- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Secure development environments are frustrating as hell. One of the biggest problems is that on a project where everyone has a TS clearance, they don't segment properly... they put everything in the TS category because it doesn't matter. Everyone has it.
Then you hire someone, and they can't access anything.
If the existing people would just stop and think long enough to keep some work items unclassified, new hires would at the very least be able to do SOME work. I never could get much accomplished at that point in my career, though... it took about ten years in the field before I could start throwing my weight around and expecting to effect change rather than just get fired.
Admin
Your best bet is to not work at any place that doesn't allow you to work. Unless of course its at $100/hr and access to the web.
Admin
How does one go about getting security clearance? Do you always have to have a sponsor agency? Anyone here gotten clearance?
Admin
My only consolation in this situation would be knowing that the next batch of contractors wouldn't do much better.
Admin
If someone does, they couldn't tell you, or they'd have to kill you.
Admin
Shit! I forgot about the "if I tell you" part, and went ahead and killed him for asking.
Admin
I'm in the process of getting clearance. First, somebody in the company has to rise up and say, "This guy needs clearance!" Then they go to the agency that's sponsoring the clearance, and that does make a big difference because difference agencies have different requirements. Mine just so happens to be a bitch.
For example, they require a polygraph. I'm not even going to go into the particulars of that--but basically they know it's not accurate for detecting lies. It's more of a form of psychological torture that they put you through.
But anyways, I failed my first polygraph, which is common. They scheduled a new one for me (yes, they just schedule it, without any consultation). Unfortunately they scheduled it for a time when I already had vacation planned, so I had to ask them to reschedule it. About 3 months later I still hadn't heard anything back from them, so I finally made a few phone calls and within hours I had a new one scheduled. I guess they had just forgotten about me.
Admin
In the second story, it sounds like there was a serious communication disconnect between dev, IT & management.
What? The dev dept couldn't say that productivity was down because IT hadn't done sh*t to install development tools?
And what was the company doing to prepare for the contractor during that 6 week down-time before the contract actually started?
Sheesh! I hope that company has either gone out of business or has a branch in the Seattle area. :)
Admin
Yeah - used to have a secret clearance - oh, 20+ years ago. Yes, you have to be sponsored for it - and when you leave the job where you got the clearance, unless you move directly to another job requiring clearance, your clearance is terminated. If you are then hired by someone that needs you to have clearance, you have to go back through the process - the GOOD news is that it's faster, as they only have to investigate back to the date your last clearance was granted
Joke? Only had to use it once, and I got the offical notice that what I worked on was declassified 2 weeks later...
Admin
Why not just put a clause in your contract that states:
If the required development tools listed below are not delivered within the first week of employment then Agency XYZ will release the contractor and will compensate him $XXXX.XX.
Can you not do this with government agencies? What happens if the government breaches it's contract? You can't sue them as far as I know...
Admin
security clearance agency background investigation roadblocks administrative security purposes
blah blah blah
The real WTF is that Rubik's Pentacube. That and the fact that it's actually a real product.
Admin
That's not exactly true. The government decides if you're allowed to sue them or not. Many people sue the government and win, but first they have to have "clearance" to sue. :)
Captch: riaa - NICE!
Admin
The Real WTF is that he's using Visual Studio. Grab a pendrive and install some Linux on it. At least you could have been playing Tuxracer XD
SMILE is what I do every time I get paid for developing in Linux
Admin
I suspect that if I were placed in that position, I would spend that last day creating an invoice for the 6 weeks of unpaid lead time, itemize it under "Wasted Time and Lost Opportunities", possibly tack on a bit more for a "Termination in breach of contract terms" fee, and plonk it ceremoniously on the CTO's desk on the way out with a polite goodbye... after all, there's no reason to go burning bridges over things like that ;)
Admin
Removable media? In a high-security environment? Not likely.
Admin
On my first job when I first turned on my computer I found it was password-protected. But it was an Ubuntu machine and on the desk lay a bunch of LiveCDs. I could have called the admin to tell me the password (after calling the previous owner and asking for it) but the easier solution for me was booting from the LiveCD and manually adding a new superuser. The guy who used that computer before me arrived to collect his personal belongings and at first thought I've reformatted the machine! He knew that he never told anyone his password and had a really puzzled look on his face.
