Slashdot Mirror

← Back to Stories (view on slashdot.org)

Do IT Pros Abuse Their Power?

Posted by Soulskill on from the hahahaha-yes dept.

An anonymous reader writes "I have noticed that many airports and hospitals I've visited have some kind of internet usage policy in place. Some use software similar to Websense, which effectively blocks sites based on blacklisting them by category. A commonly used blacklist prevents users from accessing 'forums or discussion boards,' yet I find that often these networks allow users to access sites like Fark, Slashdot, Digg and other message boards that appeal to the technical culture one might find in the IT world. In your experience, do IT administrators abuse their supervisory powers? Has there ever been a backlash from users or management for doing so?"

49 of 460 comments (clear)

  1. New around here? by hedronist · · Score: 5, Funny

    You must be new here. All members of /. are (or want to be) a BOFH!

    1. Re:New around here? by TheLink · · Score: 5, Informative

      A BOFH might find it more fun to manipulate data from certain websites, rather than block sites.

      e.g. the BOFH substitutes some images, and/or inserts a rather loud audioclip.

      Go figure out the details yourself.

      Even if you use SSL, the BOFH probably controls what CA certs are installed in your browser ;).

      --
    2. Re:New around here? by noidentity · · Score: 5, Funny

      A BOFH might find it more fun to manipulate data from certain websites, rather than block sites.

      Oh, you mean something like blurring or mirroring images on websites viewed over an open WiFi access point?

  2. Of course by Guiness+Boy · · Score: 5, Insightful

    Of course we do. Get over it.

    1. Re:Of course by digitig · · Score: 5, Funny

      Don't be silly. It would only be "abuse" if it were a bad thing!

      --
      Quidnam Latine loqui modo coepi?
    2. Re:Of course by __aasqbs9791 · · Score: 3, Informative

      I think you missed something. He's saying those sites are not blocked.

    3. Re:Of course by PakProtector · · Score: 3, Insightful

      I'm sorry, but /. hasn't been a 'technical' crowd for some time now. It's currently a small population of 'technical' people of various fields and a great deal of September That Never Ended wanna-be haxx0rs.

      --

      Edward@Tomato - /home/Edward/ man woman
      man: no entry for woman in the manual.
      "Qua!?"

  3. Since when.. by dr_strang · · Score: 5, Interesting

    ...are Fark and Digg considered 'technical culture' sites. Seriously, this isn't 2001. Last time I checked, the Internet had sort of entered the mainstream and 'slacking off at work' isn't really considered exclusively IT.

    --
    This is a sig. It is like every other sig in the world, except that it is mine, and it is different.
    1. Re:Since when.. by Akira+Kogami · · Score: 4, Funny

      Nah, eating junk food is enjoyable.

    2. Re:Since when.. by poetmatt · · Score: 5, Informative

      you can blame the fact that the websense ceo is the same guy who was ceo of Mcafee during the time when Mcafee was known to be a piece of shit software that wasn't complete or accurate. Is it any more surprising that he's equally badly mismanaging websense, and is selling to the same crowd with both basically?

      The issue is a man named gene hodges , the guy is a horrible ceo (and cause for many tech issues relying on anything he is a part of) .

    3. Re:Since when.. by GrumblyStuff · · Score: 4, Funny

      The McAfee infection is annoying. Popping up all the time, asking for money....

  4. Power Corrupts... by PCGod · · Score: 5, Interesting

    Absolute power, is even more fun!</bofh>

    Yes, we did have something like this happen where I work. Our IT group ended up blocking all social networking sites. Our marketing department raised a fit because they use Facebook for business purposes.

    1. Re:Power Corrupts... by 2stein · · Score: 5, Interesting

      Yes, we did have something like this happen where I work. Our IT group ended up blocking all social networking sites. Our marketing department raised a fit because they use Facebook for business purposes.

