Sunday, March 22, 2015

Windows 10: Free or Freemium?


Hurrah!

Finally, Microsoft has come to their senses and Windows will be free from now to evermore...

Kinda...

Ok, so the bottom line is this.   The way we'll get a new version of Windows will forever be changed once Windows 10 launches this summer.  From now on Windows should cost you nothing more than a bit of time and a slight hit on your bandwidth cap.

Maybe...

Sometime in the near future you're going to find a very large update in your monthly batch of Windows patches.  It will be Windows 10 and it's coming free of charge to anyone with Windows 7 and above. 

Better yet, it's been suggested that Microsoft doesn't even care if you've got a pirated version.  Could this possibly mean the scourge of "Microsoft Genuine Advantage" will finally be ending?  That would be nice but considering the huge investment Microsoft has put into licensing technologies it's hard to believe that they'd completely abandon them.

Originally, Microsoft claimed that upgrades to 10 would come free to users of all "consumer" versions of Windows 7 and above except for Enterprise versions (labeled Enterprise or Enterprise N.)  That means everything from Windows "Home" to "Ultimate" should be eligible.  In case you don't know, "Enterprise" versions are only available via a volume license agreement offering the rough equivalent of a stripped down  "Pro" version.

What we don't know is if that word "consumer" is just an adjective or a label.  For one thing, will you suddenly find your "Professional" version downgraded to some anemic "Home" version of 10 that can barely browse a web page or will you get the equivalent to what you have now?

If, for example, I suddenly can't connect to my home NAS box or my small office's domain services then we're going to have a serious problem.  I don't say this often but it's true nonetheless.  I'd rather install Linux on an end user's work PC than any combination of the words "Windows" and "Home."

It seems to me there's a hole in Microsoft's strategy in the way its segregating the "enterprise" and "consumer" versions of Windows.  Most small to mid-sized businesses are not running "enterprise" versions meaning whatever it is they are running is considered a "consumer" version.

If Windows 10 is going to be free to "consumers" then what's to stop the next round of hardware upgrades in someone's "enterprise" (as in Fortune 500) just being a bunch of Dell's with free versions of Windows 10 Pro? 

I don't believe Microsoft is going to let that happen since they still make the bulk of their money off corporate volume licensing programs and Windows is a big part of that.

Which makes the use of the word "consumer" suspicious.  Are we going to again fork Windows versions much like the days before Windows XP so that Enterprise grade tools like SCCM can no longer manage a "consumer" version?  Not likely unless the enterprise is getting left out of the whole "unified desktop" thing.

Right now I can push an SCCM package to Windows (7 or 8) Pro and Ultimate.  If I try to do the same to  our theoretical "home" version of Windows 10 I'd have to believe it would fail.   In short, a crippled version of 10 would be little more than a refresh of the much hated Windows Starter Edition. 

With current available information, I don't see how Microsoft could protect the corporate honey pot any other way. That is, unless they really do believe that they can get by on Office 365 license revenues or they're going to be like Red Hat Enterprise Linux and charge for "premium" support.

Regardless of whatever conspiracies are floating around my head, the goal is obvious.  Where Windows 8 was Microsoft's initial attempt to push the idea of "one OS to rule them all."  This next iteration is meant to finally bring that goal to fruition on any device.  The best way to do that is to literally give it away and make your money off services and support. 

While still being closed source, giving away Windows is a very Linux way of getting an operating system into the hands of users.  However, that begs the question of whether the giveaway is really just another revenue stream.  Even Linux can cost you dearly if you can't find the answer in a support forum.

Let's also remember that Microsoft is about making money not social change.

Back in the 90's there was a PC maker called Free-PC who built their business by literally giving away computers. They did that by encapsulating the entire user experience in a horrific advertising shell (or Hell) that you couldn't escape.  You were forced to look at ads, participate in surveys and consent to have your every action monitored.

What price freedom indeed.  Thankfully that model died as quickly as the low grade hardware in those machines.  The question is, much like free apps on smartphones could we find something similar in the form of spontaneous ads or diminished functionality unless we subscribe to "premium" functionality?

