Read this (http://kaharis.blogspot.com/2007/12/in-trouble-for-having-firefox.html) blog entry one of my friends wrote.

What do you think? Should we be allowed to have FireFox or any other portable app?

By the way: The suspension is indefinite. We don't know if it'll be weeks, months or even years.

Ever hear of playing by the rules??

If it were the students computer system, THEY could make the rules...

Andrew,

Unfortunately, I have to side with the school district. The key here is while the pen drive is YOUR property, the computers in the school belong to the school/tax payers. The school has has a rule "no .exe files" and you violated this rule. This rule is there for good reason.

You can expect the same thing when you get older and enter Corporate America. When your employer issues you a company owned asset and tells you that you can't install non-approved apps and you get caught with them....see what I'm saying?

This isn't a Microsoft issue....This isn't a CCISD issue.....It's your issue and you just need to deal with it.

Jerry

Your friend knew the rules. Your friend disagreed with the rules. Your friend ignored the rules. Your friend got caught.

Your friend is now paying the price.

Good life lesson. Regardless of your disagreement with the decision, your friend took a chance and got caught. The 'reason' doesn't matter. They thought they could get away with it, and were wrong. They thought they could explain their way out of it, and were wrong.

Wait until he bids on something from eBay while at the office.

School and their directors walk a very fine line and dispense with all common sense when applying the rules. And it's really no different in the corporate world where many IT managers are not there to necessarily serve the users, but to protect the company from impending doom and assert control over their domain. Some of it is necessary, some of it is simple ego.

Either way, your friend broke the rules. It's truly unfortunate that we tolerate operating systems that can be compromised by people bringing in executable programs, but that's the reality of the situation. Windows and many of its applications still think they're DOS systems and run under full administrative control. As such, draconian and creativity squelching rules such as these are sometimes the only way to stop trouble.

Sometimes, what seems to be a harmless program can wreck havoc with a system - thus the rules.
(would you like it if someone caused YOU a lot of needless work to clean up a mess just because THEY wouldn't follow the rules? - there are 2 sides...)

I see your point that FF should be allowed - had you gone to the faculty & discussed it with them they may have changed things & at least had the IT dept install FF on the systems. By breaking the rules instead, it becomes a no win situation for all concerned.

Take it from an IT guy - go through proper channels & you WILL get results. I was the one that said yea or nay to a lot of apps where I worked & it was the ones that came to me & asked about it that more times than not got the go ahead.

BTW: even the CEO (the one that owns the company) had to get approval. (so all has to answer to someone)

Thanks for the advice. When I get some time on my hands I'll go talk to the Chief Director of Technology and see what his opinions are of FireFox. It's not that IE is a bad piece of software, but rather it's out of date (IE6) and most of us are accustomed to using tabs, in FF and Opera, and even IE7. If they'd keep everything up to date, there wouldn't be a problem (for me at least. I can't speak for everyone).

What do you recommend I say to the Chief Director of Technology? The benefits of tabbed browsing? I'm not to sure I have much ground to stand on, so do you have any ideas?

Quote[/b] (KE5GDB @ Dec. 22 2007,20:24)]What do you recommend I say to the Chief Director of Technology? The benefits of tabbed browsing? I'm not to sure I have much ground to stand on, so do you have any ideas?
imho, you don't have any ground to stand on here ... the chief director of technology is in the business of providing and supporting technology needed to further the school district's business (teaching and learning).

it could be worse--at my workplace *no* thumbdrives are allowed unless they are FIPS 140-2 compliant ... this is the point where you learn how cheap conventional thumb drives are--these are the cheapest FIPS 140-2 thumb drives i know ... (https://www.ironkey.com/)

so--when you use their technology follow their guidelines.

Let me get this straight. Is this a network to which you attach your own computer ? Or is this a network where the computers are already set up and locked down ? If so then they've got you. The only compliant thing you can really do is discuss it with them and see if they'll allow other programs. I don't see why they wouldn't allow FF if you asked them. But if you run it without asking they'll give you a hard time. Unless you could get it to look like IE whence it runs. But if you were to do that and if they find out you'll get in even more trouble.

If it's your own machine that connects to their network you might have a little more leeway. But even then they can scan your machine for compliance and quarantine or deny access to machines that don't meet their compliance criteria.

I take it these machines are not for learning software development ? In other words you cannot write, compile and run your own code ? It would be ludicrous to allow students to write and run whatever they want yet not allow them to run FF. Then again, schools can be ludicrous.
http://www.qrz.com/iB_html/non-cgi/emoticons/biggrin.gif

Andrew-

I'm not a geek, but agree that rulez are rulez and need to be followed. The entire Maryland Department of Transportation network got bropught down because somebody brought in a virus on a floppy disk. Took the IT staff a long time to clean everything up and remove all the floppy drives!

But if I were going to talk to the Director of IT, I think my starting point would be that FF is more secure than IE because it's not as tightly integrated with Windows as IE. After that (and you'll need to do your homework on security - almost as much as you'd do for a term paper - and be prepared to cite sources!) I'd mention tabbed browsing, ability to block images and popups, anti phishing, and stuff like that. Did you know there's a new FF 3.0 available?

[EDIT] There are a lot of IT Security types on this forum - maybe they'll give you some more talking points and advice.

KE5GDB

Just go & talk - but do NOT go as a hot head, demanding. Ask if they can explain why & be willing to listen. (I would bet that they have a pretty good reason.) & be prepared to NOT have anything change.

If you go in with this attitude, you may not get any changes but will win some respect & maybe next time get them to change there mind.(on something even more important to you)

Now as for now - Just discuss the pros & cons & explain why you would like to see it allowed. Then let then decide but above all respect there decision. - respect is the key here, your's & there's.

I hope I got the message across that I was trying for....


BTW: if you do this right, you will learn a valuable skill in negotiating - which will be very handy later on... (all of us that are divorced, with kids, know what this is about - or who have ever tried to get that elusive raise from a tight fisted boss)

Again, thanks for the advice. I'll take all of it into consideration. I'm glad there's a group of people out here who have experience in the field and can offer advice. I'm really grateful for all of your opinions and advice WD8OQX.

Once I get back to school on the 7th (Christmas Break) I'll talk everything over with a few of my friends, and see if they have any (positive) points about FireFox to add.

Again, thanks for everybody's' opinions. http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif

It seems quite simple: They haven't used FF, and they won't allow installation of programs they don't know or understand.

Now, that's not necessarily a damning accusation. An IT person or department is entrusted and expected to keep a system running, and to do that, they MUST be able to control what is or isn't on any part of the network. Even the most innocent and useful programs (such as FF) can still cause glitches and crashes in systems, and if the IT personnel aren't intimately familiar with the software running anywhere on the network, they have a right to prohibit unauthorized use. And IT specialists can NOT be expected to be familiar with (or approve of) every piece of software available, either commercially available, or share/freeware.

They have rules to be able to keep a network running; violating those rules could cause serious problems, so they have to set limits.

Best deal is to just have your own computer and your own internet. #That way there's no hassles, no problems. You run what you want. Once you have to use someone else's network you have to deal with an IT department there are going to be restrictions on what you can and cannot run. #The fact that the majority of todays computers run an operating system chock full of vulnerabilities, that breaks if you look at it thee wrong way, and eventually breaks regardless doesn't make the situation any better.

If you want to make and run your own programs it's pretty much mandatory that you have your own or, that your school have a group of machines dedicated for that purpose.

Any good (?) hacker knows he can take any piece of malware he wants and either name it or imbed it in an .exe file called whatever he wants, even firefox.exe or ff.exe. If you want to be able to use ANY .exe file on their computers, GET THEIR PERMISSION FIRST!!! The last thing they need is to have some teenager slip in a virus that they "just cooked up at home." They don't know if you are a hacker, or just someone who knows a better browser. Be glad they let you bring anything in. The company I used to work for insisted that IT run a virus scan on everything that came in from outside, even if it was office file I took home to work on and brought back in the morning! Imagine if we had had 1500 people bringing in files (homework) every morning.

Quote[/b] (KD0BQM @ Dec. 25 2007,18:05)]Any good (?) hacker knows he can take any piece of malware he wants and either name it or imbed it in an .exe file called whatever he wants, even firefox.exe or ff.exe. #If you want to be able to use ANY .exe file on their computers, GET THEIR PERMISSION FIRST!!! #The last thing they need is to have some teenager slip in a virus that they "just cooked up at home." #They don't know if you are a hacker, or just someone who knows a better browser. #Be glad they let you bring anything in. #The company I used to work for insisted that IT run a virus scan on everything that came in from outside, even if it was office file I took home to work on and brought back in the morning! #Imagine if we had had 1500 people bringing in files (homework) every morning.
If he were a hacker he'd be running Internet explorer even though he was running Firefox.

Here's how it is in the real world of corporate IT.

#1. Nothing on the network un-encrypted. THAT MEANS NOTHING.

#2. NO UNAPPROVED/UNTESTED SOFTWARE. You never know whether FF or one of it's dependencies will screw up that big expensive custom app the whole organization uses. We even test printer drivers.

#3. Thumb/Flash drives are Verboten! Get caught with one and you're shown the door sans the drive. Consider yourself lucky if the company doesn't file charges against you. If the data you just copied to that drive gets out of your hands it's a federal investigation, federal and state fines to the tune of 8 digits minimum, TV time for the brass, smart ass comments from Keith Olberman, etc....

#4. Any conversation involving you asking for local admin rights will be short and sweet.......... NO!
Got to tell a VP that the other day.

Quote[/b] (AC0H @ Dec. 25 2007,22:14)]Here's how it is in the real world of corporate IT.

#1. Nothing on the network un-encrypted. THAT MEANS NOTHING.

#2. NO UNAPPROVED/UNTESTED SOFTWARE. You never know whether FF or one of it's dependencies will screw up that big expensive custom app the whole organization uses. We even test printer drivers.

#3. Thumb/Flash drives are Verboten! Get caught with one and you're shown the door sans the drive. Consider yourself lucky if the company doesn't file charges against you. If the data you just copied to that drive gets out of your hands it's a federal investigation, federal and state fines to the tune of 8 digits minimum, TV time for the brass, smart ass comments from Keith Olberman, etc....

#4. Any conversation involving you asking for local admin rights will be short and sweet.......... NO!
Got to tell a VP that the other day.
That's the kind of ship I run at home too,

Unfortunatly we can't. Some of our emulation boards/software needs local admin.

