Agreed. I've worked jobs where, after a couple of years, I've been leaned on to apply for upcoming supervisory and managerial roles. I told the leaners that if I'd wanted those positions, I would have applied for them. Particularly the supervisory positions where I would be getting paid the same rate to accomplish nothing all day except from filling in forms, being bored out of my skull at meetings, and riding herd on former co-workers who had the brains of a duck.
I was actually fairly happy at my job at the time, and one thing I did not want in my career was to have to be a clearing-house for whining going up the ladder and bullshit coming down it. I really, really, REALLY did not want to be in a position where my effectiveness would largely be measured based on how well other people did their job.
It'd definitely be a plus if the IT department was set up to handle things at all levels. Unfortunately, a lot of the time they're only funded enough to look into a minimum set of solutions, and only solutions which tick all the big-app boxes (the reasoning being that something with a bazillion functions which can be rolled out to a thousand users must have a better ROI than something with fewer functions used by fewer staff).
It is possible to turn this around and get the IT department revamped in the way you want, but it generally involves a lot of gentle pressure from the staff, a lot of patient quiet arguing for the additional funding and smaller, faster ROIs, and one or two successful small projects which show that operating on the smaller level won't cause problems for the company infrastructure as a whole.
There's also the issue of opportunity. Someone who knows a cheater is more likely to be introduced to the concept of "playing in a slightly different way", and may not actually realize what they're doing won't be looked on beneficially by others until they're labeled a cheater themselves. People who don't have any contact with cheaters are less likely to have cheaty methods of interaction pop up on their radar.
It's not really all that surprising that cheating - like any other human activity or idea - can spread from human to human. Particularly when there are no memetic defenses in place against copying a particular action.
The worst company pretended that they could design a system where they could pretend to trust their employees.
I think I may have worked at this place's spiritual cousin. Everyone knew everyone else's passwords, and regularly logged on as other people. The IT budget was pretty much nonexistent, and the few massively-overworked people in it struggled along lashing things together with baling wire and spitballs. The CEO refused to pony up for volume licensing for anything, so every workstation had its own set of license keys. Email archives were stored ON THE WORKSTATIONS. There was no SOE. There wasn't even a corporate workstation image. The hardware was so heterogeneous that the first thing to do when the company bought a new laptop or desktop was to jump on the net and see if there were even drivers available for whatever was in the case. THE CEO wouldn't pay for upgrades unless it was actually stopping (not merely slowing) an employee's ability to do work. Some machines had Win7/Office 2010. Some had XPSP1 and Office XP. Antivirus was not administered centrally - some machines hadn't been updated since the Jurassic, and none of them had internet access to pull down even AV database updates, let alone new engines.
There was a Microsoft domain... on some of the machines. Others were physically on the network, but had no domain access and their users had no user objects. Group Policy was a joke. And pretty much everything in the whole infrastructure was like this.
They turned over seventy million in profit a year. Rumor had it that most of this went into the CEO's yacht.
If we want the power to say "No" to users who are doing unsecure things, we have the corresponding responsibility to provide an easy-to-use substitute in a reasonable time frame.
To an extent. If there's a user demand for a function, ability, or service, they can ask IT to provide it. IT can then research what's available, what will work with the current systems in place, and what will be maintainable, secure, follow any legal requirements, be thoroughly tested even with edge cases, and so on and so forth. IT then summarizes its findings to management if there's more than one possibility.
Only sometimes, there are no possibilities within the current budget. While in IT it is always an option to have a custom solution created from the ground up, these cost money (as well as development time). And if management says they're not willing to spend that money, then it's not IT's responsibility to slap together some dodgy hack by next week just because it would be convenient for Joe Blow.
In those cases, IT really needs to go back to the users and say "Management has decreed that they are not willing to buy this functionality at this time. If it's really an issue, talk to your managers."
Of course, management needs to know that they can't just go to IT and proclaim "Pull free magic out of your ass!"
So you'll be funding the time and manpower to fully research these tools and cross-check them against the SOE, provide ongoing support and training for them, and be the one willing to take the blame when someone uses them incorrectly and opens up a security breach, then.
So I made my own using VBA and a SQL server in about a week.
