Apr 17, 2009

LANL PurchaseIT Rollout Designed to Eliminate Laptop Usage

Wacky World News, April 15th, 2009

Los Alamos National Lab announced their new PurchaseIT program this week to employees. It will be used to strictly control all future purchases of computer related items at the lab. The PurchaseIT program has been mandated by LANS CIO, Tom Harper (formerly a manager with Bechtel) in order to be compliant with Procedure P1011 ("Killing Off Science at LANL").

According to the new purchasing policy, all IT orders will only be accepted by Designated Procurement Representatives (DPRs). LANS is in the process of hiring hundreds of new support people using additional overhead taxes to fund these newly created positions.

Under these new rules, all purchase orders will be rigidly constrained to support current lab Information Architecture (IA) standards. This means that *ALL* incoming systems will have their hard drives erased and have wireless, Bluetooth, cameras, and microphones physically removed from systems so that they are permanently disabled.

It’s expected that physically removing Wi-Fi from LANL laptops will make them completely useless for lab travel and, therefore, force LANL staff to go out and purchase their own laptops. This should result in a major cost savings to the lab's equipment budget says CIO Harper. In addition to this, LANS hopes that these strict, new laptop policies will result in even greater savings by driving many of the best scientists out of the lab.

Customers who wish to not have these features disabled can apply for an exception by filing out LANS Form 666B in triplicate and then prostrating themselves in front of the CIO while begging for mercy. It is expected that almost all requests for exception will be haughtily denied by the CIO after making the customer wait for approximately 12 months.

The PurchaseIT system will require that all of these newly crippled computer systems be purchased only from a small selection or products offered by a select group of vendors who have strong connections with LANL's "Friends and Family" plan. Prices for these crippled computers will reflect the labor required to make them utterly useless. Laptops will start out at a price of approximately $6,000 for the least crippled versions and go up to $8,000 for systems that have been both utterly crippled and then beaten up with a hammer for an extra measure of crippling.

In tandem with this new program, LANS is also contemplating a new policy that mandates only software currently offered by the lab’s Electronic Software Distribution (ESD) system will be allowed on lab computers. ESD is expected to soon reduced the number of software programs that are available down to one choice: Microsoft Office.

CIO Tom Harper says,"This is just the first phase of our new Purchase IT program. During our next phase, we hope to move even further along in the process of destroying all the remaining science at LANL by requiring removal of all keyboards and LCDs from laptop procurements and mandating that all desktop computers be allowed to only run DOS 3.3."

When LANL Director Mike Anastasio was asked by our reporter about the new PurchaseIT program he had this to say: “Don’t SLIP – Wear shoes that GRIP!”. He claimed that LANL staff would fully understand what he meant by this cryptic phrase.

In a separate news story, Bechtel, the prime "for-profit" manager of LANL, reported massive profits of $31.4 billion dollars for this last year.

Tune in next week to learn how an Etch A Sketch is substantially equivalent to a laptop (in the aggregate).

51 comments:

  1. A number of years ago, starting
    with Admiral Butthead's stand-down, LANL became a work-free safe and secure place.

    Now Rectal wants to make us work-free while we are away from the office.

    There must be a PBI involved here.

    ReplyDelete
  2. Oh Oh...time to shut down LLNL.

    "Security Down, Profits Up?"Despite a disastrous security test at Lawrence Livermore National Laboratory (LLNL) last April, one of the lead contractors who manages the Lab, Bechtel National, Inc., reported record-breaking revenues on Monday. Although information on net profits was not available, they were likely higher than ever, as Bechtel's 2008 revenue was $31.4 billion, up from $27 billion in 2007 and $20.5 billion in 2006.http://pogoblog.typepad.com/pogo/2009/04/security-down-profits-up.html

    http://www.gao.gov/new.items/d09321.pdf

    ReplyDelete
  3. That story is pretty lame. Purchase IT came down not because of LANS management, but by DOE and Federal Government purchasing requirements. I forwarded an email I got from SANS telling the story about this coming down the pike about 2 years ago! (Story was about the Bush administration changing the way IT purchasing had to be done; it had to become centralized and have blind purchases of IT equipment.) LANS really had no say in this decision. It had to be done. I also think that the LANS Purchase IT system is badly implemented, but it is better than the other systems I have seen at other locations. (29 Palms MCB is probably the worst one I have ever seen!)

