Microsoft Gets Security Religion, Part 1
Conway’s Law
My friend Adam Smith used to have this quote from The Mythical Man-Month as a .sig for his e-mails:
Conway’s Law: Organizations which design systems are constrained to produce systems which are copies of the communication structures of these organizations.
Adam summarizes this statement as “You build what you are.”
My own Microsoft security crack
Sometimes, when people find out that I’m a computer programmer, they ask if I’ve ever broken into any computer systems or cracked someone’s security. I reply that I’ve only done so once, but it was Microsoft headquarters. It is a tale that makes hacker boyz lick my Airwalks in abject worship and hacker girlz swoon and offer me backrubs and lap dances.
Okay, maybe not. But it’s a good story, and it does illustrate Conway’s Law in action.
Back in February 2001, the company for which I used to work was considered to be a leader in the P2P software development community. (Now, please remember that this is hardly cause to crow. I’m sure having the title “the brightest kid on the short bus” would carry more prestige.) Anyhow, I got sent to an invitation-only, covered-under-pain-of-death-NDA all-day seminar at their headquarters in Redmond.
I drove my rental car to building forty-something, where M$ holds its meet-and-greets. I unknowingly parked my car in the area reserved for employees, which meant that the door leading into the building was locked. Above it was a video camera, and to its right was a card scanner. I probably could’ve gone back to the car and driven to the correct garage or simply walked out the garage and circled the building and entered through the front. However, I decided to try something else.
I took my passcard for the company’s Toronto office and passed it over the card scanner. Naturally, it had no result. I tried it again, and then once more. I then looked up at the camera with a confused “howcum it don’t work no more?” big-eyed expression and pointed at my card.
I heard a loud click come from the door. I gave the door a try, and it opened easily. I smiled at the camera and gave the gullible security wonk a wave.
“Just like their software,” I’m sure I said out loud, as I opened the door with a big “J03Y 0WNZ J00” grin.
Next: Microsoft’s “Trustworthy Computing” Initiative
(and yes, I still have some other “part two” postings to finish…)