This article is more than 1 year old

Be careful where you install software, and who installs it

I have bigger problems than where you put our code

On Call Be careful where you install stuff, and who is doing the installing. Welcome to an On Call in which normal service is interrupted by a military intervention.

Our story is told today by a reader who wished to be called "F Hop Smith", and we will simply refer to as "Smith" since that is not his name and we have been to too many drinking dens called "Hopsmith" over the years.

"I was working in the (not that I knew it) fast collapsing IBM mainframe data dictionary market," said Smith.

A former programmer from a different era, he was a fan of accurate documentation, something that would later prove significant.

The main product of Smith's company was an Interactive System Productivity Facility (ISPF).

For the uninitiated, an ISPF was effectively a front-end to the command line. There could be menus and options that could be selected to perform tasks. "Think how Windows is a GUI to MS-DOS command line," explained Smith, "macOS is a GUI to command line Unix."

We're not sure who are the more frightening: Windows obsessives or Apple fanatics, both of whom will be shrieking that the latest incarnations of their beloved GUIs are far more than mere front-ends, but Smith's explanation stands.

But back to the story. "We sold the product to a (conveniently forgotten) customer," Smith went on, "The initial / normal 'your documentation sucks' calls had subsided & the lawyers ('We demand our money back!') hadn't called, so this was a signal that things were good."

Until The Call came in. "Do you know where [Bob User] installed your product?"

Erm. No. Of course not. The days of vendors slurping sensitive telemetry were a long way in the future at this point. As Smith pointed out, "That is NOT the sort of detailed internal information a vendor expects to be involved with. That is sensitive, proprietary information, that as a vendor we do NOT want or need to know."

It transpired that Bob (as we have decided to call him) had installed the product in his private libraries and made the functionality available to the customer's internal data management staff.

Time went by. Things kicked off in the Middle East and Bob was swept off on active duty into the conflict that would become known as the Gulf War. His password-protected libraries remained, however, exactly where they were. In fact, the lack of use (while Bob was out of the country) meant an archive process scooped them up.

Which also caused a not insignificant amount of grief for anyone wishing to use the product.

Hence the urgent call and the shrug from the other end of the phone. And Bob? 100 percent unavailable.

Fail to document and install in haste. Repent at leisure.

Do you remember the days before vendors insisted on slithering into your hardware to gather all manner of telemetry? What's the best excuse you've heard for an account expiring? Let us know, with an email to On Call. ®

More about

More about

More about


Send us news

Other stories you might like