    I just LOVE how there is so many people on here that are smacking down LANS management for some of these new policies, but they don't even know that much of there policies are coming as a result of Federal Regulations or new interpretations of existing policies by the regulators.

    True, things here at LANL are not as good as they were a few short years ago. I am only sticking around here at LANL so I can get vested in the retirement and then I am gone. Part of the reason I am going to leave is that I KNOW I can do better elsewhere, but a majority of the reason is because I am tired of the few up here that are now being told that they have to show a tangible product for the funding they get and they don't want to do that. They want to have it like the past where they can get funded without having to show any work. Those days are long over.

    ReplyDelete
  4. someone was bored, but i do love this article. i hope the national media picks up on it, then lans will have some 'splaining to do.

    ReplyDelete
  5. The Etch A Sketch has a bigger screen. I wonder if it will run Vista.

    ReplyDelete
  6. It took me several paragraphs to realize that this is a spoof.

    ReplyDelete
  7. "True, things here at LANL are not as good as they were a few short years ago. I am only sticking around here at LANL so I can get vested in the retirement and then I am gone."

    6:26 AM, lemme guess, you're in CAO? Maybe a Six Sigma expert? We'll certainly miss you when you leave!

    ReplyDelete
  8. It's a spoof? Sounded real to me. It's what I expect from D- students and a fourth rate company.

    ReplyDelete
  9. It took me several paragraphs to realize that this is a spoof.

    4/17/09 10:27 AM
    Believe me, if you have ever worked at LANL you would regard this as one realistic example of all the pseudo-security BS that is dumped on the employees.

    ReplyDelete
  10. My new LANS computer has a crank so that I can generate power for it without being connected to the grid. Where does the crank go?

    ReplyDelete
  11. "My new LANS computer has a crank so that I can generate power for it without being connected to the grid. Where does the crank go?"

    be careful. if it's a standalone computer, you might have someone tell you where to put the crank.

    has anyone heard about that? "standalone" computers (i.e. computers not connected to the internets) must now be justified and approved as standalone. can someone explain to me why it matters? if it's never connected to the internets, how is it a security risk?

    ReplyDelete
  12. "Believe me, if you have ever worked at LANL you would regard this as one realistic example of all the pseudo-security BS that is dumped on the employees."

    if they would have toned down the satire a bit, we all would have thought it was a new policy and it would have caused a huge uproar. aside from the "killing off science at lanl" part, form 666B was a dead give away.

    NOTE TO AUTHORS: next time, tone down the satire to make national headlines...perhaps a guess spot on the daily show. B+...congrats, you're almost best and brightest material.

    ReplyDelete
  13. Here is another example from the cybersecurity-nazis that has been implemented end of last year. Since then FNs are no longer able to connect directly to the yellow network but have to go through so-called "OCE boxes" as filter - thus are restricted to access other computers. This has been mandated by the NNSA to maintain network access to FNs at all. With the typical professionalism such directives have been implemented by IT stuff (reference to the holiday e-mail lock-down is made here), it resulted in huge network problems. Not only compute servers were no longer accessible, but simple services such as network printers were no longer available for OCE users. And to my knowledge these problems to some extend still persist as of today.

    ReplyDelete
  14. One correction to this: Tom Harper, the current CIO at LANL, came to LANL from DOE headquarters CIO office, and worked there as a contractor for Northrop Grumman Corp. He did not come from Bechtel.

    ReplyDelete
  15. "LANS really had no say in this decision. It had to be done." (6:26 AM)


    Achtung! That's my quote you stole, you little thief!

    It is so sad that we didn't have NNSA around running Amerika's nuclear weapons program when I needed them back in the early 1940's, my dear kinder. Things would have turned out very differently, ja?

