Awesome Conferences

Recently in Sarcasm Category

*Lately there has been a renewed debate over the use of encrypted communication. Terrorists could be using encryption to hide their communication. Everyone knows this. The problem is that encryption is required for ecommerce and just about everything on the web.

Should encryption be banned? regulated? controlled?

Lately there have been a number of proposals, good and bad, for how to deal with this. Luckily I have a solution that solves all the problems!

My solution: (which is obvious and solves all problems)

change_your_password.pngMy solution is quite simple: Every time a website asks you to create or change a password, it would send a copy to the government. The government would protect this password database from bad people and promise only to use it when they really really really really really need to. Everyone can still use encryption, but if law enforcement needs access to our data, they can access it.


I've received a number of questions about my proposal. Here are my replies:

Q: Tom, which government?

Duh. THE government.

Q: Tom, what about websites outside the U.S.?

Ha! Silly boy. The internet doesn't exist outside of the U.S. Does it? Ok, I guess we need a plan in case countries figure out how to make webpages.

For example if someone in Geneva had the nerve to create a website, they'd just turn the passwords over to their government who would have an arrangement with the U.S. government to share passwords. This would work because all governments agree about what constitutes "terrorism", "due process", and "jurisprudence". Alternatively these Genevaians could just turn the passwords over to the U.S. directly. They trust us. Right?

Q: Tom, what if the government misuses these passwords?

That won't happen and let me explain why: There would be a policy that forbids that kind of thing.

If they have a written policy that employees may not view the passwords or use them inappropriately, it won't happen. I believe this because in past few years I've seen CEOs make statements like that and I always trust CEOs. I believe in capitalism because I'm no dirty commie hippy like yourself.

Q: Tom, how do we define when the government can use the database?

3348566.jpgDude. What part of "really really really really really" didn't you understand? They can't just really really really really need to use one of those passwords. They have to really really really really really (5 reallys!) need to use it!

Q: Tom, what if someone steals the government's database?

Look, the government has top, top, people that could protect the database. It would be as simple as protecting the codes that launch nuclear missles.

Q: Tom, doesn't the OPM database leak prove this is unworkable?

What? Why would the government name a database after one of the best Danny Devito movies ever? Look, that movie was fictional. If you aren't going to take this debate seriously, stay out of it. Ok?

Q: Tom, wouldn't this encourage terrorists to make their own online systems?

Dude, you aren't paying attention. They'd be required to turn their passwords over to the government just like everyone else! If they don't, we know they are terrorists!


Hi. Thank you for reading this far.

Obviously the above proposal is not something I support. It is a analogy to help you understand that the FBI and other law enforcement organizations are proposing. When you hear about "law enforcement backdoor" legislation or requiring that phones be "court unlockable" this is what they mean.

The proposed plans aren't about passwords but "encryption keys". Encryption keys are "the technology behind the technology" that enables passwords to be transmitted across the internet securely. If you have a company's encryption keys you can, essentially, wiretap the company and decode all their private communication.

Under the proposal, every device would have a password (or key) that could be used to gain access to the encryption keys. The government would promise not to use the password (key) unless they had a warrant. We'd just have to hope that nobody steals their list of passwords.

Obviously neither of these proposals are workable.

This debate is not new. 20 years ago FBI and NSA officials went to the IETF meetings (where the Internet protocols are ratified) and proposed these ideas. In 1993-1995 this debate was huge and nearly tore the IETF apart. Finally cooler heads prevailed and rejected the proposals. It turned out that the FBI's predictions were just scare tactics. None of their dire predictions came true. "Indeed, in 1992, the FBI's Advanced Telephony Unit warned that within three years Title III wiretaps would be useless: no more than 40% would be intelligible and in the worst case all might be rendered useless. The world did not "go dark." On the contrary, law enforcement has much better and more effective surveillance capabilities now than it did then." (citation)

We must reject these proposals just like we did in the early 1990s. Back then most American's didn't even know what "the internet" was. The proposals were rejected in the 1990s because of a few dedicated computer scientists. Today the call to reject these proposals should come from everyone: Sysadmins, moms and dads, old and young, regardless of political party or affiliation.

