Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Bruce Schneier Weighs in on IT Lock-in Strategies

Posted by Zonk on Thu Feb 07, 2008 06:23 PM
from the lock-and-key dept.
Security
dhavleak writes "Wired has an article from Bruce Schneier on the intersection of security technologies and vendor lock-ins in IT. 'With enough lock-in, a company can protect its market share even as it reduces customer service, raises prices, refuses to innovate and otherwise abuses its customer base. It should be no surprise that this sounds like pretty much every experience you've had with IT companies: Once the industry discovered lock-in, everyone started figuring out how to get as much of it as they can.'"
+ -
story

Related Stories

Firehose:Bruce Schneier Weighs in on Lock-in Strategies by dhavleak (912889)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Bruce Schneier Weighs in on IT Lock-in Strategies 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Symantec (Score:5, Insightful)

    by QuantumRiff (120817) on Thursday February 07 2008, @06:40PM (#22341628)
    Is the freaking worst. We finally switched when their AV client, sitting idle on a PC that was just booted, was using 50MB of RAM. (Some of our systems only had 256 at the time). Over 4 years, our renewal costs (we're a school), went from $5/machine to $18/machine. We still use ghost, and have not seem one damn improvement in the last 4 years, even though it has gone through all sorts of different versions. (now using Ghost solution suite 2.0) I don't see any difference in the software. dear god, you would think they would use WinPE by now, and stop breaking up Ghost images into 2GB chunks. I guess 2 years ago they fixed some multicast issues. Thats it. We just moved from Backup Exec 9.1 to Backup Exec 11d (We had starting using when it was Veritas), mainly for tape encryption capabilities. Of course, it is working fairly well, unless I do something crazy Like try to encrypt our backups to tape. I sat on hold for 45 minutes yesterday, and gave up.. They just bought Altiris, which is who we were looking at to switch to from Ghost. GRRR.. They just buy companies, and then raise prices..

  • Urgh... some worse than others. (Score:4, Interesting)

    by Penguinisto (415985) on Thursday February 07 2008, @06:45PM (#22341740) Journal
    I love the one from Cadence that required a license key which in turn ties into a specific MAC address before it'll start up... hope the NIC doesn't die (I'm currently stuck with seeing if I can get a VM instance going and fake the same MAC for a migration... not looking good, and not a day goes by that I don't curse my predecessor for installing that POS in the first place).

    Hell, my management fears vendor lock-in more than they fear Death itself (which probably explains why we're a very heavy Linux shop)...

    I realize that a lot of PHB's couldn't care less (and an alarming # of CIO's and IT management don't either), but we're far enough along now that it's starting to bite a lot of accountants and IT critters square in the ass.

    IMHO, it does matter, and it explains why a lot of shops are moving away from proprietary solutions, going to Linux/BSD and such.

    Now if only we can definitively tackle the two biggest examples of attempted vendor lock-in alive (Exchange and MS Office), we'd be set.

    /P

  • There's not a single new thing about lock-in (Score:4, Insightful)

    by postbigbang (761081) on Thursday February 07 2008, @06:57PM (#22341886)
    Just some things that are more onerous than others. This has been going on since the beginning of the industry, and it won't change. You can complain about it all you want, but it's going to continue to happen.

    Everyone wants a revenue stream not a revenue pond.

    That doesn't justify boorish behavior, but it explains how companies want to stay in existence, and few other models exist that allow them to do this. Once again, Bruce thinks we were born yesterday.

  • This has *always* been the case... (Score:5, Interesting)

    by wandazulu (265281) on Thursday February 07 2008, @06:59PM (#22341918)
    Per the article, sure, you can switch to a Pepsi in a second if you don't like the Coke, but both Pepsi and Coke spend *enormous* amounts of money to suggest that switching to the competitor's product will make you less desirable to women, less success at your job, etc. That's what advertising is all about, trying to get you to lock *yourself* in, willingly, to a single product.

    But I digress...

    Everybody dreams of being Ma Bell, where even putting a plastic cone on a headset could "damage the network". A lot of companies have had their turn too. We all think of Microsoft as being the king of lock-in, but for my money, it would still be IBM, where their mainframes and mid-range machines were so locked down that you had to get approval to install *anything*. At least with a PC or even a Mac, you can install another OS and you're free and clear. With IBM equipment, they could shut you down remotely if you missed a single "usage" payment (which was calculated *by* *the* *processor* *cycle*!!).

