Verify Your Assumptions and Gripes

Folks often make important decisions based on inaccurate, unverified assumptions. Whether you’re at work or at the voting booth, it’s important to research the facts that underpin your assumptions – and what you’re being told – and either validate or refute them.


The Price of Gas

For example, folks often rail against oil companies for the high price of gas. And there’s no question that oil companies make a lot of revenue – but who really keeps all the money?

On average (it varies by state), $0.50 of each gallon goes to the government in the form of taxes. The gas station owner keeps about 2.5% – almost nothing; they make their living by selling items from the convenience store, mechanic services, and other stuff. The gas is just to bring you in. On a $4 gallon, that’s about $0.10 per gallon.

So far, the oil company is getting about $3.40 on a $4.00 gallon. But here comes the government again, with the ever-popular invisible corporate tax. On oil companies, it’s around 55%. Yeah. The Department of Labor and Statistics figures that it costs about 40% to manufacture and transport the cost (it varies a lot; I’m averaging out the last decade), so of that $3.40 the oil company gets, roughly $1.40 is cost-of-goods; that leaves about $2 in gross profit. Assuming zero overhead, zero R&D, and zero other expenses (which isn’t the case, obviously), the company pays about $1.10 in taxes per gallon, and keeps about $0.90.

That’s a 22% profit margin, roughly, which isn’t bad – but the government is getting almost twice that much, close to 40% of the retail cost per gallon. Oil companies’ massive revenues come from their massive sales volume, not from massive profit margins. The government’s the one getting rich on oil.

So when you think a politician is soft on Big Oil… maybe they’re just sweet for the IRS.



Remember many years back, when the old woman got burned by the hot cup of coffee at McDonald’s, and sued for millions?

Pretty much everyone made a joke of it. I mean, it’s coffee. It’s supposed to be hot. WTF?

Well, much of that feeling came from the massive publicity heaped on the issue by McDonald’s lawyers, and by like-minded industry groups who were thinking of the companies. Using that and a couple of other cases, they were able to get voters and politicians to pass sweeping tort reforms, limiting the damages someone could collect from cases like that.

Thing is, that old lady was severely damaged. Her coffee wasn’t hot, it was superheated – well above boiling. It literally stripped the skin off her inner thighs, causing permanent nerve damage. She had to go on medications for the rest of her life, couldn’t walk normally (the muscle tissue was damaged), and generally lived in hell. A million bucks is a lot of money, but would you be happy with it if someone stripped skin and muscle off of your legs, essentially ruining your life and condemning you to a permanent drug haze?

I made the same assumptions almost everyone made when I first heard of the case – more ridiculous lawsuits! But the tort reforms in most states now mean that there’s a hard cap on how much money you can receive above and beyond your actual medical costs – and in terms of compensating you for your life essentially being taken away, it’s not much. In Nevada, where I live, it’s about a million. If I were damaged badly, and unable to work, a million bucks wouldn’t last me through to end of life. But that’s my cap, thanks to tort reform.

Big corporations fought for those tort laws… so who benefits from the laws?

They won by mocking the “trial lawyers” who go after “big settlements” on “ridiculous cases.” It’s easy to get the public in a gnash against trial lawyers; nobody likes ‘em. But pay attention to who is riling you up against the trial lawyers, because they assuredly have a motive, too.


Point Being

Be real careful about what you see online, hear in the news, and what’s fed to your brain in general. There’s always another side to the story, and it’s never as simple a narrative as you’re being handed. Research. Make sure you’re getting the full story. Make sure it all adds up in your head – and that you’re not simply buying a simple version of the “truth” that someone wants to sell you. Make sure you know the motives. It doesn’t matter which side of the argument you eventually decide is “yours;” what matters is that you’re not letting someone lead you to that decision. Make it on your own.




Is There Any Future in Being a System Center Guru, Career-Wise?

There was a well thought-out post on that I wanted to respond to. I’ll quote out the post, and respond inline. I’m doing this here because it’s a topic near and dear to my heart, and one I want to be able to easily refer people to in the future.

As someone who has invested a significant amount of time learning the System Center product suite, I am beginning to wonder if focusing on System Center is a good move career-wise.

It’s pretty clear that the importance of DataCenter management tools is lessening. The trend is for companies to move to the Cloud and leverage SAAS and IAAS solutions.

