I clicked through to the linkedin post [0] and airforcemag was clearly not reading this carefully. Not sure how they missed that, but Mr Kanaan never once in his letter wrote "Fix My computer" as is stated in the airforcemag title (and in quotes) but rather every. single. line of this letter ends with "Fix our computers."
Quite a different tone. He seems desperate, but he's not self centered.
For perspective: I work in a difference armed force but with basically the same issue. We once had a problem with soldiers stealing memory sticks from workstations (unclassified systems). Take only one stick and the machine still works. The theft problem goes unnoticed long enough that we cannot nail down who stole what when. Answer: Give the computers only one memory stick. Thefts will then be noticed quickly. Now, almost two decades later, we are still stuck with that bonehead decision. I requested an upgrade, an extra 4gb of ram on a "new" windows workstation. "Sorry sir, but we don't have any 8gb sticks and are not allowed to give you 2x4gb."
I know of a military computer (simulation display, 4x4K screens) running off a single 64gb stick because they couldn't bring themselves to install 4x16 or even 2x32.
I had something similar happen to me at IBM in the late 90s. I came to my cubicle one morning to find the PC case slightly ajar. I set the monitor aside and opened it. The sole 8 MB RAM stick was gone. I reported it to my boss who explained that someone would've taken it because getting an upgrade was an impossible bureaucratic feat, but getting a fix was trivial. Probably I was picked because I was obviously the youngest person in the office, so I must not have any power. I did indeed have a repaired PC the next day, though.
This was a technique for getting necessary goods back in the USSR. You frequently couldn't get things on demand that your workplace could so if a lightbulb went out at home you'd steal one from work.
> Currently the service uses both McAfee and Tanium software packages to scan and protect service-issued endpoints like laptops.
The problem isn't hardware, it's that they're using the worst antivirus known to mankind. It's not throwing money at the problem, it's about what can be removed.
I'm currently on an engagement at a retail bank for a project that went entirely off the rails (they brought me in to right it). All of the following are currently running simultaneously:
* McAfee
* Tanium, which is constantly firing off massive Python scripts
* Aternity
* Windows Defender (which is well-behaved as expected)
... wait for it ... on an SSD that has no DRAM. Yes, a cacheless SSD. Performance isn't much better than a cheap USB flash drive, which is expected when an identical SSD costs $18 on NewEgg.
The system is effectively I/O bound all the time. The quad-core (8th gen Intel core) idles at 70% utilization, constantly spiking to 100%. The commit charge for getting into the Explorer shell is 13.8GB of the 8GB of physical memory. The laptop itself appears to have a street value of about $240 on eBay. Quality unit with a 1366x768 TN display.
-----
The 30 day discovery period is about to end. I am not supplying an SoW for any further work. I told them the reason nothing gets done by their teams is because the hardware they give everyone is trash, and I can't solve their architectural issues when IT doesn't supply tools to get work done. I wish them the best of luck.
Seems about right. I've done engagements will multiple financial clients and they seem to make it their job to make every engineer as unproductive as possible.
Makes me think of the oft-repeated joke on MobileTechReview about bottom-of-the-line thinkpads with low-quality screens: "The laptop the IT department gets you when they hate you"
At my last job IT had tanium installed on our machines. It would make your computer nearly unusable for hours. Sometimes I felt like we had computers that were completely consumed by the overhead it took just for us to have them.
Yep, we had the misfortune to have both Mcaffee and Tanium installed. And then after they got ransomwared, they added even more endpoint crap onto every endpoint.
From the time Windows started, my laptop fans would spin like an aircraft taking off. Utterly ludicrous amount of wasted CPU time and energy.
To be clear, I think AV and EDR are valuable tools - but Mcaffee is just shit, and Tanium has really high CPU usage.
Aside from the above, all the security crapware made actually doing work difficult. Want to install software? Nah, nobody gets admin rights, instead submit a request on our shitty help desk, and if you're lucky and very perceivent, you'll get it in a month. Need to run something elevated? Nope!
And the worst of it was that Mcaffee, Tanium, PAM etc was all just glitter on a turd - general, more mundane stuff was a security joke. For example, at least 10 internal spam emails would be sent each day, to let you know about boring and irrelevant shit going on around the company - and every one looked like an actual spam email! Full of spelling errors, silly subject lines, and often the whole body was text rendered as an image. Internal web apps were hacked together by shit devs, and stuffed with security vulnerabilities. The general theme was "more shit on endpoints". Bah.
> At my last job IT had tanium installed on our machines. It would make your computer nearly unusable for hours. Sometimes I felt like we had computers that were completely consumed by the overhead it took just for us to have them.
Trend Micro is the same way. The only thing that eventually made it bearable was getting an SSD, but it still sucks.
Then Tanium needed tuning. There's no reason any of it's processing should have taken 1 core for more than 2 minutes...and that's the highest load task. Mostly it sits in the background, capped at 5% cpu.
But there's only so much you can do with a 7th gen dual core mobile i7
Now...McAfee? a)Was a pig, but b)did we really need to scan the entire disk every Friday afternoon?
I used to help Tanium manage their stuff for the US Navy on NMCI.
I stand by my statement.
But it’s not personal at all. Neither you nor I made Tanium, and I’m sure your deployment is the gold standard of Tanium deployments that would change my mind.
Windows admins are some of the worst, especially in government. They don't understand how computers work, and so they pipe on anti-virus, anti this and that, hoping a product will magically solve the issue. But they won't move the default browser, or install an ad blocker. They won't put in policies preventing running the software in the first place or isolating its abilities.
After years of having terrible, exploitable software on windows, it's the natural result. Some manager gets a pdf exploit, and on windows there's simply nothing you can do about it. But IT has to do something, so to make them look good they throw another anti-virus on.
Oh wow. And here I thought they were one of the relatively clean ones among the crowd of McAfee and Avast!. Agreed with the top comment there that the whole industry is reeking. Seems like the only reasonable one is Windows Defender, with the only Linux alternative being ClamAV (non-shady but questionable if it's effective at all for a workstation)
The problem is definitely hardware. If you actually read the linked sources, it sounds like the Air Force bought a ton of spinning rust HDD machines in 2018 for the lowest possible price they could. They probably only have 4GB of RAM too, then, given what low end specs were like at the time. Good luck getting anything done today with those specs.
That's not actually such "low end spec" that would cause logins and mails to take an hour to process.
To me, the whole ordeal screams: software bloat, software misconfiguration, background service overload. You could snappily send mail 15 years ago, and the computational task itself hasn't grown much, besides bloated browser login windows.
Try booting a 2 GB RAM machine to some RAM-preloading Linux thumbdrive and you'll see why the problem is not "spinning rust HDDs" and "only 4 GB RAM"
Have you tried using Windows 10/11 with on-access and behavioral AV (not defender) on 4gb of RAM and a 5400rpm spinning disk? I find it entirely plausible that they have to wait an hour plus for the machine to become remotely responsive.
No one thinks the performance problems are implausible. But hardware can only do so much to make up for the worst excesses of antivirus. Behavioral scanning doesn't require huge amounts of memory and has negligible need to touch the hard drive. On-access scanning by definition barely needs to increase the number of I/O operations. It shouldn't bottleneck the machine if it's done competently. So then you're just loading outlook off a hard drive, which took several seconds the last time I tried it.
I probably have experienced something close to this. You're right; it doesn't take many steps to make a modern machine slow.
Reading the article was indeed surprising and depressing - it certainly is a plausible scenario! The question is: is such a disfigured desktop experience an acceptable result, given that the physical hardware enables much, much more productivity?
When NASA switched from internal IT to a third-party contractor, their laptops and desktops got replaced with worse hardware that somehow cost more. This is the Republican way.
