SecMusings

A hat tip to Spaf for this one. Hillary Clinton held a town hall for State Department employees recently, where a recent transfer from one of the intelligence agencies asked why they couldn’t have Firefox, which was approved by NSA for use in the intel community.  Secretary Clinton turned to one of her aides, Patrick Kennedy, who replied that they had to look into the budgetary issues.  This drew cries of “but it’s free” from the crowd, which then got the “nothing is really free” explanation.

This explanation drew snarky hoots of derision from The Register and Gizmodo, both of whom ridicule the notion that a piece of free software could cost anything to manage.

Clearly, you don’t have to actually know anything about managing IT to write about it for these publications.  There is no such thing a “free” software, if by that you mean that the total cost of ownership is zero. Here’s what it takes to deploy Firefox to tens of thousands of desktops:

• Decide what lockdowns you need in your environment and build a local build of Firefox that implements.
• If you care about plugins, include in the lockdowns a restriction that plugins come from a local repository of approved ones.
• Package it.
• Distribute it.
• Support it.
• Rinse and repeat for each patch release.

What you can’t do in an environment where the user desktop is a managed resource is have users download and self-maintain a complex security-sensitive piece of software.  I’ve worked in organizations that decided that the costs of doing the above was worth spending.  But there was no illusion that supporting Firefox was free.  Even a “best effort” support model requires people to execute it.

One encouraging note was that lots of IT professionals gave these articles the comments they deserved.

InfoWorld reports that datacenter software vendor Mantissa has released a product that allows you to run Microsoft Windows under z/OS on a mainframe. Their product z/VOS provides a hypervisor and hardware abstraction layer for the Intel platform, so that any Intel based operating system can run underneath it.  According to Mantissa, “users will be able to create a PC in 15 seconds, have it operational in 15 minutes, and use it once or have it permanently without worrying about depreciation of hardware.”

While my initial reaction was “Why?”, that’s really the wrong question.  The question is really when it makes sense.  Mantissa claims that a single mainframe can run thousands of virtual PCs.  So as large enterprises consider moving to virtual desktops (accessed by thin clients) it becomes a question of cost effectiveness. Which is more economical, a bunch of VMware or Windows servers hosting virtual PCs or a single mainframe?  I have no gut feeling right now.  It will be interesting to see how it shakes out.