I agree with portions of what others are saying to you, but I think the real point is that many managers don't just want "results", they want a certain sort of reliability/predictability.
At least, I'll tell you what I, as a manager, have found frustrating about people who don't show up at 7:30. I don't mean people who literally don't show up at 7:30, but rather that don't show up when expected. If I expect them at 7:30, and they know I expect them at 7:30, then they ought to show up at 7:30. If I, as your manager, show up when expected, I expect the same from you. If you want to negotiate for a later time to start work, I might be open to that, depending on what I view your job responsibilities to be. However, whatever your start time, I'd like you to be at your desk at that time.
If I have a meeting, I want you to show up on time. Being late may not hurt your productivity, but it hurts everyone else's productivity because we're sitting around waiting for you to show up, or spending our time trying to figure out where you are.
I'll admit, I'm not on the programming side of things, but instead on support, but I'll tell you that I'd prefer a single reliable guy who does what's asked of him, or at least does what he says he'll do, rather than 3 geniuses who are unreliable. I was once considered a bit of a boy-genius myself, and that's great for some things, but one of the first things I learned in my professional life is that, for a lot of purposes, being methodical and reliable are much more valuable to a manager. It allows managers to plan, since they'll be able to predict just how much work they'll actually get out of you in a given span of time. It lets them figure out their own work without worrying about whether you're really doing yours.
Contrary to what you some people think, managers often do have their own work beyond cracking the whip on underlings. Whether they do a good job is a different issue, but a good manager has plenty to do without cracking whips. I'll say this in favor of your position: part of what a good manager does is keep moral up and enable worker productivity. Being overly strict and inflexible hurts moral and can inhibit productivity. However, in my experience, people who think they're above the rules often over-estimate their value, and it's often because they're under-estimating the value of reliability.
I try to be very informative when I talk to people, but it's tricky business. As far as most people are concerned, the IT staff are a bunch of wizards that make computer magic and keep computer demons at bay. Little do they know, your computer needs daemons to work!
Yeah, as an "IT manager" of sorts, my first thought on this was a question: is IT management really such a different process than management in general? I mean, forgetting the technical IT issues, is the management of an IT department different from the management of other departments?
Immediately, I answered myself "yes". Two big factors that change things:
those under you are probably autistic
those above you probably have little/no understanding of what your department actually does
I actually learned to drive through racing games, so I think I know where you're coming from. My first driving instructor asked me if I'd taken my parents care out joyriding before, since I already seemed to pretty much know what I was doing. I'm not sure this is a good thing to learn this way. I mean, my instinct is to say, "Yes, of course it's a good thing! I learned to drive without putting actual lives in danger!" But would I be a better driver now if I'd learned in real life or even real simulators? Or worse? I don't know how to measure that, but I don't think it's silly to think that my driving instincts have been influenced by games.
It's all part of the increasing tend towards nanny-stateism, and in my opinion a direct product of many people's lack of faith in the ability of other people around them. If you think that everyone around you is an idiot unfit to make decisions for themselves, it's easier to rationalize giving control over everyone's lives up to some jackbooted Authority Figure.
This might be true, and in fact, I *do* believe that everyone around me is an idiot unable to make good decisions. However, I also recognize that the "Authority Figure", i.e. the government, is just a collection of those very same idiots, unable to make good decisions.
But I think this is a common problem: that people have trouble making a distinction between "something that would be good" and "something the federal government should make happen". It's an easy trap to fall into, but those should be distinct ideas.
i think that the debian group will always be needed to do the heavy lifting and the ubuntus of the world will add specifictiy and compatibility.
Also, it seems that Ubuntu's success it largely based on the fact that it has a narrower focus than Debian. Ubuntu is largely going after the desktop, and also general server stuff. Because of this focus, they can refine a smaller number of packages for each release, which might give it a small increase in cohesion and such. This is good and bad. It also means that the number of packages that are really supported is smaller, and it might not be as well-suited for other things. I know people use Debian for embedded systems and specialized servers and such.
So I think Ubuntu is great for what it's doing, while Debian is solid for damn near everything.
Honestly, seriously: there was a moment for me when, after playing a whole lot of GTA3, I was driving around and found myself thinking, "I'm tired of this car. I should go get that guy's car." Not very consciously, I mean. I didn't literally think those words I just typed, but I was driving, saw a nicer car than the one I was driving, and for a split second it went through my head that I should pull him over, yank him the driver out of his car, and drive away leaving my own car behind.
Of course, I didn't actually *do* anything. I just laughed a little to myself, thought, "that's awesome" and kept driving.
