Forgot your password?
typodupeerror
Security Your Rights Online

Bruce Schneier Weighs in on IT Lock-in Strategies 186

Posted by Zonk
from the lock-and-key dept.
dhavleak writes "Wired has an article from Bruce Schneier on the intersection of security technologies and vendor lock-ins in IT. 'With enough lock-in, a company can protect its market share even as it reduces customer service, raises prices, refuses to innovate and otherwise abuses its customer base. It should be no surprise that this sounds like pretty much every experience you've had with IT companies: Once the industry discovered lock-in, everyone started figuring out how to get as much of it as they can.'"
This discussion has been archived. No new comments can be posted.

Bruce Schneier Weighs in on IT Lock-in Strategies

Comments Filter:
  • Right down to the processor level, even. If they're going to try to lock me into their hardware and software, I want none of it.

    Does anyone have a link to some resources on how one might build one's own processor? How much does it cost to do that sort of thing?
    • by milsoRgen (1016505) on Thursday February 07, 2008 @06:38PM (#22341596) Homepage
      http://www.opencores.org/ [opencores.org]

      As far as the cost of getting one of those built, I'd like to know that myself... Reminds me when I was part of the crew dismantling the old fabs responsible for the Z80 [wikipedia.org]... Shoulda paid one of the drivers to deliver one of those Canon machines to my garage...
    • by Anonymous Coward
      Prohibitively expensive and time consuming (unless you want to make a 4 bit processor, some one did that recently by hand).
    • by eln (21727) on Thursday February 07, 2008 @06:42PM (#22341654) Homepage

      Does anyone have a link to some resources on how one might build one's own processor? How much does it cost to do that sort of thing?
      Well, it depends on how fast you want it to be. For my home computer, I used the instructions here [ryerson.ca]. It's a little slow for less advanced users, but I find I can surf the web at a pretty good clip once I get going. Of course, splinters can be a problem.
    • by maxwell demon (590494) on Thursday February 07, 2008 @06:43PM (#22341676) Journal
      Don't stop at the processor level. The fundamental laws of physics already contain signs of corporate lock-in. The No-cloning feature of quantum mechanics clearly is a sign of DRM built into the fundamental laws of the universe. And the inner workings of about everything we use is tied to the exact laws of the universe we are in. Therefore you have to start at the very beginning: First build your own universe!
    • by webmaster404 (1148909) on Thursday February 07, 2008 @06:44PM (#22341720)
      Hmm? I highly doubt that any computer maker will lock you into hardware/software it just is bad business. Think of Dell, Vista failed, people started to not buy computers so they switched to letting people use XP, enough people wrote in and now they offer Linux, the hardware companies just want to sell hardware, if they can get that by offering Vista they will, if enough people request Linux they will offer that. Most hardware manufacturers want their product to be used as much as possible, if that means using standards they will (and mostly have) use it to get people to buy it. We are far away from computers (laptop and desktops not PDAs and Cell Phones and such) that have hardware/software lockin and the only one to have done it was Apple however now they let even Windows boot on Macs. The fact is, hardware manufacturers don't care about locking you into software, they just want money, if they can get that by offering MS, Linux, or whatever they will so lockin is a bad choice for them.
      • Re: (Score:2, Insightful)

        by ChrisMounce (1096567)
        That's why it's called a lock-in -- you know the customers won't like what you're about to do, so you lock them in. And lock-in isn't a bool, it's a float: all companies lock customers in, but some do it intentionally and to much greater extents than others.

