Active Topics
-
Is there a section to talk about Java ME? Apps, etc. (3)
to General by Kalatti - 10 hrs, 51 mins ago - more...
|
2007-12-12
, 16:24
|
|
Posts: 19 |
Thanked: 1 time |
Joined on Dec 2007
|
#32
|
OP, your sentiments just go to show what windows has done to the computing industry. It's sheer ubiquitousness combined with it's security flaws have convinced people that if you don't have firewalls and virus scanners and malware scanners you don't have security.
When in fact, no amount of scanners and security software in the world can protect a system from a careless or malicious user.
Linux and linux based devices are inherently more secure simply by not defaulting to root level system access to all users.
Add to that the fact that it's not only a linux device, but running a non-x86 processor and you have a very unlikely source for security breeches.
It just seems to me you're overreacting.
When in fact, no amount of scanners and security software in the world can protect a system from a careless or malicious user.
Linux and linux based devices are inherently more secure simply by not defaulting to root level system access to all users.
Add to that the fact that it's not only a linux device, but running a non-x86 processor and you have a very unlikely source for security breeches.
It just seems to me you're overreacting.
|
|
2007-12-12
, 16:35
|
|
Posts: 452 |
Thanked: 522 times |
Joined on Nov 2007
|
#33
|
Originally Posted by Hedgecore
As a "Developer" (and recently the dev group manager) who uses his own equipment on the company network (and we probably deal with more critical data than you do, CC data being the _least_ important of it) -- their are reasons for exceptions to the rules. Rules should never be the end all answer -- they should be the guidelines and should be used to give you the intent of the law, not stifle user productivity.
djs: We had a developer with his own laptop PC. I'm not site support, so it's not my business... but I agreed with IT, it pissed them off to no end.
That said, depends on the business. This is a huge BPO, it *has* to be secure as there's credit card / personal info being dealt with. If it were a small design company or something (50-200 users), I'd have no qualms using my tablet for stuff.
And a laptop (which I and most of my developers use) is much more productive than a desktop machine. In the above issue you presented If "my" machine was faster than the companies; then I would want to use it. If the company was only going to give me a desktop I would lobby for allow me to use my laptop. I am far more productive on a laptop because inspiration can strike at 11pm at night. I've used a laptop for development work for over 15 years now.
In most developers cases; real debugging is a lot harder (and in some cases impossible) to handle in a locked down account -- and since debug rights basically give you the "keys" to the machine (any developer with real debug rights on W2k/XP (not sure about vista) can take over the machine anyways).
However, I'm not saying give the guy "network" admin rights -- "local" admin account rights is imho pretty much needed for any programmers who programs in any true compiled languages. Not only are the majority of developers pretty picky about their "setup" of the machine; but letting them setup their machine the way they want improves their productivity quite a bit for the minor security possibilities. (Emacs vs VI debate anyone?)
We assign the proper "network" rights based on the areas of responsibility.
Just to make your day (cringe <g>) since you seem to be very security paranoid -- My machine is NOT a member of the domain; nor does it run the company wide standard "virus" scanner, nor does it run the standard IM client. Hmm, thinking about it, I don't even run the standard browser nor the standard email clients. Hmm, standard.... Not sure their is much of anything "standard" on my computer. Technically, a sys-admins worst nightmare. <g>
However, as so eloquently phrased, with great power comes great responsibility. I run better (yes, imho & based on research) software than the company does. I do have AV, and run several other security related stuff that would be "overkill" for normal uses (software firewall, etc). I also read several different security mailing lists (and rss feeds to others -- so I often know long before IT if an issue might be something that they will need to be aware of).
Since we do deal with "critical" information -- I've introduced encrypted partitions/disks, source code control, build control, etc; to the company since I've been here. And at the end of the day if a problem that IT can't solve occurs, it lands on my desk as its last stop. ;-)
Now, if you tried to "handcuffed" me; I would be pretty upset too. My .02c from the other side of the fence.
(I'm seriously a huge proponent of Linux... but as much as I'd love to see it at work, I'd hate to as well.)
