| Subscribe | News Headlines | Technical Headlines | Planning Features | Advanced Search |

Worst Practices

January 2001

Slipped Disks

By Scott Hirsh

Do you ever find yourself using the expression “It goes without saying”? I know I do, only to find that, well, certain situations do require an explanation. Never assume, and what is obvious to you may be no such thing to others. Because ignorance, or well-intentioned but misguided actions, are major components of worst practices, I thought it useful to discuss two related topics that have gone without saying.

Scrub Those Disks

When a system is being traded in, or perhaps even discarded, it is imperative that all data residing on any associated disk drives be permanently and irretrievably removed. We’re all technical enough to know that a simple “PURGE” command doesn’t really erase the data from the drives. Anyone knowledgeable enough about disk drives and MPE could un-PURGE your files and read their contents. Therefore, as a security measure, make sure that files are truly deleted (reformat, overwrite with binary zeros, or use any other favorite method).

Of course, I’m assuming that you bother to delete files at all. In discussions with remarketed equipment vendors I have heard about drives where the previous owner didn’t even bother to purge files. Fortunately, these vendors have better things to do than browse through somebody else’s accounting data. And in the process of testing, these drives are reformatted and overwritten. But I wonder if company officers would be thrilled to know that sensitive data went out the door intact. Rule of thumb: If you would shred it in hardcopy, you should shred it electronically.

License to Get Killed

When explaining technical subjects to non-technical individuals, I strive for illuminating, non-technical metaphors. Consider this one: You purchase a used car. Upon opening the glove compartment you find a credit card that is not in your name. Do you consider this credit card “yours” because you found it inside your new car?

Of course not. Why? Because the card belongs to the person, not the vehicle. The same might be true if that car had an extended warranty. In a similar vein, my last house developed a leaky roof. I noticed in the paperwork provided by the previous owner that the roof was still under warranty. Guess what? The warranty was void because it was associated with the previous owner and not the house.

Believe it or not, the same concept holds true for software residing on your systems. Should you trade in a system (or otherwise transfer it to another party) and neglect to scrub the disks, the lucky new owner is not entitled to use that software. In fact, if you replace your current system (System A) with a newer box (System B) and correspondingly upgrade your software licenses onto System B, you are not entitled to continue running that software on System A (assuming you decide to keep System A for some other purpose like development).

Why is this so? Because when you license software — and that’s what you’re doing, as opposed to “owning” it — you contract to run a specific copy on a particular system tier. (Technically, even if you upgrade within the same tier you should alert the vendor. Usually, the software checks the HPSUSAN so you don’t have a choice.) If you upgrade System A, then transfer/upgrade the software to System B, you are still licensing one copy for a specific system. If you keep System A and don’t remove the software (now licensed on System B), then by continuing to run that same software on System A you are stealing the use of one software license.

I thought everyone knew that, but apparently not. I have heard recently from vendors who tell me of customers “inheriting” software on their systems and thinking they have a legal right to use it — because it “came” with the system. Heck, you can’t even do that with MPE! In fact, even if a company decides to retire several boxes and their associated software, you’re still not entitled to run that software even though there is no net increase in vendor licenses. You, my friend, must think of any newly owned system as a blank slate. Even if the previous owner left the software on the disks, it’s not yours until you purchase your own license. Get over it.

Before this issue is put to rest, it’s worth mentioning that sometimes — not in your case of course, nor that of anyone we know — this misconception is not exactly based on ignorance. There are lots of ways we rationalize doing something we know is wrong, and I have seen my share of rationalizing. “Tiered pricing is a rip off,” “we’ll only use it until we get the money in the budget to pay for the upgrade,” “we’re already paying them plenty for the other licenses,” etc. Let’s just say that any company that runs its business on pirated software is doing itself a disservice. And once discovered — say, when placing a support call — you will discover the joys of paying back support, if you’re lucky enough not to be prosecuted.

Keep It Clean

In summary, a bad practice is to transfer ownership of a system without wiping the disks electronically clean. If you don’t do that, shame on you.

A worse practice is to use software that was left on a system you have acquired. (By the way, it’s also unethical to view any data that may have been left behind by a sloppy System Manager.) The only way you are entitled to run software is by licensing it to your company for that particular system. Any other use constitutes fraud. Shame on me.

It should go without saying, but to “reinforce what you already know…”

Scott Hirsh (scott@acellc.com) former chairman of the SYSMAN Special Interest Group, is a partner at Precision Systems Group (www.precisionsg.com, 510.435.4529), an authorized HP Channel Partner which consults on HP OpenView, Maestro, Sys*Admiral and other general HP 3000 and HP 9000 automation and administration practices.

 

Copyright The 3000 NewsWire. All rights reserved.