I'm not in favor of censoring video games or anything. You don't really know what activities are going to do for people. Maybe playing football would make one guy feel accustomed to violence and more likely to hit someone, while it might give another guy some sort of an outlet which prevents him from being violent. The government shouldn't take over responsibility for deciding which experiences are appropriate for people to have.
On the other hand, let's not pretend that this stuff has no effect. If I play solitaire enough, my mind starts sorting visual information differently. After playing Zelda for a long time, I look at the world differently. It's all having an effect, and you know, maybe sometimes some games have a bad effect on a person's psyche. So, if you're a parent of a teenager who you think can't handle driving safely after playing GTA, don't let them play GTA. Better yet, just don't let them drive at all. I'll tell you something, we are far too insistent that people drive everywhere, even when they're bad drivers, and it's bad all around.
It is a good theory, but only that. In the Real Windows World unless you like remote controlling users and do "Run As..." any time their Java needs to be updated or Adobe Reader needs to be updated, or a developer needs to add a tool to their environment, or change an ENV variable, users need to be in the local administrator group. Again, this is where a good GPO scheme will do wonders. Maybe for an office of a dozen or two users its okay, but anything of size will become problematic quickly.
To be blunt, I doubt your experience. I've worked on a site of a multi-national corporation with 250 users (including programmers and engineers) with a support staff of 3 (including me, doing all desktop and network support). The only way to do this was to have those 3 people all be good at their job, be hard workers, develop a good imaging system, and to drop admin-access from user accounts.
Before that, it was hard to get anything done because the Windows machines would just fall apart after a couple weeks. You'd set it up, get it working silky-smooth, and 5 weeks later, we'd be getting complaints every day because the machine "sucked". Sure enough, we'd check it out and it would be slow, unresponsive, buggy, and it would crash every 5 minutes. It wasn't clear what people were doing, but sure enough, the machine wouldn't really get working properly again until we reinstalled Windows from scratch. We couldn't manage it all, didn't fix things quickly, and it looked like we'd have to double our staff (at least). Management wasn't happy about all this.
Now, when we removed the admin rights, you'd better believe that some of the programmers lost their shit. They'd complain and complain about all the things that they needed to do for their jobs. They'd complain, "You know I can't do my job like this, right?!" At first, we'd give those couple of people admin rights again, and guess what? Those machines would have spyware installed the next day, or start being buggy after a few weeks, just like before. The machines that stayed locked-down continued to work great.
So we re-imaged the bad machines again, and said, "Ok, if you need something for your work, e-mail IT and we'll do it immediately." The programmer would get flustered and spit out, "Well you know that means you're going to be here all the time, right?! I do stuff all the time that requires admin rights, so you'll just be here all the time!" We said that was fine, if need be, we'd be there all the time. And can you guess what happened?
What happened was that we got a couple stupid requests for spyware to be installed, which we refused. They wanted us to help them do things that violated the corporate policy (e.g. attaching personal hardware to their corporate machines), and every now and then we'd get a couple of valid requests. The valid requests mostly were things that were either a one-time fix, or things that we could enable just that single capability in an otherwise user-level account. After a couple weeks of checking up, refining the image to make sure everything worked, etc.-- no more complaints from the programmers. In reality, there weren't so many things they needed administrative rights for. There just weren't. And there systems would run and run for months, maybe years, without incident.
Yeah, there were some people who still bitched about not having control of their systems. But we had management support because we had tamed the chaos. Their underlings used to complain, "I can't do my work because this stupid computer is broken!" and they weren't hearing those complaints anymore. Everyone, even the complainers, had to admit that there were much fewer problems.
Sometimes it works this way, but honestly, I could imagine it backfiring. Give Taco Bell cashiers internet access, and I could easily imagine that leading to them telling customers, "Hold on a second..." while they finish reading some MySpace page. If you fired them over that, you'd just fire a bunch of people all the time, because people would do it anyway.
Web usage probably, overall, has a net-loss of productivity, but it isn't practical for me to ban myself from port 80, even if I didn't need it for my job (which I do).
I guess I'm just not of the belief that happier employees are necessarily more productive employees. There's a limit on each side. If people are too unhappy, they aren't productive, but if you give them everything they want and let them do what they want when they want to, they aren't productive then either.
It depends on the job/company. Working for Google, it's better that you know about whatever is happening on the Internet. If you're a data-entry drone for some boring company, then not so much.
But also, none of this is really what I was talking about. I'm not talking about maximizing productivity of general employees, but minimizing IT costs and security risks. If your network is running like the wild west, you're going to have to hire more technicians who will spend all day straightening out problems. Restricting the services offered and allowed will cut downtime and the number of trouble calls, which will allow a company to function with a smaller IT staff.
