TechworkLife

The Multiple Password Quandry

There isn't anything new about securing applications or computers with passwords. It is not advisable to just have one password for all purposes, and end-users are strongly advised not to do this. For their own sake, no user knows whether a web application done for personal use will be comprised. It isn't a given that the passwords you enter into an application are hidden from the administrator. You should assume they are not, and try to keep a different one for each web site. Multiple passwords can create some semblence of security.

Of course there are many issues with basic name and password challange for access. Any computer can be comprised if it is not physically secured, and the only hope there is that the data has been encryted to resist the intruders machine access (Of course this has a penalty if the user forgets their encrytion password and the backup is also encryted ). No, it is an imperfect world for using logins, and the IT Manager must walk a fine line between reducing easily guessed passwords and keeping administration of password resets to a minimum. There are several strategies that end-users can be advised on. Here is a pretty good one. Applications that keep your multiple passwords for you can be handy, yet provide an single point of failure in protecting assets, and the much used browser function of remembering your password for web logins is a double-edged sword (use it only if you secure both the sleeping and boot-up computer). If possible, smart card access or synchronized electronic passwords ( e.g. SecurID ) will give better assurance of the login identity, Proper role assignments also reduces improper access, but the password changes on a regular basis and monitoring of the logs are the best defense.

March Madness in the Office

Is your office inspired by the NCAA tournament? Many are, and this year it is very easy to access the games with free online streaming from CBS (InformationWeek article,)   Many offices tolerate pools for betting on this annual tournament, but the cost to the bandwidth of the persons following the games and the bandwidth of the office might be seriously comprised. How real is this threat to productivity?

Blackberry Blues

The modern connected worker is typified by the Starbucks coffee cup in one hand and a Blackberry device in the other. Caffine alert and plugged-in to the company messaging, for better or worse, our urban and urbane worker is much parodied for their "crackberry" use. Just as Starbucks has provided something not imagined 20 years ago (expresso-laced Americans- or "yuppie crack"), the Blackberry fulfilled something desired from the start of the personal computer: the pocket-sized method of carrying the office with you. Of course this is not exactly what is going on with the Blackberry, because it doesn't present all of what you can execute with your PC, but leaving the office has become less cumbersome and increasingly less likely to actually be "leaving the office." As the SmartPhones become more capable, the office is more in your pocket and more in your life more of the time. Above is a New Yorker cartoon from March 3rd of this year, and here is a poem from more than a year ago from the same magazine. It is a reminder that technology needs to be used in a proper moderation.

The Hubris of Tech Support

The sketch that Saturday Night Live (SNL) ran several times starring Jimmy Fallon made a connection with many office workers due to its true portrayal of "Nick Burns: Your Company's Computer Guy." The running joke was that befuddled workers were treated with disdain by Nick Burns (Fallon) at each turn. He was dressed "uber geeky" with pagers and cell phones as he swaggered through the office set expecting all the end-users to be ignorant. Their simple (and possibly ill informed) questions were met with derision and mocking. It was another obstacle that everyday people had to overcome to get their work accomplished.

Why was this a popular and memorable sketch? I attribute it to what the ancient Greeks labeled as "Hubris." After it was first described to me in college Classics class (or maybe high school English), I could easily identify with the concept. Hubris is the danger of being (in Hoosier parlance-- I'm from Indiana) "too big for your britches." Indeed, the Greeks felt that mortals that acted too mighty would be struck down by the Gods for not knowing their place (by Nemesis, the God of Retribution). Too many of technology's end-users have been subjected to the hubristic technician as they feel victimized by the tools they are forced to use. They hope, after their computer guy treats them poorly, that the tech Gods will mete out justice as well.

Conflicting tendencies of helping behavior and competition, along with a healthy dose of repetitive boredom and social awkwardness tend to move tech support staff into cultural isolation. It often is up to the the tech support person to defend the technology they support to the end user, even as they are also victimized by their inability to change much of the implementation. So the mix of these factors often results in an attitude of defensive bravado that is corrosive to the organization.

What is the answer? In my mind there must be a continual program by tech management to orient the tech staff in the organization's core tasks (the mission). The tech staff must also socially interact with the staff they support in a way that associates the tech staff with success and fun rather than always problem solving. Most importantly, tech support must honestly address issues that prove difficult to solve by support. Admit that you don't know everything (but will find out). This means engendering a cooperative atmosphere in the workplace so that (although there might never be a strong bridge) there is a bridge to the general organization that allows trust to form. The end-users must trust that the tech staff is making their best effort to reduce the obstacles in their way. In this way Hubris on the tech side can be reduced because everyone involved is working towards the same goals.

Comments on Zimbra Collaboration Suite

Recent experiences with Zimbra Collaboration Suite implementation have been relatively good. The quality of the experience certainly depends on the host provider (if that's how it is served to the the user community). Our first hosting company decided they really didn't want to do Zimbra and we got that sense even before they admitted it. You need to check the ability of the host to give you 24/7 response on trouble tickets and make appropriate upgrades without cutting off your staff. So far the 01.com service has been up to par and pricing is somewhat better than other hosts considered. There are drop-in appliances from other providers that are fairly reasonable if your organization is 100+ users (that justifies the licensing) and you then get full server command (I investigated SMedia). Otherwise your domain admin does most of what you will ever need.