We do however do selective block external access to USB drives among other things.

I'm a little disappointed at the fact the title reads, as the blog reads, they got in trouble for having Firefox... When in fact, he was in trouble for having an .EXE on his thumbdrive.

At any rate, they say no... then no it is.

If you want freedom on the puter, wait till u get home.

At my work, I guess were on borrowed time, were getting away with stuff maybe we shouldn't and waiting for instructions to change at any time, regarding puter access, etc..

Andrew

As much as I hate to do so, I have to side with the school. I am an IT administrator at my job. We've went so far as to only allow executable downloads on to an apps server. This means you have to have log in permission on this server to download any executable code from the internet. This keeps the users from downloading any random program that could contain a virus. We also have built into our AV package software that basically makes the USB ports one way. You can plug keyboards & mice in. But no form of external drives. This includes ipods and PDA cell phones.

Security is a big thing, and I'm sure most schools don't have the resources to have an IT professional on site 40 hours a week to keep things straight. Personally I'd much rather see that salary go to hire another teacher or purchase new books than hire an IT professional to baby sit the computers.

The rules are the rules. If you worked in my office, you would have gotten a serious mark on his record for the first offense, and walked out on the 2nd.

This is really simple -

Just remove it......Mac

Quote[/b] (W4INF @ Dec. 28 2007,06:20)]I'm a little disappointed at the fact the title reads, as the blog reads, they got in trouble for having Firefox... When in fact, he was in trouble for having an .EXE on his thumbdrive.

At any rate, they say no... then no it is.

If you want freedom on the puter, wait till u get home.

At my work, I guess were on borrowed time, were getting away with stuff maybe we shouldn't and waiting for instructions to change at any time, regarding puter access, etc..

Andrew
Agreed, the subject line is a bit inaccurate,

BUT:

Did the fellow get in trouble for having FireFox ON a thumb Drive, or was it because he actually tried (or succeeded) in installing FireFox to even a local machine on the network???

And for that matter, was it a specific issue with FireFox, or just an issue of unauthorized installation of unapproved software, which CAN jeopardize the function or performance of the entire network?

To you corporate IT guys...your software screws up often. You don't promulgate proper instructions in a timely manner so that the user can use the system in a timely manner, and lots of times, especially on the more secure networks, I get "dumb looks" from the IT guy when I describe a problem. So you guys are not blameless. If you were doing your job properly, these "rules" wouldn't be as necessary as you try to make us believe.


To you who see no alternative but..."Don't you know the rules?"

Well rules are not always benign. It's a bad move to "try" to break them on the sly, they'll probably get you, and especially if you're a student you have NO rights, and the administration will come down on you.

But the "rules" should always be questioned in any way deemed necessary. Many, many times those "rules" are not 100% benign. Could be that they've got a bad IT department that simply MUST impose odious rules because it's not doing a good job. Perhaps the rules come from some incompetent, but powerful administrator with big control problems. Perhaps somebody is afraid of what a student will turn up that's embarrassing, or worse, to a major player on the school board. All of these are possible reasons for odious rules such as this.

Just a little while ago I posted about a school in SE Michigan that said it would expel students found to have their own myspace and similar pages on their own computers, on their own time, at home. Is that a rule you rule-mongers support?

But be vigilant. The PC has put into the hands of the grass roots citizens power that they've never had before, and it's revolutionizing everything. It's pretty obvious that any reactionary will have big problems with this state and will do everything he/she can do to squash this.

I managed a network with 35+ users and the one hard and fast rule was THOUGH SHALT NOT PUT FOREIGN HARDWARE OR SOFTWARE ON MY SYSTEM!. Anyone who did found their rights immediately removed and then had to explain to the President of the company why they should get them back.

Quote[/b] (W1GUH @ Dec. 28 2007,17:16)]Well rules are not always benign. It's a bad move to "try" to break them on the sly, they'll probably get you, and especially if you're a student you have NO rights, and the administration will come down on you.

But the "rules" should always be questioned in any way deemed necessary.
absolutely true. you can always approach the IT people with a specific business need and work toward getting the technology included on the nice list. be prepared to demonstrate that it addresses a specific learning need (as opposed to a personal preference for some other version of whatever)

Quote[/b] (W1GUH @ Dec. 27 2007,18:16)]To you corporate IT guys...your software screws up often. #You don't promulgate proper instructions in a timely manner so that the user can use the system in a timely manner, and lots of times, especially on the more secure networks, I get "dumb looks" from the IT guy when I describe a problem. #So you guys are not blameless. #If you were doing your job properly, these "rules" wouldn't be as necessary as you try to make us believe.
Huh? Sounds like it's time for a 'walk a mile in his shoes' timeout for you.

I want you to take a block from a 57 Chevy, an intake manifold from a 01 Intrepid, exhaust headers from a 03 Camry, and heads from a 93 Cougar. Now I want you to make those pieces fit together in such a manner that they operate as a vehicle, and that you can keep those same spare parts around for replacement. If you have to build shims between the non-fitting parts thats fine, but you cannot modify the original parts in any way.

Now, I want you to build a support organization to issue these cars to 50,000 employees of a company that drives nationwide. I want you to support these drivers with as few employees as possible. You personally will have to go to the CEO to jusfity each additional headcount you believe you need.


Also, periodically we will be coming to you with various 'needs requests' that will necessitate you building other cars for us with slightly different parts. Instead of a 57 Chevy block, we might also request that you build us 250 cars using the block from a 93 Elantra. It is up to you to deliver a functional car and more importantly, to support that car.

Another part of the 'support' will be making sure that any recalls or engineering defects are handled as soon as possible and as efficiently as possible, with hopefully zero impact to our productivity. We will supply you with a number of 'upgrade robots' that can do very explicit tasks, like change out the head bolts on Model 134... but these robots cannot handle customizations and could end up destroying any car that it works on that has been modified from the intended original design. We must use these robots since we cannot afford to hire enough human mechanics to manually perform every upgrade.

Periodically, these upgrades or recalls will be forced upon you without any chance for you to do any real-world testing on the various models we have had you build for us. Remember, however... if the upgrade or recall stops a car from working, it will be your fault even if you were not given sufficient time for testing, or if the manufacturer imbedded another defect in the new replacement product.

You need to be able to build these cars quickly in an assembly-line fashion, since your 'build' personnel will be severely limited. It will be up to you to figure out how to support our ever-growing build requests with a limited number of models and thus support personnel.

Every car will be black. Every body style will be the same. It is up to you to figure out how to help the drivers identify which specific model of car they're driving without any obvious references. Every interior will be the same unless we specifically request otherwise, and this will constitute a different model at that time.

Security is a concern at this company. We want to know where every car is driven. We want to know how many miles it has been driven each week. We want to know what functions it has been driven to. We want to know who has driven it and what organization they belong to. We cannot have unauthorized people driving each other's cars, and we certainly cannot have outsiders driving our cars. If the security enhancements we force upon you make your build or support job harder, we're sorry - but that's the way it is. Any security variances, such as 'master keys' will require direct authority from the CEO, even if our top salesman is locked out of his car while trying to get to the biggest deal our company has ever seen or will ever see.

Now... go forth and build an organization to deliver these cars!!!



------


Your challenges? The 'tweaker' who goes up under the hood and enriches the fuel mixture... and blows the heads off periodically. The 'hot-rodder' who changes out the heads, exhaust and intake manifolds to gain maximum performance, but burns up the ignition system. The 'wannabe-grease-monkey' who goes up under the hood and starts taking things apart just to see how it is all put together. The 'granny' who only has her car serviced 2 times a year, but wants 100% reliability and will give you an earful when it doesn't work (and she knows it hasn't been working for a month and expects you to somehow know it but she didn't tell you). The 'wannabe-engine-designer' who replaces engine components or adds on customized engine computers to enhance his driving experience, but who also relies 100% on his car as a sales device, and who will blame you for your upgrade breaking his car... but who won't tell you that he installed the extra components or replaced other pieces until you pop the hood and confront him with it.

Even your own mechanics will be a support issue, since what they do necessitates experimentation - they will have to be subject-to but at the same time sometimes-exempted-from some of the security features, to see if those features are causing problems. They may drive a custom model or you may end up letting them build their own cars specific to their needs, but any security variances must be justified and they must all be supported just as well as any other user.




We 'corporate IT guys' don't write 99.99% of the software that runs on the systems you access. We install it and we support it... that's it!

We are subject to the limitations of the software being installed and the OS it runs on. Sometimes, you request two apps that don't play well together, but you will never know. We find ways to shim them together that hopefully keeps you from finding out. Sometimes these shims break. Would you rather us tell you to go pick software that doesn't break other software? Remember, we didn't write it.

We are usually the implementers of policy that comes down from the executives, and sometimes those policies are extremely complex. Most of the time they're driven by legal or financial reasons. The security policies are more legal, the things like disk space limitations and making you run a standard, locked-down image are more financial (both disk space and support cost money). Don't be the guy that backs his system up to his network drive to a different folder every night and chews up 8-10 GB a day in storage...

You're right, that first-line tech you're working with probably doesn't know much except what he's been taught on how to fix the most common of problems. It's the ones that they don't usually let interact with the public that actually make the systems work and that are called upon by those that make decisions to implement those decisions. If you talked to this person, you might find out that there are some really good reasons for most of the policies, and for many of them you'd find out "it's because they told me to". And yes, sometimes you'll find it's because that person is a zealot on one side or another. But many times you'll also find that this person is the best in their field in the area and that they've been burned so many times doing it other ways that it has driven him to his zealotry. He says no because so many times he's said yes and the system has come crashing down around him, now he says no.

Which brings us to the final point. Everything in IT costs money. Every time you want to do something differently, it will cost someone either more money directly or more time (which is money) to fix or to separately support it later. If you go to the boss with a random PO request for a dollar figure and say "I want it", your boss is probably going to say no and make you justify it. IT is being treated the same way now.

The default answer is no... make your case if you want it to be yes, and be prepared to defend your expenditure request ($$$).

That is why corporate networks suck. They are too restrictive and most of their problems stem from garbage software thats insecure and shouldn't be used.

Any systems administrator should be removing Windows from his network. Instead run Debian or some free non-proprietary GNU Linux. Run open source only. Remove resrictive and insecure proprietary junk software from those networks.