Well, yes, but also no. Private data centers will remain hugely important for a long time, and you’ll need tools to manage them – as well as tools to manage your public-cloud assets. It’s going to be a hybrid world for the foreseeable future. Many organizations simply won’t go heavily public; there are a lot of political and legal concerns around it right now that aren’t going to be resolved real soon.

The prevalence of On-Prem tools is diminishing and everything is moving towards a service-based model.

Well, no. Your own datacenter should have been moving toward a service-based model – e.g., a service you provide to the organization – a long time ago. You need on-prem tools to do that. One reason the public cloud has been successful is because so many internal IT teams utterly failed to provide their organizations with what the organization really needed, often due to a lack of executive leadership.

How many Sharepoint and Exchange admins do you need when you have Office365?

Fewer, for sure, but O365 isn’t admin-free. Frankly, most organizations I see are heavier on communications admins than they need to be. It’s O365’s automation that lets you get away with fewer admins; it’s automation you could have implemented internally some time ago.

Why stick with System Center when you have free Open-Source solutions such as OpenStack available?

The same reason you use Windows instead of Linux. Open-source isn’t the perfect solution for every organization. Many organizations will find benefit in having multiple stacks serving different business purposes.

Why invest in SCOM monitoring when you can just use AWS and leverage AWS Cloudwatch which is free?

Because you’ll still monitor internal assets, and because Cloudwatch doesn’t monitor to nearly the level that SCOM does. Further, you’ll need to monitor hybrid assets, and something like SCOM is well positioned to do that if your public cloud assets happen to be in Microsoft’s public cloud. Yes, System Center is a proprietary stack – it’s pretty much always been that way. Everyone else’s stack is proprietary, too; “Open” Stack might be open-source, but it still wants you to implement its components rather than someone else’s. I don’t mean that as a bad thing, just pointing it out.

Why use SCCM to patch servers when you can slipstream patches into your server build scripts with CloudFormation scripts?

Personally, I question whether you’ll use SCCM for anything for much longer, as I think better solutions are coming. But, this isn’t a “does System Center offer any value” question, it’s a “whose stack do you want to play in” question. If you’re implementing a Microsoft stack, and that’s inclusive of Azure-based assets, you’ll use Microsoft tools. This question is like saying “why would you use SCVMM when vCenter does the same thing?” The obvious answer is, “because they’re different stacks.”

Why use Orchestrator when you have SMA?

You probably wouldn’t. Orchestrator isn’t Microsoft’s go-forward solution; SMA is. But SMA is part of System Center; this doesn’t in any way point to System Center being less relevant.

Why bother deploying SCSM when you can leverage a SAAS solution like ServiceNow and take the complexity of owning and operating a helpdesk application out of the equation?

Again, this is a stack question in part. SCSM is the hub that, along with SMA and Orchestrator, tie most of the Microsoft stack together. And SCSM isn’t terribly complex to own or operate. I also expect Microsoft will someday rent us a SaaS version of SCSM (and likely SCOM, along with other bits). You have to be a bit careful about making this an “on-prem vs. cloud” argument, because System Center is edging toward being “cloud” itself.

Look at what Microsoft has been doing: They ended Technet subscriptions. They ended MMS and have combined all of their conferences into one huge uber-conference. They ended the Master MCSE certifications.

This doesn’t really have anything to do with the System Center question; this feels more like a “is Microsoft abandoning IT pros?” question. And yes, in part, they are. The days of clicking next-next-finish to manage your infrastructure are ending; DevOps is what Microsoft wants running the datacenter now, and that means admins who think a bit more like developers… and that means ending the separation between “dev” and “IT pro.” You don’t have to like it; you can certainly point your career elsewhere if you think Microsoft is off it’s rocker. But this is what they’re doing.

The Master MCSE certifications were almost always doomed – few people took them, they were expensive, and they just weren’t following the business trends. They were, in some ways, a day late and a dollar short to get really entrenched. Do you have one? I never did.

TechEd, MMS, and the other conferences were, in my opinion, just a stupid marketing move. I don’t think they’re part of any bigger pattern, apart from little fiefdoms inside Microsoft who were getting agitated that other people were running conferences.

Everything they are pushing now is Azure Azure Azure. Microsoft is transitioning into becoming a service-based company.