So as consumers we have to ask ourselves if "free" is worth a diminished experience if that's indeed what Windows 10 turns out to be.  Unfortunately, we won't know till the OS is launched.  Yes, there are millions of preview builds out there right now but that doesn't really mean much.  Preview builds are generally unrestricted versions analogous to a "Pro" or "Ultimate" retail product. 

Meaning we really don't know what we're going to get for free and Microsoft is apparently content to  keep us all guessing.

Of course all of this grows out of a history of bad faith with Microsoft.  From legitimate copies of Windows being bricked by an update or Genuine Advantage running amok, it's hard to take anything the company says at face value. 

But we are in the age of subscriptions aren't we.  Paying for an operating system is akin to buying a new car and being charged an extra $500 for the ignition key.  Making money off platforms goes against all marketing principles.  

Nobody buys products anymore, they buy an experience.  It's why people pay twice as much for an Iphone when its hardware is frequently inferior to even the cheapest Android phone.

Most normal people could care less about how advanced your operating system is.  They're far more interested in what kind of software can run on it.  If you're proprietary, like Microsoft, you'd rather sell 100 Office 365 licenses than 1000 copies of Windows.  Mostly because you'll sell the Office licenses faster and be back in a year when it's time to "renew."  Nobody is going to pay to renew an OS.  In fact it's amazing that anyone ever paid upwards of $200 for an operating system in the first place.


In a freemium world a "free" OS is de rigeur.  The question is how far does that philosophy seep into Windows 10.

Friday, March 13, 2015

Are you FREAKed out yet?


So maybe you heard about the latest round of security nightmares that plague what everyone thought was secure web traffic.

A few months back it was a serious security flaw in OpenSSL known as HeartBleed that sent webmasters scrambling.  Then came a left field sucker punch when it was discovered that all an attacker needed to do to compromise your entire server (not just a website) was to insert some code that a BASH prompt would respond to. 

Encryption be damned if you have root access to the server!

Which brings us to the latest security gaffe, otherwise known as a Freak attack...

This one has its roots in the earliest implementations of web security.  Back in the days when the U.S. government was so paranoid about not being able to clandestinely snoop on your encrypted communications that they enforced a ban on strong encryption ( aka: stuff they couldn't break.) It was deemed "export-grade" encryption which was just a fancy name for "weak."

They did it by forcing SSL to downgrade its encryption bit strength when traffic left the U.S. thus allowing easy surveillance of all "suspicious" (meaning all) traffic.

Well, as we know from the Snowden leaks there's not much need to worry about borders anymore.  The U.S. has monitoring bases worldwide now.  Besides, the juicy fruit of of the spy game is gathered from far less hardened sources these days.  Just bug a German chancellor's phone and you've got all the dirt you need on the EU.

But let's get back to the problem at hand. 

There are still remnants of this "backdoor" in SSL and because of it millions of websites are vulnerable to compromise using relatively simple "man in the middle" attacks that utilize the facilities of weak encryption still present in SSL implementations.

The worst part is that the problem exists on both the client (aka: your browser) and server sides.  A compromised client and a compromised server are a marriage made in heaven. 

So what's the solution?  Pretty much the same as always.  Keep abreast of security news and patch, patch, patch!  Which is why there were so many Internet Explorer security patches this week.  Open SSL will have a patch available too.

If you'd like to dig a little deeper the following site will let you test both your browser and your favorite SSL secured websites.



Do it now.

Thursday, March 12, 2015

The Case against Open Source


Every now and then I'm up pretty early on a Wednesday morning and if my Squeezbox radio happens to be on I'm probably going to hear at least part of Randal Schwartz's weekly window into all things Open Source, Floss Weekly.

Randal's a nice enough guy and if we're honest one of a scarce few real geeks left on TWIT...

So I listen for awhile.  That is, up until the content ends and the propaganda starts...

