Xref: utzoo comp.sys.apollo:5686 comp.sys.hp:5554 Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uwm.edu!cs.utexas.edu!swrinde!ucsd!pacbell.com!ames!uhccux!virtue!comp.vuw.ac.nz!munnari.oz.au!metro!news From: jimr@maths.su.oz.au (Jim Richardson) Newsgroups: comp.sys.apollo,comp.sys.hp Subject: Netpower: encourage HP to improve customer services Summary: Let's get organized Keywords: HP Apollo security patches APRs bugs customer services net Message-ID: <1990Jul6.015817.23710@metro.ucc.su.OZ.AU> Date: 6 Jul 90 01:58:17 GMT References: <1990Jul5.142403.3942@quintro.uucp> Reply-To: jimr@maths.su.oz.au (Jim Richardson) Organization: Dept of Pure Mathematics, University of Sydney Lines: 141 In a number of recent articles in comp.sys.apollo, people have expressed their dissatisfaction with many aspects of HP's customer services, in particular with HP's attitude to security. For example, in <1407@m1.cs.man.ac.uk>, root@craven.ee.man.ac.uk (Operator) "Colin" writes: >Frankly, it seems to me that Apollo's attitude towards security sucks, which >is a great shame 'cos I generally love the machines. I couldn't agree more with Colin. With a real networked file system (//), token ring, the DM, ACLs and more, Apollos have a system which could be driving most other Unix workstations out of the market (no offence to HP machines intended :-) But the company's services to customers are bad enough to cancel all this out. Some extracts from other articles appear at the end of this one. They show that there is a lot of frustration among a lot of Apollo system managers. It's not only security: other issues include non-supply of patch tapes, slow or non-existent response to APRs (Apollo Product Reports), difficulties obtaining the latest release (or *any* release) of software products, and notorious series of bugs such as in pseudo-ttys. One of the worst aspects of HP's performance is their failure to take advantage of the network. There are a few stalwarts like Ollie Jones, Peter Craine, John Vasta and Walt Weber who do respond in comp.sys.apollo and their efforts are much appreciated by me for one. But I suspect that corporate HP doesn't even know the net as a community of users exists. SUN do much better here. For example, for at least a year they have been supplying patches by ftp (for details ftp the file sun-fixes/README from uunet.uu.net). This neatly gets round the security problems of sending patches through news or mail. Of course, it means that people *without* SUN software maintenance contracts can get the patches, but apparently SUN has enough of a commitment to all its customers that this doesn't worry them. I'd like to see HP/Apollo start using the net to provide better customer services. Here are some suggestions: * HP to set up a public ftp archive containing an index of APRs, an index of latest versions of software (not the software itself:-), and a complete set of patches, say in compressed wbak form. There's no reason why it couldn't have advertisements for new products too. * Prompt response *by email* to APRs submitted by email for customers with service contracts. * HP to appoint one or more staff as Net Liaison Officers to oversee and act as contacts for the above services, and to monitor news and promptly obtain and post responses from the appropriate HP experts. I propose that we get organized and use the power of the network to encourage HP to improve things. If a good fraction of the users who read these newsgroups campaign simultaneously, maybe HP will take note and act. What can we do? o Keep posting news articles expressing complaints and ideas for improvements (if you're shy of posting send me mail and I'll post an anonymous summary). o Cajole, beg or threaten people from HP to come into this discussion and use news. o Find out more about what other companies do to support their users effectively. For example, can anybody who reads the SUN newsgroups tell us if SUN staff post responses officially, or at least more often than Apollo staff? o Think of other avenues for applying pressure on HP. For example, has anyone had any contact with CERT, the Computer Emergency Response Team, cert@cert.sei.cmu.edu? Maybe CERT can help with security issues. o Get HP and Apollo customers working together. I'm cross-posting this to comp.sys.{apollo,hp} as a start. What do users of HP machines feel about the company's services? o Develop a "manifesto" of what we'd like to see from HP, perhaps using my suggestions above as a starting point. o When the manifesto is ready, talk to or email our sales reps and other contacts within HP asking them to use their influence to implement it. (Does anybody have email addresses for people in HP responsible for customer relations policy?) o If all else fails, consider setting up our own ftp archives of useful information, e.g. old articles from this news group, lists of latest patches and software versions (taking care of HP's copyrights of course :-). I would be willing to maintain an Australian Apollo site if it comes to this. There have been flurries of complaints about HP/Apollo's performance on Usenet before, but so far they've always died away leaving the bad old status quo in place. Let's not let that happen this time. -- Extracts from recent news articles in comp.sys.apollo (ellipses in brackets [...] are mine): In <1990Jun29.150426.26943@cns.umist.ac.uk>, ran@cns.umist.ac.uk (Bob Nutter) writes: > [...] Trying to get >any sense out of Hp/Apollo these days, never mind details on an APR >that someone filed in possibly a different continent is _not_exactly_easy_ >Christ, they're not even sure about our contracts with them! I know it >doesn't resolve the issue, but how many people out there have had a >patch tape *offered* them by apollo? Do Apollo tell you about >bugs/problems? Why do more problems get sorted out here than through >manual-quoting support centres? (These are all questions someone at >HP/Apollo should answer...) In <542@ebe.eb.ele.tue.nl>, wjw@eba.eb.ele.tue.nl (Willem Jan Withagen) writes: >The problem [...] is that I and many more of the "approved" users, >are have trouble getting to the hotline. And it somnetimes takes a while for >the correct info to propagate to place outside the US of A. In <2032@cernvax.UUCP>, achille@cernvax.UUCP (achille petrilli) writes: > [...] the official channels or the >'security by ignorance' are not always the right way of handling this sort of >problems. >In some cases, you MUST go out to the net and take the risk. In <1646@tuvie>, mike@tuvie (Inst.f.Techn.Informatik) writes: >I guess the only way something will be done is by postin security problems to >the net. [...] >Also, if HP/Apollo think they can handle Apollo security problem by saying >Apollos were never intended to be secure, then we should try to force them >to enhance security by posting *ALL* problems to the net ('security by >exposure' instead of 'security by ignorance'). In <1990Jul5.142403.3942@quintro.uucp>, bep@quintro.uucp (Bryan Province) writes: > [...] Too bad HP/Apollo doesn't subscribe to the same policies that >other companies have used for years (stab, gouge, flame). -- Jim Richardson Department of Pure Mathematics, University of Sydney, NSW 2006, Australia Internet: jimr@maths.su.oz.au ACSNET: jimr@maths.su.oz FAX: +61 2 692 4534