      At the place were I currently work we have kind of a "feel free to use the internet as you wish" policy. This actually works out quite well. Sites are not filtered specifically. They basically say "hey, if you end up doing illegal stuff, you're screwed, otherwise we don't care as long as you get to do your work."

      I used to work for a financial institution before that. And they had sort of a lockdown-mania. Filtering proxies (no checking your private web mail - could be used for stealing information), read-only USB mass storage, scanning outgoing e-mail attachments etc. I guess, these rules came in place because of management being scared to death by compliance requirements, not because of IT admins abusing their power.

      And BTW: Had I wished to steal massive amounts of data, I could have still simply sent them via e-mail in a password-encrypted archive. It's a matter of trust, not only of making it difficult. So basically powerful and clueless management are equally effective as power-abusing admins.

    2. Re:Power Corrupts... by houstonbofh · · Score: 5, Insightful

      I have seen that "lockdown" so many times, and it never works. There are no technical solutions to personnel problems. I always use this analogy; "You can make a car very secure by removing the battery and putting it up on blocks. It just doesn't make for a very good car."

    3. Re:Power Corrupts... by networkBoy · · Score: 5, Insightful

      we currently have an anti-internet micromanager.
      While the corporate policy is covered by an 'acceptable use' that is fairly liberal this guy equates having an idle page open equivalent to not working. To that end he's having our IT dept. provide him usage data from all employees. As a counter I developed an http over e-mail application that seems to be working quite nicely.
      -nB

      --
      whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
    4. Re:Power Corrupts... by dkf · · Score: 3, Interesting

      Take SSL/TLS for example. It is basically protection against a problem that would never happen in reality. What are the chances of someone intercepting your communications link to a website and capturing your credit card numbers? Out of the billions of packets that are flowing through the networks, the chances of someone managing to find the one packet with the 25 bytes of data comprising your credit card number are vanishingly small. The level of access you'd need would mean it'd be easier to just compromise the person's PC directly rather than sorting through all that noise.

      Once someone's trapping the message flow, it's trivial to search for particular triggers. The biggest defence is current generations of routers not sending every message to every machine on the local net, but that's not really much of a defence at all. Encryption stops these trivial attacks.

      There are problems with SSL as usually deployed:

      1. Most users don't verify that who they've connected to is who they wanted to connect to.
      2. Some CAs are grasping idiots who will sign any old shit if it gets them another dollar.

      Mind you, the alternatives are mostly much worse. And in fact SSL can be very good indeed (e.g., when the client has to present a certificate to the server and a private CA that everyone knows about beforehand is the only trust root). It's just that deployment on the scale of the internet is hard; there's just no way to get everyone to know about everyone else before communications start.

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
    5. Re:Power Corrupts... by John+Hasler · · Score: 4, Insightful

      > I have seen that "lockdown" so many times, and it never works.

      It works quite well for demonstrating compliance with regulations, which is what it is for.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    6. Re:Power Corrupts... by CastrTroy · · Score: 3, Interesting

      CA's aren't supposed to guarantee that their customers are trustworthy. The only thing a certificate is for is to verify that internet traffic is coming from who it says it's coming from. That's it. Nothing more, nothing less. Nothing says you can't get a virus from only going to SSL sites. You can get an ssl cert for as little as $15 these days. Basically it's just a big cash grabs by the CAs. They don't actually have to verify that the site in question is using their cert for good, but just that they are who they say they are.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    7. Re:Power Corrupts... by chrylis · · Score: 4, Insightful

      And this is why "direct benefit" is a completely useless metric, and in fact isn't applied to most of the rest of a business's operations. A/C and heating, for example, don't provide a direct benefit except for industrial controls, yet most businesses see the value in providing a comfortable work environment to employees.

      By the same token, the studies are now old news that have shown that employees who take "mental breaks" with Facebook and friends are more productive and that external communications channels are becoming increasingly valuable to businesses.

