if your CV doesn't look "senior" you'll hardly get a chance to prove that you are...
I agree with you, up to a point. I remain hopeful that true talent always shines through (I'll concede some more by adding "eventually")
There are two kinds of IT people - either people have that certain something that is hard to define; the skill to intuit facts from a new system they've never seen before, to take two pieces of information that seem unconnected and combine them to come up with solutions to a problem. Those people are rare.
The other kind of person is the type who you just know right from the beginning, are going to peak at the sys admin level - they'll do their 5+ years in desktop/senior desktop support and eventually get to the point where they can handle "next -> next -> finish" server admin work. And by the time they get to that point they'll have such a sense of entitlement they will never be easy to work with when approached by less experienced people who need a hand. And they'll absolutely resent any of the Type 1 people who didn't spend anywhere near as long stuck on the helpdesk answering phones and working a crappy roster, just because they happen to have more talent.
I apologise for using such skewed stereotypes to explain my point. I currently work as a reasonably well paid contractor in a government department, surrounded by resentment-filled, lower paid people who don't know how much they don't know, where the phrase "governmentality" fits nicely. So I'm a little jaded. Plus I've been drinking:)
Maybe "for effort" marking should apply to subjects that generally will have no marketable value? The vast majority of people will never earn a sporting related income, and the physical education marks aren't something that most employers would pay much attention to. In fact, I would suggest the gym class mark would mean more to an employer if it was for effort, not aptitude.
I consider myself a Christian, and I agree with you.
I wish there were a way to highlight to people that there is a massive difference between the common implementations of "religion", and what I believe Christianity to be.
I believe God is righteously pissed off with most of what people do under the banner of religion. I hope people take note that just because someone has "In God We Trust" printed on their money, or have a chaplain say prayers before their pilots go and bomb strategic targets in countries that happen to have access to oil, doesn't mean that God agrees with their actions.
Of course this is just my opinion. And I would refuse to vote for any legislation that dictates that anyone has to agree with me.
Shame, I eventually succumbed to watching the third one when it was on free to air - in my opinion, a much more well put together movie than the first two, it was as though they realised it was make or break and they had to get it right. In some ways the third one "fixed" the first two for me. I remembered enough detail from the first two woeful movies for me to understand the plot points behind the third one. I have only ever watched the first two once and intend it to stay that way, if it were the only thing on TV I'd probably watch the third one over again because it wasn't so bad. If you get a chance to watch it I'd recommend it because it does round out the story.
Yes I realise saying a movie is worth watching because it wasn't as woeful as the previous ones isn't really a great way to sell it to anyone - but you've done the hard work wading through the first ones already...
I think the idea of relying on any one communication medium is dumb, and preventing one because it doesn't suit certain scenarios is silly unless there are major disadvantages to it overall.
Your post and the GP post(s) show good examples of when different methods work well/not well. Cc:ing your boss on an e-mail that they really should see is a good idea - sometimes Cc:ing a manager is a good way of letting the person you're e-mailing know that a particular person in authority is aware of the issue.
Inexperienced project managers Cc:ing a bunch of people on the project team just because they think the content is really important, so that most of the recipients can sigh, roll their eyes and delete it without reading it, is dumb. (and typical in my workplace... sigh).
A 5 minute meeting with a group of people with "ok" verbal language skills is better than 50 confusing e-mails a day from the same people who never lerned to spel.
- Sometimes e-mail is best.
- Sometimes meetings are best
- Sometimes phone calls are best
- Sometimes IM is best
- Sometimes no communication at all is best!
Judging which communication method is best for your audience is almost an art form.
In my opinion (which must be right because I'm about to post it on the internet), a CEO with such a biased personal experience, who doesn't use internal e-mail is probably not a good person to be deciding what situations should/should not rely on internal e-mail. And in a very diverse company this idea is probably a great and a terrible idea at the same time - depending on what each employee/team does.
I'm an Australian - I don't believe that isn't how it works - it is a confusing name.
It is called the "family tax benefit" and it is a tax reduction, but I believe you get the payments even if your income is zero, and you probably get it (or a reduced amount) even if you are living off government benefits (welfare).
The family tax benefit is available in the form of cash payments to families every fortnight, or families can choose to take it as a lump sum each year too.
There are different parts to it - Part A, B and C - and you get part/all depending on your family circumstances - if you earn too much you don't get it at all, if you have a disabled child you get extra, etc.