Maybe your mindset changes when you work in support for a couple years. For example, most of your users will complain at some point that they don't have admin rights on their computers, and you'll hear some people with computer experience say, "If someone knows enough about computers, then why not?" But if you give users admin rights, their computers will break much more often. Honestly, I don't even really know why. There's not always a clear cause-- it might have nothing to do with viruses or spyware or anything particularly horrible, but you find out that the fewer configuration changes people can make, the less downtime they have. It's just some sort of whacky mystical rule.
Maybe there's a good theory to explain this, but I just know it as a truth I've learned through experience. If you want your computer to function without trouble, install only the applications you need, and don't operate it as an admin. Only log in as an admin (or root) to do those rare things that require it. Don't install then uninstall things you don't need, and don't screw with settings you don't need to, or else your computer will slowly go to hell.
It's similar with networks. When it comes to networks, don't let protocols travel through firewalls that you don't explicitly intend on using. Don't enable services on servers without a clear concept of what you're going to use that service for. Plan ahead, and be a minimalist. Keep things simple and restricted to what you want to use.
All this runs contrary to the idea of "education", but if you're focussed on easy and efficient network/systems management, be restrictive.
Yeah, I got the joke, but I thought it was obvious you weren't actually suggesting that people were changing permissions on these scripts, but taking a dig at Microsoft for not requiring people to mark it as "executable" in order to run it.
Yes, but people who understand the idea "physical access = compromised security" and know enough to crack a Windows box are probably also knowledgeable enough to know, at least, not to run a script received through e-mail. Most virus infections I've seen in the corporate world are an employee's act of stupidity, not maliciousness.
I see what you're saying, but there's a difference in needs and motivations between a university and most companies. Universities specifically need freedom because they're largely interested in education (ok, maybe not really, but at least supposedly). Education requires freedom. Plus, the constant re-evaluation of the setup is educational. When you have a whole bunch of aspiring CS majors and academics without a whole lot of real work to do, you have a free workforce to constantly address the ever-changing threats to network security.
With most companies, there are very limited and specific goals. They can be summed up, like, "we have e-mail so our employees can communicate with customers," or "we have web access so our employees can research [whatever]." Once you've established those needs, they key thing is to enable those services in ways that are as simple and fool-proof as is humanly possible. "Fool-proof" almost always requires that you limit the number of activities that could happen to the activities you expect to happen, that you plan for, and that you would like to happen.
And often that's the real culprit here: opening the network to additional unplanned possibilities also opens it to possible unknown security failures. It's not fool-proof, and it doesn't offer the company any advantage, so there's a motive to block it but no motive for them to allow it.
I'm sorry, is some strange new use of the word "vacation" I'm not familiar with? Why in the name of the eight-hour day would you go some place neat and exciting and use your time there to work?
Well, it doesn't sound like a real vacation, but that doesn't mean it's undesirable. Weighing it out, I might rather sit someplace warm, near a beach, do my work there, and have a nice night someplace exotic, rather than sitting in a dank office and trudging through the snow in order to go to the same old places night after night. I wouldn't call it a vacation as much as a temporary relocation while telecommuting... or something. It's just not a proper vacation.
However, this isn't entirely new. Yes, if you're a professional blogger you might be able to get away with this sort of thing, but that's been the case for professional writers for quite some time. If you were a writer 50 years ago, and what you were writing didn't require you to be at a specific location during specific events, it's likely you could travel and send your writings in. You could even call over the phone and dictate, hence the phrase "phoning it in". Of course, it all depends on what exact work you're doing, and whether the people you're working with will tolerate you traveling around.
I wish I could do it, I really do. But assuming you're not Zonk or Cmdr Taco, I don't know what job you can get that allows you get away with doing nothing but writing a little bullshit each day. (kidding!)
Honestly, I've always allowed webmail (and encouraged it) as a way to side-step a certain amount of responsibility for reporting users for things. It may sound crazy, but in my experience you can't stop users from e-mailing their friends, spouses, mistresses, and drug-dealers during the course of the work day.
I've had it happen where e-mails about an employee's drug habit get stuck in our spam filter, which means I saw them when I went through looking for false-positives. Suddenly, I'm in my own personal game of "Scruples", trying to figure out whether I need to report the guy or if I can just ignore it. You might think, "Of course, you report it!" However, after seeing a whole ton of these things, reporting them all is a scary prospect. Do you want to be the company tattle-tale? Do you want to report half of the company for sketchy behavior they've committed on their own time? It's a scary truth: pretty much everyone has skeletons in their closet, and far too many people are sending those skeletons around via e-mail.