True, and they’ve been very upfront about that with phrasing like “cloud-first engineering.” Microsoft’s customers drove them to it, in part, by sitting on a single server operating system for over a decade. If Microsoft can’t sell you software in a steady stream, they’re going to rent it to you instead.

Look at their latest System Center technical preview: SCVMM now no longer supports Citrix XenServer and VMWare:

Which is hugely disappointing, but not unexpected. You’re right in that the company is pushing for what they need in Azure, and the SCVMM team doubtless felt pressured to drop “outlier” support and focus on core stuff.

The bottom line? The Microsoft IT admin career path is changing. That doesn’t mean System Center is going away, but it’s going to morph. Being a guru is probably still a safe career path, provided you keep up with the changes. Don’t tell me you’re a guru in SC2007; nobody cares. But if you’re solid on all the latest – and the change is going to be fast and drastic from here on out – then you’ll be of great value to many organizations. But, if you’re just the guy who runs the Deployment Wizard in SCCM… yeah, I’d start looking at other futures.

Just Had to Share this Funny Cop Story

I have a good friend who recently joined the police department. He’s made it through academy, and is working with a training officer. He sent me this story:

Had a moment today that I had to share with you. We got a gps alert from a portable generator outside of the Déjà Vu sex shop on Tropicana today so we responded to the possible theft.

We get there and nothing is amiss so my field training officer sends me inside to check with the manager on who owns it. Keep in mind I’m in a full cop uniform walking into a sex shop. That is having a Halloween costume sale, with models wearing costumes.

I walk into the store and the manager says,”your late.”  I say, “sir I’m truly sorry about that, we’ve been a little busy.”  He replies that that is no excuse and he’d be contacting my agency.

He then tells me that my uniform isn’t tight enough and I need to change into something different and his assistant says she likes my authenticity.

At this point a lightbulb goes off in my head and I’m like, “whoa hold ona minute here.”

Manager’s assistant: “No time to be squeamish here kiddo, go and get dressed.”

Me: “ma’am, I’m a police officer.”

Her: I like the commitment, it’s sexy keep it up.”

Me: “No seriously, I’m a real cop.”

Her: “yeah whatever quit wasting time and get that ass into the changing room now.”

Me: “this is a real badge, I’m a real cop and this is a real gun.”

Her: “one more word out of you and you’re fired.”

Eventually I convince them I am real and I’m just there to ask about the portable generator outside. The manger then promptly informs me that it belongs to Metro and cops dropped it off to see if anyone will steal it. He shows me paper work confirming this.

I go to relay this information to my training officer and he can’t stop laughing for the next twenty minutes. FML.

Security IS Part of the Business

Something I’ve written about a lot lately is how companies don’t have a real “culture of security.” That applies not just to IT, in most companies: you see it everywhere. Printouts (containing important information) lying around on printers, no widely-available shredders, cabinets not locked, that kind of thing.

We tend to treat security as something we “have to do,” and especially when it comes to IT that attitude derives in part from most companies’ regard of IT in general as “overhead.” Security gets lumped in with sexual harassment training, diversity training, and other stuff we know we have to do, but that we don’t really consider to be a part of the core business. In fact, in most companies, security is something users try to work around, rather than work within, leading to them (for example) using Dropbox to transfer files with outside contacts, instead of using a company-provided, more-secure mechanism.

That’s a shame, because security is, and should be, very much a part of the business. Unless everyone is on board with security, all the time, security doesn’t happen – and that’s when things like Target, Marshall’s, or any of the other recent debacles happen.

So how do you make security a part of the company’s culture? It’s really hard. Maintaining a general sense of security essentially means being on “orange alert” all the time, and humans just aren’t designed to stay that alert all the time. In other words, you probably can’t make your users constantly aware of security. Instead, security has to become an ingrained habit – and building habits often means breaking old ones, and that’s what’s hard about it.

Take a construction site: any worker with any experience just pops on a hardhat, steel-toed shoes, and other personal protective equipment as a matter of habit. New workers have to be trained, usually through outright and continual nagging by their boss and coworkers. But eventually habit kicks in, and they stop thinking about safety and “just do it.”

