Your shout! On legal compliance for Linux and Unix users

Have your say at


Have your say at





On legal compliance for Linux and Unix users

In response to Neil Chaney, who said that IT directors must prepare their Linux and Unix systems for the Sarbanes-Oxley Act (Computer Weekly, 6 July)

Neil Chaney must be living in the Unix dark ages if he thinks administrators can change data without being audited and there is no central user management.

File system access control lists have been around for ages (although I must admit that the default Linux file system cannot handle them), and so have capabilities, although again these are just now being integrated into the official kernel.

Does anybody remember that when Microsoft launched Windows 2000 it put a machine on the net and challenged people to hack it? At the same time and as a direct result of the Microsoft challenge, a Linux company put a Linux box on the net and challenged people to hack that.

All you had to do was find a file and e-mail its contents (a plain-text message) plus how you found it to the company and you would win the box. Among the hints given to hackers to make their work easier was the root or administrator password. The box was never claimed.

And as for "Unix administration being more complex than Windows, which uses Active Directory", it is clear that Chaney does not know the history behind Active Directory. It was copied from Unix, even down to using pretty much the same protocol to synchronise databases on different servers, namely LDap.

Anthony Youngman, Analyst programmer

On the scale of the national police database

In response to Bill Goodwin's article about the challenges faced by the Police IT Organisation in integrating legacy intelligence databases (Computer Weekly, 6 July)

It should come as some concern that Pito claimed the Scottish Intelligence Database could not easily interface with legacy intelligence databases used by many UK forces.

It is almost always possible to integrate legacy systems and mainframes, as demonstrated by the fact that many local authorities have done this to meet e-government targets. There are more than 400 councils and only 43 police forces, so it is not such an onerous task.

As the Bichard Report pointed out, "A national IT system for England and Wales should be introduced as a matter of urgency." But the government is already saying that police forces will have to wait until at least 2007.

The solution is simple: integration software could be implemented quickly and cheaply to join up the disparate legacy intelligence databases. If the technology offers true integration, it should be able to cope with any type or number of systems. This would make it possible for Pito to build a new database around the existing systems and ditch any redundant applications as it goes along.

The Home Office said it was developing an interim solution called PLX, but it fills me with dread that they are proposing to spend millions of pounds on a temporary fix.

When talking about these kinds of figures, only huge IT companies need apply, and they are just too large and lumbering to react to the needs of the various forces. In other words, any solution the Home Office opts for will not answer the need for urgency and will end up costing far more than necessary.

Iain Pickering, director, Network Designers

On support for RFID across the IT industry

In response to Mark Vernon's article, which said that standards must be agreed on before radio frequency identification tags will be a success (Computer Weekly, 29 June)

As the UK arm of supply chain standards body EPCglobal, we would like to fully endorse Mark Vernon's article that interoperable standards are essential for RFID's development, both at this crucial stage and in the future. The technology is here to stay and all parties in the supply chain must prepare for it.

Major retailers and manufacturers are already using existing EPCglobal specifications to run pilots to prove the technology and test the business case with an expectation of full roll-out in early 2005.

The industry must club together to help RFID evolve smoothly and, as the body overseeing deployment in this country, we encourage our members to share information and make the most of this exciting technology.

David Weatherby, EPCglobal project manager, e.centre

Size matters in public sector IT projects

Your campaign for improving the success of government IT projects (Computer Weekly, 6 July and 13 July) is firing at the wrong targets.

There are two simple explanations why IT projects in the public sector have a worse record of success than the private sector. First, they are bigger. For many years, study after study has shown that large IT projects have a greater likelihood of failure than smaller IT projects.

If you did a like-for-like comparison between the public and private sector on projects of a similar size, I suspect you would find a similar failure rate. I have heard about many huge project failures in the private sector.

The main problem in the public sector is simply that there is a habit of starving an IT group of funds until it gets to such a state of decay they have to rip it up and start again from scratch.