Nathan.
 |
|
2007-12-12
, 18:28
|
|
Posts: 1,361 |
Thanked: 115 times |
Joined on Oct 2005
@ Toronto, Ontario, Canada
|
#34
|
I'm glad this took a turn for civility again. I'm actually not too paranoid about security, given the chance to use my tablet I would in a second. I'm arguing points on both side of the coin, and I'll (much to your dismay/mental health) regularly switch sides. (That's how I explore a topic fully.)
For the most part, you guys seem to be consciencious developers. You've got social skills, can function normally, and come up with ideas that are an actual help to projects.
... but in your career paths, you've had to see the other side (which is what I was pointing my finger at). The developer who doesn't need admin rights for any reason but insists on them because it's an affront to his perceived intellect. The one who wants to use his own machine for no other reason than to set his own standards and play by his own rules regardless of the impact it would have for another department (say, the one charged with maintaining everything - - IT). The one who comes up with ideas not because they're helpful but because they're grandiose and are a challenge as opposed to the usual daily code, and subsquently delays the project because rebuilding the wheel didn't work (like it didn't last time and the time before that).
It's been brought up before but in business it comes down to accountability. You might be frickin Linus Torvalds but if IT can't guarantee that your linux tablet is secure, they can't in good conscience allow it on the network. This cheeses off the hyper-intelligent developer to no end but seriously... at the end of the day they're accountable and don't want to take the risk no matter how small. Different story if it hinders work, but refer to the above paragraph as those are the examples I'm referring to.
(And in my specific case, all devs do have widescreen laptops which still kicked the crap out of that rogue machine specs-wise - - the guy was just being difficult and wanted to use the tools for his own on-the-side efforts.)
Besides being all about accountability at the end of the day, there definately has to be a balance. If you needed admin rights to do your job, I'd have dumped them on you in a split second (providing I got in writing why you needed them to cover my own a** (There's that accountability again))
(That's how I explore a topic fully.)For the most part, you guys seem to be consciencious developers. You've got social skills, can function normally, and come up with ideas that are an actual help to projects.
... but in your career paths, you've had to see the other side (which is what I was pointing my finger at). The developer who doesn't need admin rights for any reason but insists on them because it's an affront to his perceived intellect. The one who wants to use his own machine for no other reason than to set his own standards and play by his own rules regardless of the impact it would have for another department (say, the one charged with maintaining everything - - IT). The one who comes up with ideas not because they're helpful but because they're grandiose and are a challenge as opposed to the usual daily code, and subsquently delays the project because rebuilding the wheel didn't work (like it didn't last time and the time before that).
It's been brought up before but in business it comes down to accountability. You might be frickin Linus Torvalds but if IT can't guarantee that your linux tablet is secure, they can't in good conscience allow it on the network. This cheeses off the hyper-intelligent developer to no end but seriously... at the end of the day they're accountable and don't want to take the risk no matter how small. Different story if it hinders work, but refer to the above paragraph as those are the examples I'm referring to.
(And in my specific case, all devs do have widescreen laptops which still kicked the crap out of that rogue machine specs-wise - - the guy was just being difficult and wanted to use the tools for his own on-the-side efforts.)
Besides being all about accountability at the end of the day, there definately has to be a balance. If you needed admin rights to do your job, I'd have dumped them on you in a split second (providing I got in writing why you needed them to cover my own a** (There's that accountability again))
|
|
2007-12-12
, 18:34
|
|
Posts: 452 |
Thanked: 522 times |
Joined on Nov 2007
|
#35
|
Originally Posted by Hedgecore
Everybody has their opinions and nobody else wants to write a 30 page diatribe on every angle they have either. Hence we do get some miscommunications.
I will not, and have never written a 30 page diatribe to contain every possible angle to qualify things that I've said.
If you think you can sit back and tell me your Linux box is 100% secure and you're sure of that, then you're deluded
My IT regularly comes with me into the workplace. It only connects to the Wifi provided for clients that's solely an internet connection, nothing to do with our network.
Machines are locked with strict policies through AD to prevent agents from running anything that could conceivably help them scoop numbers/info.
And to the snotty developers getting their knickers in a knot.