Above all networks should be open and free. We should be encouraging the use of better software not restricting software to insecure prorietary junk. We should also be encouraging people to develop the skills, improvise and write their own free software and to improve on existing software.

Yeah I write free software.

Quote[/b] (KC4RAN @ Dec. 29 2007,07:02)]Quote[/b] (W1GUH @ Dec. 27 2007,18:16)]To you corporate IT guys...your software screws up often. #You don't promulgate proper instructions in a timely manner so that the user can use the system in a timely manner, and lots of times, especially on the more secure networks, I get "dumb looks" from the IT guy when I describe a problem. #So you guys are not blameless. #If you were doing your job properly, these "rules" wouldn't be as necessary as you try to make us believe.
Huh? Sounds like it's time for a 'walk a mile in his shoes' timeout for you.

I want you to take a block from a 57 Chevy, an intake manifold from a 01 Intrepid, exhaust headers from a 03 Camry, and heads from a 93 Cougar. Now I want you to make those pieces fit together in such a manner that they operate as a vehicle, and that you can keep those same spare parts around for replacement. If you have to build shims between the non-fitting parts thats fine, but you cannot modify the original parts in any way.

Now, I want you to build a support organization to issue these cars to 50,000 employees of a company that drives nationwide. I want you to support these drivers with as few employees as possible. You personally will have to go to the CEO to jusfity each additional headcount you believe you need.


Also, periodically we will be coming to you with various 'needs requests' that will necessitate you building other cars for us with slightly different parts. Instead of a 57 Chevy block, we might also request that you build us 250 cars using the block from a 93 Elantra. It is up to you to deliver a functional car and more importantly, to support that car.

Another part of the 'support' will be making sure that any recalls or engineering defects are handled as soon as possible and as efficiently as possible, with hopefully zero impact to our productivity. We will supply you with a number of 'upgrade robots' that can do very explicit tasks, like change out the head bolts on Model 134... but these robots cannot handle customizations and could end up destroying any car that it works on that has been modified from the intended original design. We must use these robots since we cannot afford to hire enough human mechanics to manually perform every upgrade.

Periodically, these upgrades or recalls will be forced upon you without any chance for you to do any real-world testing on the various models we have had you build for us. Remember, however... if the upgrade or recall stops a car from working, it will be your fault even if you were not given sufficient time for testing, or if the manufacturer imbedded another defect in the new replacement product.

You need to be able to build these cars quickly in an assembly-line fashion, since your 'build' personnel will be severely limited. It will be up to you to figure out how to support our ever-growing build requests with a limited number of models and thus support personnel.

Every car will be black. Every body style will be the same. It is up to you to figure out how to help the drivers identify which specific model of car they're driving without any obvious references. Every interior will be the same unless we specifically request otherwise, and this will constitute a different model at that time.

Security is a concern at this company. We want to know where every car is driven. We want to know how many miles it has been driven each week. We want to know what functions it has been driven to. We want to know who has driven it and what organization they belong to. We cannot have unauthorized people driving each other's cars, and we certainly cannot have outsiders driving our cars. If the security enhancements we force upon you make your build or support job harder, we're sorry - but that's the way it is. Any security variances, such as 'master keys' will require direct authority from the CEO, even if our top salesman is locked out of his car while trying to get to the biggest deal our company has ever seen or will ever see.

Now... go forth and build an organization to deliver these cars!!!



------


Your challenges? The 'tweaker' who goes up under the hood and enriches the fuel mixture... and blows the heads off periodically. The 'hot-rodder' who changes out the heads, exhaust and intake manifolds to gain maximum performance, but burns up the ignition system. The 'wannabe-grease-monkey' who goes up under the hood and starts taking things apart just to see how it is all put together. The 'granny' who only has her car serviced 2 times a year, but wants 100% reliability and will give you an earful when it doesn't work (and she knows it hasn't been working for a month and expects you to somehow know it but she didn't tell you). The 'wannabe-engine-designer' who replaces engine components or adds on customized engine computers to enhance his driving experience, but who also relies 100% on his car as a sales device, and who will blame you for your upgrade breaking his car... but who won't tell you that he installed the extra components or replaced other pieces until you pop the hood and confront him with it.

Even your own mechanics will be a support issue, since what they do necessitates experimentation - they will have to be subject-to but at the same time sometimes-exempted-from some of the security features, to see if those features are causing problems. They may drive a custom model or you may end up letting them build their own cars specific to their needs, but any security variances must be justified and they must all be supported just as well as any other user.




We 'corporate IT guys' don't write 99.99% of the software that runs on the systems you access. We install it and we support it... that's it!

We are subject to the limitations of the software being installed and the OS it runs on. Sometimes, you request two apps that don't play well together, but you will never know. We find ways to shim them together that hopefully keeps you from finding out. Sometimes these shims break. Would you rather us tell you to go pick software that doesn't break other software? Remember, we didn't write it.

We are usually the implementers of policy that comes down from the executives, and sometimes those policies are extremely complex. Most of the time they're driven by legal or financial reasons. The security policies are more legal, the things like disk space limitations and making you run a standard, locked-down image are more financial (both disk space and support cost money). Don't be the guy that backs his system up to his network drive to a different folder every night and chews up 8-10 GB a day in storage...

You're right, that first-line tech you're working with probably doesn't know much except what he's been taught on how to fix the most common of problems. It's the ones that they don't usually let interact with the public that actually make the systems work and that are called upon by those that make decisions to implement those decisions. If you talked to this person, you might find out that there are some really good reasons for most of the policies, and for many of them you'd find out "it's because they told me to". And yes, sometimes you'll find it's because that person is a zealot on one side or another. But many times you'll also find that this person is the best in their field in the area and that they've been burned so many times doing it other ways that it has driven him to his zealotry. He says no because so many times he's said yes and the system has come crashing down around him, now he says no.

Which brings us to the final point. Everything in IT costs money. Every time you want to do something differently, it will cost someone either more money directly or more time (which is money) to fix or to separately support it later. If you go to the boss with a random PO request for a dollar figure and say "I want it", your boss is probably going to say no and make you justify it. IT is being treated the same way now.

The default answer is no... make your case if you want it to be yes, and be prepared to defend your expenditure request ($$$).
Excellent!

Quote[/b] (AC0H @ Dec. 29 2007,11:49)]Quote[/b] (KC4RAN @ Dec. 29 2007,07:02)]Quote[/b] (W1GUH @ Dec. 27 2007,18:16)]To you corporate IT guys...your software screws up often. You don't promulgate proper instructions in a timely manner so that the user can use the system in a timely manner, and lots of times, especially on the more secure networks, I get "dumb looks" from the IT guy when I describe a problem. So you guys are not blameless. If you were doing your job properly, these "rules" wouldn't be as necessary as you try to make us believe.
Huh? Sounds like it's time for a 'walk a mile in his shoes' timeout for you.

I want you to take a block from a 57 Chevy, an intake manifold from a 01 Intrepid, exhaust headers from a 03 Camry, and heads from a 93 Cougar. Now I want you to make those pieces fit together in such a manner that they operate as a vehicle, and that you can keep those same spare parts around for replacement. If you have to build shims between the non-fitting parts thats fine, but you cannot modify the original parts in any way.

Now, I want you to build a support organization to issue these cars to 50,000 employees of a company that drives nationwide. I want you to support these drivers with as few employees as possible. You personally will have to go to the CEO to jusfity each additional headcount you believe you need.


Also, periodically we will be coming to you with various 'needs requests' that will necessitate you building other cars for us with slightly different parts. Instead of a 57 Chevy block, we might also request that you build us 250 cars using the block from a 93 Elantra. It is up to you to deliver a functional car and more importantly, to support that car.

Another part of the 'support' will be making sure that any recalls or engineering defects are handled as soon as possible and as efficiently as possible, with hopefully zero impact to our productivity. We will supply you with a number of 'upgrade robots' that can do very explicit tasks, like change out the head bolts on Model 134... but these robots cannot handle customizations and could end up destroying any car that it works on that has been modified from the intended original design. We must use these robots since we cannot afford to hire enough human mechanics to manually perform every upgrade.

Periodically, these upgrades or recalls will be forced upon you without any chance for you to do any real-world testing on the various models we have had you build for us. Remember, however... if the upgrade or recall stops a car from working, it will be your fault even if you were not given sufficient time for testing, or if the manufacturer imbedded another defect in the new replacement product.

You need to be able to build these cars quickly in an assembly-line fashion, since your 'build' personnel will be severely limited. It will be up to you to figure out how to support our ever-growing build requests with a limited number of models and thus support personnel.

Every car will be black. Every body style will be the same. It is up to you to figure out how to help the drivers identify which specific model of car they're driving without any obvious references. Every interior will be the same unless we specifically request otherwise, and this will constitute a different model at that time.

Security is a concern at this company. We want to know where every car is driven. We want to know how many miles it has been driven each week. We want to know what functions it has been driven to. We want to know who has driven it and what organization they belong to. We cannot have unauthorized people driving each other's cars, and we certainly cannot have outsiders driving our cars. If the security enhancements we force upon you make your build or support job harder, we're sorry - but that's the way it is. Any security variances, such as 'master keys' will require direct authority from the CEO, even if our top salesman is locked out of his car while trying to get to the biggest deal our company has ever seen or will ever see.

Now... go forth and build an organization to deliver these cars!!!



------


Your challenges? The 'tweaker' who goes up under the hood and enriches the fuel mixture... and blows the heads off periodically. The 'hot-rodder' who changes out the heads, exhaust and intake manifolds to gain maximum performance, but burns up the ignition system. The 'wannabe-grease-monkey' who goes up under the hood and starts taking things apart just to see how it is all put together. The 'granny' who only has her car serviced 2 times a year, but wants 100% reliability and will give you an earful when it doesn't work (and she knows it hasn't been working for a month and expects you to somehow know it but she didn't tell you). The 'wannabe-engine-designer' who replaces engine components or adds on customized engine computers to enhance his driving experience, but who also relies 100% on his car as a sales device, and who will blame you for your upgrade breaking his car... but who won't tell you that he installed the extra components or replaced other pieces until you pop the hood and confront him with it.

Even your own mechanics will be a support issue, since what they do necessitates experimentation - they will have to be subject-to but at the same time sometimes-exempted-from some of the security features, to see if those features are causing problems. They may drive a custom model or you may end up letting them build their own cars specific to their needs, but any security variances must be justified and they must all be supported just as well as any other user.