> Try booting a 2 GB RAM machine to some RAM-preloading Linux thumbdrive and you'll see why the problem is not "spinning rust HDDs" and "only 4 GB RAM"
They're absolutely running some sort of modern Windows so I don't see how this is relevant at all. MS-DOS2.0 would also work like a dream on those specs, who cares?
Yes, they're running Windows, and Windows is also software, contributing to the bloat. My point is that the resource overhead of just running an idle OS doesn't need to be humongous compared to the actual workload.
Seriously, they could be running on thin clients like a chromebook. No need to give everyone top-end machines to run MS Office and some webapps. It's mind boggling this is even a debate on HN.
Why wouldn't it? That's how long it takes to swap memory on an HDD, it doesn't surprise me, especially with how many resources today's browsers and sites consume.
Ha, you're blaming hardware yet the likely reason that those systems are slow isn't because the hardware can't do things quickly, but because the modern software they run on it is bloated and slow.
You both are correct. Its a combination of shit hardware, shit software, and poor timing on daily scans that should be run after hours instead of on login. I use AF computers on a daily basis and can attest to bringin in my own laptop and using alternatives to login on my personal.
I've decided that anti-virus and other security software slowing down the computer is a feature. If the software was super-efficient, people would think it wasn't doing anything. The slowness provides the appearance of work being done.
Oh man ... the cruft that corporate IT installs slows down the computers so much. Its better if companies start handing out linux machines if they cant afford macs. I would trade my windows laptop with IT cruft any day for a linux machine.
IT will cruft it up no matter the OS. I’ve had to run TrendMicro on AWS linux instances because of the gov’ts settlement with Sony re: “North Korean hacking”.
It destroyed performance. Also it was poorly configured by the checkmark-brigade in their “security & compliance” department.
Can confirm: got Symantec End-Point Protection rolled out on macs here and it has turned them in slow crashy pieces of ... garbage; I've had to restore my machine from backup a couple of times already when a macos update with this thing running would result in an unbootable machine.
It would have been more cost-efficient and secure to smash our machines with sledgehammers than force us to run this ... junk.
We were a US company working with a Japanese software distributor to do Japanese versions of our products. Occasionally on some Japanese non-IBM compatible PCs [1] we were seeing a lockup during installation.
It was the kind of lockup where CTRL-ALT-DEL does nothing, the CAPS LOCK light no longer toggles, and if you have a GUI that mouse pointer no longer moves. There's usually pretty much nothing to do at that point except hit the reset button or toggle power.
It was quite rare, giving us not much to work with. Our Japanese partners decided it was rare enough to go ahead and ship handling the (hopefully) handful of people that hit it via tech support.
So we shipped. And they got something like 100 support calls--but the callers were not upset. In fact they were happy with the product except that they wanted to suggest that the installer should be made faster or should run in the background so they could use the computer while the install takes place. The reports said that the install took something like 20-30 hours.
I can't even conceive of a US consumer letting a computer that appears totally locked up while installing a small utility program sit for up to 30 hours.
(BTW, knowing that it was just very slow rather than frozen was enough of a clue to let us figure it out. We needed to scan for hard drives and CD-ROM drives. The way we were doing that was hitting some sort of edge case on a particular model of controller's firmware that made some requests take a long time. We were able to change the drive scan to avoid that controller's edge case).
It sounds like, in any future war involving Japan, we should expect to find soldiers hiding out in the jungle years later, still trying to log in to their email...
I'd love to know WHY it takes over an hour to load Outlook? Can anyone enlighten me as to what takes the time? Is it connecting to something and periodically backing off when it can't? Scanning something? What?
Currently a Air National Guardsmen. I've only had it take that long a handful of times. Usually when it does it is running Microsofts Endpoint Manager and trying to push updates, Scan with McAfee and Tanium, and loading a bunch of scripts in the background that are checking for compliance, setting a default AF or local Comm Squadon background, posting messages relating to the current security levels, etc. Its alot to all run as soon as booted and some things could and should be delegated for off hours but its not how its currently set. Typically the first 30 minutes of my morning is waiting for Outlook, Edge/Chrome, and Teams to open before even trying to open any tools. Also from working in Comm I've seen how they purchase hardware and its pretty frustrating. They will purchase 100 laptops at the end of the year to fill their budget for hte year, but its the lowest priced laptop, which is still almost double or triple what you can purchase it for as a civilian, then often times it will sit in storage and no one will touch it. This often happens due to the leadership not having any actual IT knowledge and they make the purchasing calls so performance isnt at the forefront of their mind.
Great, our military uses Teams; now I know we're doomed. Kidding, just kidding!
Seriously now...Hearing the pain here frustrates me because i am actually in favor of paying my taxes because i know when handled properly then roads, bridges, infrastructure, other things, and yes, the right tools for our military are done then everyone benefits...but when things are not managed right, it chafes me so much because the pain ripples all the way through from civil servants unable to do their job, to military folks not having tools to help defend us, to civilians being put at risk while going over unsafe bridges, to commerce not being efficient because roads suck, etc.
Well I won't be complaining about my company laptop anymore lol.
Just from reading your comment, sounds like the biggest problem is the vendor overlap here. MS Endpoint Manager, MacAfee and Tanium all seem to be doing the same thing.
This seems like scope creep on an epic scale. It's almost like someone came to USAF IT every 3 years and said "we signed a contract with X vendor, add it to the laptops".
Not, specifically but the article mentions at the end that the original laptops used for the win10 transition were using HD's (aka spinning rust) rather than SSDs because it was a lowest bidder situation.
Given what I've seen of corp/gov IT, it wouldn't surprise me in the least if the "security software" (aka virus scanners, intrusion detection, etc) then proceeds to hammer the disk/CPU sufficiently that the machine cannot make forward progress. My wife's work machine (a fairly nice, if slim dell) sits there with one of its 4 cores at 100% running a McAfee process hammering the disk doing some kind of scan pretty much 100% of the time. The result is that it pushes that core to max turbo, overheats the system and then throttles the whole thing to ~800Mhz. It then takes a minute or two to open word/etc. And that is with a fairly fast SSD, add in the spinning rust, and i'm sure it would take much longer.
And of course its locked down sufficiently that its not possible to even try and fix it.
Haha, I just (as in 20 min ago) helpled a friend get their computer to work and they had 3 antiviruses running. It's a pretty common problem actually, helped a few people with it the last 20 years.
I've ran into issues on Lenovo computers where there's a shared power allocation for turbo boost and the GPU. Disabling turbo boost fixes issues where there's not enough power for the GPU and also helps keep the computer from going through a turbo boost/heat up/thermal throttling/turbo boost cycle.
In addition to the other totally accurate answers, you can also buy machines that don't have enough RAM, then mandate a software suite that is guaranteed to push the entire machine hip deep into swap merely by booting to the desktop. Every application opening then is a trial of Windows swapping bits of other things out, to load a bit of the application, then having to swap back in the two virus scanners and the malware shield to check the application just loaded, then swap back out those things to load the next resource for the application, then the checkers back in, then the program opens a network address so the network firewalls need to swap in... on an SSD this is slow, on a hard drive you can easily end up in the hours to load a program like this.
Scanning through the replies, I'll also add that if you are loading your entire profile from the network, this often becomes much more problematic than the IT people may have initially calculated, because even if you can transfer a gigabyte in 10 seconds, you can't transfer a gigabyte in 10 seconds to thousands of users simultaneously, and logins are highly temporally correlated. It doesn't take much at all to have a cascading network failure as a result, even under perfect conditions, as that 10 second window becomes a 20 second window, which catches ten more people and it turns into a 40 second window, and it explodes quite fast from there as suddenly everyone everywhere is waiting for minutes or hours to load from the same overloaded profile server(s).
