- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
Nothing gets much much better than seeing a hated roadblock being told to stop being an ass and get out of the way.
Admin
Such stories always make me remember the ending one of my favorite stories from "Computer Stupidities" on rinkwork:
Quote: "And sometimes people wonder why I have a mouse pad with 'Bang Head Here' written on"
Admin
the real WTF is no-one claiming that the developed software was approved to be installed
Admin
Admin
Usually it's a common issue that devs expect people to think for themselves instead of wasting company time and money.
Given that the expectation was of a team who should have had technical skills sufficient to comprehend this situation, the company's very recruitment policies might well be worth questioning to avoid similar issues in the future.
This should never have needed to go to HR or management, unless they were needed to sign off the security exceptions that the devs had discussed with the SDE admins.
Admin
So they're going to build a secured environment inside the secured environment? I didn't know you could have the inner platform effect with hardware.
Admin
That's the amazing thing, that there wasn't a director of development with enough clout to cut through the bullshit.
Admin
It sounds like they needed a grown-up version of the "you can play as many games as you want, as long as you code them yourself" ultimatum that I'm sure a few of our parents thought up.
Admin
Of course not. They're getting a separate dev env alongside the dev env. Running on another, completely isolated, network.
The deliverables must be put on the (original) development environment. However, it is forbidden to make changes to it. OTOH, failure to put the deliverables there on schedule will result in disciplinary action.
All clear now?
Admin
I once got hauled up by a VAX sysop for having installed an executable on his VAX.
So I showed him the C source code which I had typed in, and the VAX C compiler on his machine.
Admin
Where I work, members of a different dev team were aghast that we allowed one member of our team to install and use IntelliJ instead of Eclipse.
After all, it wasn't a corporate approved IDE! :-o
Admin
Admin
Notepad++, obviously.
Admin
Provided that their developped software somehow served the company's purpose, it would be sufficient if the developers told the bosses that SDE administration is impeding revenues.
Admin
Hey all, Steven here.
Sort of. This new development environment will be connected to the SDE network, and we'll be able to remote into it to do our work. We'll also appoint our own admin for this environment who will install and approve software. So basically, the admins of the actual SDE network will never have to do any work ever again.
I work in one of the most heavily regulated industries in the world. As a result it is policies and procedures first, code and common sense second. And it has to be that way, otherwise the government will shut us down. One guy walked into a sliding glass door before it fully opened at one of our sites, and now some departments in the company are spending a lot of time and money doing safety evaluations on all things glass instead of writing it off as idiocy. You can see why telling the head of cyber security to fuck off in this environment would accomplish nothing. Luckily my project manager has a good head on his shoulders and got the situation taken care of, more or less.
That we did, which is how we got cyber security to issue us an "exception" which runs out in about a month, and there's still no sign of that separate system we were promised, so this whole thing will likely kick off again. Whee!
Admin
This screams defense contractor all the way.
Several years back a co-worker got in a ton of trouble because he/she made a picture of their child their desktop background. Someone from security claimed he/she 'installed' unapproved software and had to remove the photo.
Admin
Admin
I work for the 2nd or 3rd largest company in the world and we do have this policy! Except in our case our IT department are intelligent idiots - releasing customer controlled Windows updates (all PC's on the corporate network have to be Windows 7) that screw over any PC that has any 3rd party additions e.g. serial cards, now they supply PC's without and we need to talk to the PLC's be develop! Their policies and spyware mean that a 9 year old PC that I have hidden away compiles my software in 1/2 the time of my modern 'workstation'!
Admin
Then go buy it... searching for "Bang Head Here mouse pad" in google shows enough results...
Admin
I heard you like Development Environments so I put a Development Environment in your Development Environment.
Admin
Several parts of that article raise further questions: "the Java install on Steven's SDE machine took a core dump and rolled around in it" It what? Was an installed Java JRE/JDK crashing? Or did he try to install a new version and the install process did crash?
"Once the admin had unchecked all the predatory toolbar options and got the install going"
This only applies to the JRE, not to the JDK install. So why did he (as a Software Developer) not order a JDK installation?
"Are these .exe files?"
They are developing Java applications and build .EXE out of them? This is at least unusual.
Admin
Admin
Real programmers : http://xkcd.com/378/
Captcha: Tristique - Stands for it self
Admin
You can build EXE files with the jars inside so you don't have to go the whole "java -jar foo.jar" trouble.
I once worked in bank as a contractor, and it was pretty much the same crap. It's soo annoying that you actually want to meet the deadlines and get the hell out of there as fast as possible.
OTOH, is there any "security expert" who dares to explain why changing the wallpaper is more of a "security" issue than using Windows?
Admin
For even more fun, take a few random,unneeded text files and change the extensions to '.exe' . Then watch the IT Police go crazy.
Alternatively (when you really want to get something done), bypass the restriction on sending/receiving ".zip" files due to [redacted] idiots' Outlook filters by renaming them ".txt" .
Admin
This is our technique for passing code snippets back and forward between members of our team situated in various companies and client locations.
Admin
You mean that this nightmare is still going on?
Admin
What keeps software engineers in such places? Hefty salaries?
Admin
I thought that sentence was going to end much differently.
Admin
Didn't happen. Disappointed that you'd put up something so obviously fake.
Admin
TRWTF is Scott Addams trying to pass Dilbert strip for TDWTF article under changed name.
Admin
mcedit.
Admin
mcedit.
Admin
Above accidental double post was to this comment. Mcedit.
Admin
Oh god. This is way too familiar to me. Our IT security isn't quite this insane . . . yet. But they're certainly well on their way to it. At least the IT staff here still have enough discretion to translate "this is company-developed software that is absolutely business critical" to "put it on the approved software list ASAP and don't you dare delete it".
