Comments on: Sigh…

By: Bryan

Bryan — Wed, 13 May 2009 16:57:53 +0000

And the need and use of these work-arounds makes it impossible to create a logical budget. Because of the replacement schedule for vehicles, we used to buy a half a car a year, i.c. at the end of a year we bought the front-half and the first day of the next year we bought the back-half. Money couldn’t be carried over for large purchases; leasing wasn’t possible; and they wouldn’t approve a jump for a car every other year. 🙄

By: Kryten42

Kryten42 — Wed, 13 May 2009 13:06:11 +0000

Oh yeah. My company back then used to sell truck loads of *spare parts* to Gov agencies. Computer and other office equipment in the 80’s and 90’s was notoriously unreliable! Always needed new parts. 😉 Curiously, they always got enough parts to build a complete system. For software, we’d just pad the price of the parts to cover the price and just give it to them. Ahhh… There are a lot of strange stories I know from that time. The World has always been totally crazy. 🙂

By: Badtux

Badtux — Wed, 13 May 2009 06:54:28 +0000

Epitomy of insanity: I worked at a computer repair shop around 1991 or so. A modem came in -- a 2400 baud modem, over five years old, from the university. "Fix it," they said. "It'd be cheaper to buy a new modem," the boss man said. "We can't do that, we have money in the repair budget, but not in the capital budget." So the boss man thought about it a few minutes, and invoiced them for a new modem circuit board, new modem case, and new modem power supply, and handed'em a brand new USR 14,400 baud modem for $95. Sad to say, that's still how government IT works :-( . Badtux´s last blog post..Hmm, he don't like Dick Cheney

By: Bryan

Bryan — Tue, 12 May 2009 22:52:33 +0000

We have brand new computers sitting a store room covered in plastic because there was money to buy the computers, but no money to fix the roof or to pay for the electricity required to run the computers. The money would have to come from three separate accounts, and only the equipment account has any money in it.

Those are the state requirements, not even considering any Federal requirements.

One year budgets, locked accounts, and no local flexibility makes for a totally screwed-up non-system. Charter schools have none of these restrictions, and people wonder why they look more efficient on paper.

By: Badtux

Badtux — Tue, 12 May 2009 22:16:48 +0000

Well, there *is* a system to analyze, but it's one whose sole intent is to make it as easy to track taxpayer money as possible to make it easier to detect anybody not politically connected who is siphoning taxpayer money into their own pockets -- not one whose intent is to make the most efficient use of taxpayer money. It's all about "accountability". It's a wonder that government systems work as well as they do, given the hurdles set up to make sure that not one sent intended to go for, say, school lunches, gets spent on infrastructure that could also benefit, say, special education. Nevermind that both are Federal money streams, god forbid that one dime of special ed money gets spent on something that might accidentally benefit the school lunch program or vice-versa. Now, granted, you have these kinds of issues in private enterprise too. But you don't have the politicians and outside special interest groups involved in that case, just the normal internal politics. In private enterprise, you could share a student database server between school lunch and special education without a problem, each department would simply get invoiced by the IT department for the IT services involved, shuffle the money in their budget, and so it goes. With government you'd end up having to do a RFC, RFB, bid, bid response, blah blah blah *plus* you're guaranteeing an audit by the Feds that'll chew up even more time and money to guarantee that not one dime of special ed money is benefiting free lunch and vice-versa, to the point where it's cheaper just to buy a second server for special education rather than to share one with school lunch (especially considering the manpower shortage that most government IT bodies have, where there's not enough to people to handle all normal responsibilities, much less any added ones like putting together bids). And all this despite the fact that the money for both comes from the exact same damned place... Like I said, I am *so* glad to no longer have any involvement in government IT. Badtux´s last blog post..Dr. Doom: We've probably averted a total collapse

By: Bryan

Bryan — Tue, 12 May 2009 20:03:13 +0000

Government entities can submit bids just like everyone else, and if someone can underbid and provide the same level of service, go for it.

Yeah, they have the same stupid segregation of funding in Florida, which makes government services more expensive. Coupled with the rules against government agencies competing for contracts, is guaranteed to increase costs.

In hurricane country I would co-locate the server farm with the emergency management center so you only have to build a single hardened structure with back-up power and satellite communications capabilities.

I keep thinking like a systems analyst when there really isn’t a system to analyze.

