Page 4 of 6 « First 23 4 56
Reply
Thread Tools
Greyghost's Avatar
Greyghost is offline Greyghost
2007-12-12 , 16:09
Posts: 415 | Thanked: 44 times | Joined on Apr 2007 @ Austin, Texas
#31
Originally Posted by iball View Post
....you look like a clueless *****.
Iball, you have made some good points, but in what manner is this rhetoric necessary to your argument?

Hedge, thanks for initiating this discussion. It's a tough one certainly, but even the *difficult* posts are worth reading!

My 2cents: Security comes down to trusting people, and some businesses can 'afford' to do it, others simply can't. I work at a University where there are so many people, layers and devices that no 'security system' is sufficient for the whole. Breaches occur not just because people are malicious (which they can be) but because they are careless, lazy or both (which they are more likely to be
 
cynoclast is offline cynoclast
2007-12-12 , 16:24
Posts: 19 | Thanked: 1 time | Joined on Dec 2007
#32
OP, your sentiments just go to show what windows has done to the computing industry. It's sheer ubiquitousness combined with it's security flaws have convinced people that if you don't have firewalls and virus scanners and malware scanners you don't have security.

When in fact, no amount of scanners and security software in the world can protect a system from a careless or malicious user.

Linux and linux based devices are inherently more secure simply by not defaulting to root level system access to all users.

Add to that the fact that it's not only a linux device, but running a non-x86 processor and you have a very unlikely source for security breeches.

It just seems to me you're overreacting.
 
Nathan is offline Nathan
2007-12-12 , 16:35
Posts: 452 | Thanked: 522 times | Joined on Nov 2007
#33
Originally Posted by Hedgecore View Post
djs: We had a developer with his own laptop PC. I'm not site support, so it's not my business... but I agreed with IT, it pissed them off to no end.

That said, depends on the business. This is a huge BPO, it *has* to be secure as there's credit card / personal info being dealt with. If it were a small design company or something (50-200 users), I'd have no qualms using my tablet for stuff.
As a "Developer" (and recently the dev group manager) who uses his own equipment on the company network (and we probably deal with more critical data than you do, CC data being the _least_ important of it) -- their are reasons for exceptions to the rules. Rules should never be the end all answer -- they should be the guidelines and should be used to give you the intent of the law, not stifle user productivity.

And a laptop (which I and most of my developers use) is much more productive than a desktop machine. In the above issue you presented If "my" machine was faster than the companies; then I would want to use it. If the company was only going to give me a desktop I would lobby for allow me to use my laptop. I am far more productive on a laptop because inspiration can strike at 11pm at night. I've used a laptop for development work for over 15 years now.

In most developers cases; real debugging is a lot harder (and in some cases impossible) to handle in a locked down account -- and since debug rights basically give you the "keys" to the machine (any developer with real debug rights on W2k/XP (not sure about vista) can take over the machine anyways).

However, I'm not saying give the guy "network" admin rights -- "local" admin account rights is imho pretty much needed for any programmers who programs in any true compiled languages. Not only are the majority of developers pretty picky about their "setup" of the machine; but letting them setup their machine the way they want improves their productivity quite a bit for the minor security possibilities. (Emacs vs VI debate anyone?)

We assign the proper "network" rights based on the areas of responsibility.

Just to make your day (cringe <g>) since you seem to be very security paranoid -- My machine is NOT a member of the domain; nor does it run the company wide standard "virus" scanner, nor does it run the standard IM client. Hmm, thinking about it, I don't even run the standard browser nor the standard email clients. Hmm, standard.... Not sure their is much of anything "standard" on my computer. Technically, a sys-admins worst nightmare. <g>

However, as so eloquently phrased, with great power comes great responsibility. I run better (yes, imho & based on research) software than the company does. I do have AV, and run several other security related stuff that would be "overkill" for normal uses (software firewall, etc). I also read several different security mailing lists (and rss feeds to others -- so I often know long before IT if an issue might be something that they will need to be aware of).

Since we do deal with "critical" information -- I've introduced encrypted partitions/disks, source code control, build control, etc; to the company since I've been here. And at the end of the day if a problem that IT can't solve occurs, it lands on my desk as its last stop. ;-)

Now, if you tried to "handcuffed" me; I would be pretty upset too. My .02c from the other side of the fence.


