- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Access denied: Administrator privileges required to be frist
Admin
It's a poor craftsman who blames his tools, but that only really applies if said craftsman has any say in the tools they use. This is just management gutting any chance of the interns doing any real intern-ing.
Admin
The WTF in this story is that no attempt was made to change the setup. If you can't do your work, go tell people about it.
Admin
Sometimes it make me sad when Amazon and Wal Mart crush other retail companies. And sometimes it makes me glad.
Admin
To be fair, refusing to let people use the IT in any way does make it fairly secure.
Admin
He did tell people about it. They blew him off.
Admin
He told John though. And in a company this strict about rules, I wouldn't be surprised if trying to "jump" the chain of command would get you a writeup.
Admin
The fact companies like these can exist and not only that, but often thrive without ever realizing how absolutely stupid their policies are is shocking. "Security" has basically become paranoia nowadays, and it prevents people from doing their jobs. Ridiculous. Nelson should have just quit on the spot, been like "Sorry John, but I think I'm going to find an internship at a company that has a clue about how to do software development."
Admin
didn't find how to post images here... https://picload.org/view/ddgwrccw/06.jpg.html
Admin
No. In the kind of places that see fit to implement such draconian and self-defeating policies as these, even just suggesting that they be reviewed is such a locked door. A locked door that ain't ever going to be opened. Ever.
Admin
Maybe it will open, though. And turn out to be a Bluebeard door.
Admin
eesh. I know some of these stories are fake, but at least make them realistic.
Admin
I worked for three weeks at a major financial exchange in Chicago. It's just like this. The developer machines are totally locked down. You can not run any program not on a whitelist, so forget about your favorite utilities, installing useful tools, even sysinternals stuff. You can launch a program from Visual Studio but not otherwise. Protip: When management views developers the same as administrative staff or random people in an internet kiosk it's time to look for another job.
Admin
Any sufficiently advanced stupidity is indistinguishable from insanity.
Admin
If you can't code with paper and pen, perhaps you shouldn't be seeking code related jobs.
Prototypal write ups, white board/pen and paper should be taught before actual coding sessions begin. There's hacking in Python, where you really learn nothing, and then there's understanding programmatic expression at a machine level which requires no literal environments; just adhere to the rules of the machine. Learn the math, understand the machine, study the SICP and take Sussman's MIT 6001. Otherwise, you're a glorified operator and not a true business ready programmer.
Admin
I have worked at a place like this before. Mostly I just had to wait for several days before I was fully gained in the various systems and could start getting rudimentary tools. I wrote my code in a notebook, spent a lot of time"debugging" it mentally, getting it peer reviewed by more than one programmer, etc before being able to get a slice of time on the mainframe to try it. It was the early '90s, and just how things were for intern college kids. I spent a lot of time that summer poring over huge prints of computer code to find solutions to existing bugs in software. I learned a lot. Try it sometime, I think you might be surprised how poor of a programmer you are when you have nothing but a pencil and paper. It keeps reminding me to really work at knowing my trade and reminding me I am not quite as good as I often think I am.
Admin
These corporate outfits are the worst of both worlds. A couple of our customers with tyrannical policies and procedures come to mind. The former dragged us through the mud with their internal certification procedure, only to discover it was inappropriate for our equipment. The latter made us write custom code because we couldn't write to an ordinary filesystem area, regardless of what the ACLs said.
Now I did say worst of both worlds. The first customer started to cry about the performance of our equipment. We found that they'd done quite a job to a critical template file we'd made for them. Who did it? Who knows. Why? Yeah right. At the second customer, one *ss-hat decided to flash our Arduino with some hobby code. Backups? What's that? Oddly, our software started to hang after that.
Admin
The central ideas of security are to provide access to resources to those that are authorized to have access and deny access to those that are not authorized. This security team manages to deny access very well, but fails on the first part. If a person can't effectively do the job they are hired to do, then your security policies are getting in the way of business, not helping it or your security people are not implementing the policies properly, or both.