    I cannot think of a single company that wouldn't want total lock-in of its users, regardless of industry. Some are just more capable of doing it than others.

  • What's so sad about lock-in... (Score:4, Interesting)

    by Kjella (173770) on Thursday February 07 2008, @08:53PM (#22343232) Homepage
    ...is that it works. I don't know how many times I've heard the argument about going with all Microsoft or all SAP or all this and that because it's so hard to make it work with everything else. You don't throw out the incompatible software, you buy more of it until you use it for things it's not suited for and has a hundred interfaces to other applications. And once you make yourself a little "mini-monopoly" with no real alternatives, they sure know how to gauge you. While there's plenty work left ahead, I think compatibility and multiple vendors will become the major advantages of open source.

  • Makes sense if you're a capitalist (Score:4, Interesting)

    by ajs318 (655362) <sd_resp2.earthshod@co@uk> on Friday February 08 2008, @06:40AM (#22346656)

    Product unreliability ordinarily doesn't benefit manufacturers, because most consumers are smart enough not to buy the same make next time; but the situation is inverted when the manufacturer of the unreliable products holds a monopoly. And sometimes it doesn't even need to be a full monopoly: you can have several players ostensibly competing in a free market. But that freedom is often just an illusion.

    Think about it: If John Thomas's Panasonic stereo breaks, and he already has lots of CDs, he might buy a Philips next time -- after all, it will plug into the same mains socket and play all the same discs. If John Thomas's Glow-worm boiler packs up in the middle of winter, he might replace it with a Worcester or Baxi boiler -- which will use the same gas and electricity, and plumb in just fine to his existing radiators and hot water system. If John Thomas's Ford Focus breaks down one time too many, he might trade it in for a Vauxhall Astra -- it will use the same fuel and can be driven on the same roads.

    But if John Thomas's Wii breaks, and he already owns several Wii games, he has precious little choice but to buy another one from Nintendo. The games may well have cost more than the console -- it would be a waste not to have anything on which to play them.

    Despite outward appearances, Nintendo, Sony and Microsoft aren't really competing in a free market; because their products are not interchangeable in practice -- unlike CD players, gas boilers or cars. Once you have invested in a game on one platform, it can only be used on that platform -- you can't replace your Wii with a PS3 and take your games across. And if you ask the vendors to replace your Wii games with PS3 equivalents, they'll laugh at you. (A store will probably exchange a few unopened games bought in ignorance as a gift for someone who has a different console than you thought; but even then it's technically ex gratia, not a statutory right.)

    And if John Thomas's copy of Microsoft Word pisses him off one time too many, and he has many documents already in .doc format that he needs to be able to access, he can't replace it with anything else and still be sure that his documents will render correctly. Even worse, if his sister Fanny buys a brand new computer that comes with a brand new version of Word, John's copy now most probably won't be able to read documents saved by Fanny in future (unless she saves them as an older version, which is deliberately made awkward and throws up dire warnings) -- so he is all but forced to buy his own new copy of Microsoft Word.

    • Re:As in... (Score:5, Informative)

      by trolltalk.com (1108067) on Thursday February 07 2008, @06:36PM (#22341578) Homepage Journal

      lock-in = subscription based business model...for those that don't know :)

      Nope.

      Lock-in is anything that creates barriers to moving to a competitor. For example, file formats. Or email address non-portability between different ISPs (or freemail providers, for that matter). Or (in the case of telecoms) number non-portability.The subscription model is one of the ways to milk extra bucks from lock-in, but it isn't itself a "lock-in."

      • Re:As in... (Score:4, Informative)

        by misleb (129952) on Thursday February 07 2008, @07:28PM (#22342282)

        Or email address non-portability between different ISPs (or freemail providers, for that matter).


        This being an unintentional form a lock-in, of course. You wouldn't actually expect an email address to be portable, would you?

        -matthew
                  • Yeah, sure. What you are suggesting is that I should be able to move house from one country/city/town/suburb but still be able to receive the mail sent to my old home address*. It's an utterly retarded idea.

                    When you use an @domain symbol your dns server directs the query to the server that is responsible for that domain. ie, the server operated by (or on behalf of) the owner of the domain.

                    If you want email portability then you can register your own domain . It's really quite simple.

                    If you don't want to do that then guess what, you can get an email address on somebody elses domain. If you choose to move from their domain you don't retain any rights to continue using a domain name that you don't own

                    How is that difficult to understand?

                    Honestly, sometimes I think we need a better class of geeks on slashdot. Is Digg down at the moment?