    - Hitler

    ReplyDelete
  16. My Etch-a-Sketch computer screen is much bigger, has color pencils... and is in stereo!!! Beat that.

    ReplyDelete
  17. The satire here is only light. The policy is real, very real.

    ReplyDelete
  18. Does DOE HQ require their laptops to undergo the same type of permanent feature castration as those now required at LANL? What about at NNSA? And the other NNSA labs (SNL and LLNL). Are they also following this strict IT policy or is this policy something "special" (i.e., just for LANL)?

    I don't believe for a minute this crap about "LANS had to do it". This idea was cooked up by the CIO, a Bechelite implant at the lab. He's the same kook who pulled off the "lans-llc.com" award web stunt. LANS is trying to overdo it with cyber security so that they can impress NNSA and make a good score on the PBIs.

    ReplyDelete
  19. I can understand this permanent removal stuff being required for PCs used in the SCIF and maybe for those used in the Vault Type Rooms (VTR), but doing it for *all* the PCs at the lab? This is ridiculous. Software based turn-off of these features would be adequate.

    ReplyDelete
  20. If LANS LLC thought that allowing only an abacus and a pencil to the staff would help them achieve higher scores on the PBIs, then that is what you would be using.

    It's all about the PBIs, baby!

    And this is just the beginning. I'm sure Bechtel has other bright ideas in mind to help boost next year's profits.

    ReplyDelete
  21. Go over to this DOE site below and then download the PowerPoint presentation that Tom Harper presented to the DOE on March 4, 2009 (it's under his name):

    2009 DOE Information Management Conference

    http://cio.energy.gov/1033.htm

    Look at his second slide, "Concept: Glove Box Computing":

    "Like a glovebox, users can view, create, and manipulate data but are never directly exposed to it.."

    This guy's vision of computing at LANL will wipe out most of the remaining science that gets done at the lab!

    From the tone of it, I would think that staff will all be required to use only disk-less thin clients in the near future.

    ReplyDelete
  22. I suggest LANS take down all those signs around LANL that say:

    * "Don't SLIP - Wear shoes the GRIP!"

    ...and replace them with the more appropriate motto...

    * "It's all about the PBIs, baby!"

    ReplyDelete
  23. Glove Box Computing!

    This made my day.
    Now we can

    1. Be 'green' by turning off monitors so that personnel are not exposed to the data.
    2. Be sure that the stockpile is safe by not exposing people to the data.
    3. Do high quality science by not interacting with the data.
    4. Please Congress by doing the LANL equivalent of passing legislation that you have not read.
    5. Make Germantown happy by moving papers from one side of the desk to the other without understanding them.

    A win all around.

    ReplyDelete
  24. The actual policy is posted publicly in the
    Newsbulletin Story (click here) The program ensures that security 'hardening' is done during the initial set up--disabling wireless, camera, and microphone (mostly in laptops), accepting only factory-sealed boxes, and configuring all security settings prior to use on the network."Nonstandard hardware is available through iProcurement but it requires division leader and CIO approval.

    ReplyDelete
  25. "We realize that science needs non-standard tools; those will be treated as
    exceptions requiring pre-authorization through the CIO Exception Process," said Grider.

    Isn't the Nicholas C. Metropolis Center for Modeling and Simulation completely non standard?

    If computer science is standard, doesn't that disqualify it as research?

    I thought that things could not get sillier. I was wrong.

    ReplyDelete
  26. "Look at his second slide, "Concept: Glove Box Computing":

    "Like a glovebox, users can view, create, and manipulate data but are never directly exposed to it.." "

    And we all how wonderful LANL/LANS,LLC is at managing safe glovebox work !

    ReplyDelete
  27. Disabling cameras, yes. There's very little need for cameras. Microphones too. But disabling wireless? Many cheaper hotels don't have wired internet. How are we supposed to connect to the home base to receive the latest LINKS when we're staying in these dives? The very same hotels that CONCUR forces us to stay in?