So you wouldn't want the freedom of choice if you were in that same situation?
I'm not sure the toddler analogy works - it would be more like leaving a teenage boy in a room full of porn - someone rebellious but capable of understanding higher concepts - and something more tempting than sweets.
Also note that the punishment was made clear in advance, not sprung on them later. And even when the punishment was put in place, they weren't just zapped out of existence, they were still given more ways of redeeming themselves.
For smaller businesses (even up to a few hundred employees)
I interpreted "smaller businesses" to mean not the kind of company that has large dollar contracts worth worrying about to the level you're suggesting?
Do you really think anyone in their right mind is going to trust your "she'll be right" attitude if large dollar contracts are amongst the documents being migrated?
I agree with you that no organisation with a decent cashflow/income (that would have data worthy of serious protection) is going to swap out their infrastructure every 6 months to save a small amount of money like that. I interpreted his example as a thought exercise, not a real life situation - this is the kind of IaaS project that would be done by an organisation currently storing their most recent "server" data shared off a $79 USB drive connected to the receptionist's PC...
I like the thinking behind the example - it's a business case option, balancing risk versus reward. I can imagine a large organisation having used their internal dev team to leverage Wave since its release to meet a specific business need, who may now have saved themselves millions compared to deployment of a full commercial product. Now they'd have to scramble to build a replacement or find something else - if the savings had been large enough it might have been worth it.
Only very small shops, or massively large organisations, would contemplate something like this (and only the small shops would actually do it!).
After all of that, they show you two cards - one of which is from the first deck, and 80 percent of people manage to chose which of the cards was from the first deck even though they aren't confident that they know the answer.
I want to know if the incorrect of the two cards is from the second deck, or a completely new card.
And if it's a totally new card, then it would be a totally new face, so I don't get how this study replicating this trick with people's faces is such a big deal unless they use face pictures that were all very similar. If you quickly showed me two sets of faces, then showed me two images where one was from the original sets, and the other face shot was a new image I had not already seen, I'd feel a little confident that I could pick out the one that was newly introduced.
To me that means the trick with cards and the 80% getting the right answer at the end is more of a big deal than the one with faces because the cards are more like each other, and we're better tuned to deal with facial recognition than with something as basic as a playing card. (I have no data to back up this claim other than it feels intuitive that we're tuned to recognise people, but this is slashdot so I don't mind posting with zero proof on hand).;-)
If the original trick is that the participants are shown two final images, one from the first set and one from the second, and they correctly select the image from the first group 80% of the time, then this is pretty cool no matter what images you use.
There is also one other thing I have seen come out of these kind of children, less emotion. That may or may not be a good thing.
It's good, and bad, depending on the context.
My son is 7, and his diagnosis (at 2 years old) was PDD-NOS, not Aspergers exactly but he is certainly on the spectrum.
I feel bad sometimes when I see that he isn't interacting with other kids in the way they would expect him to, he pretty much weirds them out. On the flip side, my nieces and nephews (who are in a similar age range) are going through all sorts of mess right now, trying to fit in with their social group, not dealing well with not being accepted or liked.
I love the fact that most of that peer pressure BS will go straight over my son's head, he doesn't give a shit if someone likes him or not, and doesn't feel pressured to conform (even when it's me, telling him to clean his teeth...sigh).
Not a horrible suggestion for some situations, but the space just doesn't work for me... it looks like two different numbers, especially if you're writing a list of numbers next each other - do you use comma then?
50 006.49, 14 032.45, 200 154 209.45,
Did I miss a comma and one of the numbers is also missing the.00, did I miss a decimal point somewhere and the decimal is more precise, or is the last number just really large?
Not in favor of the comma separators in large numbers, it is not universally understood, so don't do it.
50006.49 14032.45 200154209.45
I think this number sequence would be interpreted correctly in most places, most people (even people who normally use decimal commas) would understand what the decimal point represents here.
I'm not so sure about the whole "wizards" thing, or at least I can imagine a non-IT person rolling their eyes at me if I said that to them - but I like the pharmacist analogy - I'm out of mod points so the only compliment I can pay you is that I might plagarise from you at some stage.
Active directory and Group policy are tied in deep with IE. Firefox, not so much.
There are third parties that make the required MSI installers, at least for the browser.