Admin
Where did it say he was unpaid? It would be a WTF if he spent time looking at non-sensitive docs and didn't get a paycheck.
Admin
My understanding was that the clearance had a 2 year expiration date - if you jump into another cleared position within 2 years, you're still cleared.
Admin
Um, wait a minute, those are the mens/ladies rooms...
The level of security and the type of environment are all relative.
When in college, I used to work at Banker's Trust. Specifically, I worked in the room where they kept all the stock certificates. Everything had to be physically locked in the safe at night, but during the day, the stock certificates were all over the place; we used to use them as placemats when we ate at our desks, and nothing could have prevented us from accidentally folding one up with the garbage from lunch, and tossing it (it happened more than you'd want to know).
Admin
Alex's and Steven's experiences are very common. One reason is that IT departments seem to be incredibly good at dragging their feet. Another is that some overzealous twit, either in IT or management, thinks contractors are evil morlocks who do nothing but steal company assets and drain office coffeemakers, therefore they must not be given access to anything ever. (Actually, considering how sloppy and indiscriminate contract pool companies have become with making placements in the last five to ten years, such company paranoia is starting to make a little more sense.)
I have noticed that people who choose to be contractors rather than seeking salaried employment are in the habit of taking their laptops to work. It doesn't get them access to the code base or database, but at least they don't have to wait for IT to give them basic development tools.
As for clearances... that's entirely in the government's hands, and it's treated like a force of nature: you can't make it faster, and you can't really make it move except how it wants to move. Some take years.
Alex is right that if a project requires clearance, they were unwise for hiring people who aren't cleared. Except, as Alex also pointed out, it's damn near impossible to find cleared people who aren't already employed. And we all know that competent programmers, cleared or uncleared, are a small percentage of the total offering, and considering cleared programmers are a small pool already, that leaves few to no choices. So companies have come to accept that the only way to find cleared people is to create cleared people. Even though it takes years.
So the clearance thing is a pain but unavoidable. Steve's neglect by IT was fully avoidable, is disgustingly common, and is a true WTF.
Admin
WOW. Two stories in one!
Admin
A Regional dialect of Esperanto! That made my day.
Tamen, mi dubas ke vi faris ĝin. :D
Admin
I don't understand why you didn't just:
Download standalone executables (like nmap and putty) and start figuring out how to actually do your job.
When I get to a place the first thing I usually do is make sure I can break all their security measures.
Even in something as low-pri as financial or media licensing there is usually a TON of 'security' that has to be busted through.
Think of it this way: People lock their doors because they expect it to keep people from kicking their doors in.
Diebold doesn't say anything about bazookas, does it?
Admin
YESSSSSSSSSSSS
Admin
Admin
I have a friend who setup and maintains one such system. ANY use of a media drive or any transfer of files to a computer sets off multiple pagers, locks the account and alerts security(armed security, not rent-a-cops). Everything has to be done over the network on secured lines and its completely sepperate from the rest of the systems at the company. Even setup with their own isolated firewalls and servers and different passwords within the company so none of the equipment is accessible to the regular IT department.
I just can't imagine working in that type of enviroment, although the paycheck probably makes up for the inconvience.
Admin
You'll get over it. It's the rarity of the experience that delights.
Admin
You'd think that people in high security jobs would make good money but the pay in government tends to lag behind what they'd get as a contractor (except in those rare "realignment" years). I used to work at such a facility and thought that I was making good money until I realized that I could leave, become a contractor, do work that I actually was interested in, earn a lot more money, and actually make a difference.
Admin
Yes. And even then you get the lowest possible clearance. In my last job I think I had the lowest one possible. It was only necessary because I had access to live SSNs.
Admin
Step 1: Collect a bunch of burnt out and/or obsolete (4kb thumbdrive anyone?) Step 2: Cart the pile into a secure facility Step 3: ??? Step 4: Profit!
There's got to be some process for removing items from a secure facility eventually, doesn't there?
Admin
I know that there was something about melting hard-drives with a lot of thermite...sounds like a fun job
Admin
Suppose it was an IT division plot to get rid of contractors?
