Oh, you're the head of a company that sells remedies to this horrible future?
McAfee doesn't sell remedies for anything (other than a remedy for a lack of McAfee software).
None of the "anti-virus" companies do. Because the way they're currently structured is as a reactive process.
Bad guys release a new "virus". Users get infected. Someone sends the infected files to McAfee. McAfee releases new "signatures" to detect the new virus. Repeat.
And McAfee makes a lot of money off of that process. Meanwhile, users keep getting infected by "mal-ware". It's so bad that you cannot even depend upon McAfee to detect all the "mal-ware" that is detected by other anti-virus products from a week ago. Why should you need to run multiple scans from multiple products to clear a Windows machine?
Where's the bootable CD from McAfee that will at least be able to identify what is known to be a regular Windows file and what has not been identified before? With a way to move those questionable files to external storage / submit them to McAfee?
But why spend money on something that might help? Particularly when just giving interviews about how things MIGHT get worse will generate more revenues for your company?
When peers or customers see how quickly someone troubleshoots an infrastructure breakdown or architects a technical solution, they wonder just how hard it could really be. Also, why does this person get paid so much?
If you perform enough miracles when other people NEED them... pretty soon they think THEY are the ones performing the miracles.
And in IT... without the risk of death or dismemberment should your design/work crash... that's just the way things are.
People EXPECT computer systems to crash. Which is the perfect environment for people who know nothing to succeed.
OTOH, if you did the network correctly, you can take measure to ensure people can use their devices and minimize the risk to almost 0. If you haven't figured out a way to do that(and I can think of 3) then you need to take some time to specifically address this issue.
There will ALWAYS be someone who will claim to be able to do it.
Don't waste time fighting them on that. You will lose. BUT! You will still be held responsible when the systems are cracked.
Find a new job where management isn't looking for magical snake oil and go work there.
it would be if IT people would learn the art of corporate politics. Or if not the CEO, then someone, or maybe no one. Don't right it won't be it IT person.
Exactly. The guy peddling the magical snake oil will be sure that HE isn't the one blamed when HIS "solution" fails.
For everyone else, do you really want to work in a company where technology decisions are based upon fantasies?
And where responsibility falls depending upon who is leading which clique that has influence with which executive?
I don't. When politics becomes the product, it is time to leave.
It's your job to make it work. Yes, make the CEO access his apps MINIMIZING safety issues
Exactly. And when the reporters come calling for quotes about how the crackers got the credit card numbers from us, it will NOT be the CEO who is fired for the security failure.
If you can't do it somebody else will.
Not exactly. Someone else who CLAIMS that they can do it will be hired. What do I care? They'll be the one fired when the reporters come calling.
There will ALWAYS be SOMEONE who will claim to be able to do the impossible.
Yes, you can find yourself another job.
Remember that, people. The company will NOT waste a single moment firing you if it will protect the CEO. You don't owe the company a single moment of loyalty.
Do your job. Collect your pay. Advise them as best you can. Move on when the situation calls for it.
I agree, but it's not just the revenues and cost, it's as much about securing the safety of the business's data (and their customers), and demonstrating a duty of care in the handling of that data.
Except that violations of that kind are usually dealt with via fines or losing your compliance certification (which requires that you go through the process again after a certain time).
Which can both be translated into MONEY.
In some case there may be a legal requirement effectively preventing ANY use of the corporate network by the invididual.
Yep. And again, that usually translated into a fine (MONEY) or loss of certification (MONEY).
Computers provided by the employer should be seen as tools for the job, owned and operated by the employer solely for the benefit of the employer's business.
Exactly. You don't see other employees "fixing" the locks on the doors, do you? Hey, it's easier for me if they're keyed the same as my house key. No problem, right?
Many of the above actions are difficult or impossible if the employee uses their own laptop... unless the laptop is simply a thin client, but even then a key logger would be a security risk.
Not to mention the implied requirement that every single employee doing that have the same (or higher) education/experience as the dedicated IT department. How many people out there don't even know that their machines are zombies?