Or consider folks who know it isn’t safe to drive a car and talk on a cell phone, and who instead develop a habit of walking around with a headset sticking out of their ear. Yeah, they might look like a dropout from Uhuru school, but it’s a worthwhile habit that prevents them from doing something stupid or unsafe.

Security has to be build up as a set of habits. Habit-forming can’t happen through company memos, once-a-year classes, or ubiquitous signage. Habits form through personal experience, and only through personal experience. They’re especially tough to form in areas where users work independently, like sending e-mail. One way to start developing good habits is, not surprisingly, through game-playing. For example, if you’re trying to break users of the habit of opening janky email attachments, start sending a few yourself. Make a little “virus” that logs the fact the user opened it… and keep track of users who do, and who do not, open it. Publicly acknowledge those users who do not open the email, and award them points or something; deduct points from users who don’t follow the rules. Get HR involved, and let users redeem points for an extra day off or some other perk.

Toys ‘R’ Us used a similar program to help deter shoplifting: cashiers are supposed to open and inspect any container that a customer purchases, like a small box or a lunchbox. The idea is to catch customers who are trying to sneak other merchandise into the container without paying. To enforce the policy, the company would insert a  voucher into random containers. Cashiers who found the vouchers would receive a small cash award – enough incentive that everyone wanted to inspect containers. That want quickly became habit for most cashiers. The carrot came with a stick, too: if a customer found the voucher and brought it to the store with their receipt (meaning the cashier hadn’t checked the container), the customer got a prize, and the cashier (identified on the receipt) got disciplined.

Regardless of the political or financial realities at your company (in other words, think “blue sky” here), what might you do to entice users to develop better security habits? It doesn’t matter if you think your organization would use your ideas or not – share in a comment, in case someone else might benefit!







Are You a Vendor or a Partner?

I have a friend who runs the purchasing department for one of Las Vegas’ larger casinos. His job, obviously, is to save the company money by negotiating volume contracts and the like.

He was telling me about a contract that was coming up for renewal, and about the discussion he’d been having with the vendor. It was something along the lines of, “look, we’ve been paying you our contract rate for the past however many years. In the meantime, you’ve been completely absent. You’ve never come in here and offered to help me save money elsewhere, never notified me of any new deals or offers, nothing. In fact, I’ve been purchasing far more than our contract required, and you’ve never dropped by to see if we could settle on a new price for our higher-than-expected volume. I give you more and more business, and you give me nothing. And now you want to renew at a higher price, even though I know you’re offering better pricing to others in town.” Vegas is a small town – you can’t be dishonest with someone for long, here.

Anyway, the whole conversation got me to thinking that there really is a difference between a vendor and a partner. In the case of my friend, a partner would try to make a good profit for his company, sure, but he’d also recognize the value of a long-term relationship and try to help optimize that relationship so that both sides benefited. He’d regularly check in to see if there was room for improvement, and proactively look for opportunities to strengthen and deepen the relationship. But he didn’t – he played the role of vendor and, if I remember the story correctly, lost the deal to another company.

I had a similar experience with my auto insurance several years back. I was talking to a financial advisor who used to work in the auto insurance industry, and he offered to look at my policy. “Your limits are way too low,” he said, “and you don’t need some of these other coverages.” Rental car coverage, for example, was costing me about $27/month. That’s actually what it would cost to just rent a cheap car per day, meaning I was paying for 12 days of rentals per year, and never using them.

And my insurance agent never said a thing. Never offered to review my policy, never suggested why I might need to raise my limits (which makes him more money), never suggested considering those other coverages. He wasn’t a partner, in other words – he was just a vendor. And, since he brought nothing of value to the table, he was easily replaced.

It’s something I think everyone needs to consider in their career. Imagine, for a moment, that our legal system allowed everyone to be an independent contractor, rather than being an employee. Would you be a partner to your current employer, or a vendor? That is, would you be providing a simple commodity service that could be replaced, or do you provide a unique value-add that makes you worth keeping around, and possibly paying a premium?

For example, do you look for ways to save your employer money? Do you automate and optimize? Do you invest in yourself to gain the skills needed to automate and optimize? Yes, those skills benefit your employer, but they also benefit you, and it’s worth investing that time.

Do you look for problem situations and try to solve them? For example, when I helped a former employer migrate from Lotus cc:mail to Exchange+Outlook, I came up with a little brochure that we distributed to company employees, helping them quickly find the most common functions in the new software. That saved a lot of help desk calls, so even though it wasn’t strictly my job, everyone benefited from it.