1.) I resent the fact my work has to go to QA, I checked it myself.
2.) I argue a lot with QA
3.) When I get specs I try to improve them and sometimes that takes longer than the project initially allotted.
4.) I'm awesome, the organization couldn't survive without me.
5.) This is the only thing I'm good at, I suck in social situations, and I get my neck beard in a knot when people try to stymie my brilliant ideas. I know assembler you f*ck!!!
#1 -- I happened to implemented a lot of it.
#2 -- Nope, I happed to believe in QA, Programmers make mistakes; and I know I make them. QA is a good defensive line.
#3 -- Umm, no -- bad recipe for disaster.
#4 -- No, nobody is un-replaceable. In fact, I try to do the opposite -- I attempt to make myself very replaceable. I've found throughout the years that more replaceable I become the more responsibility I get. Since if I can be moved from project a easily; then I can jump on project c where they might need some help. Now, I would say -- I would be hard to replace overall -- I know we've been looking for another equally qualified developer for as long as I've been working here, which has been quite a while.
#5 -- Well I am awkward in some social settings, not a socialite by any means. But, if you don't agree with my "facts" you are entitled to your own opinions. (j/k) -- in all reality we (as a team) rarely clash. And I have no problems doing it another way. Most the time we discuss where the "conflict" is at and figure out why and the decide on the course of action.
(P.S. I develop. I'm not site support. If you're going to make sweeping assumptions about me, let's at least get it in the right ballpark.)
1. What do you develop? Native compiled language, or runtime? Do you debug it if it is a compiled?
2. Do you have local admin rights to your computer?
Nathan.
P.S. Don't think I'm picking on you. I'm mainly trying to field the answers to questions you raised from a senior developers perspective who has been developing (& playing!) for 20-ish years (man that makes me sound old... <g>)
 |
|
2007-12-12
, 18:39
|
|
Posts: 641 |
Thanked: 27 times |
Joined on Apr 2007
|
#36
|
When it comes down to it, it's our (the IT folks) network. If there's an AUP stating you can't use a personal machine on the network, you're not using a personal machine on the network. If it states you can use a personal machine, but have to have one of our admin accounts installed on it and you don't want one of our accounts on it, it doesn't connect to the network. If we find that you have connected a personal machine to our network, it either gets confiscated, and you get to explain yourself to the director of technology, and/or, you find yourself a new job.
__________________
Just because you are online, doesn't mean you don't have to form a full sentence.
SEARCH! It's probably already been answered.
Just because you are online, doesn't mean you don't have to form a full sentence.
SEARCH! It's probably already been answered.
|
|
2007-12-12
, 19:16
|
|
Posts: 452 |
Thanked: 522 times |
Joined on Nov 2007
|
#37
|
Originally Posted by Hedgecore
LOL, I love technology -- hence my purchasing a N810 when I can (The dev codes hopefully will be live on the 15th). I plan on using it at work, and I'm sure the other IT guys will see it and want one too. They got Moto-Q's because it was cool. Just wait until they see a N810 in action. ;-D
I'm glad this took a turn for civility again. I'm actually not too paranoid about security, given the chance to use my tablet I would in a second. I'm arguing points on both side of the coin, and I'll (much to your dismay/mental health) regularly switch sides.
... but in your career paths, you've had to see the other side (which is what I was pointing my finger at). The developer who doesn't need admin rights for any reason but insists on them because it's an affront to his perceived intellect.
The one who wants to use his own machine for no other reason than to set his own standards and play by his own rules regardless of the impact it would have for another department
(say, the one charged with maintaining everything - - IT).
The one who comes up with ideas not because they're helpful but because they're grandiose and are a challenge as opposed to the usual daily code, and subsquently delays the project because rebuilding the wheel didn't work (like it didn't last time and the time before that).
It's been brought up before but in business it comes down to accountability. You might be frickin Linus Torvalds but if IT can't guarantee that your linux tablet is secure, they can't in good conscience allow it on the network.
(And in my specific case, all devs do have widescreen laptops which still kicked the crap out of that rogue machine specs-wise - - the guy was just being difficult and wanted to use the tools for his own on-the-side efforts.)