All the encryption lingo is overwhelmingly confusing and technical. Just remember that when you hear these proposals, all they're really saying is: The FBI/NSA want easy access to anything behind your password.

Here are two good questions to ask your management when they outsource your IT job. I assure you that your management will have a big public Q&A meeting with all the affected employees. By "good questions" I mean "Good, if you want to be fired."

The thing is... you are about to get fired anyway. Why not go down in flames? (I didn't have the guts to ask these questions, but I wish I had. Disclaimer: None of my outsourcing stories relate to my current employer.

Question 1: "Recently I heard a business person on CNN use the term 'vertical integration' but I didn't know what that means. What is it?'

Hopefully the person running the meeting will explain that companies strive to save money by owning the entire supply chain, thereby "removing the middleman" and enabling wide-ranging optimizations that are otherwise impossible.

Now, as your follow-up question, ask, "So, since outsourcing is the opposite of vertical integration, is our goal to spend more, un-optimize our processes, or did our CEO miss the day in MBA school that vertical integration was explained?"

You'll be shown the door.

Question 2: "Are we going into competition against Walmart?"

Obviously you will be told "no" and if you are lucky, you'll be asked why.

Simply reply, "Outsourcing tends to be such a bad idea that companies like Wal-Mart hope their competitors do it."

You'll be shown the door.

Either way, you'll have fun.

(Disclaimer: please don't do this)

Posted by Tom Limoncelli in Sarcasm

A lot of people have been talking about the post Dave Rodenbaugh recently wrote on his blog, The Outsourcing Low Cost Lie.

I flat out disagree with what he is saying. His examples are so full of failure that I think Dave has ignored the many outsourcing success stories that are out there.

Let me recount two outsourcing success stories that directly affected my life:

Example 1: Successful outsourcing of internal IT:

In the 1990s a major telecom company realized that their executives were incapable of managing IT well. The management had created an IT organization that couldn't get anything done and was literally preventing the company from being able to innovate. Sadly since big companies are incapable of firing people, there was no way to get rid of the problem. By outsourcing their global IT organization, thousands of people were given the opportunity to join the new outsourced IT provider or quit. The strategy of outsourcing IT was a big success: the dead wood was no longer on the company's payroll.

Before you ask, let me explain:
  • Isn't it true that the new contract ended up costing more than their old IT costs. Irrelevent. The goal wasn't to save costs, the goal was to eliminate an unproductive IT organization.
  • Isn't this equivalent to handing your smart people over to outsourced provider, who happens to be a competitor in other areas? Not at all. The smart people saw this as an opportunity to leave the company completely; the outsourced company didn't get them either.

The proof is in the pudding. When the outsourcing was complete, the executive that was in charge got a huge bonus and left the company. Did YOU get a big bonus for not outsourcing your IT?

Further proof: A few years later when the company went out of business I read every press account of what killed the company. I assure you that zero of the press accounts attributed the cause to this outsourcing process. They attributed it to the company's inability to produce products that customers wanted to buy. I see no correlation.

See, Dave Rodenbaugh? An outsourcing success story.

Example 2: Outsourcing code development to India

A new CEO outsourced development and operations of a complicated software system
to a company in India. By eliminating the entire development staff from the payroll as well as the operational staff that used the software, he was able to demonstrate (on paper) that his company has almost no operational costs yet was making a profit. This
impressed potential buyers enough that he was able to sell the company and personally pocket millions.

You might ask, "isn't that unethical?" or "Didn't the new owner then realize they had bought a lemon and have to find and rehire the original developers?" The answer is simply, "no". No, they didn't have to. They could have been buying the company to eliminate a competitor. Companies do that all the time.

How can I call this a success? Well, let me ask this: Did YOU pocket millions of dollars after the sale? Heck, I bet you weren't even one of the board members that profited because he owned the outsourcing company in India.

So, Dave Rodenbaugh, if that is your real name, now that you have read my two counter-examples are you still prepared to advise against outsourcing? Maybe the problem is that some managers are better at business than engineers are at engineering.

Update: Dave replied pretty quickly and I realized that I hadn't made it apparent enough that this piece was in jest. The stories are true, but documenting the "success" of one company that went out of business, and another that unethically made money for the CEO is not intended to be anything other than sarcasm.

Posted by Tom Limoncelli in Sarcasm