The premise of Open Source is sound enough.  It's community driven often filling a need that's either not being adequately addressed by more traditional offerings or breaks new ground.  It also gives budding tech types somewhere to try out their ideas without fear of running afoul of someone else's copyright.  Of course it also has the frequent advantage of being free of charge in hopes of continuing development and maximizing distribution.

It's how Linux, Apache Web Server and Wordpress came to be. 

Considering much of what you see on the web depends on at least one of those open source projects there's a strong case for community driven alternatives.

Which would normally be the end of the story but for the past few years where a number of projects have been taking aim at the enterprise.  Everything from telephony to CRM is in the mix.

Which is fine so long as you've got support for them.

And there's the rub....

In the landscape of current technology solutions you really have two options.  You can pay a lot of money now for somebody else's pre-packaged whatever or try an Open Source alternative and pay someone to make it work later.

That is the dichotomy of so-called "Open" and "closed source" projects. 


Open source sprang from the belief that software development should not be a dark art kept in bowels of some mega corporation who controls its every permutation.  Anyone who's dealt with botched Microsoft updates bringing their business to a standstill can identify with that.

The Microsoft's of the world may be more user friendly and better supported but they're by no means perfect.  

Customization is limited and new features often only come with a new version which starts a whole new round of checkbook bleeding.

That's supposedly one of the advantages of Open Source.  Being community driven, changes happen more quickly and development is more responsive to the user base.  But what is perceived as a strength becomes a weakness when you realize that the word "community" can easily be replaced by "mob rule."

Just because updates come along more frequently doesn't mean the problem you're having gets resolved or the feature you want will show up. The squeaky wheel gets the grease as they say and if your problem isn't at the top of the community's list of priorities you're pretty much out of luck.

There's also the possibility that an update actually makes a problem worse or breaks unrelated services.  Something very common especially in the Linux world.

Of course you could always try to fix it yourself. There's plenty of White Papers, community forums and support avenues available.  Or at least that's the sales pitch.

The real story is that White papers, those tomes of wisdom, are written by developers... for developers.   If you don't speak the language they're little more than insomnia cures.  Ever read a phone book?  It's like that.

Riveting...

Community forums?  Those are fun too.  Populated by the equally afflicted and rarely served.  You may get lucky and get an answer but most of the time it's just a lot of wailing followed up by arrogant guru types belittling hapless victims for not reading the white paper more closely.

So much for the "community"

How about support directly from the development team? 

See above...

Even if there are thousands of contributors to a project, development usually ends up being controlled by a select few.  Infighting is frequent and is the primary reason you see so many variants of the same core project.  It splinters the community and makes support even more difficult.

Established projects aren't immune from the chaos and code rot either. Take the example of the popular open source web hosting control panel Zpanel.  Zpanel is a free alternative to the commercial Cpanel product offering a similar experience for far less cost (as in free).  

Unfortunately, it hasn't been updated in a year and much of the functionality is broken leaving users flailing while the "official" support team remains silent.

It's gotten so bad that the dev team actually shut down the public support forum shortly after a user reported a security issue to them which even when proven was subsequently denied.  In short a promising stable project has become broken due to ego and neglect.  A post-mortem that's all too common.

Still, If you want to sign up with Zpanel's official maintainer, Hostwinds, you may get some support, if you pay for it.  They call it "Premium" support and require a paid Hostwinds account.

Let's also remember that Open Source devotees often cite superior security of their wares.  That can be true but only so long as somebody's paying attention.  Apache has had numerous security flaws for example so too has OpenSSL and lest we forget the granddaddy of them all a BASH shell vulnerability that went unchecked for 20 years.  Yes, technically BASH isn't Open Source but its code is and it's maintained the same way.

Don't get me wrong, there's nothing wrong with paying for support.  It's been the foundation of many Independent consultants for years. 

What is wrong is foisting an unstable product on a hapless user base and then charging them to fix your own mistakes.  

Even Microsoft will refund a support charge if they find out it's their problem.

