The Weird Reasons that Facebook “Works”

I have a Facebook account, of course. My “friends” list is pretty limited to actual, in-real-life, lives-near-me friends, in part because some younger family members are “friends” and I’m sensitive about what goes on my timeline. (I do have a public Facebook page, though.)

I have a few friends that have transitioned more or less entirely to communicating with me via Facebook’s messaging system, even though they have my e-mail address. I started thinking about why that would be.

First, I suppose there’s an argument that some folks are “in” Facebook all the time, and so messaging from there is just convenient. I’m not sure I buy that, though, because they’re also “in” e-mail all the time, which should be just as convenient. No, I think the reasons are deeper.

I think a big part of it is that, of the entire population of the planet, Facebook represents a tiny “whitelist” of people you want to hear from. That means you’re much less likely to get spam, and you don’t have the overhead of needing to manage spam filters, search through spam folders, and so on. Spam has, in many ways, made e-mail a lot less useful. What would be nice is if e-mail from known people (or domain names) could go into your Inbox, and anything else went into a “pending review” folder. Of course, you’d need to prevent sender address spoofing, which SPF does, but which almost nobody actually uses. So… nevermind.

I think another big factor is that Facebook messages tend to be short and concise. They don’t have e-mail signatures, attachments, and all the dreck that goes with e-mail. In short, we’ve made e-mail suck. I get e-mail from some people where the “extras” (signature, “confidentiality” notice, logo graphics, etc) are triple the size of the actual message.

Then I start to think where else these things apply. What else have I, and others, screwed up in an attempt to make things “better?” Calling a store on the phone, for example. I hate it, because so many companies turn answering the phone into an advertisement: “Hi-thank-you-for-calling-GameStop-can-I-tell-you-about-our-preowned-game-tradein-program-or-our-new-preorder-offer-for-XBox-3Million?” No, dammit. Shut up and let me talk, I’m the customer here.

TV advertising has become just so much spam, and it’s been that way for years. It’s a terrible way to bring original programming to the public (and HBO, Showtime, and Netflix have all demonstrated it isn’t the only way), and there are just so many ads, all the damn time, that we treat it like spam e-mail: into the “ignore” part of our brain. And TV shows are still forced to craft their stories around designated commercial breaks, which means we’re possibly not getting the best artistic product. Yet fewer, more well-crafted commercials might be appreciated and enjoyed – and there’s ample evidence that can be the case.

We see this in the workplace, too. Nobody in an office was deprived of e-mail in this past decade, yet now everyone also has to have instant messaging. Why? Because it feels “less formal” than e-mail. Because e-mail has all that crap attached to it. So why do we use both e-mail and IM? Beats me. Same reason I suppose we still need voicemail, right?

What sort of useless cruft do you have in the workplace that seems useful but is really just making something less useful? What’s redundant? More importantly – why is it redundant? Was it useful at some point, and just became less useful somehow? It’s worth looking at those things, if for no other reason than to understand what happened, so you can watch for it as it happens to the next thing.



Measure Your Process Overhead

How much of your work life is spent on overhead?

That is, for any given task you perform at work, how much of your time is spent actually performing the task, and how much is spent on associated overhead processes?

For example, helping a user solve an IT problem is productive work; the associated help desk ticket paperwork stuff is overhead. Reconfiguring a domain controller is work; the change management meetings leading up to the work are overhead.

Overhead isn’t inherently bad; a certain amount of overhead helps keep everything running smoothly, helps people coordinate with each other, and helps prevent unwanted change in the environment. But you do need to become skilled at measuring the overhead with some accuracy. That way, you can look at the costs of not having the overhead, look at the cost of the overhead, and decide if the overhead is worth it.

For example, when I was with Bell Atlantic, our help desk handled the usual number of “forgotten password” and “account lockout” calls. It literally took them three times longer to fill out the help desk ticket than to solve the problem – and so in many cases they wouldn’t complete the ticket. I didn’t blame them, but it meant we lacked crucial metrics on a common problem. So I modified our ticketing software to include “quick tickets,” which essentially only required the help desk to enter the user’s name. The ticket would open, resolve, and close itself using boilerplate. The overhead became smaller, and was worth the metrics we gained on the problem category.

Knowing your overhead can also help justify better management tools. “Generating this report takes 10 hours a week” can have a specific amount of currency associated with it, and that amount might well be more than it would cost to implement a more efficient way of performing that overhead task. “We spend 8 hours executing change management processes for a specific change that, even if it went wrong, would impact only 2 people for 5 minutes.” OK, the overhead is probably costing more than the problem it’s meant to prevent – so reconsideration is in order.