    When will LANS's so-called cyber security experts realize that wireless can be monitored for security problems and breaches? Rather than provide the necessary technical countermeasures, these fools are choosing to handicap the staff to the point where we'll have to use the computers in the hotel business center to connect. How secure will that be? Morons.

    ReplyDelete
  28. So the guy who is LANS' CIO sees the future of desktop computing at the lab in some type of "glove box" analogy. That's truly scary.

    The slides seem to hint that he may be moving toward the idea of using thin clients (Citrix and RDP) on a lab-wide basis.

    I can see it now, anyone at LANL who wants to do PC work without a thin-client will have to file for an exemption through their GL, DL and the CIO's office, sort of like the new "standalone" computer requirement. Software will be strictly limited and only special administrators will be allowed to load it onto the network. All the messy limitations that exists on the secure Rednet at LANL will become common throughout the whole unclassified network at the lab. Yuckkk!

    ReplyDelete
  29. I had Holman's microphone surgery done on my Apple laptop and the soundcard is now completely broken. I can no longer hear any audio out of it, including the sound of the Fuzzy Ewok's voice during his pathetic All-Hand meetings. What a pleasure!

    ReplyDelete
  30. perhaps they will start sending us p-p-p-powerbook!

    http://www.zug.com/pranks/powerbook/

    ReplyDelete
  31. "has anyone heard about that? "standalone" computers (i.e. computers not connected to the internets) must now be justified and approved as standalone. can someone explain to me why it matters? if it's never connected to the internets, how is it a security risk?" - 4/17/09 12:23 PM

    Standalone computers don't meet the new business model wherein the hundreds of new desktop-control nazis behing hired are to administer pc usage by remote control. If you're off the network, no remote-control, doesn't fit the model. One can no longer install high-tech analytical packages himself, but must depend on some GED-student with adminsitrative rights to do the care and feeding of your pc. Software upgrades must be handled by them as well...as a responsible program worker, you just pay and pay and pay and wait and wait and wait on the ever fattening overhead...Dammit!

    ReplyDelete
  32. 2:37 pm: You know, your "It's all about the PBIs, baby!" thing is getting really old. Please give it a rest. We get it already. Plus, it's tagging you.

    ReplyDelete
  33. US Senator: Change is coming for LANLhttp://www.kob.com/article/stories/S884358.shtml?cat=517

    "New Mexico Senator Jeff Bingaman says he’s certain that there will be some changes for Los Alamos National Laboratory when the Obama Administration rolls out its detailed budget next month.

    Bingaman’s just not sure of what those changes will be.

    “I’m sure changes will be coming,” said the Silver City Democrat. “The question is, ‘Are they good changes or are they bad changes?’ And we just don’t know.”

    The Los Alamos lab is a major engine driving the economy of northern New Mexico by spending $750 million each year on projects performed by area businesses.

    Kevin Chalmers, a spokesman for the lab, says the facility is preparing for a budget that may reflect the current economic slump.

    “With the whole national economic situation that we’re in here, it’s even more important for the national laboratories to streamline their operations,” he said.

    Chalmers says the laboratory has laid off some temporary employees but has no plans for any further staff cuts."

    ReplyDelete
  34. My division at LLNL has always disabled internal wireless on new laptops. Then they give you an external card to use on the road (or at home). It's not a lot of hassle.

    ReplyDelete
  35. 4/17/09 9:00 PM

    Interesting thought. Let me see if I got it. You pay for a computer with a wireless feature. You then pay more money to get that feature physically disabled. You then buy a wireless card, to allow your laptop to have a connection. Makes total sense. Great stewardship of taxpayer dollars, to be sure. Why not repeat this cycle a few times, just to be safe?

    Of course, getting the wireless card would require tons and tons of special paperwork, approved at the CIO level, right? No big deal, it's just scientists' time. What do they have, project deadlines or something?

    But wait, after all, the LANL policy has absolutely nothing about any option to add a wireless card. They really thought this one through.