(I'm seriously a huge proponent of Linux... but as much as I'd love to see it at work, I'd hate to as well.)
As long as you have it keep itself up to date; adding a linux server is good for the company. Having different "genes" in the gene pool helps promote stability. Having all the same genes gives birth defects. Guess what the computer industry suffers from.

Nathan.
 
Hedgecore's Avatar
Hedgecore is offline Hedgecore
2007-12-12 , 18:28
Posts: 1,361 | Thanked: 115 times | Joined on Oct 2005 @ Toronto, Ontario, Canada
#34
I'm glad this took a turn for civility again. I'm actually not too paranoid about security, given the chance to use my tablet I would in a second. I'm arguing points on both side of the coin, and I'll (much to your dismay/mental health) regularly switch sides. (That's how I explore a topic fully.)

For the most part, you guys seem to be consciencious developers. You've got social skills, can function normally, and come up with ideas that are an actual help to projects.

... but in your career paths, you've had to see the other side (which is what I was pointing my finger at). The developer who doesn't need admin rights for any reason but insists on them because it's an affront to his perceived intellect. The one who wants to use his own machine for no other reason than to set his own standards and play by his own rules regardless of the impact it would have for another department (say, the one charged with maintaining everything - - IT). The one who comes up with ideas not because they're helpful but because they're grandiose and are a challenge as opposed to the usual daily code, and subsquently delays the project because rebuilding the wheel didn't work (like it didn't last time and the time before that).

It's been brought up before but in business it comes down to accountability. You might be frickin Linus Torvalds but if IT can't guarantee that your linux tablet is secure, they can't in good conscience allow it on the network. This cheeses off the hyper-intelligent developer to no end but seriously... at the end of the day they're accountable and don't want to take the risk no matter how small. Different story if it hinders work, but refer to the above paragraph as those are the examples I'm referring to.

(And in my specific case, all devs do have widescreen laptops which still kicked the crap out of that rogue machine specs-wise - - the guy was just being difficult and wanted to use the tools for his own on-the-side efforts.)

Besides being all about accountability at the end of the day, there definately has to be a balance. If you needed admin rights to do your job, I'd have dumped them on you in a split second (providing I got in writing why you needed them to cover my own a** (There's that accountability again))
 
Nathan is offline Nathan
2007-12-12 , 18:34
Posts: 452 | Thanked: 522 times | Joined on Nov 2007
#35
Originally Posted by Hedgecore View Post
I will not, and have never written a 30 page diatribe to contain every possible angle to qualify things that I've said.
Everybody has their opinions and nobody else wants to write a 30 page diatribe on every angle they have either. Hence we do get some miscommunications.

If you think you can sit back and tell me your Linux box is 100% secure and you're sure of that, then you're deluded
Very true statement! However the same applies with any OS. You have to weight things. For instance -- am I MORE sure my Linux box is not infected than my Win Box or Mac Box is? It is a numbers game. In terms of basic security on "Average" a recent auto-patching distribution of Linux / MacOSX are more secure than a auto-patching Windows box. However, that being said my personal opinion in security is Linux, Mac OSX, Windows. In that specific order, with Windows being the least secure of the bunch. (Please note I use a WinXP box all day as my primary machine -- it also imho is the box I'm most productive on). I'm pro-use the right tool for the right job.

My IT regularly comes with me into the workplace. It only connects to the Wifi provided for clients that's solely an internet connection, nothing to do with our network.
Cool, so far it sounds well thought out. I assume you don't actually have _any_ other wireless access point that are actually inside the network correct? Otherwise that "insecure" point of failure is a whole lot worse than just the IT connecting to it.


Machines are locked with strict policies through AD to prevent agents from running anything that could conceivably help them scoop numbers/info.
Nice that all sounds like pretty good security, I assume USB, & Fireware are also _totally_ disabled (in hardware) in your call center -- and autorun is also disabled for all drives on all machines in your facility, right?


And to the snotty developers getting their knickers in a knot.
I might be one of the "snotty" developers (well at least I will admit the "developer" part <G>) But based on my relationship in my company -- I think everyone in my company just thinks of me as the nice guy that knows a lot about computers and if they have a question I'm always willing to help. I also try and explain why/how the problem occurred so our support desk can handle it in the future.


