- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
This one is easy to solve actually, just apply for VB6 installation and you can continue to work without "installing" the program you should produce. (Hint: Interpreters does not need to create EXE file when debugging) Just remember to apply for "installation permission" before the day of deployment.
Now that's just one good reason for governments to continue using VB.
Admin
Admin
Ha... I used to work for a bank and this sounds like it.
Admin
It is called the Inception Design Pattern. The trick is to keep an infinite while(true) loop running in a separate process, and the moment it falls over you know you have gone too deep.
Admin
Two things....
users who don't know technical details can GTFO.
If java supported real garbage collection it would delete itself on first run.
Carry on.
Admin
I don't think you people grasp the full WTFness of this.
Why on earth would you not put them at least side by side? Do they never have to research something on the internet? Really? That's fair enough. I mean, how else are you going to provide a secure environment when using windows? Wait, so they did not even try to find out what happened? Just reinstall and hope for the best? Well, fair enough, that sounds like "windows admins"... After the first question, why anyone would even try to software development on windows, the second question: Why on earth would you use a proprietary java implementation, especially one from oracle?They are just looking for torturing themselves there, aren't they?
What the fuck? Is Steven really going to argue about the semantics of "install"? Why didn't he laugh in the administrators face and tell him that from a security standpoint it makes ZERO difference whether an executable is "installed" or not? What the fuck are they doing there? They should go to exactly one first interview to complain about the managers 1. not understanding their own job. 2. Not understanding their employees' job. 3. keeping their employees from doing their job. "Because it is my job to develop this software." And then just walk out. Seriously. If you get fired for it, take it up with a lawyer. You can't possibly lose such a case, can you? Write a mail to all their managers "Since my job is generating these "prohibited files" I can not do my job as per the policies created by manager XY. I will stay at home until you fix your policies. KTHXBYE". Why would you even try to take it up with them? This is not the real problem. The real problem is that the SDE team has no idea how computers and software works. Why THE FUCK would you REQUIRE the use of another proprietary microsoft program that is UNFIT for this purpose?Maybe it is not that insane to track all the files that the developers create. What is fucking insane is that you are tracking that manually in an application that is not fit for this purpose.
If you actually wanted to implement their insane policies, you'd take 5 minutes and write shell scripts that maintain a list of generated files in their version control fully automatically.
Why the fuck did nobody ask them what they *thought* their SDE was supposed to be used for?Raise this fucking issue to the managers because it shows that the SDE team clearly has no idea what they are even supposed to do.
Why did they not raise another high level issue against cyber security to ask why they think executables that are not "installed" are somehow automatically harmless?Why did Steven not complain to everyone who has any sort of power in that company that the SDE team neither understands the technology they work with nor what their job nor what their coworkers' job is and only cause the developers to be less productive?
Admin
I had the same kind of problem on my first job. It was on eve of the century, when VoIP was still science fiction.. I worked in 2nd level support, the kind of support that call back users, and stay with him on the phone the time needed for solving problems...
On day, our boss come to us, and say : "I was in direction commity, and they flamed our service : 7 of 10 of the biggest phone bill come from our service. I'm sorry, i laughed too much to be able to defend you."
The real WTF... the compagny i worked... was the national (and only at the time) phone compagny...
Admin
I traveled back in time to bring you these!
Admin
Admin
It depends. If you don't give shit about anything else than your pay check at the end of the month, I suppose it is an easy job. You'd need to use the time to learn things to keep yourself up-to-date. Buy a MacBook, install some VMs, learn all about iOS, Android, server programming that you didn't know.
Admin
Admin
As Above, So Below and all that. If the Dean waggling his hand can create the universe, why's it too much to ask for a butterfly waggling its wings to create weather systems.
Admin
Would that company happen to be in Canada ?
I think I work for them too. Pretty hilarious what they came up with for the glass thing (anyway the video with the mascot was pretty funny until you realize the amount of resource that was put into it).
Admin
He he he, at one point in art class I was so tired, I fell asleep and slept through the end of class. I was woken up by some guy from the next class coming in and telling me "who are you and why are you sitting on my place?"
Admin
This seems like a good excuse to abuse alternate data streams:
http://www.undermyhat.org/blog/2012/04/ultimate-guide-manipulating-alternate-data-streams/
Admin
Pico/Nano, of course.
Admin
So, I'm going to hazard a guess that it has something to do with the word "mobility"? If so, my condolences. Everything in that industry is backwards as fuck. People getting paid shit are the ones that actually have an IQ above 70, where the ones that get paid what the former deserve are absolute idiots that have security sniffing around your cube if they see a terminal window. I have one of those 90s glare/privacy filters on my display for that very reason. I claimed it was to keep shoulder surfers away from sensitive data.
Admin
So tell me the winning ticket number for Jai Laxmi lottery in Andhra Pradesh. Don't waste time in posting links for unpublish articles.
Admin
Reminds me of the time when I was asked to sign a modified contract of employment. The amendment was to add a clause stating that I would never supply any software to any of our customers.
It was at the time when companies were getting much more savvy about the need for proper software licensing, and I knew what it was they had meant to say, but since we were a software development company it was more than a little silly. You can't sign something as badly phrased as that.
I just refused, and it went away and never came back.
Captcha: inhibeo - to prevent the proliferation of silly contracts.
