Become a fan of Slashdot on Facebook


Forgot your password?
Security Your Rights Online

Bruce Schneier Weighs in on IT Lock-in Strategies 186

dhavleak writes "Wired has an article from Bruce Schneier on the intersection of security technologies and vendor lock-ins in IT. 'With enough lock-in, a company can protect its market share even as it reduces customer service, raises prices, refuses to innovate and otherwise abuses its customer base. It should be no surprise that this sounds like pretty much every experience you've had with IT companies: Once the industry discovered lock-in, everyone started figuring out how to get as much of it as they can.'"
This discussion has been archived. No new comments can be posted.

Bruce Schneier Weighs in on IT Lock-in Strategies

Comments Filter:
  • Symantec (Score:5, Insightful)

    by QuantumRiff ( 120817 ) on Thursday February 07, 2008 @06:40PM (#22341628)
    Is the freaking worst. We finally switched when their AV client, sitting idle on a PC that was just booted, was using 50MB of RAM. (Some of our systems only had 256 at the time). Over 4 years, our renewal costs (we're a school), went from $5/machine to $18/machine. We still use ghost, and have not seem one damn improvement in the last 4 years, even though it has gone through all sorts of different versions. (now using Ghost solution suite 2.0) I don't see any difference in the software. dear god, you would think they would use WinPE by now, and stop breaking up Ghost images into 2GB chunks. I guess 2 years ago they fixed some multicast issues. Thats it. We just moved from Backup Exec 9.1 to Backup Exec 11d (We had starting using when it was Veritas), mainly for tape encryption capabilities. Of course, it is working fairly well, unless I do something crazy Like try to encrypt our backups to tape. I sat on hold for 45 minutes yesterday, and gave up.. They just bought Altiris, which is who we were looking at to switch to from Ghost. GRRR.. They just buy companies, and then raise prices..
  • by webmaster404 ( 1148909 ) on Thursday February 07, 2008 @06:44PM (#22341720)
    Hmm? I highly doubt that any computer maker will lock you into hardware/software it just is bad business. Think of Dell, Vista failed, people started to not buy computers so they switched to letting people use XP, enough people wrote in and now they offer Linux, the hardware companies just want to sell hardware, if they can get that by offering Vista they will, if enough people request Linux they will offer that. Most hardware manufacturers want their product to be used as much as possible, if that means using standards they will (and mostly have) use it to get people to buy it. We are far away from computers (laptop and desktops not PDAs and Cell Phones and such) that have hardware/software lockin and the only one to have done it was Apple however now they let even Windows boot on Macs. The fact is, hardware manufacturers don't care about locking you into software, they just want money, if they can get that by offering MS, Linux, or whatever they will so lockin is a bad choice for them.
  • by rkanodia ( 211354 ) on Thursday February 07, 2008 @06:45PM (#22341744)
    This isn't always true. For many users, the pain of proprietary file formats is not understood until well after the purchase.
  • by postbigbang ( 761081 ) on Thursday February 07, 2008 @06:57PM (#22341886)
    Just some things that are more onerous than others. This has been going on since the beginning of the industry, and it won't change. You can complain about it all you want, but it's going to continue to happen.

    Everyone wants a revenue stream not a revenue pond.

    That doesn't justify boorish behavior, but it explains how companies want to stay in existence, and few other models exist that allow them to do this. Once again, Bruce thinks we were born yesterday.
  • by Anonymous Coward on Thursday February 07, 2008 @07:18PM (#22342128)
    Yes you're right. But the stream and pond are illusions of greed and shortsightedness. Think of all the products over the years that you have fought with.

    Power connectors. There's a perfectly good international standard but your manufacturer chooses to modify the connector making it 1mm smaller than it should be, so you have to buy their power supplies.

    Batteries. There are scores of standard sizes for ever possible device. But your manufacturer decided to create one that doesn't fit anything else and nothing else will fit in its place.

    The list goes on forever of course, gas connectors, plumbing joints, lamp fittings...

    Each time a manufacturer decides to deliberately use a non-standard and incompatible device they seriously reduce the value of that product. Landfill sites are full of obsolete proprietry power adapters, they function perfectly well, but nobody wants a Sony XYZ from 1980 for any other use, so it goes in the trash.

    That product had to be designed (to be unique) where great sums of money could have been saved by using an ISO standard.

    If you over-manufacture, nobody wants the stock. You can't resell to a generic market.

    These idiots cut off their nose to spite their face. The big guys understand the value and security in commodity markets, in generics and
    standards. Products manufactured to standards can be resold on any market, rebranded or adapted.