Settings can not be pushed out through group policy, they have to be configured in advance and placed in the MSI installer.
This basically means you use the same method to push out the software, as you use to push configuration changes.
Has anyone made a custom Group Policy template file (.adm) for Firefox? I've never needed one and I haven't googled for it now - I'd be very surprised if no-one had done this, at the very least for proxy settings etc.
I realise that tools like rsop.msc would show the firefox settings only as custom registry settings - no biggie though, and you would always push the ADM out to workstations if this became a problem (easier than updating the install itself, and I can't really think of a major reason to bother with this - still an option though if necessary for some reason).
Sometimes though it is easier to use a logon script to set up anything that is a preference, if you only have a few settings - for example, block internet except through the proxy, and if the user messes with it/breaks something then they log out/in which we all tell users to try before they call anyway.
I don't think it needs to be an extreme opinion - even types of behaviour is enough. People want to be themselves, without worrying about every possible impact. For example, I might choose to use language here that I wouldn't necessarily use at a job interview or at a meeting with a client... that's very mild behaviour compared to your average KKK member/child abuser and so on - but combine that with the fact that people are very judgmental and that first impressions are hard to overcome, and there is a good case to be made to obscure your identity online.
I don't know whether a full replacement identity/alias is really necessary, although I know that when I have to register for something not-so-trustworthy online I use the same (fake) date of birth, address etc - so that if I ever have to re-enter the data (for password resets or whatever) I will know what I said originally, without any obvious way to link the identify with the real me.
This is the same logic as having more than one e-mail address, one used for stuff that would attract SPAM.
I think it it more that people want to relax and just be themselves without worrying, from behind at least a thin veil of anonymity, rather than their being members of the KKK - and people want to be able to maintain a (perhaps not so realistic, but still necessary) persona of professionalism etc - they aren't protecting who they are socially by hiding online, they are protecting the image they project of themselves at work.
...generally speaking you're not expecting attacks from inside your LAN...
Even if you have total control over all physical access points to your LAN, and total trust in your user base, there is still a chance that internal people can try to do nasty things - and in some ways they may have more motivation to do so.
I think the concept of "internal/trusted network" is going to shrink - nowadays I tend to this of the "internal network" as ending at the edge of centralised server resources, and clients on what would have been called the "internal LAN" are actually outside of what I would now call the "trusted zone". Even then, SMB traffic is more likely to be open so this vulnerability is still a problem, and many organisations still concentrate on border protection without taking any defense-in-depth measures internally so they're probably wide-open to this.
I could be paranoid, but I don't want to be less strict with internal controls and then find out the hard way that I was right all along.
If I had mod points I'd be clicking on "insightful" right now.
My only hope is that as older people slowly leave the workplace, corporate governance structures will finally start to include at least one or two people have have even the smallest clue about technical stuff.
Funny, I probably have a worse view of HR than is probably deserved (at least I hope) because of my dealings with our HR area, and also some senior level non-IT managers who think they are more important than they are:
"Yeah, I know you're a regional manager - all that means to me is that you get paid *less than I do* - let's get our our payslips and see who is going to win this argument"
Sometimes there are reasons for not supporting any app, not matter how dodgy it might be, or any client OS that someone might want to use - especially in places where HR want to run some dodgy app that they've wasted money on and now want IT to soak up many hours to deploy it and get it working with the rest of their apps, and then not use it or discover it isn't quite what they wanted...
Where I work is somewhere in between the two scenarios you mentioned - I won't make changes to centralised infrastructure to suit 1 or 2 people who have a preference for a particular app, especially if there is a alternative that can do what they want to achieve (even one that's not quite as good - sorry). Having said that, if people want to go off on a tangent and use an app/client OS/e-mail client that is different from the standard, I don't have any dramas with that so long as
(1) they aren't introducing any security risks (no, sorry, you can't install "antiviruscleaner2009.exe"), and
(2) they are happy to fix it themselves - our level of support drops back to "best effort" only
Generally people who are interested in "outside the square" solutions are either technical enough to deal with any minor issues themselves and aware enough to understand when we say "sorry, not our problem...", or clueless enough so I can talk them out of what they want to do in the first place.
This might sound a bit harsh - I dunno - people do have the ability to make a case for what they want, we just actually make them do that rather than grabbing our ankles at the slightest whim of others - and if they can justify the business need for what they are after, not a problem and we'll jump in and get it done - and if they can't justify it, sorry, I got bigger stuff to deal with.