From what I've witnessed of this, what you'll get is a number of these answers operating at once.
If I were to guess and remember my time working at a 'hot desking' company, it's because on login, the user's profile will be copied from a central server onto the local system.
I found out this is a thing when Chrome and Firefox started to put their files in the user's home directory by default. If that has to traverse a network - and who knows where all that data is coming from or how fast the internet connection is - that can take a long time.
There's a few ways to set up profiles in Windows, and most of them are terrible. If you have the joy of stepping into a network with roaming profiles enabled, you will discover it takes years to untangle.
The idea that you can log into any PC and your local desktop and documents all appear seems really nice, but the implementation weeds are nasty: I tell people to store things they want to access on multiple computers on a network share, and we replicate basically nothing between client PCs.
Outlook also likes to download a large chunk of a user's mail archive locally each time you open it on a PC, but you can configure it a bit, and Outlook generally "works fine" while downloading. I suspect it gets hairier at DOD scale though.
Onedrive has helped a lot. But only if you can make your users actually use Onedrive. More likely they invent some asinine workflow and save their documents in the most illogical places that will never get synced and you never manage to catch. Also causes problems when trying to recover data from corrupted user profiles.
Even better - Java devs who use the default settings for Maven will have their entire local repo copied over the network.
At my company people would remotely log in on Sunday evenings to avoid the hou long wait while a few hundred gigs get copied across the network. Why not chnage the location of the local repo, you ask? Of course our machines are locked down and we have no access to the local drive...
That's the difference between %APPDATA% (AppData/Roaming) and %LOCALAPPDATA% (AppData/Local). Caches should go into local appdata, or %TEMP% if you're feeling spicy.
I remember "fixing" the university's computers by preventing the browser cache from being downloaded. at every Windows startup. That was maybe 15 years ago?
I worked at a internship one time where by the end of the two month stint my machine would take upwards of 45 minutes to login because there was something that was running on login that had to timeout (because it was broken). Sometimes IT pushes policies that conflict with other stuff and rarely do they check every configuration (or setup alerting for these bad cases).
There's lots of reasons it can happen though (especially on Windows, where the mood for 20 years was "cram it all into apply on login GPOs and scripts"). My guess in this case since the machine costs $109 (used, I assume), is that it is running spinning rust and 4GB of RAM, which on Windows 10 isn't a lot of fun. Couple that with all the security crap the DoD has to put on there (which probably spends half its time trying to grab resources from the other security software) and I could definitely see an hour.
> Couple that with all the security crap the DoD has to put on there (which probably spends half its time trying to grab resources from the other security software)
Corporate spyware is a huge impact to performance, particularly if you have an HDD. I can’t count how many times I’ve seen a computer start to lock up because some security software needs to absolutely abuse the disk.
I'm in security, and one thing I always try to stress is that if the security software is causing work stoppages, it should be treated with the same importance as an outage. Just as you wouldn't tolerate an internet connection that went down all the time. Outages from security measures are still outages.
> I'm in security, and one thing I always try to stress is that if the security software is causing work stoppages, it should be treated with the same importance as an outage. Just as you wouldn't tolerate an internet connection that went down all the time. Outages from security measures are still outages.
Outages/workstop are pretty binary. Otoh its hard to see how much time people spend just waiting for stuff to complete. At my last job, pulling down a copy of the test db for local use was taking 30-40 minutes. But because everything else was slow, it was only after I noticed it being a lot shorter for coworkers that I even bothered investigating what was causing it (version of mysql was old, made it a 5-10 minute process after fixing a config).
It's doing al sorts of interesting things. They subscribe to event feeds supplied by the operating system to keep track of security related events: modules that are loaded, processes that start, connections that open and close, users that log in and log off.
Then they also inject themselves into processes and 'hook' into operating system routines to check things the feeds to not provide: which files are being accessed, how often, what memory is allocated, what type of memory is allocated, which threads are running, where they are running and what they are doing, if there's mismatches between what the operating system told are the modules loaded, and what it can find in memory.
Most of this software can be configured so that the resource usage is relatively tame, but then on the next pentest the security people will notice all sorts of ways the products did not catch them (this is the usual case). And then things are tuned to max in short order :) And then you have security software running multiple rules and scans on each file any process opens. And processes open a lot of files, all the time.
And they're rarely tested with other competing software, and once they start both hooking on the same thing (and each other) you can get a death spiral.
Yea, certain routines in windows actually check if the OS is hooked. The PE loader implemented in ntdll verifies that NtOpenSection() (or NtOpenFile, not sure right now) has not been hooked. When I was looking into that it looked like it disabled concurrent module loading if detected a hook(so it became slower), probably as a bug fix for whatever software inserts itself in that place (Stuxnet did too!).
They're definitely not something special about the DoD. They're core parts of configuration and policy enforcement on Windows systems. Any organization managing Windows systems will use Group Policy Objects.
that's just config management for the windows desktop and has been around for ages. They mostly just flip a corresponding registry key and are idempotent, so the impact is minimal aside from the first time policies are processed. The reason that DoD site appears in search is because their STIGs (security technical implementation guides) are a freely available best practice reference for any windows administrator to use.
You do not want to apply all of their reccomendations to any computer, but I will say that fully STIG'd computer will actually not take that long to boot up, aside from the first application of the policies. Login performance usually comes down to drive maps, printer maps, and startup programs.
>Currently the service uses both McAfee and Tanium software packages to scan and protect service-issued endpoints like laptops. But the computing power required by multiple programs often interferes with the user’s work, and damages the user experience, or UX.
I’m assuming just still using computers that were really cheap a decade ago and then loading them with modern bloated software and security scanning tools. Probably lots of memory swapping and trying to do a lot on a computer that can’t.
Could be handshake/sync. Could also be indexing (which doesnt prevent Outlook from loading but practically can prevent you from using it if you can't search, etc)
I will never understand when a company/government entity pay people a high salary then give them crap or low-end hardware. You should be maxing out dev machines and the rest of the company should rarely see a spinner or have to wait on their tech. It's a huge waste of time that you are paying for. I once calculated how much time I wasted waiting on slow processes at a job and then multiplied it by my effective hourly rate... I could have bought multiple maxed out MBPs with the money they lost, it's ridiculous. Also it's not just the time they spend waiting, it absolutely slaughters productivity, focus, and motivation.
It doesn't even have to be low end hardware. I just gave back a laptop to a client that I was working with in healthcare. It's a 16" MBP with an i7 and 32GB of RAM. The machine itself is really fast but gets bogged down by all the other crap it has to connect to. They had McAfee endpoint security on these things and it would prevent any unauthorized apps from running as well as hog between 50-70% of the CPU during it's daily "checks" (which ran every hour). I eventually had to patch a kernel ktext just to get the endpoint to shut up and stop eating my memory.
The problem isn't hardware necessarily (well it is here), but it's also the bundled software. Not only are these machines old but they are having to load all this extra shit that slows down the whole experience that much more.
Don't get me started on MDM and the like. It's a cancer for machines and causes all sorts of issues. I understand that some industries have certain compliance that either forces them to do this (or makes them think they need to) but I will not work in those industries. Send me a clean MBP and trust me to do my job. In fact, more and more I'd rather just a stipend and I'll buy my hardware. I've managed to effectively do this at my last 2 companies. Sorry but I know my needs better than anyone else and I'd honestly rather pay out of pocket and make it up on my salary than work on underpowered hardware.
Mobile device management, software that runs on your computer that talks back to a command/control-type server where your IT Dept can monitor the machine and push software/updates to your machine.