        I do agree with what you said when it comes to smaller companies/non-monopolies -- they don't have much reason to lock-in customers, because they don't have very many customers to lock in, and because it's much more beneficial to look like the consumer-f
  • Symantec (Score:5, Insightful)

    by QuantumRiff (120817) on Thursday February 07, 2008 @06:40PM (#22341628)
    Is the freaking worst. We finally switched when their AV client, sitting idle on a PC that was just booted, was using 50MB of RAM. (Some of our systems only had 256 at the time). Over 4 years, our renewal costs (we're a school), went from $5/machine to $18/machine. We still use ghost, and have not seem one damn improvement in the last 4 years, even though it has gone through all sorts of different versions. (now using Ghost solution suite 2.0) I don't see any difference in the software. dear god, you would think they would use WinPE by now, and stop breaking up Ghost images into 2GB chunks. I guess 2 years ago they fixed some multicast issues. Thats it. We just moved from Backup Exec 9.1 to Backup Exec 11d (We had starting using when it was Veritas), mainly for tape encryption capabilities. Of course, it is working fairly well, unless I do something crazy Like try to encrypt our backups to tape. I sat on hold for 45 minutes yesterday, and gave up.. They just bought Altiris, which is who we were looking at to switch to from Ghost. GRRR.. They just buy companies, and then raise prices..
    • by greenbird (859670) *

      We just moved from Backup Exec 9.1 to Backup Exec 11d (We had starting using when it was Veritas), mainly for tape encryption capabilities. Of course, it is working fairly well, unless I do something crazy Like try to encrypt our backups to tape. I sat on hold for 45 minutes yesterday, and gave up.. They just bought Altiris, which is who we were looking at to switch to from Ghost. GRRR.. They just buy companies, and then raise prices..

      You know, with the price of disk space what it is today I find it hard to come up with any reason to use tapes for backup anymore. 2 backup servers, one offsite over VPN or ssh, with encrypted RAID hard drives on LVM, rsync with hardlinks [mikerubel.org] and compressed dump for archiving is much cheaper and more reliably than tapes especially with offsite storage. This can even allow automated background backup of laptops when they're connected. What am I missing? What do tapes add that would justify the added expense an

      • Long term storage. Our state mandates that student records be archived for 99 years. We can lock tapes in a Safety deposit box. They have a much longer shelf life (and are cheaper) than hard drives. I pay about $40 for a 600GB SDLT tape. Easier rotations. No raid setup, no off site connectivity costs (we don't have an "off site" yet). Smaller footprint too.. I can go back to any point in the last 8 years and grab a file. Can you do that with you hard drives? Do you still have servers with IDE drive
        • by rho (6063)

          Will the DLT last for 99 years? Or is this a "let the next guy dump them out to holocrystals" thing?

        • Re: (Score:3, Insightful)

          by turbidostato (878842)
          "Do you still have servers with IDE drives?"

          Oh! so you are one of those that still own in operating conditions half-inch open-reel tapers?

          Or else, your argument is moot, you know...
        • Re: (Score:2, Insightful)

          by Vombatus (777631)
          Long term storage. Our state mandates that student records be archived for 99 years. We can lock tapes in a Safety deposit box.

          You do realise that backup and archiving are two entirely different things, don't you?

    • I wasn't particularly thrilled when Altiris bought Wise Solutions (because we use Wise Installation Studio) but I was definitely displeased when Symantec bought Altiris. I've noticed that the latest release of Wise is slower and less stable than previous versions. Still a good product, don't get me wrong, but I don't like it one little bit when companies that I depend upon get bought out, particularly by outfits like Symantec. Hell, even if the new owner is a decent operation, shit changes, and often not fo
  • By being greedy for lockin one also increases the difficulty of getting the initial sale.
  • by Penguinisto (415985) on Thursday February 07, 2008 @06:45PM (#22341740) Journal
    I love the one from Cadence that required a license key which in turn ties into a specific MAC address before it'll start up... hope the NIC doesn't die (I'm currently stuck with seeing if I can get a VM instance going and fake the same MAC for a migration... not looking good, and not a day goes by that I don't curse my predecessor for installing that POS in the first place).

    Hell, my management fears vendor lock-in more than they fear Death itself (which probably explains why we're a very heavy Linux shop)...

    I realize that a lot of PHB's couldn't care less (and an alarming # of CIO's and IT management don't either), but we're far enough along now that it's starting to bite a lot of accountants and IT critters square in the ass.