    ReplyDelete
  36. If Sen. Bingamin, a Democrat with ties to the Obama Administration, doesn't know whether the "change" coming LANL's way will be good or bad, then you can pretty much guess what type of "change" it will be. This looks ominous. I sense layoffs are approaching, especially for the TSMs at LANL. It sounds like there will be plenty of environmental cleanup jobs available for the non-LANS outside contractors, though.

    ReplyDelete
  37. 4/17/09 10:41 AM
    No, I am not CAO. Far from it. I am just a lowly tech. I can guarantee you that I will be missed when I leave because I have been getting 8+ on my performance reviews every single year since I came to LANL in 1995 as a contractor. I KNOW I will be missed because when I returned from a 6 month leave of absence, my customers and coworkers told me that I was missed. They also called and emailed me pretty much daily asking for help, how to do things, etc.

    As for having wireless disabled internally, it makes a lot of sense. If you take that laptop into a secure area and had forgotten to disable wireless, it is a security incident. If you have an external USB adapter, you KNOW it is disabled when it isn't plugged in. USB wireless adapters are actually really cheap. You can get them for about $40 in Best Buy. I think TIG sells them for close to that. (Something like $35 if memory serves.)

    Microphone disablement on laptops is a must. With a microphone, you can record any conversation; whether it is a classified discussion on widget A, a salary performance measure or a conversation about your latest bowel movement doesn't matter. Any recording device can not be introduced into a security area.

    How many people that live outside the fence have had to take their laptop behind the fence? How many people actually KNOW, without a single doubt, that their wireless is disabled on a laptop? How many people KNOW that their microphone isn't capable of recording something when they are behind the fence? It is just better to remove all doubt than to take chances in my opinion.

    I know computer technology a lot better than most people in the world. I can tell you that having a thin client is the wave of the future. Why? It cuts down on hardware costs. Most people at the Lab only use their computer for web surfing, email and use of Office-like apps such as Word, Excel and Powerpoint. With Citrix and a good internet connection, those thin clients are more than adequate.

    I recently did a test where I had someone use 2 different PCs: one with a hard drive in it and the other that connected to a server I built and had no hard drive inside. Which one was faster? They said the one without the hard drive.

    Another reason for the thin clients is email and document contamination. When there is an incident like that, the techs have to go on site and scrub the offending document or message from the scene and then move on to the next office and then to the next office, etc, etc, etc. With a server-based environment that will be in place with thin client computing, all you have to do is open up different folders on a server and go to work.

    There will be incidences where there will be needs for desktop and laptop PCs, but I don't see a need for it for the general population of users at LANL.

    Signed,
    A lowly shadow organization's PC Tech

    ReplyDelete
  38. "Most people at the Lab only use their computer for web surfing, email and use of Office-like apps such as Word, Excel and Powerpoint."

    Hahahaha. WTF do these people do all day? The rest of us who don't fit that mold are the ones who actually keep this place funded. Here I am writing C++ code on a Linux box, putting together data analysis and graphing software, writing kernel modules to control peripheral hardware, writing and running Monte Carlo applications... I guess the lab has no need for people like me, given the fact that they keep making it harder and harder for me to get work done. Yes, I know... environmental cleanup, make one pit a year, PBIs. I get it.

    ReplyDelete
  39. 4/18/09 5:31 AM

    Somehow you know that "most people at the Lab only use their computer for web surfing, email and use of Office-like apps such as Word, Excel and Powerpoint"? Oh, no. You're deluded into thinking you know more than you possibly can. You need to get more sleep.

    Not a single staff member I know fits the profile you describe. Not one, and I can name dozens. Just because support staff don't develop high performance analytical codes, don't do data acquisition, don't develop real-time instrument control applications, don't think for a minute that your thin client model fits all. It doesn't.

    ReplyDelete
  40. Poster 5:31 AM (support guy) demonstrates the insane devotion to risk aversion that is KILLING this lab's science. His arrogant and misinformed vision of desktop computing at LANL, however, is exactly the one which LANS appears ready to implement, science be damned.

    Future job security at LANL involves working on the support side of the house where your job is always protected by the overhead funds and management always has some new f*cked-up new policy for you to force on the staff with little regard to cost versus benefit.