There is already a big problem with people storing confidential information on laptop computers which leave the workplace. How this can be controlled if staff use their own?
Exactly. And if someone steals their iPhone which just happens to contain a copy of the customer database including credit card info... that's even more MONEY that has to be spend in fines and PR and lost customers.
Personally, I don't see any way that using personal electronics for work can generate more revenue than it can cost.
Maybe I'll be wrong in the future. We'll have to wait and see.
The ones who are not, will find it very hard to satisfy their interal customers.
There aren't any "internal customers" because the concept of "customer" contains the element of "choice". If you don't like the service, you go to a different vendor. Internal departments do NOT have that option.
They will also find retainment of new workers a big problem.
The implication being that those "new workers" will be worth the additional considerations. I'm sure you can find enough skilled workers who do not demand that you support their personal electronics.
Seriously: start preparing, because the tidal wave is coming. It is already happening.
As can be said with most fads and bubbles. The question isn't whether it will be happening but whether it will be a new requirement. Or will it happen and then fade as the security issues become evident?
Companies (like a few where I worked) that started moving away from that and to webbased apps, are in good position to actually profit from this move.
Who cares about the software? It's the data that is important?
Ofcourse this is difficult: it is most difficult for those companies that still have software in place with dedicated clientsoftware, beyond MS Office.
It's about the data, not the software.
Losing credit card info is a problem.
Getting Excel running on your phone is not an issue.
So your CEO walks in with his new iPhone and wants to access his mobile reporting solution. The one containing all his sales information. You're telling him he can't?
That depends upon the situation. Do you have read-only access via a secured web site?
What does he REALLY want to accomplish?
He is the CEO. But that just means that he is the CEO. You can always find a new job. It's easier to find a new job while you're still working. Rather than AFTER you're fired because the company hits the papers for losing credit card info because of how you put a hole into your security for the CEO. And you know that it will be YOU who is fired first and blamed for not keeping the place secure enough.
I put time, effort and expense into protecting the company assets from harm, including that which may come from your random equipment on our network, accessing our data. Yes, it takes more (time/effort/expense) to work with your random equipment than it would to just lock you out and threaten you with $punishment when you try to use stuff.
How are you doing that?
I spend a lot of time locking out systems because I cannot tell the difference between your legitimate connection and your machine being used by some cracker who was running a key logger on your home machine.
But the main point is that TFA is so badly written.
He continued, âoeAnd she was such a beauty! A LED backlight 22-inch widescreen display with full HD 1920Ã--1080 resolution and mega dynamic contrast ratio. Iâ(TM)ll admit the pure darkness provided by the contrast ratio was more suited for watching movies, but I need downtime too!â
Yeah, way to subtly make your point.
How about instead of the artistic license about what you THINK someone would use a monitor for you look at what real coders use their monitors for.
He seems to be focusing on the 22" instead of the real issue.
Is a coder with two 17" screens as productive (or less or more) as one with a single 22" screen?
Not only that, but training is different from experience.
Do you want someone who's gone to a week long class about whatever or someone who's been working on whatever for a year?
So there is SOME logic to hiring as opposed to training. You already have people who can explain the weirdness of your existing systems to the new person.
But just because there's some logic to it does not make it the best course. Instead, you should DEMAND that they read books (that you bought) and pass certifications (that you pay for) and then use those skills on side projects.
However many companies cripple their networks through so called "Security" measures. What do you do when you lock down everything to be accessed through a few servers and you experience a major network outage? Your time to resolution is crippled by having to use ancient back doors "Serial Access" to get back into these devices.
The problem with such "security" is that the easier you make it for your admins to connect... the easier you make it for the bad guys to connect.
The answer is to run training exercises for the various scenarios so that everyone knows what to do and where to go in such situations.
The problem with that is that people are lazy. Security is not difficult. But NOT doing it will always be easier (and yield immediate rewards) in the short term.
TCP/IP is great, but there needs to be some better upper layer changes that allow client replication to work as well. So if the App loses it's connection to server A, it seamlessly uses server B without so much as a hiccup.