So rather than having to report new transgressions every day, I started telling my users, "Get yourself a web mail account (hotmail, yahoo, gmail, etc). If you want to e-mail your mistress about all the coke you did last weekend, send it through your web mail account instead of your company account. If you send it through your work account, assume I will read it. Assume your boss will read it."
Yes, I suppose that means they might misuse the hotmail account somehow, but you just can't keep people from doing completely stupid things. All you can do is make those stupid things someone else's problem.
Of course, the reality probably combines both: Google's leadership is probably interested both in profit and bringing information together, and has found a way to have the two reinforce each other.
You could also make the argument, you know, that ads are information. There are an awful lot of web searches, I'm sure, that are specifically looking for commercial products and services. Not that I'm suggesting that Google is being selfless when they provide ads-- obviously they're doing it for profit-- but it isn't exactly contrary to the idea of making information organized and easy-to-find.
That being said, I am going to (*gasp*) agree with him on one point. Having a bunch of programmers sitting around does not accomplish anything.
This can't be the complaint about Google, because they accomplish quite a lot. The question is: do their accomplishment bring in enough money?
Their spreadsheet and word-processor, for example, are pretty darn cool. How is it supposed to make Google any money? I don't know. If there is a business model, will it actually gain enough users to be successful? I don't know. But are they accomplishing something? Yes.
The funny thing about Google right now, in my mind, is that they have so many balls in the air without it being clear that they're performing the cohesive act of "juggling". Ok, so that's a bad metaphor, but what I mean is, they have a lot of services that could work together in interesting ways, but that are still completely separate.
When you look at it, they own a company for pretty much every sort of popular web service. Webmail, blogging, photos, movies, social networking, document management/editing, calendaring, forums, and IM are all there. All these things could be sewn together into quite a little platform, but Google just doesn't quite make connections between them.
Like I often think, couldn't Google make their document editor a sort of universal-editor for all their services, and from there you could say, "post this to my weblog", "post this on my private forum", or "send this an an e-mail to my Dad". In the middle of typing up your document, you might think, "I want to stick a picture in here" and you find it in your Picasa account and bring it right in.
I'm not saying they all have to be completely integrated into a single web application, but just that it seems strange to me, that Google has all these pieces but don't seem to be moving towards putting together a puzzle. Is it a problem, or a good strategy? I don't know.
Anonymity (of the you-can't-track-my-pr0n-use, or the posting-as-a-troll, or the PRC-can't-ID-the-rebel variety) is antithetical to trustworthy transactions.
But that's not to say that they can't happen over the same infrastructure. Even today, you can send an e-mail with a fake address routed through some random SMTP server and it's pretty hard to trace. -or- You can digitally sign and encrypt e-mail traffic. Assuming the infrastructure can support both, it's a question of whether endpoints will accept both.
Yeah, I'm not sure how to fix this, but it seems to me that it's the single greatest problem with the internet. If you really know what you're doing, you can stay anonymous when you want to do something nefarious. However, if you're just a standard know-nothing user, all your innocuous activities are recorded all the time.
That's the exact opposite of what you want. It's not an unusual sort of security problem, and like I said, I don't know how to fix it because how do you distinguish between nefarious and innocuous? Still, it seems to me that it's at the heart of the virus/spam problem. How do you make sure that e-mail is coming from a valid source (which would allow you to eliminate SPAM and e-mail viruses) without requiring everyone to register their e-mail address to a real-life identity (thereby destroying anonymous e-mail).
Yes, a great many projects that aim to "start from scratch" don't really make it. However, it's often the case that starting from scratch enables people to think about solutions from a fresh perspective, without all their old assumptions. Even if the actual "from scratch" product never really comes about, or if it comes about and is unsuccessful, often the solutions and the fresh insight creep into the old legacy systems' updates.
Yeah, it reminds me: When the iPhone was first announced, I told my coworker that I was going to get one as soon as I could. He asked, "Don't you want to wait for the second generation model? First generation Apple products are always buggy and unreliable."
I said, "I don' t know about that, but all the Windows/Palm smartphones I've tried are buggy and unreliable anyway." Really, the mobile phone industry has had years to get themselves together. Apple may not make a perfect product, but I'm pretty sure it will be innovative enough that it will force everyone else to build something better, or else leave the market.
Well, there are also questions like "how are you using Linux?" and "How many distributions?"
I could imagine that, for a simple network and a computer with simple needs, a well-designed Windows network might have a lower TCO than a messy hodge-podge of 7 Linux distros.
No, contrary to what people say, Linux doesn't always necessarily have a lower TCO. TCO isn't even inherent to the technology, but it has to do with who's running the technology and how they're running it. For a large company, using an identical image on all desktops will (under many circumstances) make them drastically easier to support. It could be Windows or Linux, but it's more important that they're the same. On the server-end, sometimes it comes down to the question of "what do your admins know about? what can they support easily?"