God my work machine is like this. People (rightfully) complain about power use by crypto, but I wonder how much power is wasted by McAfee et al? I wish there would be public outcry over it :)
For years, techies made fun of people not running anti-virus software. Eventually, people came to accept that it was necessary. Then, the anti-virus software people launched a trove of crapware based on enterprise needs that ruined the concept of anti-virus. Now, techies are advocating to not run that crapware at all. There has to be an MBA course on this "how to build a bloated program designed by managers using all the buzzwords" type of thing.
It's astounding the amount of CPU that things use doing nothing. Zoom takes constant 4% CPU usage to show a login screen and Slack does 20% doing nothing. Turning off gifs for Slack drops that back down to ~5%. But still 5% for a chat app at idle.
To be clear, it’s not apple’s fault —- but they do own the OS and the scheduler.
I’ve previously experimented with the kill command, stopping and starting applications. Apple could do this automatically and reduce that 5% to 1%, or even 0.1%.
This assumes that Slack is doing something over and over many times, rather that just being super-slow at doing the thing once.
Slack is a chat app, and as you say has no business requiring 5% of a CPU. If it’s doing that because it checks for new messages more often than once per second, Apple can help them with that. If they actually require more than a second to check for messages, then their requirements or their developers need to change.
Oh it's not low end hardware, its endless enterprise crapware designed to secure stuff. Enterprise malware proliferates likes admonishing signs in a government office, and for the same reason: it's easy. And it has the same effect: useless clutter that makes the place worse.
At my current position I've been using the same 2015 MBP since...2015. As time goes on corporate keeps deciding more security issues exist and they keep shoveling on the 'security' software. So not only is my hardware aging - they're making it worse by artificially slowing it down.
The last agent they installed had a nasty habit of pegging the CPU at 100% and locking up virtual machines for 10-15s at a time anytime there was heavy disk activity. Luckily I still have root on the local machine so I wrote a quick script to loop and kill that process whenever it spawned. I'm not bragging about that, but it is what it is I guess.
One big problem is misaligned incentives. At most big orgs, you have an infosec dept with authority to put all kinds of virus scanning, etc etc on every computer in the org. They get rewarded if there are no incidents; they do not get penalized if they make your machine impossible to use.
The same goes for the guy in the purchasing department who gets rewarded for his cost saving measures when he goes for Acer's cheapest laptop with a Pentium and 8GB RAM rather than something with a mid range CPU and 16GB of RAM.
Well designed security programs shouldn't slow down your PC. This is a failure on the infosec department. Sysmon/Windows logging can do most of the hardwork with very few resources.
I worked at a company where all software was designed around a 1024x768 resolution. They decided to upgrade from CRTs to LCDs. I strongly suggested they buy the 17” LCDs of the same native resolution, instead they saved a few hundred dollars per person by choosing the smaller 15” 800x600 LCDs. Users either had to deal with a headache inducing blurriness of non native resolution or spend half their days scrolling their screen up and down and left to right. These people were used to keyboard only interactions and now had to keep one hand on the mouse. It was maddening. Half of their staff ~50 people quit over just that one thing.
Hardware is not the problem. I had a truly insane spec laptop (insane for what I was doing) that I frequently lost productivity with because of waiting. It's the AV, endpoint, HIPS/HIDS, etc. software they throw on along with constant updates and restarts that really cause the issue.
I've heard an alternative, proposed often at Google: give devs the weakest systems possible: slow flaky net, slow machines with minimal memory so they are forced to make efficient systems for people in third world countries (key to rapid growth for many products).
Personally I don't care much about my laptop except htat it can drive a large external display and does fast networking. I only use it to connect to a VM I make in teh cloud, which is multiples faster and more powerful than my macbook pro.
And let's tie one hand behind their backs and cover one eye as well while we are at it. I think the idea of giving devs trash hardware because "it's what our users use" is the worst solution possible to solving that problem. Have the devs or another team test on lower-end hardware before pushing a version, don't hobble them while they are creating.
here's the argument that Brad Fitzpatrick (who espoused this idea) gave: at the time, he was creating livejournal and had a bunch of russian hackers building the site. He noticed that every time they made pages load faster or work better, more people used the site (and site growth is the simple most important metric), and that more and more people were coming from countries with poor internet infra.
So, he made his workers use crappy computers and a dodgy network he set up. He claimed it made them make better applicaitons, but I can easily say that if the job hadn't been critically important for me, I'd give my opinion and move on.
I build software for Aristocrats and I expect my tools to be first class. That said, I've reached a level of trust where my l eadership trusts me to manage millions of dollars worth of cloud inventory and much of my messaging to my users is: "please do not attept to save $400 by using $1000 of your time"
A better approach is to simply buy your devs 2 computers:
1 fast PC for speedy development and 1 slow laptop for testing. It makes no sense to give developers a slower computer simply to make them develop better. It's like saying that post office workers must now use bicycles instead of motor vehicles in order to encourage them to find shortcuts. I'm not a successful CEO, though, so maybe I'm just talking out my ass.
yes, as the chromeos person mentioned upthread, you have a dev infra that is fat, and a user testing environment that represents the user experience. Devs don't need to hobble their machines. I argued with Brad about this many times...
Well, that would help with making technology more accessible.
Developers, especially highly paid ones, are as selfish as anyone else on the planet. If you have a strategy to make them care about literally a single other person, I suggest you go for it.
A little voice in the back of my head knew accessibility might be brought up with that comment. Accessibility falls into the same category for me as users with slow machines, yes we should be doing it and the right way to do it isn't to hobble developers. Lack of accessibility (and low-end testing) is often due to management refusing the extra time to do, not because developers are just selfish. I can't tell you how many times I've been promised more time or more devices to test on and then we get close to a deadline and no one cares anymore and questions about said promises are met with "just ship it, we can do that later" or similar.
My argument was that it is a rational business decision to sometimes constrain your developers by making them use what the users will.As the upper comment said people at Google often propose. If you do not, then they get utterly out of touch. I didn’t say you have to do it all the time.
In ChromeOS we have slow devices and had a slow test network in the office but they're test machines, not a primary development laptop. Most of us develop on pixelbook or mbp sshed to a beefy desktop or cloud vm.
Testing on slow devices is important but using a slow device as primary dev machine would just waste too much time.
This is how we get software catastrophes like Teams. There is no earthly reason for it to suffer from the bugs and performance issues that it does and I have to believe the developers responsible for it are completely unaware of how much this software sucks to use because of their hot rod developer workstations. They still dog food at Microsoft don’t they?
Failing to test on lower-end hardware or refusing to optimize is not the result of giving devs good computers, it's management that doesn't care. Doesn't care to test on lower end, doesn't care about how much ram/cpu, doesn't care how laggy it is. Even if a developer wanted to do this work good luck getting management to sign off on it, I've seen this happen myself more times than I can count.
Ha ha ha, no, probably not. A relatively recent post from an alleged ex-Microsoft employee said that all the designers use Macs, which might be the reason Windows keeps getting worse.
Part of this is that IT is viewed as a cost center (well, because it is), and often "owns" the expense of issuing laptops. IT's objective is to ship you a laptop that will adequately run the software you need to perform your job duties. How efficiently you perform them becomes a problem for you and your manager.
I understand the basic reasons why but anyone who actually examines this has to come to the conclusion that it's a good idea to issue sub-par tech is penny wise and pound foolish. Heck, for developer satisfaction alone I think it's good idea to upgrade them yearly or every 2 years at most. Cycle those machines through your org or resell them. The depreciation lost in resale is tiny compared to increased efficiency and how happy your devs are.
In this case we aren't even talking about developers who are struggling with slow computers: Even generic office workers struggle with slow machines and it impacts their productivity.