Don't forget also that MS are pushing SharePoint in a huge way (I mean MOS, not the basic SharePoint that ships with the OS) - and Office is basically mandatory once you start to use SharePoint for anything more complex than as a basic intranet.
(SharePoint personally leaves me completely cold...yuk.)
Allowing MAPI directly into an Exchange environment from any internet host isn't a great idea, surely - for starters that would allow someone to DoS your environment by authenticating with obviously invalid credentials and locking people out - expecially when a lot of environments will align user's e-mail address with their AD username. Plus,the moment a vulnerability becomes known you're open to who knows what (and it is just a matter of time..?)
Allowing any IP into exchange over MAPI isn't what Exchange requires anyway, and is certainly not "best practice" - you can use Outlook Anywhere (RPC over SSL), ActiveSynch (again SSL) and Outlook Web Access (SSL). For a more secure solution preferably publish all of this through ISA Server using 2-factor or RADIUS etc. to protect Active Directory. To really take off this new client will need to support RPC over HTTPS, and have a cached mode equivalent, people in the corporate space will want to take their laptops home and connect to their mail without switching to OWA, and they will want to access their mail offline. (I am not sure if this client has this, too lazy to check - if it does, well done Apple.)
There is always a trade-off between security and usability.
Apple creating Exchange client software makes sense as it helps them aim at the corporate space, I don't see Microsoft having any issues with this as they still make money off it - any client/user requires a Client Access Licenses - one CAL for Exchange standard features (basic mail etc), one CAL for the underlying Windows Server access, and an Enterprise Exchange additive CAL for enterprise features (unified messaging (voice)/office communication server/etc).
It is the same logic as VMware driving sales of Microsoft server operating systems - sometimes decent competitor offerings aren't bad - more of a "co-opetition" than competition (up to a point anyway)
Slashdot Mirror
if your CV doesn't look "senior" you'll hardly get a chance to prove that you are...
I agree with you, up to a point. I remain hopeful that true talent always shines through (I'll concede some more by adding "eventually")
:)
There are two kinds of IT people - either people have that certain something that is hard to define; the skill to intuit facts from a new system they've never seen before, to take two pieces of information that seem unconnected and combine them to come up with solutions to a problem. Those people are rare.
The other kind of person is the type who you just know right from the beginning, are going to peak at the sys admin level - they'll do their 5+ years in desktop/senior desktop support and eventually get to the point where they can handle "next -> next -> finish" server admin work. And by the time they get to that point they'll have such a sense of entitlement they will never be easy to work with when approached by less experienced people who need a hand. And they'll absolutely resent any of the Type 1 people who didn't spend anywhere near as long stuck on the helpdesk answering phones and working a crappy roster, just because they happen to have more talent.
I apologise for using such skewed stereotypes to explain my point. I currently work as a reasonably well paid contractor in a government department, surrounded by resentment-filled, lower paid people who don't know how much they don't know, where the phrase "governmentality" fits nicely. So I'm a little jaded. Plus I've been drinking
Maybe "for effort" marking should apply to subjects that generally will have no marketable value? The vast majority of people will never earn a sporting related income, and the physical education marks aren't something that most employers would pay much attention to. In fact, I would suggest the gym class mark would mean more to an employer if it was for effort, not aptitude.
Reminds me of this: http://www.youtube.com/watch?v=fMGDSkNeP2E
It's okay...I play Words with Friends, too. Damn you, Zyngaaargh.
Fixed that for you. :-)
I consider myself a Christian, and I agree with you.
I wish there were a way to highlight to people that there is a massive difference between the common implementations of "religion", and what I believe Christianity to be.
I believe God is righteously pissed off with most of what people do under the banner of religion. I hope people take note that just because someone has "In God We Trust" printed on their money, or have a chaplain say prayers before their pilots go and bomb strategic targets in countries that happen to have access to oil, doesn't mean that God agrees with their actions.
Of course this is just my opinion. And I would refuse to vote for any legislation that dictates that anyone has to agree with me.
Shame, I eventually succumbed to watching the third one when it was on free to air - in my opinion, a much more well put together movie than the first two, it was as though they realised it was make or break and they had to get it right. In some ways the third one "fixed" the first two for me. I remembered enough detail from the first two woeful movies for me to understand the plot points behind the third one. I have only ever watched the first two once and intend it to stay that way, if it were the only thing on TV I'd probably watch the third one over again because it wasn't so bad. If you get a chance to watch it I'd recommend it because it does round out the story.