1.) I resent the fact my work has to go to QA, I checked it myself.
2.) I argue a lot with QA
3.) When I get specs I try to improve them and sometimes that takes longer than the project initially allotted.
4.) I'm awesome, the organization couldn't survive without me.
5.) This is the only thing I'm good at, I suck in social situations, and I get my neck beard in a knot when people try to stymie my brilliant ideas. I know assembler you f*ck!!!
LOL, I might be atypical -- lets see
#1 -- I happened to implemented a lot of it.
#2 -- Nope, I happed to believe in QA, Programmers make mistakes; and I know I make them. QA is a good defensive line.
#3 -- Umm, no -- bad recipe for disaster.
#4 -- No, nobody is un-replaceable. In fact, I try to do the opposite -- I attempt to make myself very replaceable. I've found throughout the years that more replaceable I become the more responsibility I get. Since if I can be moved from project a easily; then I can jump on project c where they might need some help. Now, I would say -- I would be hard to replace overall -- I know we've been looking for another equally qualified developer for as long as I've been working here, which has been quite a while.
#5 -- Well I am awkward in some social settings, not a socialite by any means. But, if you don't agree with my "facts" you are entitled to your own opinions. (j/k) -- in all reality we (as a team) rarely clash. And I have no problems doing it another way. Most the time we discuss where the "conflict" is at and figure out why and the decide on the course of action.

(P.S. I develop. I'm not site support. If you're going to make sweeping assumptions about me, let's at least get it in the right ballpark.)
A couple questions:
1. What do you develop? Native compiled language, or runtime? Do you debug it if it is a compiled?
2. Do you have local admin rights to your computer?

Nathan.
P.S. Don't think I'm picking on you. I'm mainly trying to field the answers to questions you raised from a senior developers perspective who has been developing (& playing!) for 20-ish years (man that makes me sound old... <g>)
 
barry99705's Avatar
barry99705 is offline barry99705
2007-12-12 , 18:39
Posts: 641 | Thanked: 27 times | Joined on Apr 2007
#36
When it comes down to it, it's our (the IT folks) network. If there's an AUP stating you can't use a personal machine on the network, you're not using a personal machine on the network. If it states you can use a personal machine, but have to have one of our admin accounts installed on it and you don't want one of our accounts on it, it doesn't connect to the network. If we find that you have connected a personal machine to our network, it either gets confiscated, and you get to explain yourself to the director of technology, and/or, you find yourself a new job.
__________________
Just because you are online, doesn't mean you don't have to form a full sentence.


SEARCH! It's probably already been answered.
 
Nathan is offline Nathan
2007-12-12 , 19:16
Posts: 452 | Thanked: 522 times | Joined on Nov 2007
#37
Originally Posted by Hedgecore View Post
I'm glad this took a turn for civility again. I'm actually not too paranoid about security, given the chance to use my tablet I would in a second. I'm arguing points on both side of the coin, and I'll (much to your dismay/mental health) regularly switch sides. (That's how I explore a topic fully.)
LOL, I love technology -- hence my purchasing a N810 when I can (The dev codes hopefully will be live on the 15th). I plan on using it at work, and I'm sure the other IT guys will see it and want one too. They got Moto-Q's because it was cool. Just wait until they see a N810 in action. ;-D



... but in your career paths, you've had to see the other side (which is what I was pointing my finger at). The developer who doesn't need admin rights for any reason but insists on them because it's an affront to his perceived intellect.
Security based on "who" you are is not good. Security based on "what" you need is. I'm all for making the CEO/CFO mad by removing their network security that they don't need. ;-)


The one who wants to use his own machine for no other reason than to set his own standards and play by his own rules regardless of the impact it would have for another department
Depends on circumstances. If he actually impacts other departments then yes that is a problem. If he makes other departments uncomfortable that is their problem. For instance we have a set way to manage source; it is followed. This impacts any developers that work on that source base. However, on some projects we only have one developer and he has control of the build process -- as this really does not effect anything "globally". Others we have a set build process since it is multiple people (typically automated). Analyze the need and give the responsibility to those that "can" and "do" want it. Those that don't want it or can't do it don't.


