Can someone actually explain to me what Sharepoint does?  If I worked in Microsoft’s sales department the best pitch I could give is:

“It’s the greatest, most versatile product that has ever existed. You can use it to run any complex system that your imagination could dream up.” This however would only be what I would pitch, not believe.

I’ve asked the question “ What does Sharepoint do?” to Microsoft sales staff, developers, and consultants. It always starts with something like: “Well… it’s, you know, like… a collaboration tool… BUT! It can do a ton of other stuff too”.

And that is the best answer I’ve gotten.

I’ve asked the same question of SAP vendors, Microsoft Dynamics consultants, and IBM Watson Cloud experts. The answer is always some amorphous, borderline ridiculous answer consisting of “well it does a lot of things” and “it greatly depends on the user”. This was not me asking rhetorical questions either. I was not trying to be glib, or overly clever, or even to pull some sort of #iamverysmart coup de grâce. I was trying to articulate what I do for a living by standing on the shoulders of “giants”.

You see, my company builds a “platform as a service” (roughly) type product as well. Something that could be more than one thing to more than one person. I struggle constantly with explaining that our product is better than anything else on the entire market. This is not a brag, nor a marketing ploy – but only because what we do is so niche that only 100 or so companies in the world might care. And that is not the game IBM, Microsoft, and SAP are playing. They are ultimately the owners of your software. Sure the configurations, the modifications, and the custom programming on top of these platforms is yours, but if they take the platform away, or stop supporting it, what do you really have left? It’s even tougher in “the cloud” business because then if your subscription runs out you’re dead.

I recently made a prediction to a friend who was starting a project with IBM. I warned them of the potential lock-in problem by making a prediction something along the lines of “They are going to tell you they can build it quicker and more effienctly with IBM Watson Cloud. No project ever runs perfectly, and when you finally step in to set things straight, you will find out you have zero leverage. They will simply say you are more than welcome to fire them, because they know you would have to build everything over from scratch”. My predictions were to no avail. No one ever gets fired for hiring IBM. And guess what happened? The only upside is that I get to say “I told you so” a little more often.

There is hope! There are other ways that platforms can be useful but also safe. One way is to use an open source platform, one that if at worst comes to worst, you can fire all your consultants and hire new ones, and the platform is still going to be around.

This is a little tougher with very niche enterprise products like ours, but we’ve done something a little different to combat my lock-in loathing: Our  products are OWNED by our clients. We sign a three year, non-exclusive agreement with our clients for support and maintenance,  and a traditional license fee is baked in. They get all the source code, and agree not to resell it. But if we don’t perform, or our clients want to go a different way, they get to keep the software and build on it themselves. We earn our right to be at the table by being the experts in a system we designed, working with their developers, adding new features, bringing our industry expertise to the conversation, and hundreds of other small bits of value. In this way we hope to be at the top of the renewals list in three years.

The idea of someone taking your software away from me is abhorrent. If your car company one day sent you an email saying that you now had to upgrade your fuel tank, and there was going to be a new subscription service if you wanted to keep using the same type of gasoline, you would riot in the streets. The model of software is not what is wrong here, what is wrong is the lock-in. Vendor lock-in is amoral. If there is no ability to keep something running, and there is no TRUE data portability option, then you are basically being extorted.

I get that as a business you are trying to maximize profit. I try to do the same thing. However I want to my product and my company to seen as sticky because we are valuable, and not because we would just be too painful to get rid of.

Previous ArticleNext Article
I help cruise lines turn their technical ideas into reality. I'm experienced in all stages of innovation and technology management. I've also been programing since I was 8 years old, and have somehow retained the ability to have normal human interactions. Occasionally I speak about how Industrial Psychology and Neurophysiology can be interrogated with IT and systems management, because I spend a lot of time thinking about the subject, as strange as that may seem.

Are School Bus Tracking Systems Dangerous?

There has been a lot of hype recently in Tampa Bay about the “Here Comes the Bus” app. This is system that allows parents to see when their kids have gotten on a school bus, and where the bus is. Some parents are concerned that systems like this one could let malicious users, or government agents track their children. So I’m going to give a quick overview of how systems like these work, and why they are not dangerous. We will also look at what parents SHOULD be concerned about.

How it works

The system is fairly straight forward. Students have either a barcode or a passive RFID chip printed onto their “Bus Pass” – which is just a card they carry around. This card is scanned once the student boards the bus, either with an RFID reader or a barcode scanner (basically the same technology used at grocery stores and clothing shops).

The barcode or the RFID chip carries a simple ID number. This number does not represent the student in any identifiable way – it’s just randomly assigned. The RFID scanner is connected to an internet-enabled device and sends the ID number securely to a server.

Keep in mind, if any data is intercepted up to this point, it is of no use to an attacker. The attacker would at best get a random number that means nothing.

On the other side of the system is the parent’s app. This app is connected to Here Comes The Bus‘ servers, which lets them know that their child is on the bus. The bus also has a GPS tracker on it, which connects to the internet and lets the Here Comes the Bus‘ servers know where the bus is.

That random ID number is then looked up in a database which lets the application know which child has been assigned that ID number. The parent’s device securely requests that information, and it is provided securely down to the app.

It is possible the data coming down to the parent could be intercepted by an attacker. However, as this technology is very secure and is commonly used in almost every piece of software these days (from your health systems to banking apps), it is HIGHLY unlikely.

Could you track kids using their cards?

Some of these bus passes contain a chip, and that sounds scary right? Well, you don’t have to worry too much. These chips are passive RFID chips, the same type of technology that is imprinted in clothing labels to stop theft. Passive means that they need to be picked up by a powered scanner. In order to track a child, you would need to know their ID number (the randomly assigned one), and then set up expensive, high-powered scanners all around town. So it is possible, but there are WAY cheaper and easier ways to track someone. So this seems incredibly unlikely.

Could you track kids if you hacked into the Here Comes the Bus servers?

So the one thing that COULD happen is the Here Comes the Bus’ servers could be hacked. An attacker could break into the database and potentially be able to work out where a child has been, but this does not necessarily mean they will be able to find information on a particular child either. This data is hopefully encrypted, or linked to the school’s secure systems. I can’t speak to how this system has been secured and architected. My best guess is the system was designed with the understanding that this is sensitive data, and great care should be taken over the security. There are also a number of regulations in place that govern the usage and security of student and child data. The Children’s Online Privacy Protection Act of 1998 (COPPA) provides strict regulations regarding a child’s data. The Family Educational Rights and Privacy Act of 1974 (FERPA) gives parents certain rights with respect to their children’s education records. These two regulations will have been taken into account by the developers and the school board when evaluating this software.

Should I be worried about this?

No system is perfect and inherently has its risks, but these risks need to be balanced against the rewards. I think that the safety aspects of this application far outweigh the highly remote possibility of the system being misused. There are WAY easier ways to track people than trying to exploit a system like this.

So what should I be worried about?

There are real threats and issues out there for you to be worried about. Kids download all sorts of things to their devices, and these downloads represent real, actual threats. Malware embedded in games, social media apps, and even downloaded backgrounds can track your exact GPS location, leak your phone number, show inappropriate content, or steal personal information.

Instead of worrying about the government tracking your kids while you send them to a Public school, take a look at your kids’ actual devices. Install something like Norton Security Online and Norton Security for iOS or Android, or Malwarebytes. Also talk to your kids about what apps they’re using, and listen to hear for anything strange about their data usage, or content that is coming up unexpectedly, or unusual phone calls they’re getting. These are indicators of real threats to kids’ information and of valid concern by parents.