I'm not defending the practice and I am firmly in the "High performance orgs require people to have the best tools you can reasonably buy"
Sometimes companies spend extra to slow their employees down. We hired a dev team to develop a custom dev environment that takes twenty minutes to stand up. Our old off the shelf tech took about thirty seconds but lacked all the buzzwords of today.
VMs and plain Docker containers are for suckers apparently. We went from one not like prod environment to another, but at least this one costs us a few millions in salary per year to create. Someone is getting a promotion, right?
I agree with you (and that’s basically what we do), but there’s a valid point of view that if you’re developing on machines 4-8x faster than your users, that you might not notice and fix small performance issues because your computer takes them under the threshold of perception. (That doesn’t mean your devs should suffer all the time on their daily driver, but it is a concern that should have some process to address.)
Haha, I knew that line of "maxing out dev machines" might get a response about "machines being faster than users", I'm fully in support of testing software on lower-end hardware or in VM's that are scaled to what your users might be using. That said (as you also pointed out) forcing devs to suffer because "this is what our users use" is just silly.
I had a company at one point come out with detailed justification about who gets what. Only the data analysts were allowed to get two monitors. This was actually spelled out in the policy. None of the standard laptops had high end GPUs, even those assigned to people doing CUDA ML research - they had to rely on client machines, which means remote work was cut off at the knees.
They don't buy a laptop but a seat for some amount of years. So they're guaranteed X amount of laptops for Y years.
The selling company is obviously going to min/max this contract as much as they can. You could order a bunch of laptops if you had the authority I guess, but it will not be making on to the network since that is under contract too (probably the same company)
I understand that's how they are used to operating, I just think it's stupid. I'm sure some beancounter likes everything nice, neat, and predicable but that doesn't mean it's a good idea. If your org has differing compute needs that are all subset/supersets of each other then cycle machines through your workforce (buy new and rotate down hardware to those who need less compute). If that's not possible or the number of people in each group are wildly different then suck it up as a cost of doing business and get the beancounters focused on how to write off as much of the machine as they can with depreciation.
It's because the people making the decisions about what computers everyone else should get buy themselves the best computer possible and don't feel the pain. Surely X company cant afford to get everyone the best macbook possible. That would be like a few thousand more per device per employee!!!
Often the hardware procurement, maintenance and network/account operation are outsourced to an IT contractor. They charge top dollar and provide as little as possible. They are often big multi-national firms.
Companies have been doing this for so long they’ve lost all knowledge of how modern IT is supposed to work.
The question is why are those company/government the most stable and profitable, far more than the startup that gives you 32GB RAM workstations to fresh graduates. I'm not justifying those inhumane working environments, but they seems to just work for shareholders.
Basically big orgs have more to lose than gain because they are so big. Crippling an employee's machine when you have 15 employees to reduce a risk that has a 5% chance of occurrence is a bad tradeoff. Whereas if you have 1500 employees and a risk that has a 5% chance of happening, that means by crippling the machines you have have prevented 75 incidents. Also you're only crippling the machines of a certain portion of people the secretaries, HR, and Marketing departments that just use their computers for email and facebook don't notice a problem.
In places such as Air Force, I always assume that kickbacks and other corruption are part of the culture. I'm not going to be surprised if they pay higher $$ for shittier equipment.
Why aren't aircraft made as simple to fly as cars are to drive? Why aren't regular people allowed to just get in an aircraft and start flying after a couple of hours of practice?
We see no problem in assuming that people need the lowest-common-denominator operating system in computer to suit the people instead of the people learning how to use a proper computer, though.
If something is mission critical, then it should NOT be running on Windows. And if people find it a little harder to use because it takes a little bit of learning, so be it.
"It's not as simple as that!" Bullshit. If something matters, it's worth extra energy to do it right. In reality, it's only extra energy at first. Once people learn how to use it, it's LESS energy because it works, it works the first time, and it works properly, unlike Windows.
It certainly falls into the category of "a couple hours of practice" - reading the PHAK or FAR/AIM doesn't qualify as "practice" to any reasonable person.
Yes, let's put the incompetent buffoons who thought installing McAfee on every government computer was a good idea in charge of their rolling own Linux distro. That sure would solve all of these problems.
We could have put NIST or another entity in charge of developing a federally-approved *nix distro decades ago and we'd have none of this friction today.
This would still be an awesome solution today. I hope we do this eventually. But I don't believe Windows is the problem, it's the way the DoD is trying to manage it.
It's not the hardware, it's the crap that runs on it.
You want a system which is secure and usable? Time for the DoD to commission their own OS.
"Nobody will know how to use it!" is an objection which can be overcome by training, which is a thing that the armed forces understand.
"It won't be compatible with the COTS!" is an advantage, not a disadvantage.
"It will take too long and cost too much!" means that they aren't in a good position now and lots of jobs will be created.
"Nobody wants to work on a military system!" is technically true, but run it out of NASA or the Department of Energy and develop it with an open source license (effectively a necessity, anyway). Also, it turns out that lots of people and companies will work on things when money is involved.
I am shocked that governments are not investing mega-bucks into getting a microkernel OS built that could be run on internet routers, tanks, power plants, aircraft, water treatment facilities etc. Even if microkerenel design has some impossible to overcome performance limitations, for utmost security, it would be a small price to pay knowing that hacking the OS was nearly impossible.
Your shock assumes there is leadership at the top that sees the big picture with respect to enabling technology. While not in the US, I have seen the inner workings of other nations armed forces, and there is an overwhelming urge to farm everything out to contractors - so there are going to be at least two competing microkernel designs (proprietary of course) for each the army, navy and air forces under the current leadership structures.
> Even if microkerenel design has some impossible to overcome performance limitations
It doesn't. There's no inherent hit on microkernel performance. What exists are limitations of hardware that wasn't designed for it, and a complete lack of interest on creating hardware optimized for them.
We talk craptons about "innovation" and torrents of words on "cybersecurity" yet underpin daily life on recursive kludges on 1980s operating system and software technology. It's quite Kafkaesque!
This isn't just a matter of "spending more on IT" - they likely already spend too much. It's just spending on the wrong things.
No amount of layering crap on top will overcome the rotten, slapdash foundations of systems like windows, nor the diverging motivations between MS and and their customers. Especially customers like the U.S. Government. The amount of vendor lock-in to the shitty MS ecosystem, begetting atrocities like critical data living on godforsaken Sharepoint, is profoundly saddening. It's remarkable how everyone just uses hardware that's orders of magnitude faster than 1990s computers, yet interactions are far slower.
I once tried (reluctantly) connecting my USG-issued laptop onto my fairly locked-down home network. The amount of spew it continually issued onto the network was disgusting and I just disconnected it and drove in to complete whatever mandatory update they demanded.
Instead of creating yet another goddamn "cybersecurity czar", how about we try to take what we've learned in the past 40-50 years in computer science and try to properly engineer the software foundations for the next 30 years? This is absolutely something the USG could instigate and accomplish, if the initiative was run by the right people. I know some of them!
I'd advise they start with a Linux distro. They can audit/replace components as they go to increase security over time. Even North Korea wasn't paranoid to build it's own OS[0].
COTS is useful in many circumstances, it is much quicker to field if you can reuse existing commercial software. The only advantage to being incompatible with COTS is that it would feed the defense contractor industry as they'd need replacements or compatibility layers that some contractor would happily provide for $1 billion and 3 years (with an extra $100 million/year after it's late).
OS does not matter anymore, it is a commodity. That’s why copies of any OS cost almost nothing at retail.
What matters is the configuration of the OS and the network, and most importantly the selection and configuration of applications, whether hosted or client (or both). That is where DoD should focus their resources.