But I will never forget the time one of my project actually did get destroyed by IT flexing its muscle over a technicality. Taught me some valuable lessons, that did.
Admin
In the early '90s I was verbally reprimanded by my supervisor (the IT Manager) for playing games (enabling the screensaver) on my new SUN workstation.
Admin
Stupidity ensuing all around is creating hilarity.
Admin
Of course, some reasonable restrictions still applied... "as many as you want" didn't ever really quite mean that. Things like mealtime, bedtime, chores or homework still superseded my ability to be on the computer 24x7...
Admin
I can see the WTF now: a production app on your dev workstation slowed down by your screensaver.
Admin
Funny enough, if they did go through this, they wouldn't have cyberpolice up their butts. Also you can bind .jar files so Java will launch those automatically (judging by article it was Windows machine, so Java installer would do this automatically and on Linux/Mac you can do this via settings of your favorite file manager). Which would go unnoticed as from article we know they didn't know what Java even is.
Admin
You're asking why the road is white, instead of the customary grey.
First, you should figure out why the road is constructed entirely of marshmallows.
Admin
Protip: Users, also known as "the people to whom you sell and distribute your software," on average, don't know what the fuck a ".jar file" is.
Admin
This is precisely what "sneakernet" is for. ;-)
IT here has absolutely no problem with us keeping ancient hardware around. They just don't want it on the network. Of course, this means they don't get to be funded to support those machines, but that's their problem. We had a big honking huge machine for testing our hardware that we were building for the customer. IT kept putting patches on it, per policy, which went up against the customer's intense demand for absolute configuration control, so we pulled the Ethernet cable out and switched to Sneakernet.
Admin
You're absolutely right. We develop tons of software at my company, but the majority of it doesn't actually run on Windows. It runs on embedded systems. But we build a lot of it on Windows, so the software definitely sits on our computers. But IT only notices it if it puts something in the registry. So our handy-dandy release package that wraps up all of our files and sets a few environment variables for the help of the end-user wanting to compile their software against ours, and which contains absolutely nothing that will even run on Windows, nevertheless gets flagged as unapproved software because it touched the registry. :-P
But my mountain of audit scripts that I've developed? Never gets noticed.
Admin
So much kerfuffle... How much do you get paid? Your duty is to carry out your assigned tasks. Now, you find yourself not being able to build software because that breaks security? It is obvious to you that this is silly. But, them's the rules.
Can't install an unapproved product. To install an approved product, you require IT services. The solution is obvious.
Write your code. Send the source to IT because you do not have the authority to build it. Wait for the result, and demand that IT not install it until they approve it.
Send memos to this effect to your "Cyber Security Team". The more, the merrier.
Make sure that IT doesn't have checkout or commit access to the source. Obviously, that would be a security lead.
Using this approach, a ONE CHARACTER change could take a month. New code? Fuggetaboudit. May as well resume the old practice of coding forms. After all, why should you bother typing this shit in? You can't have an IDE, because that could GENERATE AND ALLOW AN UNAPPROVED EXE TO RUN.
Man, you played this wrong. Using this PROPERLY, you can even get promoted, and increase the developement budget, the IT budget AND the Cyber Security budget. Win all around. AND, you get to code... very slowly. Play it right and you would NEVER have to unit test your program; not being authorized, see? Forcing better specifications that can be exactly unit tested by another team. Your job? Write some code on paper. Wait for someone to compile it, and send you the source to check in. Wait for someone ELSE to test it and approve it.
At $50/hour/developer a ONE LINE change would cost $50K.
And why do this? Are you being paid at managerial rates? You obviously don't have authority, so why take responsibility?
Be smart. Do your job and shut up. The bad news is that the organization will recognize the problem and try to fix it. Until that happens, draw your salary and be happy. When that happens, DO NOT, and I repeat DO NOT make reasonable suggestions on how to fix it. Instead, keep hammering the Cyber Security line. Try "division of responsibility", "required trust", and haul out "required security clearances" and "audit trails". Hell, that's what the other parties will be doing. Wise up, join the game, belly up to the trough, and feed, BABY, feed! Pork all around, boys!
Example (true story). Being a foreign national (relative to the US), BUT having suitable expertise BUT NO CLEARANCE, I have done work for the US military machine. You know, early warning, targeting systems, stuff like that. One of my coworkers (really nice guy) finds himself in a secure US facility, having to update some FORTH boot code. But, he is not allowed to touch the keyboard. Hell, he can't even read the screen. Everything must be done via two military officers taking instruction (me to him to security officer to keyboard person). I had delivered the change to the on-site engineer, and we had walked through the entire process. He goes on-site, and tells the security person what will be done. The security person then tells the keyboard person. The result is then read back and filtered. When he returned, I had to ask -- did they accompany you the the bathroom too? Answer, yes, of course. Did they at least shake it for you?
A three line FORTH change is now a three to six month engagement. Billing two engineers at $1000/hour. Why should lawyers have all the fun? The problem here is that even when billing $300-$500/hour, you still don't get to get first-class! Bummer, that.
Captcha: similis - what you be doing if you find yourself in this position!
Admin
Admin
Wrong. The only apps it ran were interactive, therefore the screensaver was already disabled when they were needed.
Admin
I worked at a place where one of our devs stole some code for use in a side gig. After his exit, the CEO came up with the bright idea for an SDE - all the devs would share one internet workstation and zilch for development workstations. Never mind that we also needed to test extensively with external partners. After he announced the proposed change, he received resignation letters from exactly 100% of the devs (emailed before their workstations lost interwebs). Needless to say the change was never implemented.
Admin
You must be new here.