Sounds good. But the system also has to be designed to take advantage of the technology that is available today. Too often the systems are based around the single machine running a single application with full administrative rights model. And the technological advances have just made it possible to fool the app into thinking it is on one machine while it runs on multiple machines (badly).
Joel is trying to promote a workplace where you would actually want to be.
Joel is trying to promote a workplace that fits Joel's notion of what a nice place to work would be for other people who have preferences similar to Joel's preferences.
Let me earn my paycheck in peace, then don't be surprised when I leave, at the end of the day, and go do something completely unrelated to the job, the office or my co-workers.
That's the problem I have with this. A place that I would WANT to spend more time at.. with co-workers I found to be interesting... would be a very strange place to work at (and probably illegal).
Let me have my private life. I'll trade my professional time for money. Allow me to keep the two separate.
The problem, IMO, isn't people who don't make friends at work, it's the people who can't work well with others without being friends.
Or without going through the motions of being friends.
You should be able to interact with co-workers on a professional basis. That being, you handle your part of the job and they handle their part of the job.
Can your co-workers depend upon you to perform your job to a standard? Can you depend upon them to perform their job to a standard?
Is there a defined communication channel to relay information pertaining to the above?
In my experience, the people who focus primarily on whether they're "friends" with everyone are the ones with the lowest tech skills. They're trying to compensate by forming personal connections.
I don't care about your raid over the weekend. I want to know if you have finished the interface yet.
Perhaps. Although I would not equate "social" to "understanding". If anything, being slightly less intelligent makes it easier to socialize.
(And FWIW, I consider myself more to the antisocial side and seek out lunch-time company in part to improve my people skills. So if I'm antisocial but misunderstood your message, did I demonstrated the validity of my position or not?)
Again, you seem to be confusing "social" with "intelligent". So yes, you did demonstrate the validity of your view point again.
And perhaps you're too social to understand that there are more alternatives than "turn lunch into another group meeting" or "eat lunch alone."
Okay. It's obvious that you don't understand what the term "social" means. You keep using it incorrectly.
Communication failure is fairly common, so finding other ways of communicating is beneficial.
I'll disagree. Each communication channel has its own problems. Attempting to make a social channel into an official channel makes it subject to cliques and inter-personal issues.
Why not work on fixing the primary communication channel?
In my experience, the correlation isn't between lacking social skills and having great technical skills... it's between lacking social skills and THINKING that you have great technical skills.
That's wonderful. And if the discussion was about social skills, that would be an important contribution.
But this is about extroverts and introverts and group lunches.
Being an introvert does not mean you have no (or limited) social skills.
The person who would rather spend his lunch hour alone, reading tech manuals will, probably, be more technically skilled than the person who spends his lunch hour chatting about fantasy baseball with other people.
The idea that being antisocial == leet skillz and social == PHB is simple ignorance.
Since no one has claimed such, I think you've just demonstrated the validity of your position.
So it may be worth my while to get to know the other people in my office. And lunch is a good time to get to know people I don't work with directly on a daily basis.
Did you read the article?
This isn't about having occasional lunches with people in other departments.
This is about having daily lunches with the people in the same department as yourself.
That may be ok for some people but others just want to get away for 30 minutes or an hour.
I think you hit on the core problem in this discussion.
Introverts are not extroverts. Extroverts are not introverts. And so forth.
Because there is no objective "wrong" or "right" in this discussion, it tends towards people restating their personality as the rationalization for their preferred behavior. Circular logic at its best.
People like what they like because that is what they like.
And a boss that provides incentives for people to do what they already like to do will be perceived as a good boss. But that same boss with the same practice will be viewed as an idiot by someone who does NOT already like that.
Is having lunch together part of what makes a group a good team?
Or does a good team naturally spend time eating lunch together?
Personally, I don't think lunch matters in these circumstances. A clique can have lunch together. A team can have lunch together. People who are not a clique nor a team can have lunch together.
I actually think this is a good thing. Getting kind of "high in the clouds" here, but as a society, we take work way too seriously. Work _should_ be secondary to life.