Competing software ecosystems can constitute valuable economic activity. Broken Windows is, if anything, the current state of affairs: running important things on Microsoft Windows is becoming intolerable, with layers of expensive (dollars and computrons) fixes being applied. Is it economically better to start over or to keep trying to defend the indefensible?
The crux of the issue is in these four words: "lowest price technically acceptable." In the name of saving money, good intentions cause more waste in time and money.
The defense budget is over $700 billion. They should just buy or build two million Chromebooks and be done with it. Any native apps can be converted to SaaSs that run on nationally managed DoD infrastructure and everyone can do their jobs without needing to deal with this security BS.
The US army has sponsored development of games quite a lot; I remember a friend of mine who was really into America's Army, that must've been 15 years ago now.
An interesting quirk of America's Army was that the character models were always arranged such that the player character (and their team) was dressed as U.S. soldiers/ally forces, and the enemy players were always dressed as insurgents. So the player was never killing or being killed by U.S. forces from their perspective. It was a little weird to see your team of U.S. forces running around with AK-47s and shooting at insurgents carrying M16s :)
I loved the TV show Stargate SG-1 as a kid. From what I’ve heard, they had a really positive relationship with the air force and got all kinds of special privileges to film in official locations as a result.
That game was pretty fun, to play as the medic class you actually had to sit in a first aid lecture with a test afterwords. I remember the lecture actually being really entertaining and educational.
I'm not surprised. I've noticed the Air Force has partnered with a few notable esports orgs in the last few years. As a former USAF vet, I totally get it. We are hard-pressed for competent IT folks and our IT presence is only growing. Generally, it's far easier to train a new recruit in the fundamentals of IT if they spent their teenage years building PCs and playing video games compared to someone who did not.
Loving that the solution from the CIO of the air force
isn’t “we’re going to move our resources into this problem” but “we’re going to ask for more funding so we can tackle this”.
Which seems just stupid in its face, but then you realize that almost all of the budgeting is line itemed for specific capabilities.
If leadership can’t change resources around to fix such a glaring problem due to legal/budgeting rules, then I’m sorry to say they can’t win a conflict.
Pretending corruption isn’t corruption because it is signed into law is one of the great blind spots of America, one on which it will continue to lose in its foreign excursions just like every major conflict it’s been in since I’ve been alive.
Wouldn't any competent CIO of a company or government office big enough to need a CIO do the same? Which roadmapped strategic projects are going to get chopped so that this new project can start immediately?
What's the point of all the roadmapped projects if all of them will have 1hr+ startup times? Is the enemy going to wait for squadron commanders to log into Outlook before firing artillery?
All of the strategic projects should get chopped until this one is addressed. What is the point of managing IT infrastructure if none of it works.
I'm not so familiar with the military but wouldn't it be up to brass like generals or strategic command to decide if the IT infra upgrades are a threat to combat readiness, and prioritize it accordingly?
They can give the CIO budget to do this, but the CIO can't unilaterally decide to do it.
It is up to them, but it's the CIO's job to advocate for his employees and convince them to do it. You hire a CIO to be able to advise you on decisions such as this. The CIO isn't expected to be down in the trenches resetting Active Directory accounts or applying group policies, of course.
The military has the most interesting issues with tech. My brother asked me for help getting to a website to work at one point.
If I recall correctly there was a slew of issues, for one, the certificate on their Exchange server was expired, but more frustratingly, the site he needed to access seemed to use some sort of TLS version or feature that didn’t work in IE. That’d be fine and all, as they worked in other browsers, but what didn’t work in other browsers was the entire interface implemented as a Java Applet.
Just last year I was working on a defense project that is still in development that uses a Java Applet as the front end. If this is an on-Friday somebody is probably working on it right now.
"I am not a fish" - Policy is set by people who are not affected by that policy (or affected to a much lesser degree). https://youtu.be/aNDiHSHYI_c?t=796
Hackers - is there a good way to diagnose or fix this without a USAF comm admin account? Ie find out specifically what services are doing it?
Some context:
- It takes 20-30 minutes to go from login to having excel or outlook up
- Opening a program like Outlook, Chrome etc takes on the order of minutes once booted up/settled
- Regular problems regarding permissions, popups that take minutes to close, licenses for things like Adobe etc
- If you call comm, they blame it on Sq leadership not buying faster computers
- Substantial latency on every action
- Each computer is often shared by a rotation of ~30 people, which may contribute to the issue
- I harbor suspicions DoD comm leadership has been compromised by a foreign power
I've worked around our scheduling and training software being useful by deploying a webapp used in an unofficial context. The AF dumped an updated to the official software recently that made it go from bad to unusable, and now I get new account requests every week.
One approach - not ideal: Non-DoD computers on squadron Wi-Fi. Can't connect to network drives etc, but is a lifesaver for one off mission planning products. Or get whatever queep you can at home before coming in.
I'm astounded that the military uses Windows at all. It would seem a no-brainer to make everyone use a better protected OS. Which *nix is a fine starting inquiry.
The "vendorization" of government and government contracting is astounding. I interned for a government contractor back in college and it was floored by some of the decisions being made.
Basically we were not allowed to use any free/open source software. The reason is that we couldn't "purchase a support contract" for the thing we were using. Not that we would actually try and buy support, company just wanted the capability of getting support.
This drove down to the trivial. I remember we needed a calendar to display a team meetings. There was a kick ass open source calendar that did everything we needed it to. Well we couldn't get it approved because there was no "provided support", I pleaded with them that it's a fucking calendar widget and we don't need support, the response was always "well what if someone has to support this in the future", like lady this isn't some super complicated financial system, it's a fucking calendar.
This example repeats itself throughout the industry. The US Govt has the capability to build their own OS, their own security and tech, but they instead choose to engage with a million different vendors to get their job done. It's like a SaaS startup that gets a bunch of subscriptions to software they may or may not use, just on a much larger and grander scale.
Sure. It's almost as if we live in some kind of dystopian alternative universe where the trillion dollar defense budget is actually just a giant trough for businesses big enough to bribe (sorry, "lobby") government stooges into giving them a cut. I guess in that world, we'd have a lot of PR about having the #1 military, and yet we'd consistently fail at every long term military goal, up to and including basic protection of our allies and meeting promised mutual defense statements. Sure we could invade the odd tropical island and depose a warlord, maybe trade some class A drugs, but actually defending an ally? Oof. It'd be a world where we are, in fact, powerless. The kind of world where we'd say "Russia would be stupid to actually cut off gas to Europe as Europe would have to find another source and then Russia would have no leverage nor market." while at the same time cutting off chip IP to China, who, er, presumably won't develop their own chip IP, and won't become the #1 chip super power, because that's not what the President wants to happen and if it does he'll throw a tantrum and make a pee pee? In that world, the USA is over. The only option the US has for relevance in that world is to go to war with Russia, and bomb that pipeline to Europe while they're at it, just to get Germany off the teat. But it can't. Because "world's #1 military" is just PR.
> Knausenberger said the ACC team would “streamline [existing programs] into one endpoint solution that meets our security, operations, and UX needs.”
I've read sci-fi books that are more realistic than this. Only the wildest cyber-crime novels portray the military network systems and administration ops as competent. When watching "Alias" a long time ago, I had to laugh every time I saw an instantly responding laptop from sleep that basically took 1 second to show a login screen (of course they used Linux so it is actually possible, especially if they picked laptops with good compatibility).
And in light of Spectre/Meltdown and the complete hardware and software security circus that we've been witnessing for years (a new CVE in a popular software on a regular basis, anyone?), I also have my doubts that the military control their physical computer supply chain that well and from "trusted" vendors, but who knows. They love doing it, so that part maybe they got right. Doesn't change the fact that they have thousands of machines that are potentially back-doored on the hardware level, even below ring zero.