The difference is that the IT department is there to provide solutions which work for all users, which have been comprehensively tested to make sure they don't screw up any other parts of the SOE, and for which assistance is both provided and budgeted. You don't need that - you just need something slapped together which does one particular thing in one particular circumstance for you.
Metaphorically, the IT department is in the business of building custom forklifts which comply with all relevant safety legislation, hook into the company methodologies, have training and documentation and maintenance contracts, include theft-proofing, and are part of the asset register. You want a crowbar.
You forgot "And the IT staff were REALLY unhelpful, boss - you should go tell them they HAVE to support this absolutely business-critical thing I decided to be a cowboy about."
People have been sued for movie piracy without owning a computer or any other kind of electronic equipment. You and five million other randomly chosen people will just be designated 'viewers' and be sued.
Want to reduce human rights in your country without being blamed?
- create scapegoat agency
- have scapegoat agency implement harsh policies, generally violate human rights, and rough a bunch of people up while making lame excuses about how it's all for security
- let dissatisfaction with scapegoat agency grow to huge levels
- eventually disband scapegoat agency citing 'the will of the people'
- continue with violation of rights but not quite as much as the scapegoat agency
- keep telling people things are much better now
True, for the midrange. At the top end, right and wrong are supposed to be used as guidelines to approve or not approve laws. And at the bottom end, lawsuits are often a matter of convincing one or more people of your righteousness - we don't have LawBot 3000 making the decisions.
The question is - where's the cutoff point, where debt becomes so low that Treasury bonds stop being available? A trillion dollars? A billion dollars? Fiddy cent?
Slashdot Mirror
It's called management. They ask you to stick your neck out and then take the stool away.
Agreed. I've worked jobs where, after a couple of years, I've been leaned on to apply for upcoming supervisory and managerial roles. I told the leaners that if I'd wanted those positions, I would have applied for them. Particularly the supervisory positions where I would be getting paid the same rate to accomplish nothing all day except from filling in forms, being bored out of my skull at meetings, and riding herd on former co-workers who had the brains of a duck.
I was actually fairly happy at my job at the time, and one thing I did not want in my career was to have to be a clearing-house for whining going up the ladder and bullshit coming down it. I really, really, REALLY did not want to be in a position where my effectiveness would largely be measured based on how well other people did their job.
There's probably an app for that. :)
It'd definitely be a plus if the IT department was set up to handle things at all levels. Unfortunately, a lot of the time they're only funded enough to look into a minimum set of solutions, and only solutions which tick all the big-app boxes (the reasoning being that something with a bazillion functions which can be rolled out to a thousand users must have a better ROI than something with fewer functions used by fewer staff).
It is possible to turn this around and get the IT department revamped in the way you want, but it generally involves a lot of gentle pressure from the staff, a lot of patient quiet arguing for the additional funding and smaller, faster ROIs, and one or two successful small projects which show that operating on the smaller level won't cause problems for the company infrastructure as a whole.
Harley Quinn with the keys to Arkham.
[+1 Lord Voldemort liked this]
Dr Quinzel for you on line 1...
Obviously, tripping on Space Balls.
There's also the issue of opportunity. Someone who knows a cheater is more likely to be introduced to the concept of "playing in a slightly different way", and may not actually realize what they're doing won't be looked on beneficially by others until they're labeled a cheater themselves. People who don't have any contact with cheaters are less likely to have cheaty methods of interaction pop up on their radar.
It's not really all that surprising that cheating - like any other human activity or idea - can spread from human to human. Particularly when there are no memetic defenses in place against copying a particular action.
The worst company pretended that they could design a system where they could pretend to trust their employees.
I think I may have worked at this place's spiritual cousin. Everyone knew everyone else's passwords, and regularly logged on as other people. The IT budget was pretty much nonexistent, and the few massively-overworked people in it struggled along lashing things together with baling wire and spitballs. The CEO refused to pony up for volume licensing for anything, so every workstation had its own set of license keys. Email archives were stored ON THE WORKSTATIONS. There was no SOE. There wasn't even a corporate workstation image. The hardware was so heterogeneous that the first thing to do when the company bought a new laptop or desktop was to jump on the net and see if there were even drivers available for whatever was in the case. THE CEO wouldn't pay for upgrades unless it was actually stopping (not merely slowing) an employee's ability to do work. Some machines had Win7/Office 2010. Some had XPSP1 and Office XP. Antivirus was not administered centrally - some machines hadn't been updated since the Jurassic, and none of them had internet access to pull down even AV database updates, let alone new engines.