The difference between “business people” and most “tech people” is that tech people don’t tend to consider these kinds of metrics, like the cost/benefit analysis of overhead processes. You can do a lot for your career by becoming a little more business-y!



Verify Your Assumptions and Gripes

Folks often make important decisions based on inaccurate, unverified assumptions. Whether you’re at work or at the voting booth, it’s important to research the facts that underpin your assumptions – and what you’re being told – and either validate or refute them.


The Price of Gas

For example, folks often rail against oil companies for the high price of gas. And there’s no question that oil companies make a lot of revenue – but who really keeps all the money?

On average (it varies by state), $0.50 of each gallon goes to the government in the form of taxes. The gas station owner keeps about 2.5% – almost nothing; they make their living by selling items from the convenience store, mechanic services, and other stuff. The gas is just to bring you in. On a $4 gallon, that’s about $0.10 per gallon.

So far, the oil company is getting about $3.40 on a $4.00 gallon. But here comes the government again, with the ever-popular invisible corporate tax. On oil companies, it’s around 55%. Yeah. The Department of Labor and Statistics figures that it costs about 40% to manufacture and transport the cost (it varies a lot; I’m averaging out the last decade), so of that $3.40 the oil company gets, roughly $1.40 is cost-of-goods; that leaves about $2 in gross profit. Assuming zero overhead, zero R&D, and zero other expenses (which isn’t the case, obviously), the company pays about $1.10 in taxes per gallon, and keeps about $0.90.

That’s a 22% profit margin, roughly, which isn’t bad – but the government is getting almost twice that much, close to 40% of the retail cost per gallon. Oil companies’ massive revenues come from their massive sales volume, not from massive profit margins. The government’s the one getting rich on oil.

So when you think a politician is soft on Big Oil… maybe they’re just sweet for the IRS.



Remember many years back, when the old woman got burned by the hot cup of coffee at McDonald’s, and sued for millions?

Pretty much everyone made a joke of it. I mean, it’s coffee. It’s supposed to be hot. WTF?

Well, much of that feeling came from the massive publicity heaped on the issue by McDonald’s lawyers, and by like-minded industry groups who were thinking of the companies. Using that and a couple of other cases, they were able to get voters and politicians to pass sweeping tort reforms, limiting the damages someone could collect from cases like that.

Thing is, that old lady was severely damaged. Her coffee wasn’t hot, it was superheated – well above boiling. It literally stripped the skin off her inner thighs, causing permanent nerve damage. She had to go on medications for the rest of her life, couldn’t walk normally (the muscle tissue was damaged), and generally lived in hell. A million bucks is a lot of money, but would you be happy with it if someone stripped skin and muscle off of your legs, essentially ruining your life and condemning you to a permanent drug haze?

I made the same assumptions almost everyone made when I first heard of the case – more ridiculous lawsuits! But the tort reforms in most states now mean that there’s a hard cap on how much money you can receive above and beyond your actual medical costs – and in terms of compensating you for your life essentially being taken away, it’s not much. In Nevada, where I live, it’s about a million. If I were damaged badly, and unable to work, a million bucks wouldn’t last me through to end of life. But that’s my cap, thanks to tort reform.

Big corporations fought for those tort laws… so who benefits from the laws?

They won by mocking the “trial lawyers” who go after “big settlements” on “ridiculous cases.” It’s easy to get the public in a gnash against trial lawyers; nobody likes ‘em. But pay attention to who is riling you up against the trial lawyers, because they assuredly have a motive, too.


Point Being

Be real careful about what you see online, hear in the news, and what’s fed to your brain in general. There’s always another side to the story, and it’s never as simple a narrative as you’re being handed. Research. Make sure you’re getting the full story. Make sure it all adds up in your head – and that you’re not simply buying a simple version of the “truth” that someone wants to sell you. Make sure you know the motives. It doesn’t matter which side of the argument you eventually decide is “yours;” what matters is that you’re not letting someone lead you to that decision. Make it on your own.




Is There Any Future in Being a System Center Guru, Career-Wise?

There was a well thought-out post on that I wanted to respond to. I’ll quote out the post, and respond inline. I’m doing this here because it’s a topic near and dear to my heart, and one I want to be able to easily refer people to in the future.