We 'corporate IT guys' don't write 99.99% of the software that runs on the systems you access. We install it and we support it... that's it!

We are subject to the limitations of the software being installed and the OS it runs on. Sometimes, you request two apps that don't play well together, but you will never know. We find ways to shim them together that hopefully keeps you from finding out. Sometimes these shims break. Would you rather us tell you to go pick software that doesn't break other software? Remember, we didn't write it.

We are usually the implementers of policy that comes down from the executives, and sometimes those policies are extremely complex. Most of the time they're driven by legal or financial reasons. The security policies are more legal, the things like disk space limitations and making you run a standard, locked-down image are more financial (both disk space and support cost money). Don't be the guy that backs his system up to his network drive to a different folder every night and chews up 8-10 GB a day in storage...

You're right, that first-line tech you're working with probably doesn't know much except what he's been taught on how to fix the most common of problems. It's the ones that they don't usually let interact with the public that actually make the systems work and that are called upon by those that make decisions to implement those decisions. If you talked to this person, you might find out that there are some really good reasons for most of the policies, and for many of them you'd find out "it's because they told me to". And yes, sometimes you'll find it's because that person is a zealot on one side or another. But many times you'll also find that this person is the best in their field in the area and that they've been burned so many times doing it other ways that it has driven him to his zealotry. He says no because so many times he's said yes and the system has come crashing down around him, now he says no.

Which brings us to the final point. Everything in IT costs money. Every time you want to do something differently, it will cost someone either more money directly or more time (which is money) to fix or to separately support it later. If you go to the boss with a random PO request for a dollar figure and say "I want it", your boss is probably going to say no and make you justify it. IT is being treated the same way now.

The default answer is no... make your case if you want it to be yes, and be prepared to defend your expenditure request ($$$).
Excellent!
Except he forgot the part about the drivers expecting the car to go 150 MPH and get 70 miles per gallon...

Quote[/b] (n2ize @ Dec. 29 2007,06:48)]That is why corporate networks suck. They are too restrictive and most of their problems stem from garbage software thats insecure and shouldn't be used.

Any systems administrator should be removing Windows from his network. Instead run Debian or some free non-proprietary GNU Linux. Run open source only. Remove resrictive and insecure proprietary junk software from those networks.

Above all networks should be open and free. We should be encouraging the use of better software not restricting software to insecure prorietary junk. We should also be encouraging people to develop the skills, improvise and write their own free software and to improve on existing software.

Yeah I write free software.
With all due respect, you need a reality check.

It's NOT really a "Windoze vs. Other OS" issue. Neither Debian, other Linux, Official UNIX, or ANY OS, there can be and ARE glitches tht can be introduced by software applications. To think otherwise is either naive to an extreme or,,, well, dangerous. Even the best intentioned software can cause glitches on a system, and if a system administrator(s) does not have control over what is and is not running on their network, all chaos WILL ensue, sooner or later;.usually sooner, and at the most inopportune time.

Open source is fine; LINUX is fine. But unknown software is NOT fine; even with "open source," if a user installed program causes problems, it can take hundreds of "man hours" to find a glitch, much less patch it, it that is even possible. IT administrators are employed to keep a system running, NOT troubleshoot and accomodate any or every application users may want.

Quote[/b] (n2ize @ Dec. 28 2007,07:48)]That is why corporate networks suck. They are too restrictive and most of their problems stem from garbage software thats insecure and shouldn't be used.

Any systems administrator should be removing Windows from his network. Instead run Debian or some free non-proprietary GNU Linux. Run open source only. Remove resrictive and insecure proprietary junk software from those networks.

Above all networks should be open and free. We should be encouraging the use of better software not restricting software to insecure prorietary junk. We should also be encouraging people to develop the skills, improvise and write their own free software and to improve on existing software.

Yeah I write free software.
The reason people aren't doing what you suggest is the cost of support. As I tell other people in my field, the fastest network in the world is worthless when it's down. I need reliability first... speed is somewhere down the list. I respect the open source movement, but to really be a shop that uses and exploits everything that open source can do for you, quickly you find out that you aren't actually saving any money in support and upfront costs, you're just shifting them around to having to pay for inhouse developers and (if you're a company of any size) some sort of version control system. Your IT shop turns into a software development shop and all the costs associated with that come rolling in the door.

Does Windows have its flaws? Without a doubt. I curse it many times a week. However, most organizations find that its easier to find support for Windows apps and systems than for in-house-built apps. Sounds backwards, right? It's easier to pick up the phone and call a support line and get an answer to a problem that 30 other customers have experienced than it is to pay an in-house developer for three days to dig through the code to find that two different groups didn't preserve variable type constraints, and one section of code starts throwing invalid data to another section within the same program.

When it comes time to replace someone, it is much easier and more cost effective to find someone who has worked in a support role for (insert top 50 Win business apps here) than it is to find a code jockey who is willing to come in, spend 3-4 months familiarizing himself with your custom app, finding out why the previous code writer did what he did, then finally getting down to what he was supposed to be doing all along... extending and supporting the app.

Businesses want to do business. They want IT to support them. Unless your business is writing applications and selling the app and the support to other companies, no one wants to be in the software development business. The software and the systems they run on are simply tools.

No one except hammer companies make their own hammers. They buy them. When they break, they go get another one. Open source is about crafting a better design of hammer. Open source drives innovation, but as yet, it doesn't sell hammers to 5% of the public.

And as for the restrictions on networks, talk to your legal department and your security guy. If you can convince them that 'bytes just wanna be free', go for it. I supsect I already know the answer. It's the same as if I came to you and asked you to do away with user accounts and differing system privileges. I mean, come on.... why can't you trust me with administrator privileges? Remove those restrictions!!

http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif

Open and free doesn't mean do away with privacy and user accounts. It means software on the network is open and free Closed prorietary software is a security risk. It may appear to make life easier but what it really does it take control away from the administrator and owner of the network.

Closed source doesn't have to be replaced overnight. The shift is incremental. #A good starting point is to gradually replace closed prorietary source applications with free software whenever and wherever possible. This doesn't mean to suddenly trash everything. But to make a gradual shift over time. It seems that is the direction many organizations are headed. The key idea is to set realstic goals.

Lastly, open source doesn't mean you have to have in-house developers and pay more. You have a community of developers, a community of users and a support community. The support community can even be members of the development community the user community and even dedicated commercial support groups in which you pay for the support. Thats the nice thing about free software is that, as a user you become an integral part of these communities. Even better these communities are comprised of focused subgrups that specialize in support. For example if Apache is one of your primary applications you have an entire support community
focused on Apache. If it's Open Office a support community focused on Open Office. As a user you automatically become an integral #part of those groups. #That's the beauty of free software and why it works well. And keep in mind, 24/7 commercial support is also a reality in the world of free software.

Let me add by saying that there is not only a potential to save money via free software, it is already being done.

Quote[/b] (n2ize @ Dec. 29 2007,13:52)]Open and free doesn't mean do away with privacy and user accounts. It means software on the network is open and free Closed prorietary software is a security risk. It may appear to make life easier but what it really does it take control away from the administrator and owner of the network.

Closed source doesn't have to be replaced overnight. The shift is incremental. A good starting point is to gradually replace closed prorietary source applications with free software whenever and wherever possible. This doesn't mean to suddenly trash everything. But to make a gradual shift over time. It seems that is the direction many organizations are headed. The key idea is to set realstic goals.

Lastly, open source doesn't mean you have to have in-house developers and pay more. You have a community of developers, a community of users and a support community. The support community can even be members of the development community the user community and even dedicated commercial support groups in which you pay for the support. Thats the nice thing about free software is that, as a user you become an integral part of these communities. Even better these communities are comprised of focused subgrups that specialize in support. For example if Apache is one of your primary applications you have an entire support community
focused on Apache. If it's Open Office a support community focused on Open Office. As a user you automatically become an integral part of those groups. That's the beauty of free software and why it works well. And keep in mind, 24/7 commercial support is also a reality in the world of free software.

Let me add by saying that there is not only a potential to save money via free software, it is already being done.
May I say your view (IMHO) is naive to an extreme?

That you apparently think "open source" somehow equates to "bug free?"

Open source means the source, bugs, glitches and poor coding are there for all to see, not some guarantee that they are not there. And installing unapproved or untested software can bring a network to it's knees, whether the source code is freely available or not. it can STILL take a system administrator hours, or days to repair the havoc of an errant program, even if it's source code IS available. And errant programs can and often do create problems not just to themselves, but to other applications and sometimes to the operating system itself. And if unauthorized software is installed and causes problems, it compounds the administrator's task by trying to identify the source of the problem, before trying to remedy the situation.

Quote[/b] (wa9svd @ Dec. 29 2007,17:05)]Quote[/b] (n2ize @ Dec. 29 2007,13:52)]Open and free doesn't mean do away with privacy and user accounts. It means software on the network is open and free Closed prorietary software is a security risk. It may appear to make life easier but what it really does it take control away from the administrator and owner of the network.

Closed source doesn't have to be replaced overnight. The shift is incremental. #A good starting point is to gradually replace closed prorietary source applications with free software whenever and wherever possible. This doesn't mean to suddenly trash everything. But to make a gradual shift over time. It seems that is the direction many organizations are headed. The key idea is to set realstic goals.

Lastly, open source doesn't mean you have to have in-house developers and pay more. You have a community of developers, a community of users and a support community. The support community can even be members of the development community the user community and even dedicated commercial support groups in which you pay for the support. Thats the nice thing about free software is that, as a user you become an integral part of these communities. Even better these communities are comprised of focused subgrups that specialize in support. For example if Apache is one of your primary applications you have an entire support community
focused on Apache. If it's Open Office a support community focused on Open Office. As a user you automatically become an integral #part of those groups. #That's the beauty of free software and why it works well. And keep in mind, 24/7 commercial support is also a reality in the world of free software.

Let me add by saying that there is not only a potential to save money via free software, #it is already being done.
May I say your view (IMHO) is naive to an extreme?