      It's the same old story: Centralized policymaking suffers from a chronic lack of both information and imagination, and policies like global whitelists essentially kill off many useful innovations.

    8. Re:Power Corrupts... by Cederic · · Score: 4, Interesting

      And everybody in my extended team have web browsers on the mobile phones anyway, so if we do want to look something up we don't even need to use company resources to do so.

      Of course, it'll be quicker to use a proper browser on a proper monitor with a proper keyboard, but that just highlights the fallacy of locking things down to promote productivity.

  5. Do power users abuse their IT knowledge? by Wonko+the+Sane · · Score: 5, Interesting

    How many people here get around their workplace's blocking software by running an SSH tunnel to a proxy server on their home network?

    1. Re:Do power users abuse their IT knowledge? by lukas84 · · Score: 3, Insightful

      In a properly managed network, you won't get a direct connection to the internet AND you won't able to run any kind of SSH tunneling software.

      I know most of the proxy software i use will tear down SSH sessions established through a HTTPS proxy, if you even get that far - i usually configure them to reject self signed certificates (as those would only provide a false sense of security).

    2. Re:Do power users abuse their IT knowledge? by Saint+Stephen · · Score: 5, Insightful

      I always figured my employer would be really, really pissed off if they found out I did that. At best you're pointing out a massive security hole in the network. They'd just assume I'd be running ANYTHING (kiddie porn) over the tunnel, and if anything accidentally happened, and I'd been using a "hole", I'd get in huge trouble.

    3. Re:Do power users abuse their IT knowledge? by iangoldby · · Score: 5, Interesting

      I don't understand why people always try to "get around" these restrictions. If there is a legitimate business need, then get it approved.

      I suppose it depends on the size of the business. Where I work, it is usually impossible even to find out who is responsible for a particular policy. As for actually getting a policy changed, you'd be better off pissing into the wind.

      Whenever I need information from a blocked site (I'm talking about work-related information here), I just keep trying Google results until I find one that isn't blocked. Sometimes it can take fifteen or twenty minutes, when I know that the top result would have answered my question immediately. On occasions I send myself an email at home so that I can look it up after work, but why should I have to do this?

    4. Re:Do power users abuse their IT knowledge? by lukas84 · · Score: 3, Interesting

      Get a separate ADSL line for the IT pros. A friend of mine did exactly that. He works in a large bureaucracy and in the end their installed a separate, unfiltered ADSL line that's not under the administrative control from over-the-pond.

      Of course, being in IT, they were smart enough to keep this all on a separate network.

    5. Re:Do power users abuse their IT knowledge? by Gorobei · · Score: 3, Insightful

      I've worked at a few big banks, and getting sites unblocked only takes a few minutes: just a quick email to IT help saying "information on site XXX is important to our business. The block is costing us money. Please fix."

      The less "reasoning" added, the better. Make it a business issue, not a free information issue.

    6. Re:Do power users abuse their IT knowledge? by Anonymous Coward · · Score: 5, Insightful

      Even assuming you mean "reject certificates not signed by an authority I trust", as opposed to "reject self-signed certificates", it's pretty trivial to get a certificate you'd accept. I also wonder if you allow plain HTTP connections, given your stance on certificate management. HTTP connections are less secure than HTTPS with self-signed certificates, and they don't even generate a warning in the browser -- at least a self-signed certificate would let users know their connection is unauthenticated, but plain HTTP happily transmits in the clear, without encryption or authentication, with no warnings at all. That seems like a much more likely source of false security to me.

      In general, your tunnel users aren't very persistent, or you haven't noticed the ones that are -- it's not terribly difficult to setup an plain-old HTTP server and send SSH data in the body of apparently-valid HTML pages. A bit of base-64 encoding, a bit of a random real web page from the browser cache, and you'd have an awfully hard time getting a machine to determine that the web page was actually a proxy connection. It's a bit inefficient and there are TCP over TCP resend issues, but it's perfectly usable for web browsing and the like. Or assuming you just check the SSL setup but otherwise allow HTTPS traffic unchallenged through the proxy (the most typical setup for non-forging, non-plaintext proxies) you could negotiate a standard SSL session and then send raw PPP data through it, without even pretending to be a web page, or using SSH.