    Poster 11:16 AM summarizes this new theme beautifully with his short passage: "Yes, I know... environmental cleanup, make one pit a year, PBIs. I get it."

    Both LANS and NNSA are slowly destroying this lab. Sig Hecker recently told the Senate that LANL has become a drab, totally risk averse "prison" under NNSA and the for-profit LLC. I agree. If you believe otherwise, I would love to hear the evidence.

    ReplyDelete
  41. "Most people at the Lab only use their computer for web surfing, email and use of Office-like apps such as Word, Excel and Powerpoint."

    Most "people" are managers?

    ReplyDelete
  42. "It is just better to remove all doubt than to take chances in my opinion."

    Yes, you're right. Bring on the work-free safety and security zone!

    ReplyDelete
  43. "It is just better to remove all doubt than to take chances in my opinion." - 5:31 AM

    And people at LANL wonder why all this crap is happening. Here's exhibit A for your evidence. Give this man a Six Sigma safety belt award! He'll go far working for LANS LLC.

    ReplyDelete
  44. The last time I checked, most is anything that is in the majority. Anything greater than 50% is the majority, right? Of the 339 systems I support on my current contracts, 298 of them only have Office-type application, web browsers, an email client and anti-virus installed. (Along with the rest of the IA standard applications.) At the previous contract to that that I worked on, of the 584 systems, 480 had the above installed and nothing else. The contract prior to that, we had 305 systems, of which, about 268 had the above installed. Finally, the very first contract I worked on had over 1100 systems (if memory serves, it was 1140). Of those, a minority (I can think of no more than 55) had anything other than the above installed on them.

    Of what I described, isn't the majority of systems being used for standard desktop applications? It looks that way to me!

    How do I have these numbers? I am someone that audits licensing to verify we have the correct amount of licenses for all the systems on contracts I support. While it is the end user's ultimate responsibility to assure that they have all the software licenses they need, there are some techs out there that care enough about their jobs to make sure you are legal with licensing.

    ReplyDelete
  45. Nice try, but it's well known that CTN only supports standard office-type configurations.

    Small wonder that the systems on your contracts are mostly office-type configurations.

    ReplyDelete
  46. "4/19/09 6:47 AM"

    You are simply one person and your experience will depend on which groups or divisions you worked at. Did you work at HR? From my experience I find the opposite numbers but that is my division.
    You statements cannot be generalized to the entire lab.

    Now what is so hard to understand about that??!??!?

    ReplyDelete
  47. 6:47 AM

    Maybe you're correct, maybe over 1/2 the lab uses only office productivity software. But that's partly because LANS has overloaded LANL with management and unproductive compliance-related support staff. However, the other staff, the staff that does more than MS Office work, are the ones that bring in all the funding. Out of sheer ignorance, LANS management is burdening the productive staff with more and more nonsense requirements.

    Case in point, it seems like your own productivity is rapidly declining, you used to support over 1000 computers and now less than 340? I hope you do a whole lot more than audit licenses because now that you're supporting 1/3 of the computers you did before it seems like you don't have enough to do.

    ReplyDelete
  48. Actually, 6:47AM is probably one of the techs on a team of techs that did the support for a large division that has been reorg'd into smaller 3 divisions. That has happened a lot at LANL. Span of control, you know. DCS is now assigning techs on a location-based them versus the old organizational theme. That makes a lot more sense IMHO.

    As for the amount of support staff and management equaling more than 50% of the lab, that is probably true also.

    ReplyDelete
  49. "As for the amount of support staff and management equaling more than 50% of the lab, that is probably true also." (6:01 AM)

    The LANS strategy is to push it ever upward. Achievement of an 75% ratio of management and support may be possible in the next few years. New records are waiting to be broken in terms of management bloat.

    ReplyDelete
  50. How do you tell that someone has no clue about security? Easy. See if they advocate VPN.

    If you don't know why, well, then you ought to find out.

    ReplyDelete
  51. Where is my "glove box" computer? I can hardly wait.

    ReplyDelete

Note: Only a member of this blog may post a comment.