Yes I realise saying a movie is worth watching because it wasn't as woeful as the previous ones isn't really a great way to sell it to anyone - but you've done the hard work wading through the first ones already...
I think the idea of relying on any one communication medium is dumb, and preventing one because it doesn't suit certain scenarios is silly unless there are major disadvantages to it overall.
Your post and the GP post(s) show good examples of when different methods work well/not well. Cc:ing your boss on an e-mail that they really should see is a good idea - sometimes Cc:ing a manager is a good way of letting the person you're e-mailing know that a particular person in authority is aware of the issue.
Inexperienced project managers Cc:ing a bunch of people on the project team just because they think the content is really important, so that most of the recipients can sigh, roll their eyes and delete it without reading it, is dumb. (and typical in my workplace... sigh).
A 5 minute meeting with a group of people with "ok" verbal language skills is better than 50 confusing e-mails a day from the same people who never lerned to spel.
- Sometimes e-mail is best.
- Sometimes meetings are best
- Sometimes phone calls are best
- Sometimes IM is best
- Sometimes no communication at all is best!
Judging which communication method is best for your audience is almost an art form.
In my opinion (which must be right because I'm about to post it on the internet), a CEO with such a biased personal experience, who doesn't use internal e-mail is probably not a good person to be deciding what situations should/should not rely on internal e-mail. And in a very diverse company this idea is probably a great and a terrible idea at the same time - depending on what each employee/team does.
I'm an Australian - I don't believe that isn't how it works - it is a confusing name. It is called the "family tax benefit" and it is a tax reduction, but I believe you get the payments even if your income is zero, and you probably get it (or a reduced amount) even if you are living off government benefits (welfare). The family tax benefit is available in the form of cash payments to families every fortnight, or families can choose to take it as a lump sum each year too. There are different parts to it - Part A, B and C - and you get part/all depending on your family circumstances - if you earn too much you don't get it at all, if you have a disabled child you get extra, etc.
So you wouldn't want the freedom of choice if you were in that same situation?
I'm not sure the toddler analogy works - it would be more like leaving a teenage boy in a room full of porn - someone rebellious but capable of understanding higher concepts - and something more tempting than sweets.
Also note that the punishment was made clear in advance, not sprung on them later. And even when the punishment was put in place, they weren't just zapped out of existence, they were still given more ways of redeeming themselves.
For smaller businesses (even up to a few hundred employees)
I interpreted "smaller businesses" to mean not the kind of company that has large dollar contracts worth worrying about to the level you're suggesting?
Do you really think anyone in their right mind is going to trust your "she'll be right" attitude if large dollar contracts are amongst the documents being migrated?
I agree with you that no organisation with a decent cashflow/income (that would have data worthy of serious protection) is going to swap out their infrastructure every 6 months to save a small amount of money like that. I interpreted his example as a thought exercise, not a real life situation - this is the kind of IaaS project that would be done by an organisation currently storing their most recent "server" data shared off a $79 USB drive connected to the receptionist's PC...
I like the thinking behind the example - it's a business case option, balancing risk versus reward. I can imagine a large organisation having used their internal dev team to leverage Wave since its release to meet a specific business need, who may now have saved themselves millions compared to deployment of a full commercial product. Now they'd have to scramble to build a replacement or find something else - if the savings had been large enough it might have been worth it.
Only very small shops, or massively large organisations, would contemplate something like this (and only the small shops would actually do it!).
After all of that, they show you two cards - one of which is from the first deck, and 80 percent of people manage to chose which of the cards was from the first deck even though they aren't confident that they know the answer.
;-)
I want to know if the incorrect of the two cards is from the second deck, or a completely new card.
And if it's a totally new card, then it would be a totally new face, so I don't get how this study replicating this trick with people's faces is such a big deal unless they use face pictures that were all very similar. If you quickly showed me two sets of faces, then showed me two images where one was from the original sets, and the other face shot was a new image I had not already seen, I'd feel a little confident that I could pick out the one that was newly introduced.