# #That you apparently think "open source" somehow equates to "bug free?"

# #Open source means the source, bugs, glitches and poor coding are there for all to see, not some guarantee that they are not there. #And installing unapproved or untested software can bring a network to it's knees, whether the source code is freely available or not. #it can STILL take a system administrator hours, or days to repair the havoc of an errant program, even if it's source code IS available. #And errant programs can and often do create problems not just to themselves, but to other applications and sometimes to the operating system itself. #And if unauthorized software is installed and causes problems, it compounds the administrator's task by trying to identify the source of the problem, before trying to remedy the situation.
Excuse me ? Where did I say open source is bug free ? I never said such a thing. And while I am not a programmer by profession I have done my share of programming, worked closely with programmers, and have a staff of programmers working with me. I am not so naive to think that any kind of software is perfect or bug free. I have been kicking around computers and software long enough to know better.

I do however think the proprietary closed source model is flawed and inferior to free software. I do feel that a goal of every systems administrator should be to gradually remove closed source software and move to free software.

Quote[/b] (n2ize @ Dec. 29 2007,13:52)]Open and free doesn't mean do away with privacy and user accounts. It means software on the network is open and free Closed prorietary software is a security risk.
noble, but unrealistic.

free software is never free--what you save in licensing costs is often dwarfed by what you must do to retrain users, reorganize data, reprovision systems and services, ... unfortunate, but true. there are personnel costs too.

furthermore, it's not your network (or my network, or the system admin's network) ... it belongs to the firm. it's not up to the system admins to change out all the software--the whole system is meant to serve the firm's needs and requirements. the users who matter are departments who have specific tasks to complete, not some dork who thinks they know better about application a and application b.

Quote[/b] (n6hcm @ Dec. 29 2007,23:24)]Quote[/b] (n2ize @ Dec. 29 2007,13:52)]Open and free doesn't mean do away with privacy and user accounts. It means software on the network is open and free Closed prorietary software is a security risk.
noble, but unrealistic. #

free software is never free--what you save in licensing costs is often dwarfed by what you must do to retrain users, reorganize data, reprovision systems and services, ... unfortunate, but true. #there are personnel costs too.

furthermore, it's not your network (or my network, or the system admin's network) ... it belongs to the firm. #it's not up to the system admins to change out all the software--the whole system is meant to serve the firm's needs and requirements. #the users who matter are departments who have specific tasks to complete, not some dork who thinks they know better about application a and application b.
Thats the whole issue in a nutshell. Replacing closed software with free software is not unrealistic. The only reason is appears unrealistic is because CEO's have had it drummed into their heads that Microsoft and closed source is the only safe way to go and that switching to free software will cost millions in retraining and overhead. But this is not true if #the changeover is performed gradually and with proper education and planning..The education part is easy, remember, we are not dealing with real subjects like Physics or Chemisty here, we are dealing with running and using apps that someone else has built on a computer that someone else has built. Remember, there is no race to switch over. It does not have to be done overnight. Nor does every piece of software have to be switched to free software (although the more the better). Think of it this way Change and retraining is inevitable even in a fully closed source environment. . The money and effort required for retraining with closed source can be applied to free software as the changeover occurs. #In addition many open source applications are not that much different than their closed source counterparts. In many cases the learning curve is small. Start with applications for which migration is relatively easy and then work up towards the harder stuff. Remember, a switch over to Linux is not required for many open source apps. Many open source apps run on Windows as well.

The key to a smooth and relatively inexpensive migration is education and planning. CEO's and managers need to be educated with regards to the advantages of free software. One that is understood and accepted then careful planning is the next step in order to make the micration smooth for both management, end users and administrators. The rewards are immeasurable as more and more closed software is removed and replaced with free software.

Yeah I write free software...So sue me.

Quote[/b] ]
But be vigilant. #The PC has put into the hands of the grass roots citizens power that they've never had before, and it's revolutionizing everything. #It's pretty obvious that any reactionary will have big problems with this state and will do everything he/she can do to squash this.


back when the computer was primarilly in the hands of the hippies who often wore the hats of computer scientists, engineer, mathematician, scientist we knew wehat to exopect from it. We were not overly expectatious. Now that it has fallen beyond and into the hands of the corporate management, the CEO and the general masses things have gone the other way, they are too expectatious, as in having their cake and eating it too. They expect to attach themselves to a worldwide public network yet expect 100% security. Clearly thats impossible. Any hippie from the old days could #easilly smile and say "see I told you so". #Like anything else, when trying to acheive the improbable there is often an overreaction that borders on the paranoid. it'sto be expected yet, what is truly amazing is that these systems are as secure as they are and that things do work #as well as they do.

Quote[/b] (n2ize @ Dec. 30 2007,01:36)]Thats the whole issue in a nutshell. Replacing closed software with free software is not unrealistic. The only reason is appears unrealistic is because CEO's have had it drummed into their heads that Microsoft and closed source is the only safe way to go and that switching to free software will cost millions in retraining and overhead.
like i said, noble but unrealistic. CEOs haven't had anything drummed into their heads--they view IT expenditures as necessary evil, and they have no incentive to do anything like this. changes come when there is demonstrable benefit to the business and the stockholders.

and, about writing free software ... bfd. i've written free software, too ... writing free software doesn't qualify you to run corporate systems and networks. at best it qualifies you to have an opinion.

Quote[/b] ]
like i said, noble but unrealistic. #CEOs haven't had anything drummed into their heads--they view IT expenditures as necessary evil, and they have no incentive to do anything like this. #changes come when there is demonstrable benefit to the business and the stockholders. #



And that's the whole point. To make them aware tof the benefits of running free software over proprietary software. It';s not as bizarre an idea as you think. Several corporations are already aware of the benefits of free software over proprietary software. The problem is that bany CEO's are not aware of the benefits of free software. You'd be surprised how many don;t even know what free software is let alone how it will benefit them by freeing them from expensive, bloated, insecure and inferior free software.

The point is not to migrate to free software without their permission (although I did pretty much take the liberty to migrate a whole department to free software and I am not even an IT person). The point is to EDUCATE THEM. Once educated they'll be able to make smarter choices and everyone will benefit.

Quote[/b] ]
and, about writing free software ... bfd. #i've written free software, too ... writing free software doesn't qualify you to run corporate systems and networks. #at best it qualifies you to have an opinion.


By writing and using free software you have a knowledge that is useful. The idea is to communicate that knowledge to those who are clueless.

I predict that within 10 to 20 years one of two things will happen. Either free software will be made illegal or the majority of the worlds corporations will have migrated from closed source #to free software.

The problems began when the men in suits started making decisiuons about computers and software instead of the hippies.

Quote[/b] (KG4RUL @ Dec. 27 2007,19:28)]I managed a network with 35+ users and the one hard and fast rule was THOUGH SHALT NOT PUT FOREIGN HARDWARE OR SOFTWARE ON MY SYSTEM!. Anyone who did found their rights immediately removed and then had to explain to the President of the company why they should get them back.
In other words, power trumps competency.

Quote[/b] (KC4RAN @ Dec. 28 2007,06:02)]Quote[/b] (W1GUH @ Dec. 27 2007,18:16)]To you corporate IT guys...your software screws up often. You don't promulgate proper instructions in a timely manner so that the user can use the system in a timely manner, and lots of times, especially on the more secure networks, I get "dumb looks" from the IT guy when I describe a problem. So you guys are not blameless. If you were doing your job properly, these "rules" wouldn't be as necessary as you try to make us believe.
Huh? Sounds like it's time for a 'walk a mile in his shoes' timeout for you.

I want you to take a block from a 57 Chevy, an intake manifold from a 01 Intrepid, exhaust headers from a 03 Camry, and heads from a 93 Cougar. Now I want you to make those pieces fit together in such a manner that they operate as a vehicle, and that you can keep those same spare parts around for replacement. If you have to build shims between the non-fitting parts thats fine, but you cannot modify the original parts in any way.

Now, I want you to build a support organization to issue these cars to 50,000 employees of a company that drives nationwide. I want you to support these drivers with as few employees as possible. You personally will have to go to the CEO to jusfity each additional headcount you believe you need.


Also, periodically we will be coming to you with various 'needs requests' that will necessitate you building other cars for us with slightly different parts. Instead of a 57 Chevy block, we might also request that you build us 250 cars using the block from a 93 Elantra. It is up to you to deliver a functional car and more importantly, to support that car.

Another part of the 'support' will be making sure that any recalls or engineering defects are handled as soon as possible and as efficiently as possible, with hopefully zero impact to our productivity. We will supply you with a number of 'upgrade robots' that can do very explicit tasks, like change out the head bolts on Model 134... but these robots cannot handle customizations and could end up destroying any car that it works on that has been modified from the intended original design. We must use these robots since we cannot afford to hire enough human mechanics to manually perform every upgrade.

Periodically, these upgrades or recalls will be forced upon you without any chance for you to do any real-world testing on the various models we have had you build for us. Remember, however... if the upgrade or recall stops a car from working, it will be your fault even if you were not given sufficient time for testing, or if the manufacturer imbedded another defect in the new replacement product.

You need to be able to build these cars quickly in an assembly-line fashion, since your 'build' personnel will be severely limited. It will be up to you to figure out how to support our ever-growing build requests with a limited number of models and thus support personnel.

Every car will be black. Every body style will be the same. It is up to you to figure out how to help the drivers identify which specific model of car they're driving without any obvious references. Every interior will be the same unless we specifically request otherwise, and this will constitute a different model at that time.

Security is a concern at this company. We want to know where every car is driven. We want to know how many miles it has been driven each week. We want to know what functions it has been driven to. We want to know who has driven it and what organization they belong to. We cannot have unauthorized people driving each other's cars, and we certainly cannot have outsiders driving our cars. If the security enhancements we force upon you make your build or support job harder, we're sorry - but that's the way it is. Any security variances, such as 'master keys' will require direct authority from the CEO, even if our top salesman is locked out of his car while trying to get to the biggest deal our company has ever seen or will ever see.

Now... go forth and build an organization to deliver these cars!!!



------


Your challenges? The 'tweaker' who goes up under the hood and enriches the fuel mixture... and blows the heads off periodically. The 'hot-rodder' who changes out the heads, exhaust and intake manifolds to gain maximum performance, but burns up the ignition system. The 'wannabe-grease-monkey' who goes up under the hood and starts taking things apart just to see how it is all put together. The 'granny' who only has her car serviced 2 times a year, but wants 100% reliability and will give you an earful when it doesn't work (and she knows it hasn't been working for a month and expects you to somehow know it but she didn't tell you). The 'wannabe-engine-designer' who replaces engine components or adds on customized engine computers to enhance his driving experience, but who also relies 100% on his car as a sales device, and who will blame you for your upgrade breaking his car... but who won't tell you that he installed the extra components or replaced other pieces until you pop the hood and confront him with it.