The second explanation is that these so-called "good practices" often enforce excessive BDUF (big design up front). BDUF has been heavily criticised by development methodology experts for 10, maybe 20 years. Because requirements gathering comes around only once every 10 years, every detailed requirement that can be imagined gets thrown in; thus you have gold-plated requirements.

As it is impossible for most people to envisage a working IT application before it is delivered, requirements are often stupid, unnecessary or plain wrong; and thus change during the project.

The solution is not encouraging clear objectives, making senior staff responsible and making the process transparent. Micro management of IT projects in public (and by the IT consultancies that lost the original bid) is hardly conducive to productive working.

The public sector should try out agile methodology techniques, have frequent iterations and make them time- and money-bound, rather than requirements-bound. Emphasise working with end-users and de-emphasise written documentation. And above all, encourage a culture of strong feedback.

Chris Britton

Road use taxation project is bound to fail

I am amazed that in the same publication (Computer Weekly, 6 July) we have a report of "Government pledges to look at new law to stop IT failures" and another article about Customs and Excise embarking on an enormous unnecessary IT project to tax road hauliers.

The process to collect more money from haulage firms for usage of the roads is simple: increase the tax on diesel. There is no need for satellites or heavy computer systems.

It will be argued that trucks from abroad will arrive at Dover with enormous tanks full of cheaper diesel. In the past the French dipped the tanks, made a quick assessment and the truck driver was charged accordingly. Why can't we?

This scheme is plain waste. It does not have to be yet another government IT failure.

Adrian Montagu, network manager, ASB Law

Fuel crisis can be solved by home working

In response to the article "IT directors should plan for fuel crisis" (Computer Weekly, 8 June), one core aspect in planning Ovum analyst Graham Titterington failed to mention is home working.

If roads are blockaded or fuel prices continue to rise, why should companies have to fork out the additional expense of accommodating staff or paying for their travel? A simple solution would be for companies to offer a home working policy and provide remote network access.

Home working is increasing in acceptance. A recent report from the DTI revealed that 68% of 1,000 UK firms interviewed provide some form of remote access for staff.

With the growing demand in our culture for a better work/life balance and the fact that remote access to office-based systems is becoming faster and more secure, home-working will continue to gain acceptance as a reliable solution to fuel price increases.

Robert May

Provide proof of load bearing on NHS projects

Although the best part of two years behind schedule, the NHS is proceeding to implement the national electronic staff record (ESR) - a combined human resources and payroll system.

I have recently heard of trials in another industry where a good deal of effort and a large amount of processing was required to successfully demonstrate that a global system could handle 3,000 concurrent users. This was done successfully, but critically, this was a prerequisite of adoption.

I am intrigued as to whether the ESR was subject to such scrutiny, as it is commonly reported that the concurrent user count is to be 24,000. Let us imagine a scenario where instability occurs at 8,000 users. System operators would then limit connections to that ceiling and two-thirds of users would be obliged to wait for a slot to process pay and appointments.

Those of us who have grown old and grey in the NHS IT world might be forgiven for scepticism if we were to ask whether such testing was done prior to the contract being signed a year ago.

Failure to have thoroughly addressed this could lead to a repetition of the reduced service experienced by the Environment Agency as reported in your journal a few weeks ago. I for one should like to see in the public domain the scope and the results of the ESR load bearing/ peak demand tests to set my mind at rest.

Richard Hayes, manager, workforce planning, Royal Liverpool Hospital

Panorama remains an independent partner

I read with interest your Hot Skills article on Analysis Services (Computer Weekly, 6 July) and would like to correct a misleading statement. Microsoft entered the Olap business by acquiring technology and some staff from Panorama Software, not the whole company as your article suggested.

We continue to have a very good relationship with Microsoft at all levels, being a gold development partner and a member of the Partner Advisory Council.

Nigel Sinclair, EMEA marketing manager, Panorama Software

Read more on IT project management