Your suggestions don’t always have to be implemented – and don’t get discouraged if they aren’t. Continue to suggest, to optimize, and to improve. Make yourself an indispensable partner, and never let yourself become an easily replaced vendor.


You Probably Shouldn’t Read This

UPDATE: The Air Force backed down, and allowed the airman to re-enlist by omitting the “so help me God” portion of the oath. Bravo, but it’s a shame it had to go down the way it did.

Seriously. This is about religion, so you should probably go back to whatever you were just doing. This is an opinion piece, and I’m entitled to mine. So.

I was aghast at today’s USA Today article explaining how an Air Force airman was denied re-enlistment for refusing to finish his enlistment oath. As an atheist, he objected to the “so help me God” portion of the oath, which the Air Force says is mandated by statue.

It’s such a crock, I can’t help but wonder who in the military is using this to make some kind of spiteful jab at Congress or the administration. Everyone knows that both the First Amendment and Article VI of the Constitution makes such a requirement patently illegal. I’m sure there are plenty of devout service members in religions other than Christianity who would also object to the oath, and I know there are plenty of Christian sects that object to any kind of oathmaking to God. Surely we’re not trying to exclude all of them from the military, right? And it seems a little disingenuous anyway. I mean, a truly devout Christian, who perhaps would have no objections to making an oath unto God, would also feel a bit nervous about the whole “thou shalt not kill” thing, right? Killing being a sort of implied requirement of joining the military?

According to our basic precepts of government, as outlined in the Constitution, our government cannot prescribe or dictate someone’s religion to them, and this USAF fiasco-in-the-making certainly seems like an attempt to do just that.


This is the kind of news story that gets people up in arms about completely different religious-related things, and does so incorrectly. While our government is barred from dictating or establishing a religion, it is not barred from recognizing religions (plural), nor is it barred from incorporating religious precepts into government – provided it does so in a way that doesn’t force someone to join said religion. That “thou shalt not kill” bit, for example, is a pretty important underlying thing in our laws, which are not a big fan of citizens killing each other. In fact, Christianity’s Ten Commandments pretty much outline the core concepts that underpin the majority of our oldest and most significant laws. So it’s not like religion is unimportant, from a governance perspective.

But this whole “the government and religion can’t co-exist” gets taken too far, as (I feel) in this other USA Today article from a few days ago. Putting a cross or other religiously-significant monument in a public place isn’t necessarily violating the separation of church and state. Such a monument could easily be a simple cultural acknowledgement of the role religion has played in our country – which was, keep in mind, founded in part by folks seeking religious freedom. The cross in this Indiana state park doesn’t in any way detract from anyone’s use of the park, and it doesn’t “promote Christianity” any more than having “in God we Trust” printed on our money promotes Christianity. Atheists manage to be atheists while also spending money, so it’s difficult to see how a cross, on a war memorial, could be negatively impacting anyone.

And putting a cross on a veterans’ memorial doesn’t make the entire park into a religious shrine. That’s a ridiculous overstatement. It’s like saying a county council meeting has become a church, simply because it opens with the Pledge of Allegiance (which also includes the word “God,” something that’s cause no end of bickering in the past couple of decades).

The problem with this “remove religion at all costs” is that it’s just as wrong as trying to shove religion down someone’s throat. The idea that, in a country based on religious freedom (it was the first thing we added to the Constitution, remember), you can’t display your religion, is just ridiculous to me. Religious freedom doesn’t mean you don’t have to look at anything you disagree with. It means the government can’t tell you what to believe in. Your fellow citizens are welcome to try and convert you to their viewpoint – that’s in the First Amendment, too. You also have the non-enumerated freedom to walk away and not listen. 

You have a right to live in this country and practice whatever legitimate religion, or lack thereof, you wish. You do not have a right to force other people to join you – and that includes forcing them to join you in atheism. You do have the right, in a public venue, to stand up and proselytize – that’s a basic First Amendment protected speech thing – and that proselytizing could well including promoting atheism.