As the guy responsible for managing IT security at my company, I have established procedures for adjusting permissions: send me an email with your user name and what you think you need to be able to do. If the request did not come from the person's manager, I will check with the person's manager, and maybe the manager's superiors, and if warranted, give the person (or more often their role) the permission to do that. If software needs to be installed, I will check how many licences we have for it, if applicable, remotely log-in, if I can, and install the software; the Admin passwords stay in a closely guarded database. If I need to get more licences, I will check with my superiors (them with the budget) to see about getting more.
If I notice a user is logging in on more than one terminal at a time, I would give the person a call and see what is going on and see if anything needs to be adjusted on my end; it is usually considered a breach of security for a user to use their credentials for another user, so I would want to know why they did. If you have reasonable procedures (which the ones in the article seem not to be; to much on the paranoia side), there should be no need to log in on someone else's computer, unless you are going to work there while you can't use your machine for one reason or another.
Admin
+1 One of the better versions of Clark's Third Law.
Admin
This might have been the case "way back when" or in some horribly security conscious government agency. But today, esp with stack overflow, the internet is a must; and an IDE is a must; and being able to install tools on your machine is a must; and being able to ask questions and get help through chat is a must.
I just can't imagine an environment where you code on paper. Not just stupid; this should be considered criminal. The boss should march right up to the board of directors and explain just how the company's policies are costing them boatloads of money. That's how you accomplish change.
Although it won't matter; by the time the board takes action, the company will be no more.
Admin
"'Security' has basically become paranoia nowadays, and it prevents people from doing their jobs."
You can see it in applications too that have features removed because "oh me, oh my, evryting so hard." Security is only the lie that's used as justification; the root cause is always incompetence. How long before they don't even provide keyboards because "oh me, oh me, so risky?" I mean, I've already had one job where I couldn't replace the keyboard because some dunce that couldn't even power on her monitor without help thought viruses were going to fly out of it and erase everybody's hard drives. And we wonder why nothing in this supposedly "hi-tech" country ever seems to work.
Admin
Was it a USB keyboard?
(No, seriously. It does make a difference.)
Admin
Not Zenith, but my workplace didn't let me replace the $5 HP special with my trusty Model M for the same reasons. It obviously wasn't usb. Now if they'd told me I couldn't use it because it was so damn loud, that'd be understandable. :)
Admin
I have difficulty believing that any company of this nature would work, in any way at all. If you can't open notepad (or some editor) you can't even view the source code that you want to alter. There would have to be some kind of viewer. When dealing with security policies like this, you have to be prepared for the fallout: Someone is going to get fired. If you win, it will be someone from IT. If you lose, it'll be you. If you can accept the fact that if you lose your job it wasn't really one you wanted to have anyway, then a great wide world opens up to you.
At that point, you basically just start pushing; using any means at your disposal to get around their idiotic security rules. My first and easiest thought is that you have their codebase on the drive now. Bring in a laptop, plug the drive from your desktop into it, and copy the codebase. If they "Write you up", just ignore it, and keep being the most effective member of your team. Write ups really mean absolutely nothing, particularly to an intern, they're just a shame tool. As we already covered, you don't care if they fire you, so why care if they write you up?
You just keep pushing, and either others will adopt your changes, or they'll fire you. If the former, then you get to be the one who brings the reform that everyone really wants, if the latter, then you're better off not being on the sinking ship anyway.
Admin
Great idea, other than the fact that they could try and charge you with theft as you're transferring information without authorization off of company systems. That gets into a bit worse of a position than simply being fired. At the very least they could demand your laptop hard drive.
I've been on both sides of the security spectrum, having had some clients demand we limit our security as it was getting in the way of business only to be hit (multiple) times by lockware within the same year. Likewise I've been through security policies where my job was effectively neutered as I was used to access and maintaining systems that technically I wasn't supposed to access nor maintain... but systems are becoming less secure, especially where security consciousness doesn't yet exist (mobility, PLC networks). Got to be aware of what your weak points are and where to mitigate chance of breach. It's why Sec creates plans focused on what to do when you're breached and not if.