(say, the one charged with maintaining everything - - IT).
Ah, see I look at it a bit differently -- if you give someone the right to customize their machine (such as I do for the devs because of the productivity factors) -- The only thing I require from IT department to do is rebrick the machine if the developer doesn't know how to. With Power comes responsibility. You mess it up, you fix it. If you can't fix it you get to rebrick it. And that loss of time is yours. Keeps everyone accountable. ;-) For our CS department, the machines are fairly locked down. They don't need that "freedom" (nor do many of them want it) and then IT fully supports their configurations. Right tool for the right job...


The one who comes up with ideas not because they're helpful but because they're grandiose and are a challenge as opposed to the usual daily code, and subsquently delays the project because rebuilding the wheel didn't work (like it didn't last time and the time before that).
I think I might also take a different look at this. I really don't like the Not Invented Here syndrome -- however, occasion for a new developer I will let them do it and then I have a "teaching" opportunity. ;-) Sometimes the cost for getting that teaching opportunity is worth suffering a NIH loss. ;-D


It's been brought up before but in business it comes down to accountability. You might be frickin Linus Torvalds but if IT can't guarantee that your linux tablet is secure, they can't in good conscience allow it on the network.
Wow this must be one of the few Windows places that actually removes/blocks internet explorer, active-x. I haven't heard of that many places taking that tough of a stance on security. Color me impressed. I wish I could get my company to ban it -- it would sure help security wise...


(And in my specific case, all devs do have widescreen laptops which still kicked the crap out of that rogue machine specs-wise - - the guy was just being difficult and wanted to use the tools for his own on-the-side efforts.)
See, then that makes a bit more sense why you are balking at adding another machine to the network. No good reason = no! Do your devs get to bring their notebooks home? Do your devs get local admin rights?

Nathan.
 
cynoclast is offline cynoclast
2007-12-12 , 21:23
Posts: 19 | Thanked: 1 time | Joined on Dec 2007
#38
Originally Posted by barry99705 View Post
When it comes down to it, it's our (the IT folks) network. If there's an AUP stating you can't use a personal machine on the network, you're not using a personal machine on the network. If it states you can use a personal machine, but have to have one of our admin accounts installed on it and you don't want one of our accounts on it, it doesn't connect to the network. If we find that you have connected a personal machine to our network, it either gets confiscated, and you get to explain yourself to the director of technology, and/or, you find yourself a new job.
Petty tyrants are invariably the worst.

It's not your network. It's the company's. Your job is making sure they can use the network to do theirs. If the user is responsible and the personal device will improve their productivity, everyone benefits if you green-light their access. You might even learn something. Possession shouldn't extend beyond personal pride in your work.
 
technut's Avatar
technut is offline technut
2007-12-12 , 22:11
Posts: 574 | Thanked: 166 times | Joined on Oct 2007 @ BC, Canada
#39
Originally Posted by cynoclast View Post
It's not your network. It's the company's. Your job is making sure they can use the network to do theirs.
No, I'll bet part of his job is to protect the company's IT resources and data. And that's probably even more important to the company than getting your unapproved device onto the company network.
__________________
Please follow these simple posting guidelines.
There are no stupid questions, just people who didn't search itT (with Google) first.
 
Hedgecore's Avatar
Hedgecore is offline Hedgecore
2007-12-12 , 23:28
Posts: 1,361 | Thanked: 115 times | Joined on Oct 2005 @ Toronto, Ontario, Canada
#40
Nathan: Awesome answers, I think I like arguing with you. SQL has been my bag for a while (which explains my anal retentiveness - - for a while I was going to go the DBA route). I've also done stuff in Java/C and done a lot of application/system design. Education-wise I've got a Systems Analysis diploma and a Programming one. (That was mostly VB/VC though, plus all the design aspects covered in both.) Also to your enquiry about local security, USB ports are locked down in the call center environment, as well as on any machine where the user doesn't have admin rights. I do have admin rights on my laptop, as does most of IT. Contrary to the picture I'm painting, Mussolini hasn't teamed up with Hitler to dictate security policy. It's a comfortable blend between users and those charged with keeping the lights on.

Someone brought up a good point that I've been dodging around because I'm not a fan of fascism... it ain't the employees' network, it's the company. And sorry to bring ITIL into this but keeping services running is of prime importance, not making someone 10% less productive because they can't use their personal laptop with 1GB extra RAM than their company allotted laptop. Call it tyrannical, but if work was fun we'd all have google business cards.
 
Reply
Page 4 of 6 « First 23 4 56

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 22:14.

Contact Us - Home - Archive - Top