    IMHO, it does matter, and it explains why a lot of shops are moving away from proprietary solutions, going to Linux/BSD and such.

    Now if only we can definitively tackle the two biggest examples of attempted vendor lock-in alive (Exchange and MS Office), we'd be set.

    /P

    • Re: (Score:3, Interesting)

      by Obfuscant (592200)
      I'm currently stuck with seeing if I can get a VM instance going and fake the same MAC for a migration...

      The beauty of using Linux is that you get the source code. ALL the source code. Even the code that implements the IOCTL function for "tell me my interface's MAC address".

    • by whoever57 (658626)

      I love the one from Cadence that required a license key which in turn ties into a specific MAC address before it'll start up... hope the NIC doesn't die
      You do know about macchanger, don't you? Or "ip link address ..."
    • by sconeu (64226)
      VirtualBox lets you set the MAC. It's right there on the Network settings page.
    • by dbIII (701233)
      USB to network dongles do the job well and it's easy to change the MAC address in every OS I am familiar with (most likely the others as well). Just ask the vendor first. One was happy with this solution when they only had a choice of parallel port blocks or a MAC address and I wanted a USB dongle so the software could be legally used on a few machines. A lot of this security software is effectively abandonware that predates the trend of vanishing parallel ports.

      This year (2008) I've already had licenced

    • I love the one from Cadence that required a license key which in turn ties into a specific MAC address before it'll start up


      Good thing that almost all NICs can be configured to be any MAC you want if necessary.
    • If you are using Linux then it probably isn't an issue, set the MAC to whatever you want. However, in windows it is also possible to alter the MAC address of your network interfaces to something other that the factory defaults. The procedure is as follows:

      Go to the Properties menu of the Ethernet adapter, in the Advanced tab, as "MAC Address", "Locally Administered Address", "Ethernet Address", "Physical Address" or "Network Address". The exact name depends on the Ethernet driver used; not all drivers' s
  • by postbigbang (761081) on Thursday February 07, 2008 @06:57PM (#22341886)
    Just some things that are more onerous than others. This has been going on since the beginning of the industry, and it won't change. You can complain about it all you want, but it's going to continue to happen.

    Everyone wants a revenue stream not a revenue pond.

    That doesn't justify boorish behavior, but it explains how companies want to stay in existence, and few other models exist that allow them to do this. Once again, Bruce thinks we were born yesterday.
    • Re: (Score:2, Insightful)

      by Anonymous Coward
      Yes you're right. But the stream and pond are illusions of greed and shortsightedness. Think of all the products over the years that you have fought with.

      Power connectors. There's a perfectly good international standard but your manufacturer chooses to modify the connector making it 1mm smaller than it should be, so you have to buy their power supplies.

      Batteries. There are scores of standard sizes for ever possible device. But your manufacturer decided to create one that doesn't fit anything else and nothin
      • Re: (Score:3, Insightful)

        by postbigbang (761081)
        No one argues the downsides and superfluity of lock-ins. I like FOSS. But standards are used by those that bought and paid for them. Look at the history of Ethernet if you're not sure about that. Stallman was right about many things, and one of them was greed. Open is better, but don't expect the world to change overnight.
    • Once again, Bruce thinks we were born yesterday.

      Maybe he's found his own "celebrity lock-in", where he's getting headlines for stating what's basically f**cking obvious. I think he should stick with security.
    • by Sloppy (14984)

      it won't change. You can complain about it all you want, but it's going to continue to happen.

      [cynical]You're probably right[/cynical] but complaining serves a useful function, on its own. Most people don't think about lock-in, or aren't able to perceive it (until they're locked). When you complain (especially if you have a large audience, like The Bruce), you can get the word out. You can cause prospective buyers to become informed. Information is a market force. Sadly, it's a weak one, but it's so

      • I saw this device recently, designed to be a be-all power supply for everything. It auto-senses voltage draw and feeds it. You have to get different connectors for different hardware, but it powers darn near anything from a USB widget to an Apple PowerBook (not sure about the weird connector for MacBook Pro). The idea is to give a road warrior freedom from carrying so many bricks. It's a wonderful idea, and it is doomed, sadly. Get a generic car, and you'll get a generic PC. Sorry to use automotive metaphor
    • by Vellmont (569020)

      This has been going on since the beginning of the industry, and it won't change. You can complain about it all you want, but it's going to continue to happen.