Admin
Admin
I had a secret clearance in the 1960s, fresh out of grad school. I got it in two weeks. Other people hired with me took months. I think it was because of the transparency of my answers:
What were your addresses for the last 9 years? New York, Kansas, various addresses.
List all relatives living behind the iron curtain. I have many relatives living in Poland, Romania and Russia.
If you give them nothing to investigate, the investigation goes more rapidly.
Admin
Admin
The first and second paragraphs...
Admin
They did, but the CTO was not listening. I once had a boss who demanded a change an application for which we did not have the source. I explained why it cannot be done. The only answer (even after further explanation): "Just do it! I do not want to hear your excuses anymore!"
Sad thing, those people. Very unprofessional.
Admin
The most ridiculous part of the whole scenario was the piss-poor manager. If I had a manager that didn't advocate for me, or enable me to do my job, I'd be out of there on general principles.
What the hell was she doing while this guy was logging calls to the Helpdesk? Writing out her management procedure instructions in Notepad? 1000 lines of "I must chuck my staff in the deep end and let them drown - I must not bother the Helpdesk because of course my important project has no priority - I must not go and pound on the CIO's desk about the situation, because then we might actually get to do something"? At the very least, the workstations should have been prepared with the correct software before the contractor arrived onsite.
Admin
No. Consider that the paycheck for people in classified lines of business is usually government money (see: taxpayers) which is spent not in paying employees, but in fueling inefficiencies.
Admin
Many jobs of this sort are found in the military complex, especially for mil contractors. Their goal is not in fact to work on building sophisticated equipment and software, but in fact in doing the absolute minimum necessary to retain lucrative gravy train contracts. So long as the work remains to be done, they can bill on the contract, but the moment the work finishes, then so too does that revenue stream.
I suspect that the contracting company doing the background-checks likewise has a similar contract - "hey, it took a lot of hours to find out that this guy got a speeding ticket when he was seventeen!" - and since its a fairly minimal chance that anyone would even bother to double check (unless, of course, the applicant looked vaguely Middle Eastern and so was guaranteed to be an Iranian Al-Quaeda terrorist) its likely that most of the investigation probably took place at a bar, a race track or a night club of one sort or another.
Personally, its a self-correcting problem. Eventually, such companies and agencies can only attract the very new, the very naive, or the very unimaginative, and not surprisingly, very little good code gets written as a consequence.
Admin
Dammit, I came in here to say that The Real WTF (tm) was that the whole point of Esperanto was to eliminate the need for local dialects.
Admin
Admin
Nope, that's the Professor's Cube: http://en.wikipedia.org/wiki/Professor%27s_Cube
Admin
Er, I uh ... totally mis-read what you wrote, whicker. Sorry...
Admin
Just how much were you getting paid to securely do nothing for a year? Damn, man, why not renew that contract? Can you even get an easier job than that?
Admin
Because at this type of place, "making sure you can break all their security measures.." could get people killed and most likely will end with your dumb ass in jail.
Admin
Wow. I was really annoyed that it took me two weeks to get fully online at $DAYJOB. By the afternoon of my first day, I had a copy of the source tree on a spare workstation a coworker lent me so I could look at things. I still didn't get much done in that first week -- and no one gave me crap about it, because they knew that it took a while to, for instance, get a new workstation ordered, delivered to IT, configured, and then shipped to our office in another state. My access to various systems took a variable number of days to set up, but once again, I was able to hang out in internal IRC on day 1.
Admin
developing for FreeBSD is even better... but thats been a while.
Admin
shit - I work at a medium/large-size company, and when I was on the helpdesk (I have since moved to another dept) if ANY user - salesperson, developer, customer service, anybody - didnt have their computer setup and ready for them to rock'n'roll first thing on their first day their manager would give us hell until it was ready - if that meant we would sit and build it while they waited we would do it. If it takes that long to get dev tools to a contract developer, then they either have a) Lazy helpdesk staff or b) Very poor methods/systems for installing software - they should have either a standard image for devs or a system like SMS to push the right applications to the right users.
Admin
That was a damned long winded post. I guess Alex was concerned that Certain Federal Agency might object to his talking about them in this manner, so he wrote a long post in the hopes that it would take them another 6 months to read all of it.