I agree with portions of what others are saying to you, but I think the real point is that many managers don't just want "results", they want a certain sort of reliability/predictability.
At least, I'll tell you what I, as a manager, have found frustrating about people who don't show up at 7:30. I don't mean people who literally don't show up at 7:30, but rather that don't show up when expected. If I expect them at 7:30, and they know I expect them at 7:30, then they ought to show up at 7:30. If I, as your manager, show up when expected, I expect the same from you. If you want to negotiate for a later time to start work, I might be open to that, depending on what I view your job responsibilities to be. However, whatever your start time, I'd like you to be at your desk at that time.
If I have a meeting, I want you to show up on time. Being late may not hurt your productivity, but it hurts everyone else's productivity because we're sitting around waiting for you to show up, or spending our time trying to figure out where you are.
I'll admit, I'm not on the programming side of things, but instead on support, but I'll tell you that I'd prefer a single reliable guy who does what's asked of him, or at least does what he says he'll do, rather than 3 geniuses who are unreliable. I was once considered a bit of a boy-genius myself, and that's great for some things, but one of the first things I learned in my professional life is that, for a lot of purposes, being methodical and reliable are much more valuable to a manager. It allows managers to plan, since they'll be able to predict just how much work they'll actually get out of you in a given span of time. It lets them figure out their own work without worrying about whether you're really doing yours.
Contrary to what you some people think, managers often do have their own work beyond cracking the whip on underlings. Whether they do a good job is a different issue, but a good manager has plenty to do without cracking whips. I'll say this in favor of your position: part of what a good manager does is keep moral up and enable worker productivity. Being overly strict and inflexible hurts moral and can inhibit productivity. However, in my experience, people who think they're above the rules often over-estimate their value, and it's often because they're under-estimating the value of reliability.
No, no, you've got it all wrong. Always pad your your estimates. How else do you expect to convince them you're a miracle worker?
I try to be very informative when I talk to people, but it's tricky business. As far as most people are concerned, the IT staff are a bunch of wizards that make computer magic and keep computer demons at bay. Little do they know, your computer needs daemons to work!
Yeah, as an "IT manager" of sorts, my first thought on this was a question: is IT management really such a different process than management in general? I mean, forgetting the technical IT issues, is the management of an IT department different from the management of other departments?
Immediately, I answered myself "yes". Two big factors that change things:
What does Industrial Light and Magic have to do with IT management?
I actually learned to drive through racing games, so I think I know where you're coming from. My first driving instructor asked me if I'd taken my parents care out joyriding before, since I already seemed to pretty much know what I was doing. I'm not sure this is a good thing to learn this way. I mean, my instinct is to say, "Yes, of course it's a good thing! I learned to drive without putting actual lives in danger!" But would I be a better driver now if I'd learned in real life or even real simulators? Or worse? I don't know how to measure that, but I don't think it's silly to think that my driving instincts have been influenced by games.
This might be true, and in fact, I *do* believe that everyone around me is an idiot unable to make good decisions. However, I also recognize that the "Authority Figure", i.e. the government, is just a collection of those very same idiots, unable to make good decisions.
But I think this is a common problem: that people have trouble making a distinction between "something that would be good" and "something the federal government should make happen". It's an easy trap to fall into, but those should be distinct ideas.
i think that the debian group will always be needed to do the heavy lifting and the ubuntus of the world will add specifictiy and compatibility.
Also, it seems that Ubuntu's success it largely based on the fact that it has a narrower focus than Debian. Ubuntu is largely going after the desktop, and also general server stuff. Because of this focus, they can refine a smaller number of packages for each release, which might give it a small increase in cohesion and such. This is good and bad. It also means that the number of packages that are really supported is smaller, and it might not be as well-suited for other things. I know people use Debian for embedded systems and specialized servers and such.
So I think Ubuntu is great for what it's doing, while Debian is solid for damn near everything.
Honestly, seriously: there was a moment for me when, after playing a whole lot of GTA3, I was driving around and found myself thinking, "I'm tired of this car. I should go get that guy's car." Not very consciously, I mean. I didn't literally think those words I just typed, but I was driving, saw a nicer car than the one I was driving, and for a split second it went through my head that I should pull him over, yank him the driver out of his car, and drive away leaving my own car behind.
Of course, I didn't actually *do* anything. I just laughed a little to myself, thought, "that's awesome" and kept driving.
I'm not in favor of censoring video games or anything. You don't really know what activities are going to do for people. Maybe playing football would make one guy feel accustomed to violence and more likely to hit someone, while it might give another guy some sort of an outlet which prevents him from being violent. The government shouldn't take over responsibility for deciding which experiences are appropriate for people to have.
