You're not wrong, but you're not right either. When someone stabs someone with a knife the person at fault is indeed the one stabbing. But the guy who's been in his ear for the last year advising which knife to buy to kill as efficiently as possible without getting caught bears some responsibility as well.

Most of the enterprise sales including Microsofts bears responsibility here for knowingly exploiting these idiots in the management position and the Board of Directors. It's a huge circle jerk culture back and forth.

I full well remember working in Louisiana where they tried to introduce Microsoft Dynamics as an EHR backend for Medicaid. The CTO of the DoH was an ex Microsoft guy. The secretary had some times to Microsoft. And Microsoft knew full well that their shit isn't working when they went on their sales pitch that "Dynamics can do everything".

All the engineers advised them against it, multiple waves of them left. I got fired for telling the middle management that I wouldn't be bullied into doing things I didn't consider ethical.

The CTO of the DHH moved on to the HHS btw. There's never any recourse to this, because what they are doing is not only legal, but also with good intention.

EDIT: Also keep in mind that engineers are rarely allowed to talk to leadership, let alone to inform the board. But after what I learned, I think keeping silent is never a good option. Last time I needed to do that I made one of the German Government healthcare institutions change course on an obvious mistake. And all I did was inform the board of what exactly they are deciding, what the consequences of their decisions are and who would be responsibility for it. The recourse of that was mostly bullying, since there wasn't really anything they could have done, but the lesson here is that most people have a lot more power than they think.

At one point I worked with a couple University IT teams. It was a mess. IT little to no control of its own destiny.

Basic policies were fought tooth and nail by departments and influential professors / individuals who themselves didn't understand the ramifications of their decisions.

IT budgets would get cut and monies given to departments who would build catastrophes of networks, and when the department was tired of it would get handed to IT to make it work, the entire budget already having already been spent on making a mess.

I worked on several projects where complex microscopes or millions of dollars of equipment were connected to off the shelf consumer networking gear (and then they'd blast it with gigs upon gigs of data in a few milliseconds) because the consumer networking gear is what the folks in that department knew how to use. It was then handed to the IT team and then tickets opened about how 'it doesn't work' / it is described as an IT failure when nothing works.

This exactly matches my own experience.

I work in University IT as a developer in the central IT department, but I started off in one of those "shadow IT" groups. There are little islands of technologists embedded with grad students who continue to make many things run on shoestring budgets and with minimal oversight from IT professionals.

I've seen things change in recent years, though. The central IT department is gradually gaining traction in some of these places.

That isn't a panacea, of course, because we have our own issues. But I do think overall the availability of senior IT staff and programmers is a huge boon for these small teams who are starting from little to no experience in the field.

I worked in University IT. In fact, for one of the schools listed though it’s been 10+ years.

Basically everything the above poster said. It was pulling teeth to update or upgrade anything.

Yeah. I worked infra at a few EU Universities, and while firing someone in that environment is pretty difficult, you still get the "old boys club" that will absolutely not let you do anything.

The problem was never users/faculty. It was other people doing IT there for longer who would not accept anything they were unfamiliar with, and treated "their" hardware as if it was their own children. It led to a sort of balkanization of infrastructure that was extremely difficult to break, and you often had to spend way more of the budget to come up with convoluted solutions so you didn't touch their ancient setups rather than just making the whole thing homogenous and centrally managed.

As a result, depending on what you were working on, you could have to deal with wildly different AWS/Azure/GCP platforms, or on-prem hardware that could range from independent(!) OpenStack installs to ancient Debian machines that might not even be supported anymore. Sometimes people negotiate licensing completely separately, where you could have unused licenses available but it's not communicated so it's bought again by someone else. Some places even had random servers running inside people's offices connected via Wi-Fi.

There's a reason I got out of that line of work. I'm frankly surprised universities aren't a larger target.

it's like pulling teeth because you try to get everyone to agree on every decision. sometimes you just have to tell your academic user base that this is the way it is.

it doesn't have to be that way. IT people are pretty shit in general at soft skills. sometimes, you need to stand up for yourself in a conflict.

your userbases digs in their heels because you let them.

> sometimes, you need to stand up for yourself in a conflict.

Then you just get fired. They’ll just replace you with someone else who’ll listen. Some people just don’t learn no matter how hard you try.

Or the users escalate to a high enough level, who inevitably has a university admin background and has no regard for IT or security - the decision inevitably ends up being on the side of the userbase. This is the problem with being considered a cost center, rather than a value producer within any organization.

Or you can work with people constructively and respect them rather than viewing this as a "conflict" where one needs to assert themselves.

So, while I have never worked at any of the universities in question, I did work at a major university in IT for several years (University of Texas at Austin), and while it was not perfect, it does not resemble what you just described. So, I don't know if this is a difference between universities, or perhaps your frustration with your own experience making you slant things a little more negatively than it really is? Or maybe it was really that bad wherever you were. I would just like to say it wasn't perfect, but it wasn't nearly that bad where I was.

I think you'll find a lot of this type of thing in threads like these - the better range of experiences go from "okay" to "pretty nice", but the bad can get very horrible, very fast, and people tend to remember the bad more. Especially if you have to seemingly fight against everyone on a daily basis just to do the basics of your job.

Yes and even a bit more selection bias, in that it's more interesting to write about the weird (bad) places.

(If nothing weird (bad) happened, in a way there's nothing to write about?)

I worked at a public university for a few years and can absolutely confirm the above. Subpar pay and some professors think rules do not apply to them because of their status or the "critical research" they are working on. To be fair, not all professors were like that, many were humble and friendly.

> Everyone keeps jumping on Microsoft, but Microsoft is not the problem.

Actually, moving to a more managed environment (so Azure and SaaS instead of hosting your own stuff) might make it better since MS can and will patch their own servers rapidly.

I'm not an expert at this, but wouldn't it be better to impose regulation+penalties on best practices and force organizations to abide by a minimal set of standards (e.g., no clear-text passwords; no SSNs as IDs; breaches must be announced)

As per usual, MIT is conspicuously absent from the list of compromised schools.