      Or if you're really pressed for access, you can setup a DNS-based proxy and smuggle data through in perfectly valid DNS requests and responses. The size of packets is limited, but it's running over UDP so you eliminate the TCP issues, and it's virtually unmonitored at most locations, even those that consider themselves "locked down" -- when was the last time you checked your outbound DNS logs? Do you even have outbound DNS request logging? And domains are cheap -- what if I registered a few hundred and spread out my requests across those?

      Or if you're willing to put up with a little latency you can use just about any messaging/discussion board to post data to a totally legitimate web page, which a remote proxy could then read and reply to, again on a legitimate web page. And of course there's email.

      While it's maybe worth some effort to make data smuggling more difficult, don't fool yourself into thinking you're preventing it from happening. Adding noise to the channel only limits transfer speeds -- so long as there is any way for users to inject and retrieve data to/from the Internet, even through proxies and filters, tunneling will be possible.

    7. Re:Do power users abuse their IT knowledge? by Compholio · · Score: 3, Insightful

      Nope, not for that reason. I am worried about you transferring company data to your home server though.

      Good luck blocking SSH over DNS.

    8. Re:Do power users abuse their IT knowledge? by Compholio · · Score: 3, Interesting

      Sure. Proxy intercepts DNS requests and forwards them to our Internal DNS servers. Firewall has a rule to block outbound DNS requests except those by our internal servers. The internal servers are only allowed outbound requests to our ISPs DNS servers.

      Except that's not how SSH over DNS works. On the server end someone installs a custom DNS server on a machine and sets that machine as authoritative for a domain. On the client end the PC sends a seemingly benign request through your local DNS servers, which forward that request to the authoritative domain (running the custom DNS server). The custom DNS server then decodes the "benign" request, passes it off to the SSH server, retrieves the reply, then encodes it so that it can be sent back to the client PC.

    9. Re:Do power users abuse their IT knowledge? by Bigjeff5 · · Score: 4, Insightful

      You aught to, especially if your previous "fix" was to block the website used for business purposes in the first place.

      The role of IT is not to control information technology, metering it out to the users as the IT gods see fit. The role of IT is to support the business. That means facilitating their work as much as possible, and protecting them from the dangers they are unaware of.

      Frankly, if I were your manager and you took that attitude toward your customers on a daily basis, I'd fire you.

      IT departments don't make a company money. They either help them make more money by increasing productivity, or they help prevent them from losing money by protecting their information-related assets. If you are doing neither, you don't belong there.

      --
      Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
    10. Re:Do power users abuse their IT knowledge? by linuxrocks123 · · Score: 4, Interesting

      There's no reason you can't actually talk HTTP. See http://www.sensepost.com/research/reDuh/ for one of many examples on how to do this. And, once you have an arbitrary TCP connection, there's no reason you can't perform a public key exchange for SSH as usual, defeating your proxy's man-in-the-middle attack.

      Nice try, man, but you'll never be clever enough to accomplish what you intend.

      ---linuxrocks123

      --
      vi ~/.emacs # I'm probably going to Hell for this.
    11. Re:Do power users abuse their IT knowledge? by JustShootMe · · Score: 3, Insightful

      And if I were your manager, I'd explain to you the concept of revenue generation vs. opportunity cost...

      I work for a company where every dollar the company makes comes through IT. Without a functioning IT department, the company would be out of business in the space of a few days. But IT is still not making that money - it is made by the sales and marketing people who are going out and getting people to purchase the services that we offer.

      But neither of you manage each other, so stop waving your dicks. I guarantee you neither of them are as large as you think they are.