As someone who has invested a significant amount of time learning the System Center product suite, I am beginning to wonder if focusing on System Center is a good move career-wise.

It’s pretty clear that the importance of DataCenter management tools is lessening. The trend is for companies to move to the Cloud and leverage SAAS and IAAS solutions.

Well, yes, but also no. Private data centers will remain hugely important for a long time, and you’ll need tools to manage them – as well as tools to manage your public-cloud assets. It’s going to be a hybrid world for the foreseeable future. Many organizations simply won’t go heavily public; there are a lot of political and legal concerns around it right now that aren’t going to be resolved real soon.

The prevalence of On-Prem tools is diminishing and everything is moving towards a service-based model.

Well, no. Your own datacenter should have been moving toward a service-based model – e.g., a service you provide to the organization – a long time ago. You need on-prem tools to do that. One reason the public cloud has been successful is because so many internal IT teams utterly failed to provide their organizations with what the organization really needed, often due to a lack of executive leadership.

How many Sharepoint and Exchange admins do you need when you have Office365?

Fewer, for sure, but O365 isn’t admin-free. Frankly, most organizations I see are heavier on communications admins than they need to be. It’s O365’s automation that lets you get away with fewer admins; it’s automation you could have implemented internally some time ago.

Why stick with System Center when you have free Open-Source solutions such as OpenStack available?

The same reason you use Windows instead of Linux. Open-source isn’t the perfect solution for every organization. Many organizations will find benefit in having multiple stacks serving different business purposes.

Why invest in SCOM monitoring when you can just use AWS and leverage AWS Cloudwatch which is free?

Because you’ll still monitor internal assets, and because Cloudwatch doesn’t monitor to nearly the level that SCOM does. Further, you’ll need to monitor hybrid assets, and something like SCOM is well positioned to do that if your public cloud assets happen to be in Microsoft’s public cloud. Yes, System Center is a proprietary stack – it’s pretty much always been that way. Everyone else’s stack is proprietary, too; “Open” Stack might be open-source, but it still wants you to implement its components rather than someone else’s. I don’t mean that as a bad thing, just pointing it out.

Why use SCCM to patch servers when you can slipstream patches into your server build scripts with CloudFormation scripts?

Personally, I question whether you’ll use SCCM for anything for much longer, as I think better solutions are coming. But, this isn’t a “does System Center offer any value” question, it’s a “whose stack do you want to play in” question. If you’re implementing a Microsoft stack, and that’s inclusive of Azure-based assets, you’ll use Microsoft tools. This question is like saying “why would you use SCVMM when vCenter does the same thing?” The obvious answer is, “because they’re different stacks.”

Why use Orchestrator when you have SMA?

You probably wouldn’t. Orchestrator isn’t Microsoft’s go-forward solution; SMA is. But SMA is part of System Center; this doesn’t in any way point to System Center being less relevant.

Why bother deploying SCSM when you can leverage a SAAS solution like ServiceNow and take the complexity of owning and operating a helpdesk application out of the equation?

Again, this is a stack question in part. SCSM is the hub that, along with SMA and Orchestrator, tie most of the Microsoft stack together. And SCSM isn’t terribly complex to own or operate. I also expect Microsoft will someday rent us a SaaS version of SCSM (and likely SCOM, along with other bits). You have to be a bit careful about making this an “on-prem vs. cloud” argument, because System Center is edging toward being “cloud” itself.

Look at what Microsoft has been doing: They ended Technet subscriptions. They ended MMS and have combined all of their conferences into one huge uber-conference. They ended the Master MCSE certifications.

This doesn’t really have anything to do with the System Center question; this feels more like a “is Microsoft abandoning IT pros?” question. And yes, in part, they are. The days of clicking next-next-finish to manage your infrastructure are ending; DevOps is what Microsoft wants running the datacenter now, and that means admins who think a bit more like developers… and that means ending the separation between “dev” and “IT pro.” You don’t have to like it; you can certainly point your career elsewhere if you think Microsoft is off it’s rocker. But this is what they’re doing.

The Master MCSE certifications were almost always doomed – few people took them, they were expensive, and they just weren’t following the business trends. They were, in some ways, a day late and a dollar short to get really entrenched. Do you have one? I never did.

TechEd, MMS, and the other conferences were, in my opinion, just a stupid marketing move. I don’t think they’re part of any bigger pattern, apart from little fiefdoms inside Microsoft who were getting agitated that other people were running conferences.

Everything they are pushing now is Azure Azure Azure. Microsoft is transitioning into becoming a service-based company.