There was a Microsoft domain... on some of the machines. Others were physically on the network, but had no domain access and their users had no user objects. Group Policy was a joke. And pretty much everything in the whole infrastructure was like this.
They turned over seventy million in profit a year. Rumor had it that most of this went into the CEO's yacht.
If we want the power to say "No" to users who are doing unsecure things, we have the corresponding responsibility to provide an easy-to-use substitute in a reasonable time frame.
To an extent. If there's a user demand for a function, ability, or service, they can ask IT to provide it. IT can then research what's available, what will work with the current systems in place, and what will be maintainable, secure, follow any legal requirements, be thoroughly tested even with edge cases, and so on and so forth. IT then summarizes its findings to management if there's more than one possibility.
Only sometimes, there are no possibilities within the current budget. While in IT it is always an option to have a custom solution created from the ground up, these cost money (as well as development time). And if management says they're not willing to spend that money, then it's not IT's responsibility to slap together some dodgy hack by next week just because it would be convenient for Joe Blow.
In those cases, IT really needs to go back to the users and say "Management has decreed that they are not willing to buy this functionality at this time. If it's really an issue, talk to your managers."
Of course, management needs to know that they can't just go to IT and proclaim "Pull free magic out of your ass!"
So you'll be funding the time and manpower to fully research these tools and cross-check them against the SOE, provide ongoing support and training for them, and be the one willing to take the blame when someone uses them incorrectly and opens up a security breach, then.
"I went golfing with the CEO and he said do it by tomorrow or you're all fired."
So I made my own using VBA and a SQL server in about a week.
The difference is that the IT department is there to provide solutions which work for all users, which have been comprehensively tested to make sure they don't screw up any other parts of the SOE, and for which assistance is both provided and budgeted. You don't need that - you just need something slapped together which does one particular thing in one particular circumstance for you.
Metaphorically, the IT department is in the business of building custom forklifts which comply with all relevant safety legislation, hook into the company methodologies, have training and documentation and maintenance contracts, include theft-proofing, and are part of the asset register. You want a crowbar.
Either way, it's a corporate culture issue, which is not something the IT department is going to be able to help you resolve.
The hammer is his... uh, wait.
I suppose every company's IT departments have combed through all of those products' source code to make sure there aren't any backdoors or trojans...
The industry as a whole has.
"How come I have to send my people to a week of training on SAP anyway? Nobody came to my house and showed me how to use Quicken."
"How come I have to go learn how to pilot an aircraft? Nobody came to my house and told me how to ride a skateboard!"
You forgot "And the IT staff were REALLY unhelpful, boss - you should go tell them they HAVE to support this absolutely business-critical thing I decided to be a cowboy about."
Mutually-agreed-upon responsibility limits don't work when upper management lacks the discipline to keep up their end of the agreement.
This applies to everything, though.
People have been sued for movie piracy without owning a computer or any other kind of electronic equipment. You and five million other randomly chosen people will just be designated 'viewers' and be sued.
Want to reduce human rights in your country without being blamed?
- create scapegoat agency
- have scapegoat agency implement harsh policies, generally violate human rights, and rough a bunch of people up while making lame excuses about how it's all for security
- let dissatisfaction with scapegoat agency grow to huge levels
- eventually disband scapegoat agency citing 'the will of the people'
- continue with violation of rights but not quite as much as the scapegoat agency
- keep telling people things are much better now
True, for the midrange. At the top end, right and wrong are supposed to be used as guidelines to approve or not approve laws. And at the bottom end, lawsuits are often a matter of convincing one or more people of your righteousness - we don't have LawBot 3000 making the decisions.
The question is - where's the cutoff point, where debt becomes so low that Treasury bonds stop being available? A trillion dollars? A billion dollars? Fiddy cent?
And then between what they're selling and what you end up getting. Oh, that shiny policy? That was the display model...