      --
      For linux tips: http://www.linuxtipsblog.com
    12. Re:Do power users abuse their IT knowledge? by Anonymous Coward · · Score: 5, Insightful

      Ummm... IANAL, but even I know that's not a real charge. If you threatened him with that, you guys are probably in the wrong...you know... "hostile work environment" and all those little things. You could have gone after him for unauthorized access... but you'd be hard pressed to claim it was unauthorized access to his home network. And given that he was an employee, you'd be pretty hard pressed to argue he exceeded access on his own desktop or your network. At best, you've got evidence that he used a data processing system in a manner violating policy--and you've already admitted it wasn't malicious and did no damage. Assuming you're using the computer fraud & abuse act--you've already eliminated most of the necessary criteria... which makes anyone accusing him under it guilty of... oh--filing a false report, and possibly perjury depending on how far you take it! Not that you'd ever be prosecuted as that's one of the most abused laws in the country.

      While there are states where access in violation of policy *has* been held as unauthorized access, to my knowledge there's really only been one conviction of that so far--and last I'd checked in, it was about due to be thrown out on appeal. Quite simply--you can't open the door of your house to somebody, and then accuse them of trespass when they wander off the yellow brick road you defined in a convoluted fashion.

      I don't blame you for looking for that type of traffic--it's a good way to hide botnet. But going after somebody for trying to listen to music... and using that as the excuse to fire him--that's just cowardly and dishonorable. Your users deserve someone more professional than that, even if they themselves are not the most professional based upon their actions.

    13. Re:Do power users abuse their IT knowledge? by Actually,+I+do+RTFA · · Score: 3, Insightful

      We block sites by content group, not individually. We didn't "fix" anything by blocking anything intentionally.

      Of course you did. There was some problem (employees are looking up hitmen online and killing their bosses). You fixed it by blocking all applicable websites (it has the work "hitman" in it). Unfortunately, your conglomerate needed someone to clean the port-a-potty (a "shitman" in your part of the world). That site is blocked. You certainly intentionally blocked it. You just didn't specifically block it. And your imprecise fix to an earlier problem is causing new problems.

      But if you talk down to IT or treat them like shit I promise you IT will make your job as painful as they possibly can. It's called human nature.

      That's the attitude of a five-year-old. I expect better of adults, and insist upon better in the workplace. You may lose your cool, that is human nature, but I would expect a sheepish apology or mea culpa in that case.

      The role of IT isn't to control information, and that's a ridiculous straw man argument. We're trying to make sure users (1) don't access any malicious content and (2) don't waste time on fark.com all day

      You do realize that point (2) is trying to control information, right? It may be that some of IT's role is to control information, but to say that you don't while claiming that is half your reason for existing is, at best, cognitive dissonence.

      Sometimes there's collateral damage. If you've got a better system I'm all ears.

      I don't have to prove that the concept is poor to prove your implementation is. In every case, there will be sites that need to be black/white listed, and your mechanisms for doing so are subject to judgement without having to attack the idea of a black/white list system. In this case, you are defending a system of employees pleading with IT about making a site accessable. Why not simply automatically unblock the site, and then review it later?

      And the entire concept that IT departments don't make money is very 1995 of you. If you don't think IT makes you money, try working without them and see how much lost revenue you have without a functioning IT system.

      That IT doesn't make money is an accounting truism. Neither does a CEO (well, depending on the company). IT is an overhead cost. It can be important, but where do you bring dollars in the door? Some IT departments bring in blue dollars, but that's it. (Exceptions made, of course, for IT consultant groups.)

      --
      Your ad here. Ask me how!
  6. IT Pros don't make policy. by lukas84 · · Score: 5, Insightful

    Policy is made by management. I don't care if you watch gay furry porn for all the three hours you spend in the Office.

    I do care about the security of the network - so if you plug your private Laptop into the Office LAN, you won't get any connection because your machine won't authenticate. But i'll know exactly that you did so. And i'll call you out for it.