Yep. So get the work done at work and then get back to your life. Don't waste time at work trying to use it as a substitute for your life.
I've personally spent a great deal of my own time and money working with computers as a hobby... an I attribute most of my professional success to this... but I still go out to the pub once in a while.
I go out a lot with my friends (who I do not work with). That wasn't the point.
The point was about people trying to use work-time to socialize instead of focusing on work-related items. Such as doing the work.
I can be friends with someone with vastly different views. I even get along with a die hard bible thumping type from the finance department. Unless someone has views whcih actually offend me (rare), there is no issue with a little diversity in opinion.
I'd rather not listen to another diatribe on how Obama's newly released birth certificate is a CIA fake that he ordered.
Your mileage will vary.
And the birther guy probably would be perfectly happy with another birther to have coffee with.
Me? I'm not going to discuss it with you and I'll just keep doing my work and improving my tech skills.
We didn't talk about work. We made fun of each other and joked around, and no one thought twice about slapping their immediate supervisor with a "draw 4" card.
That's great.
But was the team a good team because it played Uno? Or did it play Uno because it was a good team?
None of us really had similar outside interests. But every day we'd sit around a big round table and play Uno as we ate.
I'd say that you had at least a similar interest in playing Uno at lunch.
That might not sound like much to you, but look at all the factors that have to play into it to make that happen.
The problem here is that one factor is being taken as indicative of other factors.
A high school cheerleader clique also eats lunch together.
But would you depend upon them to write your next software release?
Slashdot Mirror
McAfee doesn't sell remedies for anything (other than a remedy for a lack of McAfee software).
None of the "anti-virus" companies do. Because the way they're currently structured is as a reactive process.
Bad guys release a new "virus".
Users get infected.
Someone sends the infected files to McAfee.
McAfee releases new "signatures" to detect the new virus.
Repeat.
And McAfee makes a lot of money off of that process. Meanwhile, users keep getting infected by "mal-ware". It's so bad that you cannot even depend upon McAfee to detect all the "mal-ware" that is detected by other anti-virus products from a week ago. Why should you need to run multiple scans from multiple products to clear a Windows machine?
Where's the bootable CD from McAfee that will at least be able to identify what is known to be a regular Windows file and what has not been identified before? With a way to move those questionable files to external storage / submit them to McAfee?
But why spend money on something that might help? Particularly when just giving interviews about how things MIGHT get worse will generate more revenues for your company?
Colour me cynical.
From TFA:
If you perform enough miracles when other people NEED them ... pretty soon they think THEY are the ones performing the miracles.
And in IT ... without the risk of death or dismemberment should your design/work crash ... that's just the way things are.
People EXPECT computer systems to crash. Which is the perfect environment for people who know nothing to succeed.
Okay, now from TFA.
So, the "socially inept" engineers somehow manage to convince the customers that they (the engineers) are trustworthy.
While the socially skilled sales people are unable to do this.
I question your definition because it seems to be the opposite. At least in the case presented in TFA.
I'd look at the root cause of why the customers seem to trust the engineers more than the sales people.
Strange, I don't see anyone being a dick to the cops in that story.
A guy RECORDING cops ON DUTY during an action ON A PUBLIC STREET ends up with a cop smashing his phone and pointing a gun at him.
Yeah, blame other people for being dicks to the cops. That makes a lot of sense.
There will ALWAYS be someone who will claim to be able to do it.
Don't waste time fighting them on that.
You will lose.
BUT! You will still be held responsible when the systems are cracked.
Find a new job where management isn't looking for magical snake oil and go work there.
Exactly. The guy peddling the magical snake oil will be sure that HE isn't the one blamed when HIS "solution" fails.
For everyone else, do you really want to work in a company where technology decisions are based upon fantasies?
And where responsibility falls depending upon who is leading which clique that has influence with which executive?
I don't. When politics becomes the product, it is time to leave.
Exactly. And when the reporters come calling for quotes about how the crackers got the credit card numbers from us, it will NOT be the CEO who is fired for the security failure.