      I disagree. Lock-in is getting smaller every year. To give a few examples, Do you have any vendor lock-in with your SMTP server? Nope, because SMTP has been the standard mail transfer protocol for years. Are you locked into a single router vendor? Hell no, because TCP/IP is TCP/IP.

      Lock-in only makes sense as far as a single vendor-neutral standard
      • With rare exception, standards are bought and paid for. Look at who's on the IEEE committees..... the ITU.... it's not civilian engineers, it's sponsored lobbyists. Certainly, they don't always get their way, and there's a bit of democracy-- if that's what you want to call it. Vendor-neutrality is somewhat of an oxymoron.

        Sun, IMHO, used to manipulate Ethernet by using non-standard frame gaps. Their traffic would get through before someone else's that respected a frame gap. SMTP is a horrible standard, and y
        • by gbjbaanb (229885)
          In a way there already is a systematic approach to open business models.. or remind me how well IBM and GEC are doing as IT vendors nowadays..

          If MS and others increases their lockin practices (and I'm sure they will try more and more) then they will only serve to increase the number of Linux desktops out there. Its ironic that the best way to get Linux on the Desktop is for Microsoft to do everything in its power to keep Windows there :)
    • In Information Rules [squeezedbooks.com] the authors suggest that clients need to be informed about the potential for lock in, and crucially, to negotiate a good deal before signing up, while they still have bargaining power.
  • by wandazulu (265281) on Thursday February 07, 2008 @06:59PM (#22341918)
    Per the article, sure, you can switch to a Pepsi in a second if you don't like the Coke, but both Pepsi and Coke spend *enormous* amounts of money to suggest that switching to the competitor's product will make you less desirable to women, less success at your job, etc. That's what advertising is all about, trying to get you to lock *yourself* in, willingly, to a single product.

    But I digress...

    Everybody dreams of being Ma Bell, where even putting a plastic cone on a headset could "damage the network". A lot of companies have had their turn too. We all think of Microsoft as being the king of lock-in, but for my money, it would still be IBM, where their mainframes and mid-range machines were so locked down that you had to get approval to install *anything*. At least with a PC or even a Mac, you can install another OS and you're free and clear. With IBM equipment, they could shut you down remotely if you missed a single "usage" payment (which was calculated *by* *the* *processor* *cycle*!!).

    I cannot think of a single company that wouldn't want total lock-in of its users, regardless of industry. Some are just more capable of doing it than others.
  • by tristian_was_here (865394) on Thursday February 07, 2008 @07:02PM (#22341954)
    I got locked into Ballmer's secret office after he found Linux on my laptop while sitting in the park.

    I did manage to escape the MS compound dodging flying chairs!
    • Recently I've compared MS sales force to Jehovah's Witnesses, but the reality is often worse than that and the following anecdote [web-strategist.com] reminded me:

      Back in 1995 on a public list I wrote a message critical of Microsoft.

      They used their DevNet developer database to locate a colleague at my place of work through whom they applied pressure at senior management level, i.e. vailed threats to withdraw discounts etc., in an attempt to prevent further criticism from me.

      Fortunately, Microsoft's emails to management actually confirmed everything that I'd said was true. I still have copies with management's handwritten comments.

      At least I'm not paranoid anymore - I know what they'll do with all that information.

  • Your iPhone comes with a complicated list of rules about what you can and can't do with it. You can't install unapproved third-party applications on it. You can't unlock it and use it with the cellphone carrier of your choice.

    As Gruber noted [daringfireball.net], that's not really that complicated. It doesn't count as complicated if you can explain it in two sentences.

    It's why all gaming-console manufacturers make sure that their game cartridges don't work on any other console...

