A.

Are Platform Technologies A Scam?

By In Technology

Can someone actually explain to me what Sharepoint does?  If I worked in Microsoft’s sales department the best pitch I could give is:

“It’s the greatest, most versatile product that has ever existed. You can use it to run any complex system that your imagination could dream up.” This however would only be what I would pitch, not believe.

I’ve asked the question “ What does Sharepoint do?” to Microsoft sales staff, developers, and consultants. It always starts with something like: “Well… it’s, you know, like… a collaboration tool… BUT! It can do a ton of other stuff too”.

And that is the best answer I’ve gotten.

I’ve asked the same question of SAP vendors, Microsoft Dynamics consultants, and IBM Watson Cloud experts. The answer is always some amorphous, borderline ridiculous answer consisting of “well it does a lot of things” and “it greatly depends on the user”. This was not me asking rhetorical questions either. I was not trying to be glib, or overly clever, or even to pull some sort of #iamverysmart coup de grâce. I was trying to articulate what I do for a living by standing on the shoulders of “giants”.

You see, my company builds a “platform as a service” (roughly) type product as well. Something that could be more than one thing to more than one person. I struggle constantly with explaining that our product is better than anything else on the entire market. This is not a brag, nor a marketing ploy – but only because what we do is so niche that only 100 or so companies in the world might care. And that is not the game IBM, Microsoft, and SAP are playing. They are ultimately the owners of your software. Sure the configurations, the modifications, and the custom programming on top of these platforms is yours, but if they take the platform away, or stop supporting it, what do you really have left? It’s even tougher in “the cloud” business because then if your subscription runs out you’re dead.

I recently made a prediction to a friend who was starting a project with IBM. I warned them of the potential lock-in problem by making a prediction something along the lines of “They are going to tell you they can build it quicker and more effienctly with IBM Watson Cloud. No project ever runs perfectly, and when you finally step in to set things straight, you will find out you have zero leverage. They will simply say you are more than welcome to fire them, because they know you would have to build everything over from scratch”. My predictions were to no avail. No one ever gets fired for hiring IBM. And guess what happened? The only upside is that I get to say “I told you so” a little more often.

There is hope! There are other ways that platforms can be useful but also safe. One way is to use an open source platform, one that if at worst comes to worst, you can fire all your consultants and hire new ones, and the platform is still going to be around.

This is a little tougher with very niche enterprise products like ours, but we’ve done something a little different to combat my lock-in loathing: Our  products are OWNED by our clients. We sign a three year, non-exclusive agreement with our clients for support and maintenance,  and a traditional license fee is baked in. They get all the source code, and agree not to resell it. But if we don’t perform, or our clients want to go a different way, they get to keep the software and build on it themselves. We earn our right to be at the table by being the experts in a system we designed, working with their developers, adding new features, bringing our industry expertise to the conversation, and hundreds of other small bits of value. In this way we hope to be at the top of the renewals list in three years.

The idea of someone taking your software away from me is abhorrent. If your car company one day sent you an email saying that you now had to upgrade your fuel tank, and there was going to be a new subscription service if you wanted to keep using the same type of gasoline, you would riot in the streets. The model of software is not what is wrong here, what is wrong is the lock-in. Vendor lock-in is amoral. If there is no ability to keep something running, and there is no TRUE data portability option, then you are basically being extorted.

I get that as a business you are trying to maximize profit. I try to do the same thing. However I want to my product and my company to seen as sticky because we are valuable, and not because we would just be too painful to get rid of.

Previous ArticleNext Article
I help cruise lines turn their technical ideas into reality. I'm experienced in all stages of innovation and technology management. I've also been programing since I was 8 years old, and have somehow retained the ability to have normal human interactions. Occasionally I speak about how Industrial Psychology and Neurophysiology can be interrogated with IT and systems management, because I spend a lot of time thinking about the subject, as strange as that may seem.

Capture The Flag Games in Role-Playing Games

In Technology

I’ve recently been running a 5e-based game with my usual role-playing nerd circle on Sunday nights. The game is called The Spy Game. It started off as a Kickstarter campaign and doubled it’s original funding goal (well done!) It’s been fairly successful, but I’m not here to talk about that. This post is about how I’ve incorporated Capture the Flag elements to our role playing.

Yes, I’m a grown man who plays D&D-style games. We play D20 games, which are role-playing games that use dice to determine the outcomes of certain actions. They have become increasingly popularized in the media, with Stranger Things being a large contributor. I did not grow up playing D&D, but started playing when my poker group decided to mix it up. Yes that is true.

What is The Spy Game?

The Spy Game is a role-playing game that is built around telling stories set in a today-like world with… spies. That means your players pick what type of spy they want to play, and make up back stories, choose classes (Infiltrator, Assassin, Medic, etc.) Then the Game Master (me) makes up scenarios and missions for them to go on. The players decide what they want to do (e.g. attack a security guard) and they roll a die to see how devastating their attack on the poor guard was. And while this is a gross over-simplification, it’s good enough for our purposes.

Quickly, What is Capture the Flag?

Capture the flag (commonly CFP), is a style of network and systems security penetration-testing simulation for fun. The idea is that a security expert creates a small, simulated computer system that players try to break into, or crack a code to find a “flag”. The flag is the indicator of the player’s success. For example, you might be given a website that has some sort of password protection that is beatable with certain techniques. Once you bypass the security, you discovery a flag. These are often written as {Flag-name} or something similar to allow the players to know they have been successful. You can read all about them on Wikipedia, or play there with Hacker101 or even Google.

Combining CTFs and Role Playing

My roleplaying group is fairly nerdy (does that go without saying?) So I wanted to make the game a little technical and different from our usual swords and sorcery chaos romps. I thought it would be interesting for those in the group who are less technically minded to learn a little about actual hacking, rather than the “roll the dice to try and hack the system” that is built into the game. The more experienced computer-people in the group could screen share as they worked, and the team could work out the problems together. Everyone wins!

It has worked out really, really well. Everyone has enjoyed these CTFs, including me. I’ve only written a few so far, but they include:

  • Breaking a password to get into a security camera interface
  • Finding the GPS coordinates of an arms deal that is going down, hidden in a base-64 string
  • Decoding a message between two terrorists, hidden in an image
  • Cracking a cipher (spoilers) to get the code words for the security team on duty needed for a break-in!

You can find them the few I’ve written so far here on Github.

These ideas were heavily influenced by the excellent CTF run by the one and only Connor Tumbleson, at Sourcetoad.

Writing CTFs with ChatGPT

I would highly recommend adding a real world CTF to your next role playing adventure. But who has the time? Enter AI with ChatGPT. One of the scary things about ChatGPT is that it writes decent code, but it is only as good as the prompts you give it, and it is NOT secure. So basically anything you tell the bot to write for you has an exploit big enough to drive a bus through. This should be scary to anyone using it for production work, but it is amazing for CTFs.

I’ve also used ChatGPT to write quick and dirty interfaces (like the security camera on-off switch). Is it pretty? No! Would I use anything like that for a client or anywhere near a production environment? Hell no! But it’s MORE that good enough for a fun evening with friends, gathered around a Zoom table, working out how to hack into a secret vault.