Not exactly. Someone else who CLAIMS that they can do it will be hired. What do I care? They'll be the one fired when the reporters come calling.
There will ALWAYS be SOMEONE who will claim to be able to do the impossible.
Remember that, people. The company will NOT waste a single moment firing you if it will protect the CEO. You don't owe the company a single moment of loyalty.
Do your job.
Collect your pay.
Advise them as best you can.
Move on when the situation calls for it.
Except that violations of that kind are usually dealt with via fines or losing your compliance certification (which requires that you go through the process again after a certain time).
Which can both be translated into MONEY.
Yep. And again, that usually translated into a fine (MONEY) or loss of certification (MONEY).
Exactly. You don't see other employees "fixing" the locks on the doors, do you? Hey, it's easier for me if they're keyed the same as my house key. No problem, right?
Not to mention the implied requirement that every single employee doing that have the same (or higher) education/experience as the dedicated IT department. How many people out there don't even know that their machines are zombies?
Exactly. And if someone steals their iPhone which just happens to contain a copy of the customer database including credit card info ... that's even more MONEY that has to be spend in fines and PR and lost customers.
Personally, I don't see any way that using personal electronics for work can generate more revenue than it can cost.
Maybe I'll be wrong in the future. We'll have to wait and see.
There aren't any "internal customers" because the concept of "customer" contains the element of "choice". If you don't like the service, you go to a different vendor. Internal departments do NOT have that option.
The implication being that those "new workers" will be worth the additional considerations. I'm sure you can find enough skilled workers who do not demand that you support their personal electronics.
As can be said with most fads and bubbles. The question isn't whether it will be happening but whether it will be a new requirement. Or will it happen and then fade as the security issues become evident?
Who cares about the software? It's the data that is important?
It's about the data, not the software.
Losing credit card info is a problem.
Getting Excel running on your phone is not an issue.
That depends upon the situation. Do you have read-only access via a secured web site?
What does he REALLY want to accomplish?
He is the CEO. But that just means that he is the CEO.
You can always find a new job.
It's easier to find a new job while you're still working.
Rather than AFTER you're fired because the company hits the papers for losing credit card info because of how you put a hole into your security for the CEO.
And you know that it will be YOU who is fired first and blamed for not keeping the place secure enough.
How are you doing that?
I spend a lot of time locking out systems because I cannot tell the difference between your legitimate connection and your machine being used by some cracker who was running a key logger on your home machine.
How do you handle it?
It SHOULD come down to a simple business decision.
Is the advantage of adding those devices going to bring in more revenue than the extra effort and lost/compromised data is going to cost?
But the main point is that TFA is so badly written.
Yeah, way to subtly make your point.
How about instead of the artistic license about what you THINK someone would use a monitor for you look at what real coders use their monitors for.
He seems to be focusing on the 22" instead of the real issue.
Is a coder with two 17" screens as productive (or less or more) as one with a single 22" screen?
Not only that, but training is different from experience.
Do you want someone who's gone to a week long class about whatever or someone who's been working on whatever for a year?
So there is SOME logic to hiring as opposed to training. You already have people who can explain the weirdness of your existing systems to the new person.
But just because there's some logic to it does not make it the best course. Instead, you should DEMAND that they read books (that you bought) and pass certifications (that you pay for) and then use those skills on side projects.
The more they know, the better they'll function.
The problem with such "security" is that the easier you make it for your admins to connect ... the easier you make it for the bad guys to connect.
The answer is to run training exercises for the various scenarios so that everyone knows what to do and where to go in such situations.
The problem with that is that people are lazy. Security is not difficult. But NOT doing it will always be easier (and yield immediate rewards) in the short term.
Sounds good. But the system also has to be designed to take advantage of the technology that is available today. Too often the systems are based around the single machine running a single application with full administrative rights model. And the technological advances have just made it possible to fool the app into thinking it is on one machine while it runs on multiple machines (badly).
Joel is trying to promote a workplace that fits Joel's notion of what a nice place to work would be for other people who have preferences similar to Joel's preferences.