True, and they’ve been very upfront about that with phrasing like “cloud-first engineering.” Microsoft’s customers drove them to it, in part, by sitting on a single server operating system for over a decade. If Microsoft can’t sell you software in a steady stream, they’re going to rent it to you instead.

Look at their latest System Center technical preview: SCVMM now no longer supports Citrix XenServer and VMWare:

Which is hugely disappointing, but not unexpected. You’re right in that the company is pushing for what they need in Azure, and the SCVMM team doubtless felt pressured to drop “outlier” support and focus on core stuff.

The bottom line? The Microsoft IT admin career path is changing. That doesn’t mean System Center is going away, but it’s going to morph. Being a guru is probably still a safe career path, provided you keep up with the changes. Don’t tell me you’re a guru in SC2007; nobody cares. But if you’re solid on all the latest – and the change is going to be fast and drastic from here on out – then you’ll be of great value to many organizations. But, if you’re just the guy who runs the Deployment Wizard in SCCM… yeah, I’d start looking at other futures.

Just Had to Share this Funny Cop Story

I have a good friend who recently joined the police department. He’s made it through academy, and is working with a training officer. He sent me this story:

Had a moment today that I had to share with you. We got a gps alert from a portable generator outside of the Déjà Vu sex shop on Tropicana today so we responded to the possible theft.

We get there and nothing is amiss so my field training officer sends me inside to check with the manager on who owns it. Keep in mind I’m in a full cop uniform walking into a sex shop. That is having a Halloween costume sale, with models wearing costumes.

I walk into the store and the manager says,”your late.”  I say, “sir I’m truly sorry about that, we’ve been a little busy.”  He replies that that is no excuse and he’d be contacting my agency.

He then tells me that my uniform isn’t tight enough and I need to change into something different and his assistant says she likes my authenticity.

At this point a lightbulb goes off in my head and I’m like, “whoa hold ona minute here.”

Manager’s assistant: “No time to be squeamish here kiddo, go and get dressed.”

Me: “ma’am, I’m a police officer.”

Her: I like the commitment, it’s sexy keep it up.”

Me: “No seriously, I’m a real cop.”

Her: “yeah whatever quit wasting time and get that ass into the changing room now.”

Me: “this is a real badge, I’m a real cop and this is a real gun.”

Her: “one more word out of you and you’re fired.”

Eventually I convince them I am real and I’m just there to ask about the portable generator outside. The manger then promptly informs me that it belongs to Metro and cops dropped it off to see if anyone will steal it. He shows me paper work confirming this.

I go to relay this information to my training officer and he can’t stop laughing for the next twenty minutes. FML.

Security IS Part of the Business

Something I’ve written about a lot lately is how companies don’t have a real “culture of security.” That applies not just to IT, in most companies: you see it everywhere. Printouts (containing important information) lying around on printers, no widely-available shredders, cabinets not locked, that kind of thing.

We tend to treat security as something we “have to do,” and especially when it comes to IT that attitude derives in part from most companies’ regard of IT in general as “overhead.” Security gets lumped in with sexual harassment training, diversity training, and other stuff we know we have to do, but that we don’t really consider to be a part of the core business. In fact, in most companies, security is something users try to work around, rather than work within, leading to them (for example) using Dropbox to transfer files with outside contacts, instead of using a company-provided, more-secure mechanism.

That’s a shame, because security is, and should be, very much a part of the business. Unless everyone is on board with security, all the time, security doesn’t happen – and that’s when things like Target, Marshall’s, or any of the other recent debacles happen.

So how do you make security a part of the company’s culture? It’s really hard. Maintaining a general sense of security essentially means being on “orange alert” all the time, and humans just aren’t designed to stay that alert all the time. In other words, you probably can’t make your users constantly aware of security. Instead, security has to become an ingrained habit – and building habits often means breaking old ones, and that’s what’s hard about it.

Take a construction site: any worker with any experience just pops on a hardhat, steel-toed shoes, and other personal protective equipment as a matter of habit. New workers have to be trained, usually through outright and continual nagging by their boss and coworkers. But eventually habit kicks in, and they stop thinking about safety and “just do it.”

Or consider folks who know it isn’t safe to drive a car and talk on a cell phone, and who instead develop a habit of walking around with a headset sticking out of their ear. Yeah, they might look like a dropout from Uhuru school, but it’s a worthwhile habit that prevents them from doing something stupid or unsafe.