To me that means the trick with cards and the 80% getting the right answer at the end is more of a big deal than the one with faces because the cards are more like each other, and we're better tuned to deal with facial recognition than with something as basic as a playing card. (I have no data to back up this claim other than it feels intuitive that we're tuned to recognise people, but this is slashdot so I don't mind posting with zero proof on hand).
If the original trick is that the participants are shown two final images, one from the first set and one from the second, and they correctly select the image from the first group 80% of the time, then this is pretty cool no matter what images you use.
There is also one other thing I have seen come out of these kind of children, less emotion. That may or may not be a good thing.
It's good, and bad, depending on the context.
My son is 7, and his diagnosis (at 2 years old) was PDD-NOS, not Aspergers exactly but he is certainly on the spectrum.
I feel bad sometimes when I see that he isn't interacting with other kids in the way they would expect him to, he pretty much weirds them out. On the flip side, my nieces and nephews (who are in a similar age range) are going through all sorts of mess right now, trying to fit in with their social group, not dealing well with not being accepted or liked.
I love the fact that most of that peer pressure BS will go straight over my son's head, he doesn't give a shit if someone likes him or not, and doesn't feel pressured to conform (even when it's me, telling him to clean his teeth...sigh).
Sometimes the weaknesses are also strengths.
At least on the way to the asteroid belts, there won't be any murders!
You can't guarantee that unless you only send a single person... especially if you send an international/mixed gender crew - or a married couple!
I could have killed myself instead of watching that, and it might have been a more productive use of my time.
Not a horrible suggestion for some situations, but the space just doesn't work for me... it looks like two different numbers, especially if you're writing a list of numbers next each other - do you use comma then?
.00, did I miss a decimal point somewhere and the decimal is more precise, or is the last number just really large?
50 006.49, 14 032.45, 200 154 209.45,
Did I miss a comma and one of the numbers is also missing the
Not in favor of the comma separators in large numbers, it is not universally understood, so don't do it.
50006.49 14032.45 200154209.45
I think this number sequence would be interpreted correctly in most places, most people (even people who normally use decimal commas) would understand what the decimal point represents here.
I'm not so sure about the whole "wizards" thing, or at least I can imagine a non-IT person rolling their eyes at me if I said that to them - but I like the pharmacist analogy - I'm out of mod points so the only compliment I can pay you is that I might plagarise from you at some stage.
Active directory and Group policy are tied in deep with IE. Firefox, not so much.
There are third parties that make the required MSI installers, at least for the browser. Settings can not be pushed out through group policy, they have to be configured in advance and placed in the MSI installer.
This basically means you use the same method to push out the software, as you use to push configuration changes.
Has anyone made a custom Group Policy template file (.adm) for Firefox? I've never needed one and I haven't googled for it now - I'd be very surprised if no-one had done this, at the very least for proxy settings etc.
I realise that tools like rsop.msc would show the firefox settings only as custom registry settings - no biggie though, and you would always push the ADM out to workstations if this became a problem (easier than updating the install itself, and I can't really think of a major reason to bother with this - still an option though if necessary for some reason).
Sometimes though it is easier to use a logon script to set up anything that is a preference, if you only have a few settings - for example, block internet except through the proxy, and if the user messes with it/breaks something then they log out/in which we all tell users to try before they call anyway.
I don't think it needs to be an extreme opinion - even types of behaviour is enough. People want to be themselves, without worrying about every possible impact. For example, I might choose to use language here that I wouldn't necessarily use at a job interview or at a meeting with a client... that's very mild behaviour compared to your average KKK member/child abuser and so on - but combine that with the fact that people are very judgmental and that first impressions are hard to overcome, and there is a good case to be made to obscure your identity online.
I don't know whether a full replacement identity/alias is really necessary, although I know that when I have to register for something not-so-trustworthy online I use the same (fake) date of birth, address etc - so that if I ever have to re-enter the data (for password resets or whatever) I will know what I said originally, without any obvious way to link the identify with the real me.
This is the same logic as having more than one e-mail address, one used for stuff that would attract SPAM.
I think it it more that people want to relax and just be themselves without worrying, from behind at least a thin veil of anonymity, rather than their being members of the KKK - and people want to be able to maintain a (perhaps not so realistic, but still necessary) persona of professionalism etc - they aren't protecting who they are socially by hiding online, they are protecting the image they project of themselves at work.
That's my take on it anyway, YMMV.
Moderated -1: Groan...
...generally speaking you're not expecting attacks from inside your LAN...