Admin
Minor correction - those who wrote and approved the SDE policy have no idea how computers and software development works. It was likely a combination of technical and non-technical cyber security employees (though it was approved by the head of cyber security). Somehow, the fact that yes, you can run software without installing it first, and software developers do that kind of thing an awful lot, slipped past all those people.
Under the policy as written, "installing" includes the creation and/or movement of any binary file. God knows what the policy's definition of "binary" is. "If it's not XML, TXT, or if you can't open it with Word, Powerpoint, Adobe Reader, or Excel..."
Admin
Admin
ahhh, redtape makes the world go 'round (or at least corporate world!)
Admin
How do you think he was able to pay for the time machine in the first place?
Admin
If it were me I would have quit immediately upon being interrogated for doing my job.
Admin
You are not authorized access to dates between 29 June 2013 and 15 April 2014.
Admin
I used to work for the government. This is EXACTLY what we went through every day.
Admin
Don't forget that whole "at will" thing
Admin
Windows...? Installers with toolbar options...? And you're calling this security? What the f*ck is this, the twilight zone?
Giving things big-dick titles with macho sounding acronyms doesn't make their implied descriptions true.
Admin
For a door-sized piece, if it's tempered glass and 5mm or thicker, it's simply not going to break from walking into it. Thinner pieces probably wouldn't break either, but door-sized pieces would be able to bend quite a bit so I would expect that the door is at least 5mm thick.
I have personally beaten on similarly sized pieces of glass with a metal shovel and had great difficulty breaking them when we were trying to dispose of them. The only way to get it to break is to hit the edge or corner and even that isn't always easy. Glass doors are normally protected by a metal frame and they almost certainly have done edgework to smooth (and possibly shape) any edges which are exposed.
If, somehow, a tempered glass door did break it would shatter into a million tiny pieces. You might get minor cuts or glass splinters, or get glass into your eyes, but you would not generally be injured. I have personally had similarly sized pieces of glass explode (and yes, tempered glass does explode) when I was carrying them and we hit the corner on something. Granted, I was wearing safety gear at the time, but those only really protect your eyes and hands. You may still have to comb broken glass out of your hair. It's also possible to use plastic instead of actual glass which will not shatter like that.
So I can't see what they're studying here. Can't they just look up the relevant building codes?
Admin
The injury would come from a frail person walking into the glass. The glass wouldn't have to shatter at all, it would just need to have the person bounce off to injure them. Think of an 80 year old walking into a sheet of glass. Probably best to put something on the glass to make it more visible.
Admin
Defense or financial services.
Worked on a system like that back when I was in the MIC; we had a public network and an internal development network with no outside access. There was a single transfer point where you could move files between networks via physical media (CDs). Thumb drives were verboten; if IT caught you with one they confiscated it immediately.
We had similar policies wrt admin privileges (developers had none) and all transfers into the dev network had to go through a malicious code review. Fortunately, our IT staff was pretty sharp and understood the nature of the business (that we wrote software), so we didn't have the kind of nonsense that the article describes.
The main drawback was that both classified and unclassified development took place on the internal network, so all devs had to obtain a clearance.
Admin
The mind boggles.
Admin
Our filter has a policy just for that -- Detected file type does not match file extension.
iWork files give it fits.
Admin
Admin
Sounds like there was about to be (or had just been) a third-party audit.
When I was part of a SAP admin team, we had been working with, you know, administrative rights.
A new auditor from the third party came out, after 10 years of the same one, and told us that we were not permitted to have any access to the systems we were running unless we specifically requested what was needed for each fix, and set a time limit in which to fix it.
And they made us close our master admin account.
Admin
Admin
Hence why a whitelist would be more secure in that case.
"I have no idea what a .xyz file is, so it's blocked."
Admin
For example, there are infinitely many different ways that you could encode an arbitrary binary file to make it look like plain text (base-64 being one). The system cannot possibly hope to detect all of them. The main question is how to accomplish this without making it unduly difficult for the recipient to decode the file.
Admin
The person doesn't even have to be frail. A very healthy middle aged coworker of mine walked into a (very clean, thus almost invisible) glass partition once, and he was so disoriented afterwards that some people decided to take him to the doctor to make sure he was OK.
Admin
PROTIP: Users usually launch their apps via shortcuts in Start Menu, so they don't need to know if link points to jar file or to exe. It'll work either way.
Admin
Admin
My school has this in it's IT policy, and I quote:
After a while you realise that you can't even log in - a script will run so you're in violation :P
Admin
Steven, Are you guys hiring? I thought my current company had some weird practices, but through your story I have realized that there are higher planes of weirdness that I cannot hopefully achieve in my current position.
Alas, my storytelling is the lesser for it.
Admin
Admin
Does he play for the Montreal Canadiens?
Admin
But anyway, you know I was talking about OSes currently on the market. Windows Server 2012 R2 doesn't have a Start Menu. Neither does Me 3 (the successor of Me Too (which was the successor of Me (which no one even remembers when making lists of Microsoft's usable OSes such as Windows NT4 SP3, Windows 2000, Windows XP SP2 and SP3, alternating with pieces of crap that no one even knows why they existed))).
Admin
"Sitting around on their thumbs all day" actually means "updating their resumes and installing it to their thumb drives".
Admin
Admin
Do the letters 'N', 'O', and 'G' have any relation to this issue?
CAPTCHA: acsi - our computer don' use EBCDIC, it use ACSI.