One of the biggest problems we have in our American culture today is a lack of respect, and a lack of tolerance, for other people’s perspectives. While I don’t want the government forcing any religion down my throat, I must not have a problem with other people practicing, displaying, and promoting their religions. I cannot find it in me to get upset about displays like the one in the Indiana state park, simply because Christianity – and other religions – are a part of our culture, whether I follow that religion or not. I’m not out to revise history by removing God from every possible public venue, because it wouldn’t be true.

And there’s a downside to these arguments. Christians increasingly feel attacked from every side simply for practicing their religion. It’s suddenly becoming unfashionable to be religious. As a result, they quite understandably push back – often in significant ways. You take my cross out of the park, I fight against civil liberties that contradict my religion. The rhetoric and intolerance simply escalates to ridiculousness. It’s unproductive. For the life of me, I just can’t get upset about a carving of a cross in a state park. If you get upset about it, maybe stand next to it and preach atheism or whatever you’re into. Equal time.

While the government has no business forcing an airman to say, “so help me God” in order to keep his government job, we as citizens don’t have (I feel) any right to force each others’ personal beliefs underground. If it isn’t detracting from your personal liberties, and if it isn’t demonstrably harming anyone, then let it go. Accept that we’re all different, and that we don’t all need to live according to some standardized script.

Our increasingly constant bickering, simply because those people over there don’t live like I do, and I don’t like that, is becoming annoying, distracting, divisive, and incredibly counterproductive. I almost think we should outlaw national news organizations simply so we’re not all so damn aware of all the differences going on around us!

Just because I don’t eat soft shell crab doesn’t mean I object to seeing it on the menu, and if we’d all spend less time worrying about small-time arguments like this, we’d all be a lot happier. And we could focus on the important stuff.

Anyway, there you are. Have a good weekend ;). Comments welcome, but keep ‘em polite.








Changing the Conversation on Classroom Training

One of my personal interests is how we educate our kids and prepare them for the workforce. In general, I think we do a poor job. There’s an enormous emphasis on getting a college degree, driven both by the high-margin world of academia and by businesses who make a 4-year degree a “minimum entry level” for almost every job. It’s insane – we’re taking kids at the most vulnerable point in their lives, as they make the transition to full adulthood, and throwing them into massive debt. We’re forcing them through a program that simply wasn’t ever meant for every kid or every job.

As someone without a college degree, but who completed a four-year formal apprenticeship, I’m keenly aware of how many great-paying jobs there are that don’t really need a college education. The problem is that apprenticeships, especially in “white collar” jobs, are pretty much dead, and primary education simply doesn’t focus on preparing kids for those jobs.

When I think of what you need to know, for example, to be an entry-level IT help desk worker… it isn’t an insurmountable list of knowledge. Yet those jobs average $36k per year in the US, which is a great entry-level position. They also tend to offer growth opportunities, and almost by definition they support on-the-job learning. But kids simply can’t get the needed pre-req skills in K-12, almost forcing them to go to college. Where, by the way, they won’t learn what businesses need them to know, either. Instead, they’ll come out of college at which point a $36k job ain’t much, given their newly acquired student debt.

That’s why I’d like you to consider voting for Aaron Skonnard’s SXSWedu presentation. Aaron’s the CEO of my company, and a bunch of us at Pluralsight would love to change the conversation on IT education. We truly believe that quality IT education is something that should be available everywhere, to everyone, for an affordable price. I personally believe that a motivated high school student could, with the right supplementary training (probably done on their own), move right from Senior year into an entry-level IT job and excel. I’m personally agitating to produce more of the entry-level training those kids would need, because I think it solves a number of huge problems: the difficulty finding entry-level IT workers, the need to keep kids from going neck-deep in debt before they’ve even had a chance to live, and so on.

You’ll have to create an account to vote, but votes count for 30% of the selection process, so if you have a moment to do so, it’d be a big vote of confidence. And, expect to hear more from me on this topic in the coming year – it’s definitely something I feel strongly about. I’d love to see more kids going straight into IT after school, and I’d love to see more businesses feel confident in hiring them for those entry-level positions. There’s no reason IT can’t become more of an apprenticeship-style career path, with an emphasis on continuous on-the-job learning supplemented by timely, up-to-date formal training. 

(I’ll acknowledge, to my non-US readers, that many countries have different systems for higher education, many of which lack the disadvantages of the US system; I live in the US, and so my perspective is driven by what I see around me.)