On the other hand, let's not pretend that this stuff has no effect. If I play solitaire enough, my mind starts sorting visual information differently. After playing Zelda for a long time, I look at the world differently. It's all having an effect, and you know, maybe sometimes some games have a bad effect on a person's psyche. So, if you're a parent of a teenager who you think can't handle driving safely after playing GTA, don't let them play GTA. Better yet, just don't let them drive at all. I'll tell you something, we are far too insistent that people drive everywhere, even when they're bad drivers, and it's bad all around.
It is a good theory, but only that. In the Real Windows World unless you like remote controlling users and do "Run As..." any time their Java needs to be updated or Adobe Reader needs to be updated, or a developer needs to add a tool to their environment, or change an ENV variable, users need to be in the local administrator group. Again, this is where a good GPO scheme will do wonders. Maybe for an office of a dozen or two users its okay, but anything of size will become problematic quickly.
To be blunt, I doubt your experience. I've worked on a site of a multi-national corporation with 250 users (including programmers and engineers) with a support staff of 3 (including me, doing all desktop and network support). The only way to do this was to have those 3 people all be good at their job, be hard workers, develop a good imaging system, and to drop admin-access from user accounts.
Before that, it was hard to get anything done because the Windows machines would just fall apart after a couple weeks. You'd set it up, get it working silky-smooth, and 5 weeks later, we'd be getting complaints every day because the machine "sucked". Sure enough, we'd check it out and it would be slow, unresponsive, buggy, and it would crash every 5 minutes. It wasn't clear what people were doing, but sure enough, the machine wouldn't really get working properly again until we reinstalled Windows from scratch. We couldn't manage it all, didn't fix things quickly, and it looked like we'd have to double our staff (at least). Management wasn't happy about all this.
Now, when we removed the admin rights, you'd better believe that some of the programmers lost their shit. They'd complain and complain about all the things that they needed to do for their jobs. They'd complain, "You know I can't do my job like this, right?!" At first, we'd give those couple of people admin rights again, and guess what? Those machines would have spyware installed the next day, or start being buggy after a few weeks, just like before. The machines that stayed locked-down continued to work great.
So we re-imaged the bad machines again, and said, "Ok, if you need something for your work, e-mail IT and we'll do it immediately." The programmer would get flustered and spit out, "Well you know that means you're going to be here all the time, right?! I do stuff all the time that requires admin rights, so you'll just be here all the time!" We said that was fine, if need be, we'd be there all the time. And can you guess what happened?
What happened was that we got a couple stupid requests for spyware to be installed, which we refused. They wanted us to help them do things that violated the corporate policy (e.g. attaching personal hardware to their corporate machines), and every now and then we'd get a couple of valid requests. The valid requests mostly were things that were either a one-time fix, or things that we could enable just that single capability in an otherwise user-level account. After a couple weeks of checking up, refining the image to make sure everything worked, etc.-- no more complaints from the programmers. In reality, there weren't so many things they needed administrative rights for. There just weren't. And there systems would run and run for months, maybe years, without incident.
Yeah, there were some people who still bitched about not having control of their systems. But we had management support because we had tamed the chaos. Their underlings used to complain, "I can't do my work because this stupid computer is broken!" and they weren't hearing those complaints anymore. Everyone, even the complainers, had to admit that there were much fewer problems.
Sometimes it works this way, but honestly, I could imagine it backfiring. Give Taco Bell cashiers internet access, and I could easily imagine that leading to them telling customers, "Hold on a second..." while they finish reading some MySpace page. If you fired them over that, you'd just fire a bunch of people all the time, because people would do it anyway.
Web usage probably, overall, has a net-loss of productivity, but it isn't practical for me to ban myself from port 80, even if I didn't need it for my job (which I do).
I guess I'm just not of the belief that happier employees are necessarily more productive employees. There's a limit on each side. If people are too unhappy, they aren't productive, but if you give them everything they want and let them do what they want when they want to, they aren't productive then either.
It depends on the job/company. Working for Google, it's better that you know about whatever is happening on the Internet. If you're a data-entry drone for some boring company, then not so much.
But also, none of this is really what I was talking about. I'm not talking about maximizing productivity of general employees, but minimizing IT costs and security risks. If your network is running like the wild west, you're going to have to hire more technicians who will spend all day straightening out problems. Restricting the services offered and allowed will cut downtime and the number of trouble calls, which will allow a company to function with a smaller IT staff.
