Editorial - Root Boy 

You and Your Mac's Commitment to the Collective Success of National and Economic Security

By Duane Straub - Contributing Editor.

Buckle up and assume the position

The new year is on us- time for resolutions! I was gratified by the response I received on my grandiose editorial of 7-7-02, "Ask Not What Your Country Can Do For You, Ask What Your Mac Can Do For Your Country." ( http://www.osxfaq.com/Editorial/USA/index.ws) Now, inspired by an email chain letter (of all things!), I want to continue my theme of asking you to take an active role, as effectively as you can, in promoting and implementing secure, technical solutions. At least I'm not asking you for money! ;-)

The chain letter that inspired me states that "science" has discovered why geese fly in a "V" formation. "As each bird flaps its wings, it creates an uplift for the bird immediately following. By flying in a "V" formation, the whole flock adds at least 71 percent greater flying range than if each bird flew on its own." It further makes the analogy, "People who share a common direction and sense of community can get where they are going more quickly and easily, because they are traveling on the thrust of one another."

My thrust has been to promote to the Department of Energy and other governmental organizations the idea of heterogeneous networks as a defense mechanism. DOE, like most of the IT world, has reasoned that "prevention" and "risk mitigation" is constituted by practices such as turning unnecessary services off, or the computer itself, during times it is not actively being used. Worthwhile suggestions, although I believe computer security can be greatly enhanced by starting with the choice of operating system. (Some insurance companies have recognized that, offering lower rates to organizations whose primary OS base is other than Windows.)

Current risk mitigation approaches eventually result in compromised systems, and with potentially devastating effect in environments with a high degree of platform homogeneity. Organizations can reduce their susceptibility to catastrophic security breaches by diversifying their OS base, limiting the use of inherently insecure, highly targeted OSes. A recent study by mi2g concluded that 54% of all cyberattacks in 2002 were directed at Windows OSes. The study assigned "share" to about a dozen OSes, with Mac OS's share at 0.05%. mi2g estimates the worldwide economic damage of cyberattacks in 2002 to be $40 to $49 billion. Apparently still insufficient cost to change the modus operandi of most IT managers. WHY? In the private sector, typically, the "bottom line" is cost. Does that mean corporate IT managers simply don't know any better???

In my experience, pointing out the ease of use and administration, general cost effectiveness, and security advantages of the Mac platform is not enough- especially for Wintel-centric IT managers. My department head (who is not anti-Mac) says it is not a cost issue, but a performance issue. I'm not sure what specifically she means by "performance," but certainly at issue in my work environment is institutional application compatibility equal to that offered via the Windows platform. With compatibility, IT folks have little to complain about or object to- no reason to dismiss Mac OS over their Wintel-centric enterprise applications, and no reason to promote a "no matter what the costs" desktop platform to fit their solutions. I think it is better to build enterprise applications to work with a variety of client platforms, thereby freeing organizations from a monolithic OS base that by nature places them at an unacceptably high cybersecurity risk.

Often, when those in charge of money and direction are Windows oriented, they do not on their own recognize the benefits of pursuing simpler, *standards based*, more inherently secure desktop solutions based on Mac OS X. Some organizations (including the computer security organization at my work) do not want to recommend a specific OS, fearing that on the heels of the recommendation a devastating attack will be launched against that OS. This is certainly a possibility, although I don't see how organizations of that type could consider they're doing a thorough job while neglecting to regularly point out clear differences in the security track records of the OSes. Amazingly, most IT folks have no idea there is a difference- focused in a Windows world, they simply presume everyone has it as bad as they do.

Back to the chain letter... "When the head goose gets tired, it rotates back in the wing and another goose flies point. It is sensible to take turns doing demanding jobs, whether with people or with geese flying south. Geese honk from behind to encourage those up front to keep up their speed." I have appreciated the "honking," several years of appreciative encouragement from my peers and compatriots in the Macintosh community, but I am certainly looking forward to others in my organization and the community flying point. (In no way do I mean to discount the hard work and successes of others in the community, and those who have inspired me, particularly John Martellaro and John Welch.) The community has made great progress and I wish the "job" was over, but it's not. The focus has broadened, yet become more defined- we need to develop solutions.

I just came out of Border's, getting my O'Reilly "Unix for Mac OS X" book. (I say "just came out" because I'm writing this on the road- my wife drives me on outings so I can keep working on my PowerBook. My time is *that* tight, raising two young boys, trying to make ends meet, and hobbies like Internet services hosting and the Root Boy Slim Memorial Fan Club.) At Border's I noticed numerous OS X Java, Cocoa, WebObjects, REALbasic, and other titles- keys to building new enterprise applications or interfaces to existing applications. That's what I want to do, build solutions, yet it's tough when the playing field is not level. Take my place of employment for example- one of the world's largest Macintosh sites. We have at least a dozen or two or more people working on Windows enterprise solutions and issues, and basically zero people working in parallel areas for Mac OS/X. I and others have to do that on our own personal time away from work, and until that's remedied, I need your help.

Final word on the geese... "If we have as much sense as a goose, we will stay in formation with those people who are headed the same way we are." I've given five Macworld Expo Pro Conference sessions on how to advocate Macs to corporate IT, and networked with numerous beleaguered Mac users and administrators over the last several years. Although my efforts may not have effected you directly, for the greater good of all, I ask for your help. Commit yourself to action, contributing in manners that best take advantage of your knowledge and expertise. There's technical work to be addressed, and there are political and mindshare issues to be addressed. Like a tired goose, I'm ready to rotate back into the wing and travel on the thrust of others while redirecting my efforts. Honk! Honk! :-)

Words of warning:

Many IT managers are so narrowly focused they can't see that their "big picture" is not a big picture at all. No matter how explicit the arguments, many IT folks will dismiss the line of reasoning as Mac zealotry. Up front, I tell people to use Windows, Linux, or Solaris when any of those OSes are the right tool, but somehow they recollect I said Mac, Mac, Mac... Mac OS is an incredible "hot button" and threat to many IT managers. If someone suggests you're motivated by Mac zealotry, you might point out there's no personal benefit in that for you. And it's not for Apple- there's a slim chance Steve Jobs will ever be at your door thanking you. Your motivation stems from great consequence; it's for you, your family, your organization, your country, and humanity.

DISCLAIMER: The views expressed here are not necessarily the views of my employer, the Federal government, or the UN World body, and certainly are not the views of anyone I might try to implicate should I be charged under the jurisdiction of any local, State, or Federal Law Enforcement agencies. (For anything the statute of limitation has not run out on.) So there!

E-mail comments to duane_straub@osxfaq.com