Nathan.
|
|
2007-12-12
, 21:23
|
|
Posts: 19 |
Thanked: 1 time |
Joined on Dec 2007
|
#38
|
Originally Posted by barry99705
Petty tyrants are invariably the worst.
When it comes down to it, it's our (the IT folks) network. If there's an AUP stating you can't use a personal machine on the network, you're not using a personal machine on the network. If it states you can use a personal machine, but have to have one of our admin accounts installed on it and you don't want one of our accounts on it, it doesn't connect to the network. If we find that you have connected a personal machine to our network, it either gets confiscated, and you get to explain yourself to the director of technology, and/or, you find yourself a new job.
It's not your network. It's the company's. Your job is making sure they can use the network to do theirs. If the user is responsible and the personal device will improve their productivity, everyone benefits if you green-light their access. You might even learn something. Possession shouldn't extend beyond personal pride in your work.
 |
|
2007-12-12
, 22:11
|
|
Posts: 574 |
Thanked: 166 times |
Joined on Oct 2007
@ BC, Canada
|
#39
|
Originally Posted by cynoclast
No, I'll bet part of his job is to protect the company's IT resources and data. And that's probably even more important to the company than getting your unapproved device onto the company network.
It's not your network. It's the company's. Your job is making sure they can use the network to do theirs.
__________________
Please follow these simple posting guidelines.
There are no stupid questions, just people who didn't search itT (with Google) first.
Please follow these simple posting guidelines.
There are no stupid questions, just people who didn't search itT (with Google) first.
|
|
2007-12-12
, 23:28
|
|
Posts: 1,361 |
Thanked: 115 times |
Joined on Oct 2005
@ Toronto, Ontario, Canada
|
#40
|
Nathan: Awesome answers, I think I like arguing with you. SQL has been my bag for a while (which explains my anal retentiveness - - for a while I was going to go the DBA route). I've also done stuff in Java/C and done a lot of application/system design. Education-wise I've got a Systems Analysis diploma and a Programming one. (That was mostly VB/VC though, plus all the design aspects covered in both.) Also to your enquiry about local security, USB ports are locked down in the call center environment, as well as on any machine where the user doesn't have admin rights. I do have admin rights on my laptop, as does most of IT. Contrary to the picture I'm painting, Mussolini hasn't teamed up with Hitler to dictate security policy. It's a comfortable blend between users and those charged with keeping the lights on.
Someone brought up a good point that I've been dodging around because I'm not a fan of fascism... it ain't the employees' network, it's the company. And sorry to bring ITIL into this but keeping services running is of prime importance, not making someone 10% less productive because they can't use their personal laptop with 1GB extra RAM than their company allotted laptop. Call it tyrannical, but if work was fun we'd all have google business cards.
SQL has been my bag for a while (which explains my anal retentiveness - - for a while I was going to go the DBA route). I've also done stuff in Java/C and done a lot of application/system design. Education-wise I've got a Systems Analysis diploma and a Programming one. (That was mostly VB/VC though, plus all the design aspects covered in both.) Also to your enquiry about local security, USB ports are locked down in the call center environment, as well as on any machine where the user doesn't have admin rights. I do have admin rights on my laptop, as does most of IT. Contrary to the picture I'm painting, Mussolini hasn't teamed up with Hitler to dictate security policy. It's a comfortable blend between users and those charged with keeping the lights on.Someone brought up a good point that I've been dodging around because I'm not a fan of fascism... it ain't the employees' network, it's the company. And sorry to bring ITIL into this but keeping services running is of prime importance, not making someone 10% less productive because they can't use their personal laptop with 1GB extra RAM than their company allotted laptop. Call it tyrannical, but if work was fun we'd all have google business cards.
Hedge, thanks for initiating this discussion. It's a tough one certainly, but even the *difficult* posts are worth reading!
My 2cents: Security comes down to trusting people, and some businesses can 'afford' to do it, others simply can't. I work at a University where there are so many people, layers and devices that no 'security system' is sufficient for the whole. Breaches occur not just because people are malicious (which they can be) but because they are careless, lazy or both (which they are more likely to be