--
Needless to say I completely agree with the article. Like 1h to just log-in, WTF?! And another 20 minutes to just send an email?!
I have a laptop with a Celeron J4155 CPU and 12GB RAM and a SATA III SSD that starts Manjaro + XFCE in 10-12 seconds. A browser and mail client are fully started and ready to use another 10-15 seconds later. The machine doesn't lag on any of the casual tasks that I do on it, unless I play a 4K YouTube video.
It costed me exactly $170 on the second-hand market, and has a very acceptable 3000x2000 display as well. Maybe the military should look into those laptops.
> Knausenberger said the ACC team would “streamline [existing programs] into one endpoint solution that meets our security, operations, and UX needs.”
Sounds like they're going to get the F-35 of antivirus software. Having multiple programs might not be the problem, but consolidating to just one is an easy sell for a lucrative non-solution.
Security should be practiced in depth. Having only one program that hackers / crackers can write uber-specialized scripts to target seems like an awful idea.
I mean, what if they just bought their people budget laptops with 8-12GB RAM and an SSD, lol. Will be much cheaper over a course of 3-5 years.
Or have good network ops and not allow viruses inside in the first place. A lot of corps have super paranoid (and actually good) teams doing that.
I think there's an intersection between the number of common running processes, the 2 core/4 thread of the common business class Dell, and the additional abstraction layers that applications bring with them these days.
I just turned in a 7400 Latitude...the motherboard on it is dated 2018, it was out of production 6 months before it was given to me as a new machine...that was to last 4-5 years. it was out of date on day one and we kept getting them due to lifecycle hardware contracts.
Running Teams, Outlook, and a few Chrome tabs was enough to leave the poor mobile i7 running at 100% all day long. I'm certain it resulted in an enterprise cost increase in repair costs due to thermal damage...fans...dust...
The exact same system with a fresh Ubuntu install would be quiet and quick...but the layers of policy, software, and workloads keep pushing for more of everything....what Moore gives, Microsoft taketh away...
Yeah, that sounds like a great idea in theory. In practice, this is horrible. You need to get people to bring in their laptops, wait until the HDD is switched for an SSD and then leave with a laptop that isn't new, but behaves as new. Then you need to switch laptops again in a year or two, because the rest of the hardware is now written off.
The cost of a new laptop is negligible in the grand scheme (~3m employees, 1k per laptop = 3B on a 700B budget) and saves them from a logistical nightmare.
Replacing all the HDDs bij SSD is a perfect example of being 'penny wise but pound foolish'.
> “USAF says we need top talent cyber warriors,” he continued, enumerating the many barriers to competing with the private sector for such individuals. “Let’s say we successfully do that, and let’s assume we can cut through the bureaucracy/policy and assign them meaningful work that keeps them engaged and allows them the autonomy to move fast. The hardware alone will cause them to leave.”
I'd imagine the kind of people who get Linux running on a toaster would be up for getting an Outlook-compatible email client running on a toaster-equivalent PC.
I'd also imagine the kind of people who get Linux running on a toaster aren't super interested in hardcore top-down power structures and shouty bosses.
> She said a service culture of stoically persevering in the face of impossible odds didn’t do anyone any favors. “If we suffer in silence it doesn’t get fixed,” she said.
And that's the point where IT should go, run a filter in the inventory list for all models < 2018 and have local IT service desks replace them. If you know your users are of the type to not cause any trouble with IT due to culture, you go the other way around to bypass that culture.
I wish it was that easy as she stated. You cant just tell Comm to get you a new laptop. They will laugh in your face, unless you are like her a high ranking officer. Typically Comm will hold their budget close to the chest and buying only big project items until the fiscal year is up and then they buy a bunch of crap laptops to complete their budget or a bunch of gamer chairs, or fancy desks, some of which just sit in storage and waste away. As a typical enlisted airman though you will never get a brand new laptop ordered, even for a mission critical device, unless a high ranking officer is involved.
> Currently the service uses both McAfee and Tanium software packages to scan and protect service-issued endpoints like laptops
In my experience McAfee alone will do exactly what this thread describes. But you then combine it with another security solution, and you end in on contention hell.
They can even scan one another during scans of underlying files/processes unless they're both correctly excluded from one another.
This is a windows issue. I have had a lot of public sector clients, and rules have prevented me from doing a forensic analysis on the machines they provision, either MSFT's products are so egregious and unusable that we just pretend to use them, or the more plausible idea that corporate IT groups are using enterprise laptop fleets to run bitcoin mining.
Apparently an enemy just needs to time an attack to happen at 0800 local for whatever regional command is in charge to get an hour or so before HQ can do anything about it :/
Government IT expenditures are insane. At work I have an i7 and 32GB of RAM with a spinning hard disk chaining the whole workstation to the ground. Booting up, logging in, and launching a browser takes over fifteen minutes at my last count, most of which is waiting for it to become responsive again after launching Edge.
Frankly I'd love an explanation as to why Windows 7 works just fine on a hard drive but Windows 10 staggers around like it's been shot.
> Frankly I'd love an explanation as to why Windows 7 works just fine on a hard drive but Windows 10 staggers around like it's been shot.
Windows 7 had an independent QA team, and Windows 10 did not. I'd guess that some Microsoft developers and testers for 7 had SSDs, but most had spinning disks; but during the 10 development, most developers were using SSDs and neglected to test with spinning hard drives.
It's terrible, and doesn't make sense. When 7 booted, especially if you didn't have a lot of ram, it would thrash the hard drive for a while, but once the update service and windows defender got fully started and calmed down, you'd be good to go. From what I can tell, Windows 10 never stops thrashing the drive, and whatever it's up to ruins performance for anything else you want to do with the drive.
I really need to look into whether there's an ecosystem of customized Win7 builds with ongoing user-created security patches. I'm so weary of hating my operating system.
> Knausenberger called this “a cultural issue … We need people to call the help desk to complain and order a new laptop when it breaks.” She said a service culture of stoically persevering in the face of impossible odds didn’t do anyone any favors. “If we suffer in silence it doesn’t get fixed,” she said.
Apparently all you need to do is call IT and get a new computer! I wonder why none of these service men and women thought of that?
I worked as a helpdesk tech in the USAF years ago. The policy on who gets a new computer if they ask generally comes down to fitting into one of the following criteria:
1. How fucked is the PC? Do we have the skills/time to fix it?
2. Is the person an officer or important civilian? Are they in a leadership role?
If a low-ranking airman had a slow laptop, we'd give them advice and tips to speed up the PC and send them on their way unless it was a chronic issue. If it was a high-ranking officer who had a slight performance degradation, we'd replace the PC that day. These weren't codified rules, it was just the culture of our organization and the military in general.
Federal government needs to do something about the technical debt of their lifers. Many federal IT departments simply lie low and hope that their project/department gets folded into something bigger with a team who actually knows modern tech.
The problem is they all are in the same boat and there is no actual "wonder team" that could ever possibly save them.
What I like is many people in this thread summing op exactly which products their companies have installed on their laptops.
It's becoming more and more difficult to write an initial access file for every single EDR and anti-virus combination out there. But if you know what you're working towards it's a breeze :)
“It has been the absolute most frustrating thing in the world since the [Department of the Air Force] … made OWA crazy locked down,” said Oliver Parsons, chief of esports and virtual fitness for the Department of the Air Force
The above made me stop and ask "The Air Force has an esports group??"
Sort of how coaches and educational staff will get a nice vacation to let the Army recruiters come in and try to convince a teenager to donate thier life to the military.
At every agency I've worked at, people were given sub-par machines. The joke was, "We bill by the hour, don't we?"