Even your own mechanics will be a support issue, since what they do necessitates experimentation - they will have to be subject-to but at the same time sometimes-exempted-from some of the security features, to see if those features are causing problems. They may drive a custom model or you may end up letting them build their own cars specific to their needs, but any security variances must be justified and they must all be supported just as well as any other user.




We 'corporate IT guys' don't write 99.99% of the software that runs on the systems you access. We install it and we support it... that's it!

We are subject to the limitations of the software being installed and the OS it runs on. Sometimes, you request two apps that don't play well together, but you will never know. We find ways to shim them together that hopefully keeps you from finding out. Sometimes these shims break. Would you rather us tell you to go pick software that doesn't break other software? Remember, we didn't write it.

We are usually the implementers of policy that comes down from the executives, and sometimes those policies are extremely complex. Most of the time they're driven by legal or financial reasons. The security policies are more legal, the things like disk space limitations and making you run a standard, locked-down image are more financial (both disk space and support cost money). Don't be the guy that backs his system up to his network drive to a different folder every night and chews up 8-10 GB a day in storage...

You're right, that first-line tech you're working with probably doesn't know much except what he's been taught on how to fix the most common of problems. It's the ones that they don't usually let interact with the public that actually make the systems work and that are called upon by those that make decisions to implement those decisions. If you talked to this person, you might find out that there are some really good reasons for most of the policies, and for many of them you'd find out "it's because they told me to". And yes, sometimes you'll find it's because that person is a zealot on one side or another. But many times you'll also find that this person is the best in their field in the area and that they've been burned so many times doing it other ways that it has driven him to his zealotry. He says no because so many times he's said yes and the system has come crashing down around him, now he says no.

Which brings us to the final point. Everything in IT costs money. Every time you want to do something differently, it will cost someone either more money directly or more time (which is money) to fix or to separately support it later. If you go to the boss with a random PO request for a dollar figure and say "I want it", your boss is probably going to say no and make you justify it. IT is being treated the same way now.

The default answer is no... make your case if you want it to be yes, and be prepared to defend your expenditure request ($$$).
Woops. Looks like I struck a nerve. But you now know what you really look like to the users that you look down your nose at.

And I stand by my statement that, if you guys were doing a proper job, you'd have far fewer problems. At the same time, I acknowledge that the companies are starving you guys, and you have precious little resources to draw from, and you would probably love to have reasonable resources to do the job you'd love to do.

But what the @#$% does a network have to do with '57
Chevy? Get outta here, that's a dumb analogy.

Wow, this thread got off topic!

Well, we have a fairly open source back end, but alot of apps are written for Windows or Macs with no significant alternatives.

Some of our apps need MS server stuff, there's no open source. Try running Harris automation on Linux, or some encoding software. Both Bluray and HDDVD authoring is strictly Windows.

On top of that, try telling a CEO he shouldnt be using his Outlook, and his calender he is used to having his secretary schedule his life around, and to use some unknown, low featured app.

I'm a firm believer in using what works. Solaris/Linux/Samba is our file/apps server, but AD is the best performer for auth, and support of the needed Windows systems.

I disagree about the security and viability of commercial apps. Like anything else business or market wise if it doesn't perform, sales will suffer.

Not only for CEOs Email is a big part of my computing use. It's a little more complicated then most, different accounts in different domains and protocols. I havent found anything open source with the features of Outlook. I have multiple accounts for different things, I can collect it all and divert it to different folders. Responses from the target go out as from that account. (Evolution does this I know) What it doesnt seem to do is have a calendering function that will easily transfer to my PDA, and able to send events to others.

That being said, there's a semi open source system called Zimbra that may give the Exchange/Outlook combo a run. If they had an actual client, it would be MORE serious, it uses a web based ajax/javascript client that can be sluggish at times.

If I was an admin for a shop that perhaps only did word processing, spreadsheets and basic stuff, and not multimedia, broadcast, DVD/Bluray/HDDVD and other polyglot things I could try to build an open source infrastructure.

Quote[/b] ]Woops. Looks like I struck a nerve. But you now know what you really look like to the users that you look down your nose at.

And I stand by my statement that, if you guys were doing a proper job, you'd have far fewer problems. At the same time, I acknowledge that the companies are starving you guys, and you have precious little resources to draw from, and you would probably love to have reasonable resources to do the job you'd love to do.
And where did you accumulate the years of IT experience to decide whether ANYBODY in IT is doing a "proper job"?

You're one of those guys who read PC Magazine, listen to the local radio show "geek", or used to hang on every word by Leo La Porte on Tech TV. You know enough to be dangerous and are the reason we have to take the steps we do to secure a network.

So, next time you and a cube mate get into a conversation about what's really wrong with corporate IT take a good long look in the mirror.

Quote[/b] (n2ize @ Dec. 29 2007,06:48)]That is why corporate networks suck. They are too restrictive and most of their problems stem from garbage software thats insecure and shouldn't be used.

Any systems administrator should be removing Windows from his network. Instead run Debian or some free non-proprietary GNU Linux. Run open source only. Remove resrictive and insecure proprietary junk software from those networks.

Above all networks should be open and free. We should be encouraging the use of better software not restricting software to insecure prorietary junk. We should also be encouraging people to develop the skills, improvise and write their own free software and to improve on existing software.

Yeah I write free software.
Nice theory. What are your qualifications for installing, maintaining, upgrading, and generally keeping networks (any networks, not only windows networks)?

I can tell you that I just finished a deployment of Microsoft's Office Communicator. The documentation sucked and it took me a week and a half to have a working version in a VM lab environment. Half of the time I spent in lab was building a simple network with a domain controler, configuring active directory, cert server, installing the IM server, and configuring several clients.

I also tried an open source option that took me 45 minutes to set up, had better configuration options, and better user management, and was generally a better option. Sadly, I had to bend to the will of my boss's boss who insisted that he felt more comfortable with the MS software. It was also a case that being as they had bought a license for it, they had to justify the money. Thus I was forced to implement what I feel is in inferior product.

Don't go blaming any level of IT for decisions made by management. We are bound by the decisions of management in part. The other part is that I dislike my blackberry going off at 3 in the morning and getting auto text messages like "SQL server is infected with a virus". And if keeping somebody from bringing in software from home keeps viruses off of the SQL server, then you had better not bring anything from home on to my network.

Another example is one place I worked had a new CSR (customer service rep) who installed Bonzi Buddy on every computer he sat at (no assigned seating). That was a mess & a half. What really sucked when we had to reimage most of the machines in that department because everyone had roaming profiles, so they take the infection with them every day when they sit at a new station.

If you hate MS software as much as you claim. Write me an open source alternative to active directory and GPO's, and then we'll talk.

No offense to you, but I suspect you are living in a bit of a dream world when it comes to software. As long as MS has over 90% market share, it is going to be the most common software on computers are going to run their software. It's not the best sitution, but it is the one that we are forced to deal with.

Also, are you a coder or developer? Where can I see a portfolio of some of your apps?

Quote[/b] (w8gtf @ Jan. 01 2008,09:31)]Quote[/b] (n2ize @ Dec. 29 2007,06:48)]That is why corporate networks suck. They are too restrictive and most of their problems stem from garbage software thats insecure and shouldn't be used.

Any systems administrator should be removing Windows from his network. Instead run Debian or some free non-proprietary GNU Linux. Run open source only. Remove resrictive and insecure proprietary junk software from those networks.

Above all networks should be open and free. We should be encouraging the use of better software not restricting software to insecure prorietary junk. We should also be encouraging people to develop the skills, improvise and write their own free software and to improve on existing software.

Yeah I write free software.
Nice theory. #What are your qualifications for installing, maintaining, upgrading, and generally keeping networks (any networks, not only windows networks)?

I can tell you that I just finished a deployment of Microsoft's Office Communicator. #The documentation sucked and it took me a week and a half to have a working version in a VM lab environment. #Half of the time I spent in lab was building a simple network with a domain controler, configuring active directory, cert server, installing the IM server, and configuring several clients.

I also tried an open source option that took me 45 minutes to set up, had better configuration options, and better user management, and was generally a better option. #Sadly, I had to bend to the will of my boss's boss who insisted that he felt more comfortable with the MS software. #It was also a case that being as they had bought a license for it, they had to justify the money. #Thus I was forced to implement what I feel is in inferior product.

Don't go blaming any level of IT for decisions made by management. #We are bound by the decisions of management in part. #The other part is that I dislike my blackberry going off at 3 in the morning and getting auto text messages like "SQL server is infected with a virus". #And if keeping somebody from bringing in software from home keeps viruses off of the SQL server, then you had better not bring anything from home on to my network.

Another example is one place I worked had a new CSR (customer service rep) who installed Bonzi Buddy on every computer he sat at (no assigned seating). #That was a mess & a half. #What really sucked when we had to reimage most of the machines in that department because everyone had roaming profiles, so they take the infection with them every day when they sit at a new station.

If you hate MS software as much as you claim. #Write me an open source alternative to active directory and GPO's, and then we'll talk.

No offense to you, but I suspect you are living in a bit of a dream world when it comes to software. #As long as MS has over 90% market share, it is going to be the most common software on computers are going to run their software. #It's not the best sitution, but it is the one that we are forced to deal with.

Also, are you a coder or developer? #Where can I see a portfolio of some of your apps?
Quote[/b] ]
Nice theory. #What are your qualifications for installing, maintaining, upgrading, and generally keeping networks (any networks, not only windows networks)?


For an IT job I would stress #and understanding of network topologies, protocols and various network apps as well as hands on experience building, maintaining, upgrading networks both at home and at work.

For a job aligned with my actual area of expertise I would #discuss several years of integrated research in the areas of #network optimization
and networking algorithms.

Quote[/b] ]
Don't go blaming any level of IT for decisions made by management. #We are bound by the decisions of management in part. #The other part is that I dislike my blackberry going off at 3 in the morning and getting auto text messages like "SQL server is infected with a virus". #And if keeping somebody from bringing in software from home keeps viruses off of the SQL server, then you had better not bring anything from home on to my network.