Maybe your mindset changes when you work in support for a couple years. For example, most of your users will complain at some point that they don't have admin rights on their computers, and you'll hear some people with computer experience say, "If someone knows enough about computers, then why not?" But if you give users admin rights, their computers will break much more often. Honestly, I don't even really know why. There's not always a clear cause-- it might have nothing to do with viruses or spyware or anything particularly horrible, but you find out that the fewer configuration changes people can make, the less downtime they have. It's just some sort of whacky mystical rule.
Maybe there's a good theory to explain this, but I just know it as a truth I've learned through experience. If you want your computer to function without trouble, install only the applications you need, and don't operate it as an admin. Only log in as an admin (or root) to do those rare things that require it. Don't install then uninstall things you don't need, and don't screw with settings you don't need to, or else your computer will slowly go to hell.
It's similar with networks. When it comes to networks, don't let protocols travel through firewalls that you don't explicitly intend on using. Don't enable services on servers without a clear concept of what you're going to use that service for. Plan ahead, and be a minimalist. Keep things simple and restricted to what you want to use.
All this runs contrary to the idea of "education", but if you're focussed on easy and efficient network/systems management, be restrictive.
Yeah, I got the joke, but I thought it was obvious you weren't actually suggesting that people were changing permissions on these scripts, but taking a dig at Microsoft for not requiring people to mark it as "executable" in order to run it.
Yes, but people who understand the idea "physical access = compromised security" and know enough to crack a Windows box are probably also knowledgeable enough to know, at least, not to run a script received through e-mail. Most virus infections I've seen in the corporate world are an employee's act of stupidity, not maliciousness.
I see what you're saying, but there's a difference in needs and motivations between a university and most companies. Universities specifically need freedom because they're largely interested in education (ok, maybe not really, but at least supposedly). Education requires freedom. Plus, the constant re-evaluation of the setup is educational. When you have a whole bunch of aspiring CS majors and academics without a whole lot of real work to do, you have a free workforce to constantly address the ever-changing threats to network security.
With most companies, there are very limited and specific goals. They can be summed up, like, "we have e-mail so our employees can communicate with customers," or "we have web access so our employees can research [whatever]." Once you've established those needs, they key thing is to enable those services in ways that are as simple and fool-proof as is humanly possible. "Fool-proof" almost always requires that you limit the number of activities that could happen to the activities you expect to happen, that you plan for, and that you would like to happen.
And often that's the real culprit here: opening the network to additional unplanned possibilities also opens it to possible unknown security failures. It's not fool-proof, and it doesn't offer the company any advantage, so there's a motive to block it but no motive for them to allow it.
Insightful? I thought this person was trying to be funny.
I'm sorry, is some strange new use of the word "vacation" I'm not familiar with? Why in the name of the eight-hour day would you go some place neat and exciting and use your time there to work?
Well, it doesn't sound like a real vacation, but that doesn't mean it's undesirable. Weighing it out, I might rather sit someplace warm, near a beach, do my work there, and have a nice night someplace exotic, rather than sitting in a dank office and trudging through the snow in order to go to the same old places night after night. I wouldn't call it a vacation as much as a temporary relocation while telecommuting... or something. It's just not a proper vacation.
However, this isn't entirely new. Yes, if you're a professional blogger you might be able to get away with this sort of thing, but that's been the case for professional writers for quite some time. If you were a writer 50 years ago, and what you were writing didn't require you to be at a specific location during specific events, it's likely you could travel and send your writings in. You could even call over the phone and dictate, hence the phrase "phoning it in". Of course, it all depends on what exact work you're doing, and whether the people you're working with will tolerate you traveling around.
I wish I could do it, I really do. But assuming you're not Zonk or Cmdr Taco, I don't know what job you can get that allows you get away with doing nothing but writing a little bullshit each day. (kidding!)
Honestly, I've always allowed webmail (and encouraged it) as a way to side-step a certain amount of responsibility for reporting users for things. It may sound crazy, but in my experience you can't stop users from e-mailing their friends, spouses, mistresses, and drug-dealers during the course of the work day.
I've had it happen where e-mails about an employee's drug habit get stuck in our spam filter, which means I saw them when I went through looking for false-positives. Suddenly, I'm in my own personal game of "Scruples", trying to figure out whether I need to report the guy or if I can just ignore it. You might think, "Of course, you report it!" However, after seeing a whole ton of these things, reporting them all is a scary prospect. Do you want to be the company tattle-tale? Do you want to report half of the company for sketchy behavior they've committed on their own time? It's a scary truth: pretty much everyone has skeletons in their closet, and far too many people are sending those skeletons around via e-mail.
So rather than having to report new transgressions every day, I started telling my users, "Get yourself a web mail account (hotmail, yahoo, gmail, etc). If you want to e-mail your mistress about all the coke you did last weekend, send it through your web mail account instead of your company account. If you send it through your work account, assume I will read it. Assume your boss will read it."