Even if you have total control over all physical access points to your LAN, and total trust in your user base, there is still a chance that internal people can try to do nasty things - and in some ways they may have more motivation to do so.
I think the concept of "internal/trusted network" is going to shrink - nowadays I tend to this of the "internal network" as ending at the edge of centralised server resources, and clients on what would have been called the "internal LAN" are actually outside of what I would now call the "trusted zone". Even then, SMB traffic is more likely to be open so this vulnerability is still a problem, and many organisations still concentrate on border protection without taking any defense-in-depth measures internally so they're probably wide-open to this.
I could be paranoid, but I don't want to be less strict with internal controls and then find out the hard way that I was right all along.
If I had mod points I'd be clicking on "insightful" right now.
My only hope is that as older people slowly leave the workplace, corporate governance structures will finally start to include at least one or two people have have even the smallest clue about technical stuff.
Funny, I probably have a worse view of HR than is probably deserved (at least I hope) because of my dealings with our HR area, and also some senior level non-IT managers who think they are more important than they are:
"Yeah, I know you're a regional manager - all that means to me is that you get paid *less than I do* - let's get our our payslips and see who is going to win this argument"
(:->)
Sometimes there are reasons for not supporting any app, not matter how dodgy it might be, or any client OS that someone might want to use - especially in places where HR want to run some dodgy app that they've wasted money on and now want IT to soak up many hours to deploy it and get it working with the rest of their apps, and then not use it or discover it isn't quite what they wanted...
Where I work is somewhere in between the two scenarios you mentioned - I won't make changes to centralised infrastructure to suit 1 or 2 people who have a preference for a particular app, especially if there is a alternative that can do what they want to achieve (even one that's not quite as good - sorry). Having said that, if people want to go off on a tangent and use an app/client OS/e-mail client that is different from the standard, I don't have any dramas with that so long as
(1) they aren't introducing any security risks (no, sorry, you can't install "antiviruscleaner2009.exe"), and
(2) they are happy to fix it themselves - our level of support drops back to "best effort" only
Generally people who are interested in "outside the square" solutions are either technical enough to deal with any minor issues themselves and aware enough to understand when we say "sorry, not our problem...", or clueless enough so I can talk them out of what they want to do in the first place.
This might sound a bit harsh - I dunno - people do have the ability to make a case for what they want, we just actually make them do that rather than grabbing our ankles at the slightest whim of others - and if they can justify the business need for what they are after, not a problem and we'll jump in and get it done - and if they can't justify it, sorry, I got bigger stuff to deal with.
Don't forget also that MS are pushing SharePoint in a huge way (I mean MOS, not the basic SharePoint that ships with the OS) - and Office is basically mandatory once you start to use SharePoint for anything more complex than as a basic intranet.
(SharePoint personally leaves me completely cold...yuk.)
Allowing MAPI directly into an Exchange environment from any internet host isn't a great idea, surely - for starters that would allow someone to DoS your environment by authenticating with obviously invalid credentials and locking people out - expecially when a lot of environments will align user's e-mail address with their AD username. Plus ,the moment a vulnerability becomes known you're open to who knows what (and it is just a matter of time..?)
Allowing any IP into exchange over MAPI isn't what Exchange requires anyway, and is certainly not "best practice" - you can use Outlook Anywhere (RPC over SSL), ActiveSynch (again SSL) and Outlook Web Access (SSL). For a more secure solution preferably publish all of this through ISA Server using 2-factor or RADIUS etc. to protect Active Directory. To really take off this new client will need to support RPC over HTTPS, and have a cached mode equivalent, people in the corporate space will want to take their laptops home and connect to their mail without switching to OWA, and they will want to access their mail offline. (I am not sure if this client has this, too lazy to check - if it does, well done Apple.)
There is always a trade-off between security and usability.
Apple creating Exchange client software makes sense as it helps them aim at the corporate space, I don't see Microsoft having any issues with this as they still make money off it - any client/user requires a Client Access Licenses - one CAL for Exchange standard features (basic mail etc), one CAL for the underlying Windows Server access, and an Enterprise Exchange additive CAL for enterprise features (unified messaging (voice)/office communication server/etc).
It is the same logic as VMware driving sales of Microsoft server operating systems - sometimes decent competitor offerings aren't bad - more of a "co-opetition" than competition (up to a point anyway)