    I think we need another word for this than "lock-

    • by jonbryce (703250)
      Mu iPaq doesn't have lock in. I bought it direct from HP rather than from a phone company, and then got a SIM only contract from O2 which is less than half the price of the iPhone contract. The phone cost £320 vs £270 for the iPhone, and in at least some areas, has more features - it has GPS, a keyboard, Exchange push support, the ability to add Blackberry support, and the ability to write your own software on it using Visual Studio or possibly Mono.
    • by un1xl0ser (575642)

      As for conscious lock-in, if you don't want a phone with lock-in, you're free to get one. Enjoy paying twice as much for calls and having a per-call fee. Lock-in costs less than stuff without lock-in because it reduces risk. It's a valuable tool and one that, despite the Slashdot crowd's feeling, most consumers have little problem with as a way to get goods more cheaply.

      As discussed above, a subscription model (including break-out fees) doesn't fit the type of lock-in that we are discussing here. The cost of getting out of a contract can sometimes be less than the cost of the phone itself, which means that the cost isn't above and beyond the cost of the product itself.

      Phones are a bad example of lock-in, in my opinion. Microsoft's monopoly and the software industry is the best example of lock-in, hands down. Beyond that, corporate IT is the next best place to find vendors

    • by SeaFox (739806)

      As Gruber noted [daringfireball.net], that's not really that complicated. It doesn't count as complicated if you can explain it in two sentences.

      As much as I like what Gruber says in his blog, in this case he was just being another iPhone fanboi defending Apple. The difference between Nintendo vs. Sony vs. Microsoft is that even if the game discs themselves were the same size (and they weren't with the GameCube) the platforms hardware-wise were not. Comparing the three and asking why they aren't the same is

  • by Sloppy (14984) on Thursday February 07, 2008 @07:39PM (#22342426) Homepage Journal

    Buying an iPhone isn't the same as buying a car or a toaster. Your iPhone comes with a complicated list of rules about what you can and can't do with it.
    Unlike cars?
    • Only if you drive it on a public road. And the state sets the laws, not the manufacturer. If you own your own island and roads, you can do whatever modifications to it after purchase that you like and the maker couldn't care less.
    • by TubeSteak (669689)

      Unlike cars?
      And how exactly is a car like an iPhone?
      Everything from the seat you're sitting on, to the computer that controls the electronics can be changed.
      About the only thing you can't outright replace in a car is the frame...

      One could argue that high end luxury cars are designed to foster vendor lock-in, but you didn't make that argument.
  • It's about on-board security sub applications or attributes which are specific to that application or that applications vendor. Such as MS applications using MS specific DRM. Is this a bad thing? I don't think that it is.
  • BUSINESS = LOCK-IN (Score:3, Interesting)

    by v(*_*)vvvv (233078) on Thursday February 07, 2008 @08:44PM (#22343134)
    This has nothing to do with IT. Business is all about lock-in. If this comes as a surprise, you don't know the basics of business. You can do it "cleanly" and morally and ethically through things such as superior customer service, superior product functionality, and superior value for the price. Or, you can be "dirty" and use things such as technology and software barriers, vendor pressure tactics, bias contracts and user agreements, biological mechanisms such as addiction, and lobbying and manipulating the law. The stock market, our way of evaluating and rewarding corporate perforance, unfortunately does not make any distiction between these clean and dirty lock-in tactics. The system's only real requirement is that we obide by the law and don't get caught cheating. Given this requirement, companies gain enormous advantages by being dirty. In this free capitalist market, those with advantages ultimately win and they get heavily rewarded for it. The result? Hello Microsoft, hello Nike, hello Exxon Mobil, hello Time Warner AOL Cable. And just when you thought Apple was gaining marketshare, what a surprise, we talk about how they are just getting better at being dirty.

    Eventhough the government talks about being all for fair competition in an open market, their behavior and the law which they help create says otherwise. Intellectual property law, anti-trust law, and much of the consitution is comprised of lock-in catalysts. Mergers and aquisitions heavily support lock-ins as well.