                    * Yes, I realise that you can do a temporary mail redirect but this costs money and is very resource intensive. If *everyone* tried to do this in perpetuity then the system would be completely unworkable, both logistically as well as inuitively.

      • Re:As in...Lock-in Backfires (Score:5, Interesting)

        by Technician (215283) on Friday February 08 2008, @02:23AM (#22345550)
        Lock-in is anything that creates barriers to moving to a competitor.

        Often lock-in is the driving force to open standards and the proprietary vendors have to change or die. The most recent example of this that I can point to is the theatrical lighting industry. Martin, Strand, MSI, and other inteligent lighting manufactures all had their own standard for running lighting. Touring companies found it difficult to interface with all the lighting systems. A committie was formed to produce a standard that wasn't any of the already established standards to avoid any patent and royalty bias toward any one manufacture.

        The birth of the DMX-512 standard came out. Now it is almost impossible to sell any lighting system that doesn't support the standard.

        http://www.usitt.org/standards/DMX512.html [usitt.org]
        "This standard is intended to provide for interoperability at both communication and mechanical levels with controllers made by different manufacturers."

        Almost everything now uses the new standard from Drama, Dance, and Club Nightlife. If you buy an intelligeht moving light, It's almost guaranteed to use the DMX-512 signal, even if the connector isn't the standard 5 pin XLR. An exception to the DMX standard is the one for architectural using multiple wall stations for building lights. Even these control systems often output DMX-512 signals to use standard dimmers.

        In some specialty fields some still try with something other than the standard. As an example the animated Christmas lights often use the Lights-o-Rama system which is incompatible with everything else.

        http://www.lightorama.com/ [lightorama.com]

        It is a cheaper alternative with a lower cost per dimmer, but it is limited to dimmers only. It won't run all the disco and concert moving color changing lights. And of course you can only use their software and interface to run the dimmers.

        • Re:Be Creative! (Score:4, Insightful)

          by trolltalk.com (1108067) on Thursday February 07 2008, @07:58PM (#22342652) Homepage Journal

          "Windows, like a newspaper, only has value in context and for a limited time. Your old copy of MSDOS is worthless today as are most of every copy of software you have released before 2001. It only had value in context and the sooner you lose that context the better off you are."

          It still does whatever you had to do in times past. For example, SimCity 4 runs fine on Windows 98. A lot of places refuse to dump their Win2k setups, or they have software that still requires DOS.

          Heck, I know one place that runs their financials on a Win 3.1 program. Its been doing everything they need for 15 years, and they're not going to change. It works, it runs fine under xp, and why fix what ain't broke?

        • Re:As in... (Score:4, Informative)

          by Kadin2048 (468275) <slashdot DOT kadin AT xoxy DOT net> on Friday February 08 2008, @12:22AM (#22344886) Homepage Journal

          Portability for phone numbers makes sense, because they are just arbitrary numbers and AT&T can give you 12345 just as well as any other provider.
          They can now. This is a relatively recent development. The old rotary-pulse dial switching system didn't allow for such things, and although numbers might have appeared arbitrary to the customer, they were anything but to the phone company. Individual phone lines (last four digits, in our current numbering scheme) were connected to exchanges (first three digits of the 'phone number,' but in the past these were lettered or had other designations, like city or town), and if you moved from one exchange to another, your number changed. The phone number actually drove the routing equipment -- you couldn't just give someone a random 7 or 10 digit number and make it work. (Similar to how IP routing worked under classful networks.)

          Over time, telephone call routing got more flexible. I'm not familiar with exactly how it works today, but there is obviously another layer, probably many layers, beneath the "phone number" you use and remember. That has been abstracted away from the actual 'hardware' and can be assigned arbitrarily.

          Email addresses are currently hierarchical, in the same way that phone numbers used to be (under exchanges). If you want to send it to bob@company.com, you first send it to the mailserver for "company.com" and then it sends it on to Bob. But that's sort of an arbitrary design consideration. If you wanted to have a different MX record for "bob@company.com" than "joe@company.com", there's no fundamental reason why you couldn't, provided you were willing to completely trash and rewrite the DNS servers and MTAs.

          More usefully, rather than screwing around with DNS, the best way to accomplish email portability would be to build another layer of abstraction on top of email as it currently exists. Instead of remembering people's emails, remember their real names or handles, and then have your email program consult some sort of global distributed database in order to find their email address (which would change whenever they moved ISPs or networks). Then you could change emails whenever you wanted and the people sending you mail would never know; it would all be hidden below the user level. And in fact there are some electronic-mail systems (e.g. Lotus Notes) that don't operate using user and domain names, and have their own systems allowing for more flexibility.

