The last few days (February 2012), I have been involved in a support adventure that cost me roughly 10 hours of working time, left my current client 10 billed hours with zero return-on-investment (not to mention the costs of the support-team activities...), and demonstrates a number of problems.
My current client uses Citrix (a tool for remotely accessing applications on a different server, similar to a highly restricted X-server). A few days ago, out of the blue, I found myself unable to open applications, every attempt being denied with a “protocol driver error”.
My first contact at customer support knew more-or-less nothing about Citrix. Her attempts to cure the issue were limited to “restart Citrix” (the advice one of her colleagues had given her on a previous occasion). Unfortunately, she was not able to explain (and likely did not herself know) what the colleague had meant. In the end, we logged in and out of the web-interface to Citrix a few times—with no positive effect. She then proceeded to go through the menus of Firefox (!) looking for a possibility to restart Citrix.
Problems: It is impossible for everyone in first-level support to be familiar in detail with the problems and functioning of every piece of software used. However, her actions left some doubt as to her computer literacy—and a noticeably above average computer literacy is an absolute requirement for someone in her position. Further, she should (during the course of the investigation) have consulted others to clarify what “restart” meant. As is, the effort was a mutual waste of time.
The second contact was the local Citrix-admin. He too had no real idea what could be the issue, and more or less immediately resorted to deleting my “Citrix-profile” (which contains all the user data of all the applications on the remote server). This did not help.
Problems: It is surprising that the admin had no better ideas—apparently, this particular error is not that rare with Citrix (according to a later Internet search). Furthermore, deleting the profile without deeper search for the problem is a lazy and hard-to-justify move—computer support at its worst. (Commonly manifested in the “reinstall Windows and let us know if the problem remains” attitude displayed by many hotlines.) In effect, the path of least effort for support is taken, disregarding a disproportionate later effort for the user who sees all his settings, scripts, files, whatnot, disappear. On another level, this shows a conceptual problem with Citrix: The profile used for the Citrix-tools and -connections themselves should have been strictly separated from that of the remote Windows account associated with the profile—deleting the one should have had no effect on the other.
Fortunately, I did manage to persuade him to manually make copies of the files important to me. However, this was done only very grudgingly and only after a discussion that revealed other issues: Allegedly, we were not allowed to store files in our remote home directories (!), because this could cause the server disk to fill up and prevent proper functioning of Citrix. Instead we should use a particular Windows drive on another server.
Problems: This is so thoroughly idiotic as to being absurd. Not being allowed to use the home directories is plain silly. Further, if there was a risk of filling up the Citrix-server, then the home directories should have been placed elsewhere—e.g. on that other Windows drive. Further yet, failing this while insisting on a ban, it would have been his responsibility to configure the server and inform the users accordingly: The users should know and infractions should be impossible.
Actually, he claimed that he did inform us, through recently having added a pop-up stating that the use of the server drives was not allowed and could cause problems.
Problems: This message was written in a manner that had led us to believe that Citrix had failed to access the drives and that this failure could have led to problems—something very different from his actual intention. Furthermore, it was attached to an application that rarely started on the first attempt—which often resulted in half-a-dozen attempts, as many warning windows, and one single application window... Neither was this a justifiable way to spread the information, nor was the message formulated in an appropriate manner.
In a third step, I now became involved with the (company internal) Windows support. This cost far more time than the previous steps, led to further doubts about computer literacy, and drove me half-way up the wall—but was ultimately successful. (Then again, at a price...)
Leaving the time taken by the support itself (one to three hours a day for several days...) aside, I was myself prevented from working during most of the support efforts: To some part, my cooperation was (understandably) needed during some of the search. However, I was not able to work even when my involvement was not needed, due to the use of “remote desktop” and the inability of Windows to handle parallel users.
Problems: The year is 2012 and the (still) most commonly used enterprise desktop, Windows XP, has yet to manage concurrent use by several users—something Unix (and derivatives) has been capable of more-or-less from the beginning, for possibly as much as forty years. Furthermore, the remote desktop is slow and cumbersome. If we had been using Linux, the support could simply have opened a telnet or SSH session to my computer to do most of the error search and configuration on the command line. If this had not been enough, individual GUI-based applications could easily have been run through an X-server—without dragging the entire desktop around. In both cases, there would have been nothing preventing me from continuing my own work in parallel. Indeed, I would not even have had to suffer more than very rare interruptions: Unlike Windows, Linux does not require re-boot after re-boot after re-boot during administrative tasks.
A considerable part of the search was spent jumping between Firefox and Internet Explorer, looking for differences in various settings (notably for the proxy) and making various experiments, e.g. concerning what proxy settings must be present in IE—although I never used IE for my Citrix accesses.
Problem: Windows has a very poor separation of concerns and separation between application and underlying operating system. One example of this is that the proxy settings for IE are system wide. In addition, my impression was that this poor separation (in combination with the supports lack of an in-depth understanding of the low-level interaction between Citrix and Windows) contributed significantly to frustrate the search. (In contrast, Linux has a very good separation, although KDE/Gnome seem set on reducing it, and a more specific and likely-to-succeed error search would have been possible.)