By: Badtux

Badtux — Tue, 12 May 2009 18:14:34 +0000

I assumed that Chopra was political payoff to somebody, put into the CTO position because it fits the stereotype of Indians as technology geeks and thus wouldn't get an eyeblink from Senators who know no better when it came comfirmation time. But I'm just cynical that way. Regarding the state server farm: But Bryan, whose budget would have financed that state server farm? Will the Federal Medicaid administrative overhead grant cover hosting costs for a shared server? I mean, c'mon. You're talking sense, but we're talking *government* here. When I was doing school automation, the attendance system wouldn't talk to the free lunch system because they were on two entirely different funding mechanisms and purchased by two entirely different departments from two entirely different venders via two entirely different bidding processes. If the IT department had a server to share between the school lunch and attendance systems under the Federal rules they would have had to bid it out as if they were a private vender, which would work only if both the attendance and lunch systems were bid out at the same time because otherwise you have IT carrying that cost and where's the funding stream for that? Take all the bureaucratic nonsense you have to go through in any large business, and scale it up a thousand times, and you might *start* to appreciate the difficulties here of what you proposed... Goverment work is just... different. I'm sure glad I'm out of that business now! Badtux´s last blog post..Grumpy about the newspaper industry

By: Bryan

Bryan — Tue, 12 May 2009 17:30:13 +0000

You are “the snarky Penguin” and everyone who has read you for any length of time would know what your intention was, as I did. I was addressing a separate issue with the administration. Diversity is good, but there are a lot of good people who have diverse backgrounds and need a job, so why select a political appointee? Don’t ask a governor, ask someone in the business for recommendations, ask a geek.

Even a software firewall would have stopped or set off all kinds of alerts at this wholesale damage. This job required administrative privileges, and even without the hardware, you can throw up a “hedge of thorns” until the permanent fortifications get built. There are well documented ways of locking down IIS, but they seem to have been waiting for someone else to do something.

This is the problem with low bid – the same groups keep winning the bids and getting contracts even though they continue to fail. The contractor names occasionally change, but the people who profit remain the same.

It would have been cheaper and faster to build a state server farm that could be secured, and have the agencies use it just like most of the world uses hosting companies.

By: Badtux

Badtux — Tue, 12 May 2009 16:51:47 +0000

I guess I was making fun of the tendency to stereotype all Indians as “technology gurus”. Of course they aren’t, any more than all Russians are drunk or all Germans are anal.

My reason for guessing that this was an infrastructure issue have to do with the sheer scale of the data loss. Web servers getting compromised is an everyday occurance, but it is rare that there’s this scale of data loss on a properly designed network. The firewall between the web server and the database server keeps data from leaving the company (the database server only being allowed to talk to a small set of internal addresses and only on specific ports with specific protocols), the web proxy between the web server and the Internet only allows web requests in and out, the IDS detects any breaches of the proxy and web server long before they can somehow figure a way to worm into the database server, and in general a properly designed infrastructure just isn’t going to be utterly and catastrophically breached like this, regardless of whether IIS patches have been applied or not, and regardless of whether the application was breached or the OS was breached.

But of course government IT is done by the lowest bidder, and I know from first-hand experience how that works — underpaid peons (because lowest bidder can’t afford to pay market rates) who have little opportunity to advance their skills (because lowest bidder can’t afford to buy the latest stuff for them to play with and overworks them to keep from having to hire more people meaning they have no time to just advance their skills), and just generally second-rate work. Add in insane agencies that don’t know what they want and keep changing their minds (most budget slips come not because of the contractor, but because the contracting agency decides “oh yeah, we need this one more feature” — hundreds and hundreds of times), and the wonder is that any government IT project actually works.

Add in the fact that Virginia was one of the first states on the Internet, and like most early government attachments to the Internet assumed it was connecting to a secure government network (only government agencies and defense contractors allowed to connect to the Internet back then, remember?) and not to a hostile network succeptible to Russo-Chinese hackers and such, and thus originally every single computer on Virginia’s network *had a public IP address*, and you start to see the magnitude of the infrastructure issues Virginia faced upon the dawn of the modern Internet era…

Badtux´s last blog post..Grumpy about the newspaper industry

By: SSG

SSG — Tue, 12 May 2009 04:33:10 +0000

I have no words.