    The reason software can be designed for lock in is that it costs zero to (re)produce. This is why open source code is so very valuable, not because of it's functionality, it's functionality is almost irrelevant compared to the value of reuse and standards.
  • by postbigbang ( 761081 ) on Thursday February 07, 2008 @07:25PM (#22342246)
    No one argues the downsides and superfluity of lock-ins. I like FOSS. But standards are used by those that bought and paid for them. Look at the history of Ethernet if you're not sure about that. Stallman was right about many things, and one of them was greed. Open is better, but don't expect the world to change overnight.
  • Re:As in... (Score:3, Insightful)

    by esper ( 11644 ) on Thursday February 07, 2008 @07:30PM (#22342310) Homepage
    You haven't provided enough information to determine whether that's a case of lock-in or not. If the CRM system provides the necessary tools to make it easy for the customer to export all of their data into a format which can then be imported by other CRM systems should the customer choose to change vendors, then there is no lock-in.

    Now, granted, that's unlikely to be the case. However, it is the inability to move your data to a competing system which creates the lock-in. The subscription aspect has nothing to do with it one way or the other.
  • by ChrisMounce ( 1096567 ) on Thursday February 07, 2008 @07:37PM (#22342404)
    That's why it's called a lock-in -- you know the customers won't like what you're about to do, so you lock them in. And lock-in isn't a bool, it's a float: all companies lock customers in, but some do it intentionally and to much greater extents than others.

    I do agree with what you said when it comes to smaller companies/non-monopolies -- they don't have much reason to lock-in customers, because they don't have very many customers to lock in, and because it's much more beneficial to look like the consumer-friendly guys. And even though Dell makes a lot of computers, they're not the only PC manufacturer, and any edge over their competition helps.
  • by idontgno ( 624372 ) on Thursday February 07, 2008 @07:43PM (#22342462) Journal
    Tell it to street-level drug pushers. They mastered lock-in decades ago. It's only recently [] that tech marketing has risen to the level of "The first taste is free, baby!"
  • Re:As in... (Score:2, Insightful)

    by PopeRatzo ( 965947 ) * on Thursday February 07, 2008 @07:44PM (#22342490) Journal
    "Lock-in" = one more way that companies that are successful in a "free market" immediately go to work to make the market less free.

    One more reason that Free-Market Theology is nothing but a scam to keep most people poor and working hard, and to make rich people richer and increasingly powerful and protected.

      The operative word is "protected". Note that "lock-ins" are said to "protect market share". The world is uncertain and nothing bothers the rich and powerful like uncertainty. They believe that if God was good enough to make them rich and powerful, then it's unfair that they should be subject to the same rules of uncertainty as the rest of us.

      It's why they hate things like Universal Health Coverage, Social Security, Minimum Wage, etc. If you have to be just as vulnerable to fate as the poor, then what good is being rich?
  • Re:Be Creative! (Score:4, Insightful)

    by ( 1108067 ) on Thursday February 07, 2008 @07:58PM (#22342652) Homepage Journal

    "Windows, like a newspaper, only has value in context and for a limited time. Your old copy of MSDOS is worthless today as are most of every copy of software you have released before 2001. It only had value in context and the sooner you lose that context the better off you are."

    It still does whatever you had to do in times past. For example, SimCity 4 runs fine on Windows 98. A lot of places refuse to dump their Win2k setups, or they have software that still requires DOS.

    Heck, I know one place that runs their financials on a Win 3.1 program. Its been doing everything they need for 15 years, and they're not going to change. It works, it runs fine under xp, and why fix what ain't broke?

  • Re:As in... (Score:2, Insightful)

    by anonicon ( 215837 ) on Thursday February 07, 2008 @08:15PM (#22342822)
    "I don't understand why most people don't get together with friends and family and each pitch in a few bucks each year and have their own domain, with their own email address."

    Comfort zones and insecurity. Speaking as the "computer guy" for about 15-20 friends and family members, the idea of registering a domain name and then paying a very small monthly fee (less than $5, sometimes $0) to permanently own your own domain name and e-mail is uncomfortable when they can just keep their free 5-10 year old AOL/LocalISP address. Only my Mom owns her own domain name (which she really likes).

  • Re:As in... (Score:5, Insightful)

    by bigstrat2003 ( 1058574 ) on Thursday February 07, 2008 @08:39PM (#22343080)
    There are perfectly good reasons to hate universal health care and Social Security apart from supposed hatred of poor people. Not all of us trust the government to be a good provider, and want the ability to opt out of a bad system. Social Security is an even better example. If I believe that Social Security is going to collapse before I can benefit (I have no opinion on the matter, for the record, as I lack sufficient information), why the hell would I want pay into such a thing?

    Not everyone who wants a free market is doing it for the evil reasons you paint, and not everyone who doesn't want the programs you mention is a greedy bastard who wants to be better than poor people.

  • Re:Symantec (Score:3, Insightful)

    by turbidostato ( 878842 ) on Thursday February 07, 2008 @09:49PM (#22343712)
    "Do you still have servers with IDE drives?"

    Oh! so you are one of those that still own in operating conditions half-inch open-reel tapers?

    Or else, your argument is moot, you know...
  • Re:Symantec (Score:2, Insightful)

    by Vombatus ( 777631 ) on Thursday February 07, 2008 @10:40PM (#22344138)
    Long term storage. Our state mandates that student records be archived for 99 years. We can lock tapes in a Safety deposit box.