Indeed, in the end, the “solution” to the problem was simply to give me a fresh home directory, with all the old settings and files gone—echoing the original, failed attempts by the Citrix admin (but this time for my “real” computer account, not the remote Citrix account) . This solved the Citrix issue, but cost me an additional few hours in repair work. (Luckily, the Windows support was more farsighted than the Citrix admin and voluntarily made a full back-up of all files—luckily for both parties, because else I would have had days of repair work, almost certainly with permanent loss of data, and the support workers would have had to face very loud complaints about gross negligence to their superior.)
Problems: As above, the actual error was never truly identified and solved, but only made to go away at a heavy cost for the user. Notably, even with my files preserved, a great number of settings had been lost, including those that made life with Windows tolerable (e.g. turning on “classical” menus, disabling those annoying and time consuming visual effects, and making Outlook and other Microsoftian software behave in a semi-sensible manner).
Would it not be my responsibility to make back-ups of data, use version control, etc.? This is partially correct, and certainly any Java code and other “common property” was present in the repository. However, a complete protection is not always possibly or proportionate:
I have used hard-drives for some 20 years. In this time I have, in person, never experienced data loss (in whole or partially) from a hard-drive through problems with the hard-drive it self.
In 2023, this is no longer true. The cause is likely a switch from tower/desktop/whatnot computers to laptops/notebooks/whatnot, combined with the greater amount of physical movement and risk of physical damage involved. (However, I cannot rule out other reasons, e.g. the smaller drives used by notebooks or a, hypothetical, drop in quality. I have, so far, never had a problem with SSDs.)
However, as far as the situation in 2012 goes, such changes are irrelevant.
While I am keener on backups today than in 2012, this is still more a matter of the risk of some other part of a notebook malfunctioning, which can prevent access to the data until the drive has been cumbersomely physically extracted—and, unlike with the typical tower computer, there is no slot to just plug the old drive into the new notebook in parallel with the pre-installed drive.
Neither have I experienced a fire, a theft, or similar. Instead, all data loss has been through errors in software, by a user, or by an administrator. In the tellings of colleagues and in my experiences with servers, the situation is much the same: Instances have occurred, but only very rarely compared to problems not hardware-related. Correspondingly, not all data are worth backing up, because the risk of loss is too small compared to the damage through loss. (And the data that is worth backing up is usually worth putting in a version control tool to begin with—preferably, with automatic backups through administrators.)
Individual and external back-ups are not always possible. In this project, e.g., USB ports are disabled and the optical drives read-only to prevent data leaks.
Many organisations have not understood the benefits of version control and give the users no reasonable way to store non-common data in a central repository. Indeed, even common data is disturbingly often excluded from version control in favour of unversioned network drives—version control being limited to the software in development, while excluding requirements documents, project plans, etc.
My current client is one of these organisations.
Further issues to consider include:
Whether Citrix is actually a good tool or whether it would be better to simply use a Unix/Linux machine with X-windows/-server to reach the same effect, resp. if Windows should not emulate the better division between application logic and application display that X enables.
The potential security and privacy problems around the remote desktop. Even when sufficiently stringently limited to administrators, it might be necessary for the user to close applications in order to avoid displaying sensitive information—not to mention that the administrator could (deliberately or inadvertently) gain access to such information during work. (E.g. through opening an editor or other tool that automatically re-opens the files that were open at the end of the last “session” with that tool.)
Notably, in the current project, I have access to and must use data from the production database in my daily work. This data, however, underlies strict legal restrictions and must not be shown to those without sufficient clearance. Other problematic instances include e.g. confidential documents on network drives, emails dealing with potentially sensitive issues, and the like.
Safe-guarding such data against malicious administrators is very hard (they can usually gain reading rights for arbitrary files, install malware, ...); however, the remote desktop brings an increased risk of administrators accidentally gaining access to data that they should not have access to. Further, by accessing a computer with their own accounts (the remote desktop uses the account of the original user), a better protection can be reached, e.g. through auditing tools or through encryption of individual drives. (Such a drive would typically be mounted with a password entered once after every log-in and would henceforth be available to the original user—but not to other accounts.)
Why so many applications (in particular Windows, MS Office, and other Microsoftian garbage) has so poorly thought through and user-unfriendly default settings. At a minimum, there should be main categories of settings like “pro or noob”, “content centered or cover centered”, or similar, in any application that includes visual effects, talking dogs, talking paper gems, patronization of the user, etc.
The odd attitude of the Windows support to configuration of Windows: My main contact actually seemed annoyed at the fact that I had presumed to change various (presentation!) settings and thought this a bad thing because Windows might then behave differently when I logged onto another computer. (Due to use of local profiles.) Well: I have so far never logged into another Windows computer at my client’s—nor would rare excursions to another computer justify leaving my main computer with flawed settings. The correct conclusion would not be that I should refrain from changing settings, but that settings should be independent of the computer (network profile) and/or that Windows must come with more sensible default settings.
Notably, this attitude and the related explanations where only one of many signs that the main contact had a superficial understanding of computers and work with them. (Others included repeatedly trying things that I, correctly, told him in advance would not work; constantly doing copy-and-paste per menu, instead of keyboard shortcuts; and not knowing how to reload a web page in Firefox ...)
The following is an automatically generated list of other pages linking to this one. These may or may not contain further content relevant to this topic.