Security has to be build up as a set of habits. Habit-forming can’t happen through company memos, once-a-year classes, or ubiquitous signage. Habits form through personal experience, and only through personal experience. They’re especially tough to form in areas where users work independently, like sending e-mail. One way to start developing good habits is, not surprisingly, through game-playing. For example, if you’re trying to break users of the habit of opening janky email attachments, start sending a few yourself. Make a little “virus” that logs the fact the user opened it… and keep track of users who do, and who do not, open it. Publicly acknowledge those users who do not open the email, and award them points or something; deduct points from users who don’t follow the rules. Get HR involved, and let users redeem points for an extra day off or some other perk.

Toys ‘R’ Us used a similar program to help deter shoplifting: cashiers are supposed to open and inspect any container that a customer purchases, like a small box or a lunchbox. The idea is to catch customers who are trying to sneak other merchandise into the container without paying. To enforce the policy, the company would insert a  voucher into random containers. Cashiers who found the vouchers would receive a small cash award – enough incentive that everyone wanted to inspect containers. That want quickly became habit for most cashiers. The carrot came with a stick, too: if a customer found the voucher and brought it to the store with their receipt (meaning the cashier hadn’t checked the container), the customer got a prize, and the cashier (identified on the receipt) got disciplined.

Regardless of the political or financial realities at your company (in other words, think “blue sky” here), what might you do to entice users to develop better security habits? It doesn’t matter if you think your organization would use your ideas or not – share in a comment, in case someone else might benefit!







Are You a Vendor or a Partner?

I have a friend who runs the purchasing department for one of Las Vegas’ larger casinos. His job, obviously, is to save the company money by negotiating volume contracts and the like.

He was telling me about a contract that was coming up for renewal, and about the discussion he’d been having with the vendor. It was something along the lines of, “look, we’ve been paying you our contract rate for the past however many years. In the meantime, you’ve been completely absent. You’ve never come in here and offered to help me save money elsewhere, never notified me of any new deals or offers, nothing. In fact, I’ve been purchasing far more than our contract required, and you’ve never dropped by to see if we could settle on a new price for our higher-than-expected volume. I give you more and more business, and you give me nothing. And now you want to renew at a higher price, even though I know you’re offering better pricing to others in town.” Vegas is a small town – you can’t be dishonest with someone for long, here.

Anyway, the whole conversation got me to thinking that there really is a difference between a vendor and a partner. In the case of my friend, a partner would try to make a good profit for his company, sure, but he’d also recognize the value of a long-term relationship and try to help optimize that relationship so that both sides benefited. He’d regularly check in to see if there was room for improvement, and proactively look for opportunities to strengthen and deepen the relationship. But he didn’t – he played the role of vendor and, if I remember the story correctly, lost the deal to another company.

I had a similar experience with my auto insurance several years back. I was talking to a financial advisor who used to work in the auto insurance industry, and he offered to look at my policy. “Your limits are way too low,” he said, “and you don’t need some of these other coverages.” Rental car coverage, for example, was costing me about $27/month. That’s actually what it would cost to just rent a cheap car per day, meaning I was paying for 12 days of rentals per year, and never using them.

And my insurance agent never said a thing. Never offered to review my policy, never suggested why I might need to raise my limits (which makes him more money), never suggested considering those other coverages. He wasn’t a partner, in other words – he was just a vendor. And, since he brought nothing of value to the table, he was easily replaced.

It’s something I think everyone needs to consider in their career. Imagine, for a moment, that our legal system allowed everyone to be an independent contractor, rather than being an employee. Would you be a partner to your current employer, or a vendor? That is, would you be providing a simple commodity service that could be replaced, or do you provide a unique value-add that makes you worth keeping around, and possibly paying a premium?

For example, do you look for ways to save your employer money? Do you automate and optimize? Do you invest in yourself to gain the skills needed to automate and optimize? Yes, those skills benefit your employer, but they also benefit you, and it’s worth investing that time.

Do you look for problem situations and try to solve them? For example, when I helped a former employer migrate from Lotus cc:mail to Exchange+Outlook, I came up with a little brochure that we distributed to company employees, helping them quickly find the most common functions in the new software. That saved a lot of help desk calls, so even though it wasn’t strictly my job, everyone benefited from it.

Your suggestions don’t always have to be implemented – and don’t get discouraged if they aren’t. Continue to suggest, to optimize, and to improve. Make yourself an indispensable partner, and never let yourself become an easily replaced vendor.