    In all the places i've worked, WebSense etc. only worked in the VLANs for the office workers. All IT networks (as did the Exec's networks) had unrestricted internet access (they still went through a malware filtering proxy, but not content filtering). This might be different in larger organizations.

    In the place i work right now, we only have a malware filter. No content filtering at all. I think it's pointless. If someone does not do his job properly, fire him. If someone does his job properly, but uses 10 minutes a day for masturbating to gay furry porn, he's still more productive than someone who takes a 10 minute smoke break every 20 minutes.

  7. Digg? by Akira+Kogami · · Score: 4, Funny

    Digg has tech news? I thought it was all libertarianism and marijuana.

  8. IT Pros - Never! by Anonymous Coward · · Score: 5, Funny

    IT professionals would never abuse the position of responsibility with which they are entrusted. They would never use their positions to retaliate against the unthinking, uncaring, ungrateful wretches that make their lives a living, seething hell each and every day those worthless pieces of crap continue to suck air.

  9. I blame the boss. by wheelema · · Score: 5, Insightful

    In my experience most draconian restrictions are imposed by Management. The technical staff is simply more empowered to work around them or ignore them.

  10. It's not IT-vs-other, it's business-vs-non by rbrander · · Score: 3, Insightful

    Generally, they'll whitelist any site that a user can come defend as needed for work.

    If there is abuse of "IT power", it's that IT passes judgment on their own staff's claim that tech-sites are needed for asking questions and finding tech solutions. But, frankly, even a very lame claim that "I need access to localchat.com to check on how other local accountants are handling the new sales tax" will get a pass, too. IT staff aren't exactly Sam Spade. So any extra blind-eyes they get to their favourite sites is pretty marginal.

    The big difference is that IT staff aren't shy of asking. Other users imagine some omniscient IT that will just know they really want to chat about their cats.

  11. Dealing with Blocked Websites... by xmundt · · Score: 3, Informative

    Greetings and Salutations.
                Perhaps the better questions are "why ARE some websites blocked? and WHO makes that decision?" I administer web access for a client or two, and, the decision to block given websites comes from upper level management, usually NOT the IT command structure. In a business, there is an almost paranoid fear that the employees are sitting around surfing the Net instead of doing work to make money for the company. Any blocking seems focused at keeping that from happening.
                Alternatively, I go and sit at Panera Bread (a great place for good pastries, and excellent, light lunch sandwiches and such by the by...) on occasion, and have found a few websites that would not come up because they were blocked. However, it appeared that this was because the company providing the blocking had mis-catagorized them, and, once I sent a note in about the site, they ended up being unblocked. But then, If I were going to surf porn sites I would NOT be doing it in a public place like that....
                So, I suppose there are cases where IT admins abuse their powers and block sites that should be available...but I have not run into them. Amazingly enough BOFHs are human too, and, some of them ARE little Herberts....control freaks and generally annoying people. The rest of us are all genial and fun folks with a slightly twisted sense of humor.
              Regards
              Dave Mundt

    --
    YAB - http://blog.beemandave.com/
  12. Who cares? Really? by ZorinLynx · · Score: 3, Insightful

    Does it matter, as long as they get their work done?

    Really, some people are too uptight about things. The only metric should be if an employee does their job. If they do their job and do it well, who cares if they visit an amusing website for a laugh to break up an otherwise dull day?

    1. Re:Who cares? Really? by tnk1 · · Score: 3, Insightful

      You would hope that the only measurement is if someone is doing their job, but management is always trying to justify the amount that they are spending on staff. That means that it is not enough for the tasks that they expect done to be done, but they must also get as much work as possible out of each "unit" of staff that they are paying. If you have noticed, one of the things management loves to do is "cut costs", which means "lay off people".