Yes, I suppose that means they might misuse the hotmail account somehow, but you just can't keep people from doing completely stupid things. All you can do is make those stupid things someone else's problem.
Of course, the reality probably combines both: Google's leadership is probably interested both in profit and bringing information together, and has found a way to have the two reinforce each other.
You could also make the argument, you know, that ads are information. There are an awful lot of web searches, I'm sure, that are specifically looking for commercial products and services. Not that I'm suggesting that Google is being selfless when they provide ads-- obviously they're doing it for profit-- but it isn't exactly contrary to the idea of making information organized and easy-to-find.
That being said, I am going to (*gasp*) agree with him on one point. Having a bunch of programmers sitting around does not accomplish anything.
This can't be the complaint about Google, because they accomplish quite a lot. The question is: do their accomplishment bring in enough money?
Their spreadsheet and word-processor, for example, are pretty darn cool. How is it supposed to make Google any money? I don't know. If there is a business model, will it actually gain enough users to be successful? I don't know. But are they accomplishing something? Yes.
The funny thing about Google right now, in my mind, is that they have so many balls in the air without it being clear that they're performing the cohesive act of "juggling". Ok, so that's a bad metaphor, but what I mean is, they have a lot of services that could work together in interesting ways, but that are still completely separate.
When you look at it, they own a company for pretty much every sort of popular web service. Webmail, blogging, photos, movies, social networking, document management/editing, calendaring, forums, and IM are all there. All these things could be sewn together into quite a little platform, but Google just doesn't quite make connections between them.
Like I often think, couldn't Google make their document editor a sort of universal-editor for all their services, and from there you could say, "post this to my weblog", "post this on my private forum", or "send this an an e-mail to my Dad". In the middle of typing up your document, you might think, "I want to stick a picture in here" and you find it in your Picasa account and bring it right in.
I'm not saying they all have to be completely integrated into a single web application, but just that it seems strange to me, that Google has all these pieces but don't seem to be moving towards putting together a puzzle. Is it a problem, or a good strategy? I don't know.
"Machine emulator thingy"? To emulate what? Aren't these just standard Windows machines with a nostalgic logo attached?
But that's not to say that they can't happen over the same infrastructure. Even today, you can send an e-mail with a fake address routed through some random SMTP server and it's pretty hard to trace. -or- You can digitally sign and encrypt e-mail traffic. Assuming the infrastructure can support both, it's a question of whether endpoints will accept both.
Yeah, I'm not sure how to fix this, but it seems to me that it's the single greatest problem with the internet. If you really know what you're doing, you can stay anonymous when you want to do something nefarious. However, if you're just a standard know-nothing user, all your innocuous activities are recorded all the time.
That's the exact opposite of what you want. It's not an unusual sort of security problem, and like I said, I don't know how to fix it because how do you distinguish between nefarious and innocuous? Still, it seems to me that it's at the heart of the virus/spam problem. How do you make sure that e-mail is coming from a valid source (which would allow you to eliminate SPAM and e-mail viruses) without requiring everyone to register their e-mail address to a real-life identity (thereby destroying anonymous e-mail).
Yes, a great many projects that aim to "start from scratch" don't really make it. However, it's often the case that starting from scratch enables people to think about solutions from a fresh perspective, without all their old assumptions. Even if the actual "from scratch" product never really comes about, or if it comes about and is unsuccessful, often the solutions and the fresh insight creep into the old legacy systems' updates.
Yeah, it reminds me: When the iPhone was first announced, I told my coworker that I was going to get one as soon as I could. He asked, "Don't you want to wait for the second generation model? First generation Apple products are always buggy and unreliable."
I said, "I don' t know about that, but all the Windows/Palm smartphones I've tried are buggy and unreliable anyway." Really, the mobile phone industry has had years to get themselves together. Apple may not make a perfect product, but I'm pretty sure it will be innovative enough that it will force everyone else to build something better, or else leave the market.
Well, there are also questions like "how are you using Linux?" and "How many distributions?"
I could imagine that, for a simple network and a computer with simple needs, a well-designed Windows network might have a lower TCO than a messy hodge-podge of 7 Linux distros.
No, contrary to what people say, Linux doesn't always necessarily have a lower TCO. TCO isn't even inherent to the technology, but it has to do with who's running the technology and how they're running it. For a large company, using an identical image on all desktops will (under many circumstances) make them drastically easier to support. It could be Windows or Linux, but it's more important that they're the same. On the server-end, sometimes it comes down to the question of "what do your admins know about? what can they support easily?"