That's the problem I have with this. A place that I would WANT to spend more time at .. with co-workers I found to be interesting ... would be a very strange place to work at (and probably illegal).
Let me have my private life.
I'll trade my professional time for money.
Allow me to keep the two separate.
Or without going through the motions of being friends.
You should be able to interact with co-workers on a professional basis. That being, you handle your part of the job and they handle their part of the job.
Can your co-workers depend upon you to perform your job to a standard? Can you depend upon them to perform their job to a standard?
Is there a defined communication channel to relay information pertaining to the above?
In my experience, the people who focus primarily on whether they're "friends" with everyone are the ones with the lowest tech skills. They're trying to compensate by forming personal connections.
I don't care about your raid over the weekend.
I want to know if you have finished the interface yet.
Perhaps. Although I would not equate "social" to "understanding". If anything, being slightly less intelligent makes it easier to socialize.
Again, you seem to be confusing "social" with "intelligent". So yes, you did demonstrate the validity of your view point again.
Okay. It's obvious that you don't understand what the term "social" means. You keep using it incorrectly.
In that case, I think you skipped the previous portion of my post and read an awful lot into that one sentence.
Being social does not mean you have social skills.
The same as owning a car and driving it does not make you a good driver.
I'll disagree. Each communication channel has its own problems. Attempting to make a social channel into an official channel makes it subject to cliques and inter-personal issues.
Why not work on fixing the primary communication channel?
Why?
What is the difference between them for you?
That's wonderful. And if the discussion was about social skills, that would be an important contribution.
But this is about extroverts and introverts and group lunches.
Being an introvert does not mean you have no (or limited) social skills.
The person who would rather spend his lunch hour alone, reading tech manuals will, probably, be more technically skilled than the person who spends his lunch hour chatting about fantasy baseball with other people.
Since no one has claimed such, I think you've just demonstrated the validity of your position.
Did you read the article?
This isn't about having occasional lunches with people in other departments.
This is about having daily lunches with the people in the same department as yourself.
I think you hit on the core problem in this discussion.
Introverts are not extroverts.
Extroverts are not introverts.
And so forth.
Because there is no objective "wrong" or "right" in this discussion, it tends towards people restating their personality as the rationalization for their preferred behavior. Circular logic at its best.
People like what they like because that is what they like.
And a boss that provides incentives for people to do what they already like to do will be perceived as a good boss. But that same boss with the same practice will be viewed as an idiot by someone who does NOT already like that.
Is having lunch together part of what makes a group a good team?
Or does a good team naturally spend time eating lunch together?
Personally, I don't think lunch matters in these circumstances. A clique can have lunch together. A team can have lunch together. People who are not a clique nor a team can have lunch together.
Yep. So get the work done at work and then get back to your life. Don't waste time at work trying to use it as a substitute for your life.
I go out a lot with my friends (who I do not work with). That wasn't the point.
The point was about people trying to use work-time to socialize instead of focusing on work-related items. Such as doing the work.
I'd rather not listen to another diatribe on how Obama's newly released birth certificate is a CIA fake that he ordered.
Your mileage will vary.
And the birther guy probably would be perfectly happy with another birther to have coffee with.
Me? I'm not going to discuss it with you and I'll just keep doing my work and improving my tech skills.
That's great.
But was the team a good team because it played Uno?
Or did it play Uno because it was a good team?
I'd say that you had at least a similar interest in playing Uno at lunch.
That might not sound like much to you, but look at all the factors that have to play into it to make that happen.
The problem here is that one factor is being taken as indicative of other factors.
A high school cheerleader clique also eats lunch together.
But would you depend upon them to write your next software release?
I don't agree.
They have an established secondary communication channel so they'll have an easier time dealing with communication-based objectives.
But that doesn't mean that they'll be any better with other objectives. Quite the opposite in my experience.
It's an issue of "Group Think".
http://en.wikipedia.org/wiki/Groupthink
Just take Google as an example.
And then look at how the various groups inside Google handle this.
Does Sales/Marketing have a different structure / practice than IT?
What about HR?
Sub-groups?