Constraining Development

With great power, there must also come --- great responsibility! -- Stan Lee (Narrative in Amazing Fantasy #15)

All around us, in enterprises, schools, hobbies, and at home, we have computers. They are the modern day work tool. We live and work through these digital boxes. I remember, from my university days, students walking around like mindless drones whenever the university's workstations stopped working. "What should we do now?"

It doesn't matter if you're a student or the president. We are all dependent on digital computer systems. All computer systems are dependent on the system administrator. The system administrators have more power combined than all international councils combined (after all some system administrators must be keeping the council's operations running via their computer systems. There is a reason this shirt from Thinkgeek is funny:

ThinkGeek T-shirt

It's funny because it's true.

Their job bears a heavy responsibility. It probably contributes to their much rumored ill-temperament that users and crackers continually try to use their systems in a way the systems aren't designed to work (I would however say this problem is a result of the design and implementation of the software behind the system). Because of constant attacks and exploit trials it shouldn't come as a surprise that the recommended way to run a system on a network is with an "open-up-only-if-necessary" approach. By closing ports, system administrators free themselves from attacks that exploit those ports. By opening up only necessary ports the system becomes safer.

But as the system becomes safer from malicious users, normal users must deal with the added burden of not being able to try out or develop new solutions. Users will have to restrict themselves to ports the system administrator is familiar with and trusts. The system administrator might open up the port for MSN instant messaging or Skype but close the port for Jabber. Lotus Notes port might be open because that's what Lotus Notes uses but the IMAP port might be closed (there is also the possibility that the Lotus Notes system administrator doesn't enable IMAP).

Any system administrator would become irritated by a user's request to open a port just because they want to try out this or that software. What irritates me is that while they choose to close ports (often ports used by for free software because they don't know that software very well) they still choose closed, proprietary software which they know nothing about the internal runnings of and open up the ports to that application (well I am also irritated over my system administrator who opened up the SSH port on a DHCP connection which meant I continually lost my port access everytime I got a new IP address -- but that's another story). This security measurement is still understandable. The whole system is their responsibility. You just don't open up everything and invite people in. That would just be a bad judgment call. Even though it restricts users freedom to use what software they want to use.

But it just doesn't seem right that they close ports but open up access to software they don't know anything about. And they all open up port 80 for HTTP access. When evil-doers know what's always open why shouldn't they just focus all the effort to exploit that opportunity. Instead of making the exploitations of malicious users harder by deploying a more diverse system, system administrators just shown them the door.

But wait, there is a way to restrict HTTP access. Block access to certain sites, i.e. don't let your users visit malicious sites. This improves security (which is why browsers have begun maintaining a list of sites, users shouldn't go to). However, some system administrators decide to use some crappy web content-control software, like WebSense, to further restrict users. Content-control software has been criticized before (e.g. for choosing sides or for false alarms). An awful decision that restricts productivity while trying to increase it.

This crappy content-control might increase security (probably not that much) but is today more used to increase productivity and decrease bandwidth use. Users can't stream media, users can't access sites which are categorized as "a personal blog" or Facebook. This all sounds good. Why would anyone want to visit Facebook when they should be working. That's just bad for productivity (some employees do waste a lot of precious time and thus productivity by hanging out on Facebook and blog sites but those sites might also enable them to do things the system administrators can't foresee).

I believe an old way of thinking is getting in the way of a new way of working. We increasingly reach out to peers for information and peers are increasingly putting information online. Content-control software restricts this access. I have been searching online for solutions to a problem and had to go out of my way to get access to information Google pointed to (which had the answer I was looking for). Would it have been better if I had contacted a private company who'd have charged my employer an arm and a leg for information that's available online for free, after I had gone through all of the hassle of contacting the other company and waited while they dug up the information (which would probably be the same information or something worse)?

Although I'm not on Facebook, I see the potential in the huge network you can just ask for help. We shouldn't block these sites, we should help employees use these sites more efficiently. We're restricting development of information retrieval and sharing. That's just stupid and irritating and a bloody waste of potential productivity.

But we face an even more threat from system administrators. I have sat on meetings with heads of IT departments who brag about finally being able to control what software users can use. They brag about stopping users from installing anything except the software they make available. That's just sadistic and it's nothing to brag about. It's the wrong kind of development.

I understand that this is supposed to decrease complexity in the system and make the system as a whole more maintainable. But they are effectively deciding how people should work and what tools to use. They are, again, making it easier for exploiters and attackers to focus on specific products. But far worse is the effect this will have on employees. They are effectively creating worker drones. They are defining how we should work and by doing so destroying employee creativity and problem solving.

This would be kinda (but still not at all) understandable if system administrators were professionals who knew everything about our work and tasks. But they are only system administrators (albeit powerful ones). We hire professionals to do their work the best way possible, but then we also hire system administrators who go ahead and decide how the professionals should work. That's just plain wrong. System administrators have too much control. This is not a bright future. We're going faster towards the digital dark ages than I anticipated. Those system administrators that take away the freedom to choose the best tools are restricting development and productivity.

System administrators have a lot on their plate. They have a big responsibility and do all they can to be responsible but it's just outrageous that they have the power to constrain and restrict work. Information technology has the potential to increase productivity, creativity, and development. So why are we trying to take it away? Systems administrators have the power to constrain development by constraining how we do our work.

I for one can't wait to get my most recent Amazon purchase Hacking Work: Breaking Stupid Rules for Smart Results. I hope the book will show me that development can't be constrained and that the future is bright.

Copyright: ThinkGeek T-Shirt