McCann, AKQA, Digitas... was always standard to give people 5+ year-old laptops, often without even wiping them between staff members. We had one new hire, a junior UX designer, try and screen share with a client only to realize all of the bookmarks were packed with porn sites.
I remember in 2018 getting an 11" MacBook Air with 2 GB of RAM on it... as the team lead for a $25M project. Just a total joke. It was on par with what the devs were given. "Be happy they gave you a Mac!"
Meanwhile, 50% of the CPU was taken up with some BS security scanning program IT installed that require you be on the company VPN, and junky VPN software that hadn't been updated in 5+ years and only supported like 15 people trying to use it across the whole company... and it seldom worked from clients' offices... the moment I got on-site, my laptop was nothing more than a paperweight. And even if I could log in, all my bandwidth and CPU would be spent trying to backup the computer.
And... when I fought for better machines for my staff, at AKQA I was told by the MD, "Just drop it, we aren't going to spend any more money on hardware. You're being obnoxious and there's no benefit." Meanwhile my team was bringing their own external keyboards, mice, and monitors (and dongles) because the company wouldn't supply them. Ever try and design for 4k screens on a 11" MacBook Air with 2 GB of RAM? Ha. Most everyone just resorted to bringing personal equipment when they had to go on-site. It was too painful to use the company-issued junk.
It's a lack of understanding. Some bean counter who only uses his computer for checking Facebook all day assumes that nobody else does anything else, so 2 GB of RAM seems like enough. Meanwhile, the IT guys -- who aren't ever client facing and seldom needed the powerful machines -- all got top of the line equipment. "They're IT, they need it..." Um... wait what? At a time when I couldn't get my designers even 1 4k monitor, the IT guys were all rocking dual Apple Cinema Displays. Yay agencies!
Anyway look, it's all maddening. Make sure it's easy for anyone to put in for the tools they need to do the job well. Give everyone a new computer ever 3 years, keep staff happy and productive. Give the old ones to charity, get a tax write-off. Seems like that would work fine.
I'm sure the spinning disks are encrypted by some 3rd party software as well. When my old job did that my laptop's bootup time suddenly went up to 30 minutes.
You cannot fix problems on this scale with moderation or half-measures. You must smash the system and restart.
Get rid of Windows, reset the entire chain by moving to Chromebooks. Schools have proven this truth: the only way to deploy to large numbers of transient and unsophisticated users is to go thin-client. That will force the DOD to build scalable networked services. Most of the time, using off-the-shelf services is fine. If DOD can be in AWS then they can also be in GSuite.
Everyone will have excuses why everything in .mil needs to be custom or done to some twisted set of DOD requirements, or why Windows is essential. That's fine, the problems will never go away
It would not surprise me to learn that NKorea with its in-house linux is able to run IT better than DOD.
Alternatively. The USAF are a bargain for a more stable world with less regional conflicts. While the Middle East is a disaster, and there are many easy to point out missteps on its record that truly are awful and horrific.
It's also currently the world's pre-eminent power in a history dominated by strong militaries and during its tenure as such the world has unequivocally been more stable and peaceful than it's ever been statistically.
The access to free trade over more porous borders has lifted billions of people out of poverty. Europe hasn't been this peaceful ever as far as I can tell. Every major democracy in the world exists under America's umbrella.
Certainly it's not all roses, Iraq was probably just a decade of war crimes, but we can see what happens as soon as we leave places like Afghanistan (wasn't perfect, but was certainly a lot better a year ago than today), Syria (Kurds abandoned have to re-align with Russia, Turkish troops move in), Philippines (never even left after Duterte quickly reconsidered given China's encroachments in the S China Sea).
Pulling the US military into a more isolationist or more equal to others stance would almost certainly result in more regional conflicts around the world as the stakes go from "hey we definitely won't win this thing" to "hey, we've got a fighting shot here".
I think that's a very rosy view of US intervention. In particular, the US has helped overthrow numerous democratic governments because they were not ideologically aligned with the kind of free trade maximalism the US favours. Indonesia and Chile are particularly notable examples here.
It's unclear if US actions have created a more stable world, but they have certainly created one more aligned with the US ideologically, often at the cost of lives, local economies, and continued instability.
Edit: Also, RE Afghanistan. Forget a year ago, the argument could be made that it would have been better off if the US had never invaded in the first place.
Yea, I generally am a bigger fan of what the US does just by being there than I am of our actual interventions in places which can frequently be seen as short sighted, bloody, and against our own principles at times.
But from a world composed of far more people that those in Chile, Indonesia, Iran, Iraq, and South America. I think we've done a decent job overall from a historical perspective of promoting a fairly stable world during Pax Americana. With quite a few missteps along the way.
My point isn't that it's perfect, my point is that... all things considered, for a really large amount of the world's population, things aren't _that bad_ given historical context.
Sure, the child laboring to make phones in China isn't going to wax poetic about the wonders of Pax Americana. But my point is more... child labor was only more frequent in histories past.
Sure the murdered wedding goers in Afghanistan won't be happy about the state of affairs but civilians dying erroneously during combat operations has been a near constant in world history and at this point you're less likely to die in that manner than ever before.
You could argue that it's a result of larger populations but I'm not certain about that given Kazakhstan; Syria; China in Xianjiang, Hong Kong, the S China Sea, and Taiwan; Russia in Georgia, Crimea, and the rest of Ukraine; Myanmar; basically the entire Middle East.
It's easy to talk about how bad the USAF is, they've done a lot of bad shit over the years, my impression is it's still better than the alternative.
In a vacuum, someone will step in, and that someone as of now is China and/or Russia.
The US is certainly no saint, but I think someone(s)? have said that considering the alternatives *, you could do a lot worse.
* Realistic alternatives that is. I too would love to see us achieve world peace and ditch all weapons. But that's probably never going to happen as long as humans are not extinct.
You would hope so, but they report to the director of national intelligence (a member of the president's cabinet) and are not a subdivision of the DOD. They infamously have their own budget, funded by their own means, and have somewhat of a rivalry with other parts of the government. The Department of National intelligence is the DOD's version of the CIA.
I would support a more pro-active humanistic military, but many humanitarian causes have been left to the United Nations. The US knows its legitimacy (as well as political support) will come into question in those scenarios. How about we strengthen UN instead?
I'm certainly very pro working cooperatively with other Democratic nations to secure a more just and peaceful future less dominated by a singe nation state.
The problem is, alliances fray (Turkey, Belarus, Britain, the United States... we've all had our issues with current alliances and treaties in recent history alone). And that gets problematic and very hairy.
The other issue is, a single state dominance is prone to being coopted by less than benign actors and we've certainly seen that in the US I believe, especially given our invasion of Iraq.
So there's no cure alls on these things unfortunately. As a general practice I believe brining more members under our umbrella and strengthening the organizations like NATO and the UN which can act as a cooperative unit and not as a unilateral actor is a positive.
While I agree that we over-fund out military, probably by an order of magnitude, I still want our military to be functional. And that requires good IT. The two goals should not be mutually exclusive.
IT departments in large organizations often see their users as adversaries rather than customers. The department's goal isn't to enable productivity but to prevent computing. This is probably WAI.
Try getting an unprivileged Python REPL to run on a “managed” computer. (Yet you can probably make arbitrary kernel32.dll calls from an Excel spreadsheet.)
It’s however also the way that the US funds private sector development. They can’t as directly fund and direct private corporations as that would be “communism”, so they pump money into the military such that it provides corporate welfare and spurs private sector innovation and economy diffusely. It’s inefficient by design this way.
Quite a different tone. He seems desperate, but he's not self centered.
[0]: https://www.linkedin.com/posts/michaeljkanaan_technology-fut...