When you consider the backup tapes, spam concerns, licensing, equipment costs, etc., the offsite hosting of mail becomes attractive. Something on the order of $5-$7 per user per month can be obtained, with storage rates that vary. Zimbra is also offering a archiving and search capability for any Sarbanes-Oxley compliance issues. Of course with the new client that might be avoided by the smart IT Manager who can arrange proper backups at the local machine. Most clients you may use with the service can archive in one way or another.

I am looking forward to the use of the Zimbra desktop client that will give offline use of the mail and provide the desktop experience that many users like. Of course you can always hook IMAP up to Apple Mail or Outlook and work from there, but the integration of their own client will be of great interest. For Macintosh users, a fully qualified desktop will avoid the clumsy use of iCal AND Apple mail. Things still seem stuck in Beta versions for the past year, so it would be nice to get a "gold" version installed for once.

Teh recent upgrade to version web client version 5 seems worthwhile.

Here's what Zimbra folks say are the newest features:

New features in ZCS 5.0 include:

* Native e-mail, contacts, calendar, and task synchronization from Zimbra to Outlook 2007

* Access Zimbra on all BlackBerry handsets, J2ME enabled devices, or any mobile web browser, including the Apple iPhone

* Zimbra Tasks monitor start and due dates, priority, progress, and percent complete of tasks

* Built directly into ZCS, Web-based Instant Messaging supports multiple conversations and group chats

* Conveniently store any file from an e-mail in Zimbra Briefcase instead of as an e-mail attachment; easily share Briefcase folders with others

* Work online or offline with Zimbra Desktop, the AJAX experience for Zimbra users and users of existing POP and IMAP e-mail servers

* Share inboxes and e-mail folders with others, including the ability to provide read- only-access or allow others to completely manage

* Fifteen fully certified languages ship within ZCS for end-users to choose

And they will be constantly trying to tie in Yahoo! services as well (since they just were purchased by Yahoo!). The Microsoft purchase would, I think, put the effort of platform independence in jeopardy. MS can't seem to leave well enough alone, but they should think before messing with what is winning online (can you say Google?) because they are obviously driving down the wrong online highway at present.

Office Standard Ad Campaign

It is becoming more and more apparent that large sums are being spent to persuade users of all types to abandon their Microsoft Office software (Word, Excel, and PowerPoint) in favor of the network types provided by Yahoo, Google and others. Is this a fulfillment of a claim made many years ago by Sun Systems (John Gage)?

Tech columnists on NPR, CNN and others see this as an appealing alternative for the broadband connected home user who doesn't get an OEM load of Microsoft Office (or a legacy or pirated version). Since the software is usually free and a home user's desired functionality and feature expectations are lower than a typical business user, the choice seems clear: hop on the Internet to work your apps.

If this was the driving force for the Office-type application use, then Microsoft (MS) would already be out of that business, but it is not. The current crop of free Office software in circulation is based on staying compatible with MS files, formats and features for good reason. Even a home user will pause to consider if their documents created at home will really be of a compatibility with what they use at work even if their aren't cross-tabbing their spreadsheets or multi-columning their word processing documents. Work standards rule, even at home.

Information Technology (IT) workers know that the end-user most readily sees the difference in dissimilar types of software (perhaps brands?) ahead of background programmatic issues. This is why back office PHP, Linux, and MySQL applications that work with Internet Explorer or other browsers on the desktop elicit few objections from the executive suite as long as these open source processes have sufficient uptime. Companies love not having licensing fees on their balance sheets and since they are relatively unseen by the end-user, blame for errors doesn't fall readily on these non-proprietary applications. Not so for the desktop office applications. Attachments are most often composed in Office apps and the failure to be read by a recipient is, in the user's mind, most readily explained by inconsistency of branded software. It is a reasonable assumption and a variable that companies are willing to avoid to get business done. Microsoft is the beneficiary of this way of thinking as they control the standard.

I propose that to overcome the obstacle that exists with office application deployment from open source systems that there be a credentialing agency established with the sole purpose of public relations. It could be funded by those companies most interested in this promoting open standards (Yahoo and Google among others) and have esteemed University members (educational institutions like the largess of Microsoft but also feel the pinch at some level). Like a "Good Housekeeping" seal approved (or maybe Underwriter's Laboratory) office technologies could package themselves like any other consumer good with the seal. IT departments would then have something other than web blogs to support their choices, and maybe the spell would be broken.

Is this any different from things like Oasis? Maybe not in the motivation, but it would be sold into the business community aggressively to succeed. . This means TV commercials during the US Open golf tournament and ads in Forbes and the Economist magazines touting the "Office Application Certification" by "CertApp" (or whatever it will be called). Efforts to knock down the Microsoft OOXML will not succeed unless promoted outside of the IEEE, ISO and RFC arena that appeals to techocrats and geekdom and placed into a Madison avenue track. There are plenty of standards efforts out there, but they do not appeal to the correct decision makers. MS Office has to be labeled the "high priced spread" that is unnecessary for business to operate.