is about commercial speech which can have restrictions not applicable to individuals.

Frankly, these rules are no different from what you see on TV or in newspapers. When a celebrity endorses a product on TV, at the bottom of the screen are tiny letters that say “Paid Endorsement”. This is because it is really an advertisement, placed by an agency or company, and using the actor as a spokesperson. The only real difference is when they tell you that you can make millions with no money down, they have to let you know that that only applies to those at the top of the pyramid. Getting rich without risking your own money has not been typical since the dot com crash. Unless you are a Wall Street banker of course.

And while the rules don't address Twitter and Facebook specifically, the same should apply in those media as well. While we're at it, white papers should also denote when something is done for pay. When I was in the analyst game, I insisted that any white paper I put my name on be only what I wanted to write. Otherwise, the company could have the paper but leave my name off of it. Even with creative control, I still told the audience that it was a sponsored paper. Despite my best efforts, I still couldn't be sure that my client didn't exert some influence that created a conflict of interest. Not in a nefarious manner mind you. It's just that relying on someone for your livelihood can change your perspective even if you are not aware of it.

So, I'm glad for the new rules. It's sad that we need the government to remind us of our ethical duty. It's unfortunate that we can't trust what we read. Too bad. But until the day comes that all people are perfect, I'm glad to see my government taking a stand and insisting on good behavior for our citizens. Thanks FTC.

Thursday, October 22, 2009

eBox Shebop

Back in the day, Linux was mostly a geek toy. You had to compile the kernel from source and install all the applications including the GUI by hand. Even by Windows 3.1 standards, it was very technical and primitive. In those days, Linux's best attributes were that it was free and basically UNIX. A lot has changed since then. Linux has become a viable UNIX replacement in servers, helping to fuel the rise of a great many Internet companies. It has also tried, with limited success, to become a desktop operating system and rival to Windows and Mac OS X.

One of the biggest holdups to widespread adoption of Linux has been installation and configuration of software applications. Linux distros seem to subscribe to the philosophy that real men hand edit configuration files. It's the command line that separates the men from the boys. Linux is like a techie version of a sports car. It's about proving something. I just won't say what that something is. Package managers have done a lot to streamline installation but configuration has always been a black art. There are entire books written to help trained system administrators tackle SAMBA configuration. Not to mention every other major Linux package.

This might be fine for the hard core sys admin. It makes them feel superior to the rest of the morons out there. It doesn't work, however, for the vast majority of people milk fed on Windows installation and GUI-based configuration. Even when there are decent configuration tools (which often, in an awesome display of irony, have to be installed and configured separately) and package managers, everything is piecemeal. To set up a user on a box requires configuring many different applications using different tools, some only available from the command line. All of this has been holding back adoption of Linux as a commercially viable alternative to the Windows hegemony.

The good news is that this is changing. A fairly new distribution called eBox has solved many of the problems that have plagued Linux server installation and maintenance. Perhaps it's fair to say that eBox is a mega-distro. It is based on Ubuntu Server, which is itself Debian based. What sets it apart is the comprehensive web-based management tools. They allow single screen configuration for many typical tasks that a sys admin faces. For example, you can set up a user account along with associated file shares, email accounts, and groupware configuration all from one place. This is even better than Windows which still relies on wizards walking you through the process.

Think of it this way. Old Linux is like shopping on a busy city street. You have to walk and walk to lots of individual stores to get what you want. Windows Server is like a department store. Everything is in one place but you still have to go from department to department. eBox is like a personnel shopper. Everything comes to you.

One of the best features of eBox is the initial package installation. It groups packages into functions like networking, security, communications, office (basically file and print services), and infrastructure. This makes it easy to configure a server for specific purposes such as an office file server or a network gateway. The documentation clearly shows where to place the different types of servers in your network to get maximum safety and effect.

eBox is not perfect by any means. Installation (on a virtual box I admit) was difficult. Not difficult in the sense of hard to do since it walked me through every step. Difficult because it hung up a bunch of times. The root password is not obvious. I wasn't asked for it and it isn't the same as the initial admin account as is typical of most Linux installations. That severely restricts what additional software I can install on the server.

While the seection of packages are good, there is not database server package. I know that PostGre SQL server is installed but configuration for it is not included in the web-based configuration system. Application or database server and developer packages would be a good idea. Virtualization packages would also be nice in the future. Maybe a “cloud” package although I suspect that way madness lies.

eBox is an important step forward in making Linux a viable alternative for enterprises of all types but especially for the Small-Medium Business market. With limited or no IT resources SME organizations need easy setup, configuration, and management. That was hard to deliver using Linux before eBox.

There is one truly unfortunate aspect of eBox: it's name. It shares said name with a small PC product from Taiwan. It's bound to cause confusion. I suggest changing it as soon as possible.

Disclosure: The eBox software was provided for free. Of course, it's provided to anyone for free. Just download it from their web site. So, I guess this doesn't really count but why mess with the FTC.

Monday, October 12, 2009

Lost In The Clouds

Ah! Lost in the clouds again.

Sounds nice right, unless you're a T-Mobile customer. In that case, lost in the clouds means your data was lost during an upgrade. Too bad. Most of the attention in the blogsphere has been centered on how stupid this appears. A lot of folks are railing against how avoidable this was, how best practices for data protection are well known, how unfortunately common this sort of thing is, etc. I wrote a book on that stuff years ago and it was not new then. Well, some of it was new but the basic blocking and tackling wasn't.

The central issue is being avoided though. It's uncomfortable to address if your company is involved in any type of outsourcing, and what major computer company isn't these days. In all the moaning about how Hitachi Data Systems and Microsoft (T-Mobile partners in this fiasco) should have done better, in all the technical details, in all the posturing about best practices, the core problem with outsourcing is being ignored.

Trust.

I don't care if it is Cloud Computing, call centers, data centers, or overnight delivery. When you outsource you have to trust the outsourcer to do as good or better a job as you would. You can't be looking over their shoulder 24/7. They can't have you in their shorts either. For the relationship to work there needs to be a lot of trust.

I have been on both sides of the outsourcing game. When you hand over a mission critical functions to someone else you have to do your homework. You have a duty to make sure that the outsourcer has the capabilities, best practices, and determination to do your business the way you need it done. They have to look out for your interests. It's a relationship that needs attention.

This is the problem with outsourced Cloud Computing. You have to have the expertise to evaluate your outsourcing partners, the time to conduct appraisals and look at references, and people to monitor performance and deal with problems. I'm not saying that T-Mobile didn't do this. Bad things happen to good companies. But with the hype around outsourced clouds, a lot of trust is being handed over to folks whose abilities are barely known. It's like getting married after the first date. And in this case, what happens in Vegas ends up all over the Internet. Like Paris Hilton, but I digress...

What worries me is that a lot of folks will get sucked in by the Cloud Computing hype who are not ready to do it right. I especially worry about smaller outfits with fewer resources. To them, Amazon S3 is a god send (not to pick on Amazon). Or Mozy for that matter. Solves a problem cheap and quick. Just what everyone wants. Don't worry. They're big companies. We can trust them, right? Right...

Trust takes time and effort. Any type of outsourcing, Cloud Computing or otherwise, requires a lot of trust. Go slow, take your time, and get to know each other first. You have the rest of your lives together. No need to rush.