I'm not blaming IT for these problems. What I am saying is that IT needs to do all it can to assure that the experience is pleasing for end users while getting the message of free software out to management. #Just because things are the way they are now doesn't mean they need to be that way forever. #Several years ago free software was not even a blip on the radar of most management. Now more and more managers are beginning to see the benefits of free software and are implementing free software as a viable solution ultimately saving time and money. IT people are in a great position to spread the word. This can be done in several ways. By implementing free software solutions whenever possible, by recommending free software to those in upper managment and, by communicationg with management. Explain to them why that SQL server as company A always goes down due to a virus at 3:00 am while the server at company B which runs on free software runs all night long with barely a hiccup. Free software cannot replace closed source over night. #But then we don't expect overnight results.

Quote[/b] ]
BAnother example is one place I worked had a new CSR (customer service rep) who installed Bonzi Buddy on every computer he sat at (no assigned seating). #That was a mess & a half. #What really sucked when we had to reimage most of the machines in that department because everyone had roaming profiles, so they take the infection with them every day when they sit at a new station.ut


Just another example of the inferior quality of closed source security. It fails to keep such apps confined to #the users own space.

Quote[/b] ]
If you hate MS software as much as you claim. #Write me an open source alternative to active directory and GPO's, and then we'll talk.


I'm no expert in active directory but I belive it's just Microsofts implementation of LDAP. If I am not mistaken there are alread open source options.

Quote[/b] ]
No offense to you, but I suspect you are living in a bit of a dream world when it comes to software. #As long as MS has over 90% market share, it is going to be the most common software on computers are going to run their software. #It's not the best sitution, but it is the one that we are forced to deal with.


That is only true if we assume that MS will always have that same market share. The more we replace closed source with open source and the more #management is convinced of the benefots of open source the sooner those numbers wil change.

Quote[/b] ]
Also, are you a coder or developer? Where can I see a portfolio of some of your apps?


No, I am a mathematician and I currently work in an academic environment. Most of the applications I have written coincide with analytic tools required for various research projects. Some may be of specific interests to researchers others have more general applications. I have been considering releasing at least some of them to the public at a later date. These I consider both work and "fun" projects since their development was both challenging and interesting.

Quote[/b] (n2ize @ Dec. 30 2007,19:31)]By writing and using free software you have a knowledge that is useful. The idea is to communicate that knowledge to those who are clueless.

I predict that within 10 to 20 years one of two things will happen. Either free software will be made illegal or the majority of the worlds corporations will have migrated from closed source to free software.

The problems began when the men in suits started making decisiuons about computers and software instead of the hippies.
i never said free software wasn't useful--i said your idea to swap in free software (to replace proprietary software) was unrealistic and naive.

when those hippies own the corporate networks they can make those decisions (hint: some of this has already happened, and it hasn't worked out the way you expect ... money does change everything).

Quote[/b] (n2ize @ Jan. 01 2008,14:07)]I'm not blaming IT for these problems. What I am saying is that IT needs to do all it can to assure that the experience is pleasing for end users while getting the message of free software out to management.
see, here's the problem--you've missed something important here ... it *is* IT's job to make it easy for staff to do the job management wants them to do. the user is *management* and not the individuals at the desktops.

Quote[/b] (n6hcm @ Jan. 01 2008,21:59)]
I never said you should simply swap out the corporations closed source bloatware for free software. (Although I did it and got away with it on the academic level but thats another story for another day). Of course you have to use whatever the manager insists you use. But you do have the option of removing closed source bloatware and replacing it with free software on systems that you DO control. And you do have the option to try and get the message out to management that free software is a viable option and can have many benefits. This has been successful. As I pointed out many companies both small, medium and large have discovered the benefits to free software and are deploying it in more and more places.

Quote[/b] ]
when those hippies own the corporate networks they can make those decisions (hint: some of this has already happened, and it hasn't worked out the way you expect ... money does change everything).


The hippies were the innovators, they liked to do things their way and quite often they had their fingers on the latest and the greatest yet to come. The suits are locked into an archaic and inflexible corporate model, they lack innovative skills, they fail to think outside the box. They don't listen to their IT people. But we shouldn't blame them we should have compassion for them and try and help them along. Of course this is not mean to stereotype all suts, some suits are pretty cool and they do think outside the box and beyond.

Quote[/b] (n2ize @ Jan. 01 2008,13:07)]Quote[/b] ]
If you hate MS software as much as you claim. Write me an open source alternative to active directory and GPO's, and then we'll talk.


I'm no expert in active directory but I belive it's just Microsofts implementation of LDAP. If I am not mistaken there are alread open source options.
It's not just LDAP, LDAP with kerberos authentication.

But not even that, the GPO 'gtf mentions is Group Policy Objects, essentially it alllows on the fly manipulation of the registry, as well as software update/pushes/installs.

So I as an administrator can do various thing like block functionality, programs aspects of say I.E, control panel.

You can block software installs for instance, via blocking microsoft installer from running. There's alot of integration with the desktop that you couldn't get from a simple generic LDAP service. Though it WILL function as that, it's LDAP to authenticate Aspera users.


If it was just simple file sharing and authentication, Samba actually does a pretty good job, and in fact Samba now integrates with AD now so you can buy a 1 or 2 server license for AD (depending on your license type) and use Solaris or Linux as you storage.

Or Isilon if you need boatloads of storage like we are moving to.

Microsoft's implementation of Kerberos, like just about everything else MS, isn't standards compliant. It's taken some fancy coding footwork in Samba to allow MS desktops to authenticate to non-MS servers.

Samba is good and I haven't kept right on top of it but I don't think a server running Samba can act as a master domain controller. Ordinary, everyday DC yes but not master.

It's all a pish posh anyway. "Active Directory" is a direct ripoff of Netware NDS.

Quote[/b] (W1GUH @ Dec. 30 2007,01:56)]
Quote[/b] ]Woops. Looks like I struck a nerve. But you now know what you really look like to the users that you look down your nose at.

I don't 'look down my nose' at the users at my company...


Quote[/b] ]
And I stand by my statement that, if you guys were doing a proper job, you'd have far fewer problems. At the same time, I acknowledge that the companies are starving you guys, and you have precious little resources to draw from, and you would probably love to have reasonable resources to do the job you'd love to do.


The number of assigned projects will always exceed the resources made available to proceed with and succeed at those projects



Quote[/b] ]
But what the @#$% does a network have to do with '57
Chevy? Get outta here, that's a dumb analogy.

Obviously you didn't take the time to read it. It's an attempt to show you that what you see as 'the IT systems' is actually a cobbled-together jumble of pieces of hardware and software that people like me try to keep bolted together to do the job that people like you need it to do.

However, rarely do these systems and applications 'play nice' wtih each other, and even more rarely do people like me (you know, the ones charged with keeping those systems *up*) have any input on the purchasing decisions of said software and systems.

So you have middle-managers like you who see a slick sheet on Software XYZ or System ABC and think that we must have this, it's the next big thing... but they forget the number one overriding truth in IT.

If a system is down, you can't use it.

You can't just go buy a piece of software in today's environment and expect it to work like people say it will. You can't assume that it will play nice with other apps you're running on the same hardware platform. You can't assume that all the upgrades will be as easy as the sales-guy (read: liar) told you it will be.

You have to let people like me get ahold of it and try to break it. You have to run upgrade cycles on it, you have to put it on marginal systems that just barely meet the hardware requirements, to see how it reacts when the system resources are curtailed. You have to find out how it works when everything *isn't* just perfect.

You are obviously clueless about the nature of what IT really is.


Please, do tell... what would you have us do differently to have us do a 'proper job'? I would love to hear your sage insight which is (I'm sure) based on decades of experience in the field...

Quote[/b] (W1GUH @ Dec. 30 2007,01:52)]
In other words, power trumps competency.

No... in other words:

When I'm forced to choose between

(A) The wishes of one person who jumps up and down and demands that their pet app or piece of hardware be connected to the system

or

(B) The stabilty of a network and system that services from a few dozen to a few hundred thousand users



You lose unless and until you can prove to management that spending time on your request is justified, and even then you will have to wait until it is proven that your pet app or system will not jeopardize the stability of the system.

System Stability > Your wishes

This thread has gotten a bit off topic. What it comes down to is, right or wrong. When you are playing with somebody else's toys (be it school or company), you play by their rules. If you don't, they take the toys away.

Quote[/b] (AC0H @ Jan. 02 2008,12:18)]Samba is good and I haven't kept right on top of it but I don't think a server running Samba can act as a master domain controller. Ordinary, everyday DC yes but not master.

It's all a pish posh anyway. "Active Directory" is a direct ripoff of Netware NDS.
Samba can't emulate an AD domain. It will emulate an NT4 type domain perfectly well. If you've doing simple file sharing that's just find.

AD isn't really a ripoff of NDS, more a ripoff and hack of LDAP.

NDS was somewhat as well, but very much improved. As far as I'm concerned Novel up to 5.1 is STILL the best network OS.

I only say up to 5.1 as that's when I stopped working with it.

Quote[/b] (KC4RAN @ Jan. 02 2008,13:49)]Quote[/b] (W1GUH @ Dec. 30 2007,01:52)]
In other words, power trumps competency.

No... in other words:

When I'm forced to choose between

(A) The wishes of one person who jumps up and down and demands that their pet app or piece of hardware be connected to the system

or

(B) The stabilty of a network and system that services from a few dozen to a few hundred thousand users



You lose unless and until you can prove to management that spending time on your request is justified, and even then you will have to wait until it is proven that your pet app or system will not jeopardize the stability of the system.

System Stability > Your wishes
I think he is trying to point out that greater competancy would yield greater network stability. #I agree, from what I have seen most IT departments are quite deficient... this is not meant as an attack against IT people.Most IT people make the best of circumstances.

I believe the debate between IT and the user community over degree of control is even older than the religious war over programming language choice. I've certainly seen it argued for thirty years and the articles I read in Datamation in the 70s suggest that it was at least 10 years old then.

I've done both jobs. I spent five years running IT for a college in the 70s and I've been a developer since. I've dealt with corporate IT in companies ranging in size from the 10 people at Dotcast when I started and we didn't have an IT department to HP which had just over 100,000 employees in 90 divisions when I was there.

I've also been an individual contributor, team lead, manager, and director of software development.

I'm not at all surprised at the communications problem in this thread. I've found it rare that an individual who hasn't been on both sides of the fence can translate between the two view points.

