So what really Grinds My Gears...
...Solutions to problems created by solutions to problems.
I think the IT industry is particularly bad for that, that's why I don't particularly rate anti-virus, and I'm also not keen on the trend for more and more anti-X technology. We are continuing on a dangerous exercise of creating markets for solutions to problems created by other markets we created to solve other problems, thereby the new markers have no real value add. For an industry, this is bizarre, and its costing our customers money.
We created an operating system with TCP/IP, then a whole generation of applications grew up in the pre-internet war days that were badly designed and could be exploited remotely, so we created firewalls to block TCP/IP ports, and also work-around the fact that TCP/IP was never designed to be used as much as it has, with technologies like NAT. So we invented the firewall which solves a problem in another technology, but then we need to manage this firewall, so suddenly there was a market for centralised firewall management and reporting. But hang on, because of the design of the operating system and application ecosystem we have no controls in place to prevent malicious code from running, firewall or not, so we should write an application that keeps a database of malicious code and prevents it from running (and hey preso, anti-virus was born). NAT is another technology that really shouldn't exist, its solving the problem of limited address space in TCP/IP and has no inherent value in itself, infact it reduces the services available to organisations that use it.
Then the information worker generation came about, and suddenly people had computers at home, and so they wanted to be able to work from home.
We created VPNs, which are a sledge hammer approach to a problem. Sure they allow two networks to be interconnected, but why do the networks need to be interconncted? what services require interconnections? what exactly do the services need to do that requires interconnection? and why can't this be accomplished by re-architecting the services to achieve the desired result directly? Turns out VPN was one sledge hammer too far and a market was suddenly born for VPNless remote connectivity solutions, typically wrapped up in HTTP or HTTPS because all firewalls allow port 80/HTTP, so its easier to adopt (without being any safer than if it used any other port - but that's another issue entirely). So now we have RPC-over-HTTP, thats great, but why don't we just have a new RPC mechanism that can be natively used to transverse the internet? Because if its internet-ready it will have no problem working in a LAN environment.
People will rightly argue that we can't just break everything, ruin our customer's investments and require them to retrain and redevelop thousands of systems, but havevn't we been down this route before so many times?
Someone has to have the proverbial to stand up and say "Betamax is better than VHS". Look what happened with RISC vs CISC, the Intel x86 architecture was born out of a 70's chip for calculators, it has grown (been dragged, kicking and screaming) up and up, 16-bit, then 32-bit, then 32-bit protected mode, now 64-bit, not to mention all the additional extensions that have been bolted on to compensate for the terrible x87 floating point architecture - MMX, SSE, 3DNow!, SSE2, 3DNow! Professional, SSE3, SSE4. As an industry, if we had changed architectures much earlier on - we'd have far more powerful and energy efficient computers today.
Then again, look at "blue sky" projects like Intel Itanium, which was designed to be the uber-architecture of the future. Turns out, it was too ambitious, too much design-by-commitee and will now probably not be realised for a long time (if ever) in any significant way in the marketplace. Passport is another good example, it was the first step in solving some of the fundamental problems of our industry- identity management, which could have been a powerful first step toward solving spam and breaking down security boundries. Security boundries that require VPNs and private LANs. Unified Storage (WinFS anyone?) is another good example.
It seems to me some good ideas are far and few between and too many are falling by the wayside as people produce similar technology that appears to do the same thing on the surface but is really just a modern wrapper for ancient technology.
As an industry, we are good at listening to our customers but not always so great at communicating with them. A typical arguement against change is "protecting customers investment" or "breaking application compatibility", sure those things may happen, but perhaps we should have a broader conversation with the customer about what the changes will mean for the future of computing.
Are we driven to short-sighted solutions by our customers own short-term objectives? Afterall the shelf life of an IT manager or CIO is getting shorter and shorter, they only need to deliver short term results to get their next promotion. Do we need to take a small step back to not only help our customers of today, but our customers of tomorrow and the industry as a whole?
Also, does a bigger trend toward open-standards and interoperability compromise our ability to drive innovation? Do we risk standardising prematurely on a batch of technologies that is a set of compromises, extentions and fixes to fundamentally broken technology. Will this stifle innovation?
Technologies that have found themselves out of their depth are being wrapped up in newer ones, and each time, the stack of cards we are building is getting more and more complex, unwieldy and expensive to manage.
Customers are not challenging us enough, they take for granted that if they deploy an operating system, they'll need a firewall, anti-virus and anti-malware. If they deploy a network they'll need NAT, if they use e-mail they'll need anti-spam. As an industry we should be working together on architectures that solve these problems from the ground-up.
Ok, so I'm being a bit pessimistic I admit. As an industry we do have long term solutions to problems, using the TCP/IP example, we have IPv6 which can rid us of NAT (but will it ever be adopted?). We have web services which in theory can supercede RPC/RMI technologies, and operate across the internet and LANs. private LANs are an interesting concept in themselves, they are another quick-fix to a bigger problem - management, performance and security segmentation.
Somewhere along the line we've lost sight of the big picture. We must rededicate our efforts from quick-fixes to long term solutions. And be brave enough to challenge ourselves to fix the root of the problem rather than add another layer of cards to an already shaky house.