In the case of Zpanel their only response to the charge is that it's a product created on their own free time and thus isn't a priority.

So much for pushing the state of the art...

Read the next excerpt I took straight from Opensource.com, a leading Open Source publication...

Doesn't "open source" just mean something is free of charge?

No. This is a common misconception about what "open source" implies. Programmers can charge money for the open source software they create or to which they contribute. But because most open source licenses require them to release their source code when they sell software to others, many open source software programmers find that charging users money for software services and support (rather than for the software itself) is more lucrative. This way, their software remains free of charge and they make money helping others install, use, and troubleshoot it.

In other words, if you expect the same kind of experience you get from closed sources you're going to pay for it either in time or money.  Nothing is free.

There's a common quip when describing the "Free" nature of Open Source.  They say it's "Free" as in speech not "Free Beer."

Cute but oversimplified.

In a world built on consumerism, free speech doesn't hold a candle to free beer.   Besides, If you accept the Open Source view of freedom then "free speech" ends up unintelligible gibberish.

Which coincidentally is a lot like your support options.

There are just far too many projects out there that are the very antithesis of usability unless you're the type that likes to write Apache modules for fun.  Many are bleeding edge offering promise but in any other realm they'd be considered an "Alpha" release.

Do they really want me to put my neck on the line for an ideology?

I'll put it this way.  If you're ok with rolling out a "Developer Preview" of the Windows operating system (aka: Beta) to your entire enterprise then you're probably ok trusting that same enterprise to poorly supported open source software.

There's a history in Open Source that goes beyond just sticking it to the establishment.  It hearkens back the days when computer guys had all the answers.

Open source is where the gurus go.  You can trace its roots to the custom applications that literally held business hostage in the early days of enterprise computing.  Back then business wanted computerization but there were very few who knew how to make it work.  There were no Microsoft's just hardware and a few people that knew how to press the right buttons and work the magic.  Those people held the keys to the kingdom tightly.

The inroads of Windows and Mac operating systems in the early 90's eliminated the need for such exalted wizardry.  Any bright kid with a couple of exam cram books could run an enterprise.  The wizard gurus were none too pleased to see their grip on power loosening.

Ok so that's a bit melodramatic but there was definitely a lot of ego bruising going on when the PDP-11's got kicked to the curb.  I'm in danger of flying off on a tangent that sounds like something found in a Tolkien trilogy so I'll just wrap up this thought with this. 

There's a reason there's so much bile hurled at the likes of Microsoft by the Open Source community.  Contrary to the marketing, It's not about some David vs. Goliath battle.  It's simpler than that.  It really comes down to ego and wanting back the days when the Uber Geek held all the cards.

Control the Information and you control the world. 

They eschew anything "packaged" instead touting the virtue of getting one's hands dirty.  To hell with those "lazy" users wanting everything "handed" to them.  Every child should know C-Sharp by the age of 3!

They don't get it.  They just can't understand why everyone doesn't want to be a part-time software engineer.  Which is the root of the attitude and the reason why Open Source tends to have a narcissistic vibe even while proclaiming the democracy of a community.

If the masses will not be turned they will be ruled...

Phew!

Who knew it was so political!

It's not all bad, however, and there are good ideas and good projects out there but there's no guarantee they'll stay that way.  Projects can start out with lofty aspirations but most are just some poor Joe looking to fix his own issues.  Once the problem is solved the project is abandoned.  

As such, the world of Open Source is a wonderful laboratory but little more.  A place to try new approaches and work out the bugs but not to trust an entire enterprise to unless someone has taken it to the next level as in the example of Red Hat Enterprise Linux (RHEL. )

Even then a competent talent pool to administer it will be much shallower than its competition and more expensive since it's still a niche skill set.

The bottom line is this.  No business should be held hostage by what is all too often the product of a hobbyist's whim who got inspiration from an Internet forum.  

Yes there are serious Open Source initiatives out there but most of them aren't ready for prime time and if their devs are honest with themselves, never will be. 

Open source is great for advancing the art but artists make bad businessmen.