I am surprised that there's still corporate IT around that thinks it can effectively dictate exactly what attaches to the corporate network. I'm going to hazard a guess that that is because I've always worked in and around software development.

That said, I don't think that the view of replacing closed source systems with open source is that naive. I know of many outfits that have done so effectively, and IBM makes a lot of money supporting such sites.

I do think that IT in any technology company that thinks it has a locked down network is naive, but I do understand how IT in companies where the corporate net is a business tool and not a technology development tool desires, and possibly can accomplish that goal.

So now let me tell you what IT is like in the real real world:

You have to start by understanding that IT is a cost center and few if any companies track their IT investments well enough to know how productive they are. You also need to realize that industry wide, investment in IT is the least effective way to spend money to improved productivity in a company. You then need to couple this with the knowledge that software is expensive, hardware has a very short life time compared to other assets, and users always want much more than they need to do their job efficiently.

Also, rightly or wrongly, in the cultural hierarchy of the software industry, IT is viewed as "easy", so the labor pool for IT jobs tends to be relatively large, but not always well trained -- even by software standards, which are, in general, pretty low.

Then there's the cultural effect: Nobody notices the maintainers of an infrastructure when it works well. So IT tends to only see the irate users, and not the happy ones.

So, you get underfunded, underpaid, overworked IT staff, who are not necessarily the most socially skilled people in a company, but who almost always have to deal with users in a crisis situation.

And people wonders why computer infrastructure often sucks.

I agree with all the you must follow the rules posts, and to add some food for thought. I work for a large govt. contractor at a govt. site. I must go through apx. 16 hours of training per year on compter usage, rules, do's and don't, proprietary data............................ Just to use their computers.

Quote[/b] (AE6IP @ Jan. 03 2008,12:03)]
Quote[/b] ]
I'm not at all surprised at the communications problem in this thread. I've found it rare that an individual who hasn't been on both sides of the fence can translate between the two view points.


One of the problems I find with regards to IT people is that while many of them were rich in technical experience, i.e. college, job experience, hands on training, certification, etc. most were also quite vapid with repect to business acumen. This creates some serious communications gaps particular with regards to communication between the IT department and management, corporate end users and other resources. I would advise and IT person serious about remaining and surviving IT on and into the future to develop their business skills. These days business skills often trump technical skills in order of importance.,

Quote[/b] ]
I am surprised that there's still corporate IT around that thinks it can effectively dictate exactly what attaches to the corporate network. #I'm going to hazard a guess that that is because I've always worked in and around software development.



It's calls having ones cake and eating it too. Managers expect absolute network security as they are technically naive, IT personel cannot deliver it to them however assuring them they can ultimately convincing themselves they have absolute network control when they don't and most likely never will.


Quote[/b] ]
I believe the debate between IT and the user community over degree of control is even older than the religious war over programming language choice. #


I am less concerned with the particular langauge choices one makes than I am with their general problem solving ability. A developer who can solve problems well and create good algorithms is invaluable regardless of langauge choices.

Quote[/b] (kf6rdn @ Jan. 01 2008,19:45)]Quote[/b] (AC0H @ Jan. 02 2008,12:18)]Samba is good and I haven't kept right on top of it but I don't think a server running Samba can act as a master domain controller. Ordinary, everyday DC yes but not master.

It's all a pish posh anyway. "Active Directory" is a direct ripoff of Netware NDS.
Samba can't emulate an AD domain. #It will emulate an NT4 type domain perfectly well. #If you've doing simple file sharing that's just find.

AD isn't really a ripoff of NDS, more a ripoff and hack of LDAP.

NDS was somewhat as well, but very much improved. As far as I'm concerned Novel up to 5.1 is STILL the best network OS.

I only say up to 5.1 as that's when I stopped working with it.
They all copied X.500. Microsoft AD, is well... a Microsoft Product of course it ties into and works together with other Microsoft products. Its major problem is that it is a Microsoft product. It works when you sign your life and wallet away to Microsoft. It is a closed environment and a result of that it does not play well with other. If Microsoft had wanted they could have built AD around LDAP(or X.500) and it would have worked just as well however they didn't do that because they didn't want to give up any control of their product and thats one reason products like samba have a hard time playing nice with AD not because its a bad product but because Microsoft won't publish any of their standards.

Quote[/b] (KL1ZB @ Jan. 03 2008,22:57)]Quote[/b] (kf6rdn @ Jan. 01 2008,19:45)]Quote[/b] (AC0H @ Jan. 02 2008,12:18)]Samba is good and I haven't kept right on top of it but I don't think a server running Samba can act as a master domain controller. Ordinary, everyday DC yes but not master.

It's all a pish posh anyway. "Active Directory" is a direct ripoff of Netware NDS.
Samba can't emulate an AD domain. #It will emulate an NT4 type domain perfectly well. #If you've doing simple file sharing that's just find.

AD isn't really a ripoff of NDS, more a ripoff and hack of LDAP.

NDS was somewhat as well, but very much improved. As far as I'm concerned Novel up to 5.1 is STILL the best network OS.

I only say up to 5.1 as that's when I stopped working with it.
They all copied X.500. Microsoft AD, is well... a Microsoft Product of course it ties into and works together with other Microsoft products. Its major problem is that it is a Microsoft product. It works when you sign your life and wallet away to Microsoft. It is a closed environment and a result of that it does not play well with other. If Microsoft had wanted they could have built AD around LDAP(or X.500) and it would have worked just as well however they didn't do that because they didn't want to give up any control of their product and thats one reason products like samba have a hard time playing nice with AD not because its a bad product but because Microsoft won't publish any of their standards.
Microsoft never likes to use open standards. There idea of "open" is a proprietary mangling of an open standard.

I don't work for a technology company.
I work for a HUGE banking/mortgage/financial company.

There are some seriously nasty consequences which kick in automatically if the data on our network gets compromised. Even the suspicion of compromised data brings some unpleasent consequences starting with a nasty, very public, press enema.

So, the very last thing on my worry list is whether a user gets pissed because this feature or that feature has been disabled or things aren't running quite up to their un-educated standards.

Security is ALWAYS job one followed closely by reliability and trustworthiness of the data.

Quote[/b] (AC0H @ Jan. 04 2008,18:04)]So, the very last thing on my worry list is whether a user gets pissed because this feature or that feature has been disabled or things aren't running quite up to their un-educated standards.
You probably don't understand this, but you've just given a classic example of why departmental computing came into being as a backlash against corporate central data centers, and was eventually replaced by the PC.

Back in the Day, HP insiders used to say about HP "If we sold sushi, we'd advertise it as cold, dead fish."

Translation: There's the truth, and then there's how you tell it.

The overwhelming majority of security problems, including corporate data compromise, are due to social engineering, and treating your user base as "un-educated" is a proven way to create disgruntled ex-employees.

Quote[/b] (AE6IP @ Jan. 04 2008,21:23)]The overwhelming majority of security problems, including corporate data compromise, are due to social engineering, and treating your user base as "un-educated" is a proven way to create disgruntled ex-employees.
In a perfect world, every end user would have the common sense not to install questionable software on their work computers and not click on every link in every email.

The old quote of "Nothing is idiot proof, because idiots are ingenious.". We had a mobile use who was having problems with her wireless router dropping packets and it would disconnect her from the VPN. Our suggestion was to see if she had the same problems using an ethernet cable directly connected to her router. That suggestion touched off several phone calls and emails back and forth about what an ethernet cable was and how to connect it. It was originally described as "an ethernet (internet) cable (it looks like a large phone line)". That explanation was too technical for her.

While a large part of the security at my office is user education, it's still a case that you have to be ready for the worst and hope for the best.

Quote[/b] (AE6IP @ Jan. 04 2008,23:23)]Quote[/b] (AC0H @ Jan. 04 2008,18:04)]So, the very last thing on my worry list is whether a user gets pissed because this feature or that feature has been disabled or things aren't running quite up to their un-educated standards.
You probably don't understand this, but you've just given a classic example of why departmental computing came into being as a backlash against corporate central data centers, and was eventually replaced by the PC.

Back in the Day, HP insiders used to say about HP "If we sold sushi, we'd advertise it as cold, dead fish."

Translation: There's the truth, and then there's how you tell it.

The overwhelming majority of security problems, including corporate data compromise, are due to social engineering, and treating your user base as "un-educated" is a proven way to create disgruntled ex-employees.
I understand it completely.

That's why we have acceptable use and security policies. That's why we have intranet training on what's acceptable, what's not, and the ramifications of a breach of those rules. Everything is spelled out in minute detail. That's why we have employees sign those documents agreeing to abide by them.

You could be the best damn employee in the corporation. If you compromise the data or the network you have just cost the company more than you will ever be worth, making yourself too expensive to keep around.

Perfect example.
Remote user calls the backline help desk with a problem on her laptop. Her Inet connection was flaky and she was being dropped from the VPN. Turns out through conversation that she allowed one of her ISP's techs to remote the machine to "fiddle" with the network settings. That laptop was stuffed with confidential data. What would you do with that user?

I am sort of puzzled as to exactly what it meant by "IT" or "Corporate IT". In the days of my youth "IT" was just a 2 letter word used to reference an inanimate object. Over the years with the explosion of computers to the point where we are at today in which many homes have multiple computers and devices attached to networks, routers, switches, WAP's, hard wired, wireless...etc. more computing and network power than was found in most businesses in days gone by. Even my parents house consisting of two elderly retiree's and their nephews and neices who come to visit now and then there are 5 computers, 2 routers (network and subnet) , 3 wireless access points (only 1 in use at any given time) , a VOIP phone adapter, 2 printers, a wireless and hard wired network, all connected to a high speed fibre optic network. 10 or 20 years ago such things were relatively unheard of in the household. Today they have become commonplace, a home/buisiness information infrastructure is what a telephone infrastructure once was and lots more.

In the midst of this technologic explosion the term "IT" has become a household term. But who exactly is IT ? Is he/she just the systems/network administrator ? The systems analysst and designer ? The email admin ? The programmer ? All of the above ?

Quote[/b] (n2ize @ Jan. 06 2008,04:25)]I am sort of puzzled as to exactly what it meant by "IT" or "Corporate IT". In the days of my youth "IT" was just a 2 letter word used to reference an inanimate object. Over the years with the explosion of computers to the point where we are at today in which many homes have multiple computers and devices attached to networks, routers, switches, WAP's, hard wired, wireless...etc. mor