    • Re:As in... (Score:5, Informative)

      by Sciros (986030) on Thursday February 07 2008, @06:44PM (#22341712) Journal
      That's completely wrong! A lock-in is when the consumer is "stuck" with a particular vendor. This may be due to any number of things, but subscription is not one of them. A subscription-based service only locks you in if it makes unsubscribing difficult (which may translate to costly), which has nothing to do with being a subscription-based service in the first place.

      A company that runs on a subscription-based business model would *benefit* from lock-in (to keep subscriptions going), but it doesn't have to do it. Magazines don't lock you in, neither do websites with subscription-based access (e.g. IGN, or newspapers), etc. You're always free to cancel and subcribe to something else if you wish.

      • Re:As in... (Score:5, Insightful)

        by bigstrat2003 (1058574) on Thursday February 07 2008, @08:39PM (#22343080)
        There are perfectly good reasons to hate universal health care and Social Security apart from supposed hatred of poor people. Not all of us trust the government to be a good provider, and want the ability to opt out of a bad system. Social Security is an even better example. If I believe that Social Security is going to collapse before I can benefit (I have no opinion on the matter, for the record, as I lack sufficient information), why the hell would I want pay into such a thing?

        Not everyone who wants a free market is doing it for the evil reasons you paint, and not everyone who doesn't want the programs you mention is a greedy bastard who wants to be better than poor people.

    • Re:Build-your-own systems are starting to look goo (Score:5, Informative)

      by milsoRgen (1016505) on Thursday February 07 2008, @06:38PM (#22341596) Homepage
      http://www.opencores.org/ [opencores.org]

      As far as the cost of getting one of those built, I'd like to know that myself... Reminds me when I was part of the crew dismantling the old fabs responsible for the Z80 [wikipedia.org]... Shoulda paid one of the drivers to deliver one of those Canon machines to my garage...

    • Re:Build-your-own systems are starting to look goo (Score:5, Funny)

      by eln (21727) on Thursday February 07 2008, @06:42PM (#22341654) Homepage

      Does anyone have a link to some resources on how one might build one's own processor? How much does it cost to do that sort of thing?
      Well, it depends on how fast you want it to be. For my home computer, I used the instructions here [ryerson.ca]. It's a little slow for less advanced users, but I find I can surf the web at a pretty good clip once I get going. Of course, splinters can be a problem.
    • Don't stop at the processor level. The fundamental laws of physics already contain signs of corporate lock-in. The No-cloning feature of quantum mechanics clearly is a sign of DRM built into the fundamental laws of the universe. And the inner workings of about everything we use is tied to the exact laws of the universe we are in. Therefore you have to start at the very beginning: First build your own universe!

    • Re:Build-your-own systems are starting to look goo (Score:4, Insightful)

      by webmaster404 (1148909) on Thursday February 07 2008, @06:44PM (#22341720)
      Hmm? I highly doubt that any computer maker will lock you into hardware/software it just is bad business. Think of Dell, Vista failed, people started to not buy computers so they switched to letting people use XP, enough people wrote in and now they offer Linux, the hardware companies just want to sell hardware, if they can get that by offering Vista they will, if enough people request Linux they will offer that. Most hardware manufacturers want their product to be used as much as possible, if that means using standards they will (and mostly have) use it to get people to buy it. We are far away from computers (laptop and desktops not PDAs and Cell Phones and such) that have hardware/software lockin and the only one to have done it was Apple however now they let even Windows boot on Macs. The fact is, hardware manufacturers don't care about locking you into software, they just want money, if they can get that by offering MS, Linux, or whatever they will so lockin is a bad choice for them.

    • Re:Monopoly is the goal of capitalism (Score:4, Interesting)

      by kidcharles (908072) on Thursday February 07 2008, @07:28PM (#22342288)

      "But that's not good for capitalism, so it isn't the goal of capitalism!" while sitting on Mommy's lap or at Mommy's Marxist University
      Actually the tendency for capitalism to eat itself alive with its drive for monopolization is accepted in and is part of Marxist economic theory. Another contradiction of capitalism that is an observation in Marxist theory is the desire of an individual firm to pay its employees as little as possible, but that depends on well-paid consumers having enough money to buy their products. That's my personal favorite.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.