    You do realise that backup and archiving are two entirely different things, don't you?

  • by evanbd ( 210358 ) on Thursday February 07, 2008 @11:51PM (#22344708)

    Another contradiction of capitalism that is an observation in Marxist theory is the desire of an individual firm to pay its employees as little as possible, but that depends on well-paid consumers having enough money to buy their products.

    All that is is negative feedback. If you want to create a system capable of optimizing itself to changing conditions without a very complicated model and detailed control system (with attendant long, involved tuning process), be it an economy or a simple industrial process, you'll probably find it best to put multiple forces in place that oppose each other in such a way that they balance at an equilibrium point that's near the optimum. There is nothing "contradictory" about market forces being in opposition. One can argue about how well it works (imho, it clearly does a near-perfect job in some cases and an awful job in others), but as part of a design of an economic framework it's not at all clear it's a bad route to take.

    Seriously, try creating a *good* control scheme for a simple system that doesn't involve a negative feedback loop. Then consider how amazingly not simple an economy is.

  • Yeah, sure. What you are suggesting is that I should be able to move house from one country/city/town/suburb but still be able to receive the mail sent to my old home address*. It's an utterly retarded idea.

    When you use an @domain symbol your dns server directs the query to the server that is responsible for that domain. ie, the server operated by (or on behalf of) the owner of the domain.

    If you want email portability then you can register your own domain . It's really quite simple.

    If you don't want to do that then guess what, you can get an email address on somebody elses domain. If you choose to move from their domain you don't retain any rights to continue using a domain name that you don't own

    How is that difficult to understand?

    Honestly, sometimes I think we need a better class of geeks on slashdot. Is Digg down at the moment?

    * Yes, I realise that you can do a temporary mail redirect but this costs money and is very resource intensive. If *everyone* tried to do this in perpetuity then the system would be completely unworkable, both logistically as well as inuitively.
  • by gujo-odori ( 473191 ) on Friday February 08, 2008 @12:18AM (#22344862)
    Is superior customer service, superior functionality, and superior value for price really lock-in? I work for a company that provides all three of those (our product is expensive, perhaps one of the most expensive in our market sector, but it's still superior value for price) and we have very low customer churn because our customers love us and tell us so all the time. They stay with us because they wan to; the nature of our product is such that it could be ripped out and replaced with a competing product (or a combination of open source ones) at any time. What keeps our products in place are the same three things that get them there in the in the first place: superior service, superior function, and superior value. Our customers are loyal - very loyal - but they are not locked in.
  • I realise this, but there was one MAJOR difference. All phone numbers were owned by only a few telco companies and as such it was politically possible for them to be forced into providing cross provider portability or run the risk of losing their common carrier status ie licence.

    The domain system is much different. There are hundreds of thousands of domains owned by almost as many individuals and companies. It is not politically or technically feasible to force some sort of email portability across domains without changing the fundamental nature of how dns currently works.

    Why should I (as an email admin) be forced to allow people to use the domain name that I legally own for free? Am I required to maintain some sort of forwarding list on my mail server of all the people for which I am required to forward mail to? Do I do this for free? If my server crashes and the list is lost am I held legally liable? Who is responsible for tracking where email for my domain should go? Me? The government? Which government?

    Should the entire planets email-address-to-ip-address-cross-reference-table be stored in some central servers somewhere? Where? Who pays?

    It's a ridiculous idea.

  • by Shadowmist ( 57488 ) on Friday February 08, 2008 @07:55AM (#22346998)

    What is termed "contradictions" here is merely conflicting interests. One of the nice properties of a market system is the ability to resolve these conflicts of interest via the market.
    Capitalism doesn't really solve the "low wage" vs "high consumer spending" contradiction it usually tries to defer the problem (much like the way US communities defer maintennce) by outsourcing the "low wage" to a country where everyone is poor and not counted on to spend the company's products and assuming that thier will be "high wage" buyers from somewhere else to be it's market. The inevitable problems arise when everyone has outsourced the same way and there simply isn't anyone left in the "high wage" category to buy the product. (it's an oversimplified argument, but the the fact that much of the American Rust Belt is indeed being left to rust illustrates the point.) Similarly ordered systems can decrease thier own internal entropy only at the cost of greater increased entropy outside the system. The American capitalist system has been running on the assumption that consumers will simply keep spending no matter what the situation. (As Bush urged Americans to do while gearing us to war, a total reversal on the personal belt-tightening and rationing Americans went through through the Great War), now being pressed agaisnt the wall, most Americans are finding staying in the mid-income lifestyle tough enough that they're pinching thier pennies and holding off thier luxury purchases just to pay rents, mortagages, utilities, and have enough left over to put food on the table, hoping to hell that no one in the family gets catstrophically sick.

"I don't believe in sweeping social change being manifested by one person, unless he has an atomic weapon." -- Howard Chaykin