    Whether you are selling iPhones at Apple Stores or hotdogs at an intersection in Manhattan, you are still trying to lock-in your customers. And the better you do it, the more the United States of America will reward you.

    • Re: (Score:2, Insightful)

      by gujo-odori (473191)
      Is superior customer service, superior functionality, and superior value for price really lock-in? I work for a company that provides all three of those (our product is expensive, perhaps one of the most expensive in our market sector, but it's still superior value for price) and we have very low customer churn because our customers love us and tell us so all the time. They stay with us because they wan to; the nature of our product is such that it could be ripped out and replaced with a competing product (
  • by Kjella (173770) on Thursday February 07, 2008 @08:53PM (#22343232) Homepage
    ...is that it works. I don't know how many times I've heard the argument about going with all Microsoft or all SAP or all this and that because it's so hard to make it work with everything else. You don't throw out the incompatible software, you buy more of it until you use it for things it's not suited for and has a hundred interfaces to other applications. And once you make yourself a little "mini-monopoly" with no real alternatives, they sure know how to gauge you. While there's plenty work left ahead, I think compatibility and multiple vendors will become the major advantages of open source.
  • Not really. [daringfireball.net]

    -Ted
  • The key published in tuaw's erica sadun's blog post is NOT the iphone's application signing key (as wrongly infered by Scheneier).
    The key is actually an AES key for the DMG ram disk image file that is part of the iphone firmware update process. Nothing to do with application signing. The key doesn't even have enough size to be mistaken for an usable RSA key (I wonder if Scheier has noticed that).
    Anyone can check that out on the various iPhone hacking blogs (and also on the very same one that posted this
  • by ajs318 (655362) <sd_resp2.earthshod@co@uk> on Friday February 08, 2008 @06:40AM (#22346656)

    Product unreliability ordinarily doesn't benefit manufacturers, because most consumers are smart enough not to buy the same make next time; but the situation is inverted when the manufacturer of the unreliable products holds a monopoly. And sometimes it doesn't even need to be a full monopoly: you can have several players ostensibly competing in a free market. But that freedom is often just an illusion.

    Think about it: If John Thomas's Panasonic stereo breaks, and he already has lots of CDs, he might buy a Philips next time -- after all, it will plug into the same mains socket and play all the same discs. If John Thomas's Glow-worm boiler packs up in the middle of winter, he might replace it with a Worcester or Baxi boiler -- which will use the same gas and electricity, and plumb in just fine to his existing radiators and hot water system. If John Thomas's Ford Focus breaks down one time too many, he might trade it in for a Vauxhall Astra -- it will use the same fuel and can be driven on the same roads.

    But if John Thomas's Wii breaks, and he already owns several Wii games, he has precious little choice but to buy another one from Nintendo. The games may well have cost more than the console -- it would be a waste not to have anything on which to play them.

    Despite outward appearances, Nintendo, Sony and Microsoft aren't really competing in a free market; because their products are not interchangeable in practice -- unlike CD players, gas boilers or cars. Once you have invested in a game on one platform, it can only be used on that platform -- you can't replace your Wii with a PS3 and take your games across. And if you ask the vendors to replace your Wii games with PS3 equivalents, they'll laugh at you. (A store will probably exchange a few unopened games bought in ignorance as a gift for someone who has a different console than you thought; but even then it's technically ex gratia, not a statutory right.)

    And if John Thomas's copy of Microsoft Word pisses him off one time too many, and he has many documents already in .doc format that he needs to be able to access, he can't replace it with anything else and still be sure that his documents will render correctly. Even worse, if his sister Fanny buys a brand new computer that comes with a brand new version of Word, John's copy now most probably won't be able to read documents saved by Fanny in future (unless she saves them as an older version, which is deliberately made awkward and throws up dire warnings) -- so he is all but forced to buy his own new copy of Microsoft Word.

If A = B and B = C, then A = C, except where void or prohibited by law. -- Roy Santoro

Working...