      The business cycle works like this. New company gets loans and venture capital. If it succeeds it gets flush with money. At that point management starts spending that money like no one's business. Each exec and manager tries to get themselves noticed by creating cool things and hiring employees to increase their empire. Efficiency is not cared about because no one cares about that in a "growth" phase. At that point, it's like management is on cocaine and their jittery fingers are poised over the "spend" button.

      Eventually, this stabilizes and it becomes clear that you can't spend money like water any more. Frequently, this is some time after the company goes public. At that point, the original execs with the coke habits (real or virtual) have sold their overpriced shares and have either left or been forced out by a board that is now responsible to shareholders and the SEC. At that point, the new management, and/or the consultants that they have hired try to get a handle on the huge bloated mass of a company they have inherited, try to do something called "reaching profitability". This usually means starting to whittle down staff and make existing staff do more.

      The end result is that every sort of perceived "inefficiency" is targeted, including web access. This is not to say that there is not something that needs to be done. Chances are good that a company in this position does start off with staff bloat. Of course, in the end the new management is as ham handed as the old management, just in a different direction and instead of simply trying to cut off the fat, it turns the place into a gulag.

      The sad thing is that many of these blanket solutions are used instead of the more valid and useful method of creating and refining cost allocation models. Much like the "mass layoff", it seems that those sorts of solutions exist to create drama for something like instilling obedience or impressing the market to improve share price.

      In the end, either due to the unrecoverable status of the initial bloat, or the fact that the place is now a gulag (or outsourced), the company will fail unless it really does have a unique product that can survive that process. Welcome to the 21st Century.

      The moral of the story is: don't become personally invested in places that bother to heavily restrict your web access other than for strictly security reasons. You can work at them, but they are just jobs. If someone is willing to spend the time and money on carefully blocking your access to the internet, it's clear that you are seen as a resource that they need to squeeze more efficiency from in lieu of them actually having real, attainable goals that they can measure staff by. If they had those, they would be able to give you assignments that justify your expense and it wouldn't matter if you took 5 minutes or 5 hours to do them in, because they have refined their models and *on average*, each employee would spend the expected amount of time on it.

  13. We do NOT abuse our supervisory powers ... by VitaminB52 · · Score: 3, Funny

    ... and if you don't believe me I will delete your account

  14. OpenVPN-over-UDP-over-IP-over-DNS by xororand · · Score: 4, Informative

    Do you allow DNS on your network? OpenVPN-over-UDP-over-IP-over-DNS isn't lightning fast but it does the job most of the time. It's a neat way to (ab)use commercial WiFi hotspots too. You can't stop a determined power user except maybe with a whitelist of a small set of whitelisted remote hosts.

  15. Re:Answer by Asmor · · Score: 5, Insightful

    You work at a college and block certain "websites and services?" From the context I'm guessing it's more than simply blocking known phishing sites and the like...

    If you are censoring the internet for the students of your college, then frankly I find that abhorrent. It's one thing for a company to filter the internet for their employees at work, but it's completely another to do it to students who-- besides being in an environment which should encourage exploration and allow for the making of mistakes-- may very likely live there and only have access to the internet through the school. As a college IT department, for all internets and purposes you're an ISP and with respect to student internet access you should be held to the same standards of openness and neutrality to which Comcast, Verizon and their likes are.

  16. thats business by DaveGod · · Score: 4, Informative

    In my experience the IT dept generally has rules for other people and rules for themselves. They "know what they are doing" while everybody else "can't be trusted". Their login for general usage is full administrator and bypasses websense, while I am barred from sites "listed as general business" (only sites pre-approved by IT are allowed, which they make very clear they do not do because they don't want people asking them all the time). Our email attachment limits are 2mb ("it takes up space on the server") and FTP is outright barred - even though one time it was the only way for a client to send me files IT wouldn't do it, so I went home and put it onto a USB stick.

    They install whatever they like, including such productivity tools as BBC news sports tickers. Despite pretty much being able to do everything on their work-paid cell phone, not having to multi-task or whatever they have brand-new machines. When another member of staff requires a new PC, they get an IT staff's PC and IT get a new PC. Despite the general staff doing work where screen real estate is highly productive, their monitors are 15" and 17" while IT and managers have 19" (although they were quite savvy and gave the partners 21"; monitors are the new bigger desk and chair). In my job where we do quite a lot of printing, speed and quality are important, IT also have the best printer - yet it took a week for them to notice when I unplugged it one Friday night.

    IT is all about convenience for IT. All our productivity stuff, which at any given moment 99% of staff is running at any given moment, is quite server intensive. They're all on the same server, while low-intensity stuff rarely used has three idle servers all to itself. I spend a significant portion of my time waiting for the server to respond. It's quite embarrassing when a client turns up asking for a simple copy of a report in a hurry and it takes me 10 minutes, they think I must have forgotten so they ask reception to call up and remind me they're late for their meeting. I pointed out once that the servers could be rebalanced to distribute the load but was told "that would be too much hassle".

    All the procedures are laughable. Despite almost completely phasing paper filing out, all staff's basic logins can delete data files and all the backups are kept on a shelf on site. I could obliterate the lot in one minute of madness (probably induced by dealing with IT). It would take me longer to copy it all to a couple of USB sticks, but nobody would notice until they got the blackmail letters or it was on the news.

    But let's not get all confused and think I'm bashing IT here. I can say pretty much the same thing about every single department. Like how the time it takes me to obtain new propellant pencil leads costs the firm 16x the price of the leads. If I kept one carton for work then stole the rest of the box it would be cheaper for the firm than following procedure.

    As regards other managers, few have the slightest clue about IT. Those that do just work it to their advantage - they get preferential treatment so it makes them look good.

    1. Re:thats business by ModernGeek · · Score: 5, Funny

      So on a scale of 1 to 10, how would you rate your satisfaction with your IT Department? 1 being extremely satisfied, 10 being extraordinarily satisfied.

      --
      Sig: I stole this sig.
    2. Re:thats business by spire3661 · · Score: 5, Insightful

      And management gets fancy catered lunches, and warehouse gets free shipping, Marketing gets free swag, Sales gets to wine and dine people on the company credit card, etc so on and so forth

      --
      Good-bye
  17. Trying to ruin a presentation by EmperorOfCanada · · Score: 3, Informative

    Once when presenting a web based product to the senior management the IT people at a huge company tried to block the IP address of the server in the middle of the presentation. Without missing a beat I switched over to a copy of the product that was hosted on the laptop itself. The IT guy typed furiously and then interrupted and asked what port/ IP address I was using. I told him that I had switched from TCP to UDP as something was blocking the TCP packets. He typed even more furiously trying to figure out why blocking a single IP wouldn't also block UDP. I am not sure he ever figured out what went wrong. For weeks after the presentation the IT group threw up roadblock after roadblock. We weren't compatible with their PKI, etc (we didn't use anything that would work with PKI). Even though the top people(CEO, CFO, President, and the VP of Marketing) really wanted what we were offering they simply admitted that a battle with their IT department wasn't something they could handle at this time. This was not the first IT department that tried to crap all over our product for "Technical" reasons. Even if our product were to have sucked crap that was never the reason given. It was always "bandwidth" or something not relating at all to any possible problem that our product had. I think it all boils down to IT departments being driven by fear. If all goes well the IT department risks downsizing. If anything goes wrong the IT department gets the blame. Then to top it all off the typical IT head might be around 50 years old in the average large organization and they fear the new guy who just was hired who could single handedly bring the entire department out of the depths of Novell and into the 21st century. I would recommend that any large company regularly get an outside organization to audit their IT departments and make sure that the technologies and practices are up to a reasonable standard. Best to learn now that your backups suck instead of when the good data still exists. I would be willing to venture that most organizations have a head of IT who should be replaced by one of his far younger underlings.