Got to know when to bend in either direction.
Admin
Don't waste you time at a #### shop like this. As soon as the boss pulled out the notepad, the next comment would be laughter as you are walking out the door; "See you suckers".
Admin
Managers? They're the last people that should be trusted to access the Internet.
Oh, and really good security, leading to "I'll come by and enter my credentials for now so you can get set up". Hmm..
Admin
I've always thought that the ultimate design goal of the GNOME Desktop Environment was - that upon startup - to present the user with one simple option: a big Shutdown button.
Guess this employer decided to go for the same thing with security policies.
I worked at one place where security policy prevented you from changing Windows screen fonts. So if you needed to set font zoom to 125% to read text on that nice new monitor - you couldn't, that required installing the larger fonts.
Admin
Dear God, there are half a dozen replies carefully explaining that it would be very hard to code if your computer was locked down. Why do I read the comments here? What is wrong with me?
Admin
Was he supposed then to arrange the sheets of paper containing the development he'd done on a wooden table and photograph them, and then scan them in? The computer can turn that into a working program, surely? No? Then you've failed in your assignment and don't let the door hit your rear end as you leave.
Admin
That's understandable. The Windows font engine is entangled with the firewall, and they need to be sure that the machine is protected against that evil evil network at all times. I totally get that.
Admin
You could probably write a wrapper to chainload any program from Visual Studio.
Protip 1: Never assume that anything capable of running arbitrary user-supplied code is secure, even if you try to lock it down.
Protip 2: If you make dumb security policies, assume that users will find a way around them (a story about this in the context of automatic screen locking appeared on /r/TalesFromTechSupport a few months ago).
Protip 3: Don't lock down your users' systems to protect your network. Lock down your severs and routers.
Admin
@Polyglot: I agree in theory, but when your machine is so locked down that you can't develop anything on your machine, that's taking the old-skool a bit too far. You should be able to write a program on paper, yes, and debug it on paper, too, but you should also be allowed to test it on your computer. After all: "Beware of bugs in the above code; I have only proved it correct, not tried it."
Admin
TRWTF is using an Arduino in production.
Admin
Erm, DrPepper... if you need SewerOverflow to program, you may be in the wrong business. That one should definitely be on your "consult, but never trust" list.
Admin
No, a PS2 keyboard manufactured in Kentucky at the IBM/Lexmark factory.
Admin
I was ready to believe it until the "use an actual notepad" part.
Admin
Speaking of security paranoia, there's got to be a better way to flag posts than mobile vs desktop. While we wait for that to eventually be approved:
No, it was a PS/2 keyboard manufactured in Kentucky at the IBM/Lexmark facility. I do have a USB model from the same place though. Let's not trust a specialty keyboard made in the US but not even think about where the cheap Chinese Dell/HP keyboard attached to the PC really came from.
Admin
Just saying... this one seems to bad to be true. I think this post is hyperbolic if not completely fabricated.
Admin
As a Ops specialist my first order of business is to shut down our most sensitive servers immediately. This ensures the highest level of security against breaches and unauthorized access. I charge 7438927932 Bitcoins an hour so hit me up if you need my expert solutions. I am also MCSE certified and not a robot.
Admin
They seem to have made some very liberal changes to my story. I did not, in fact, need to develop with a physical notepad, but I did encounter these issues at the start of my internship.
In the first week, I was tasked with setting up my machine with all of the dependencies needed for running the project. The first stumbling block came when I found that I could not actually save anything to the filesystem. My manager was able to lift this road block for me so that I could actually start downloading the dependencies. While waiting for this resolution, I contented myself to go online to learn about some of the skill gaps that I knew I had. Namely, I had no prior experience with SQL, so I wanted to familiarize myself at least a little bit with it. However, when going online to find any sort of information, I was immediately presented with a webpage indicated that I was attempting to access a restricted resource and that my manager had been notified. Shortly thereafter, my manager stopped by to assure me that he would get IT to grant me internet access. So, in the end, I was left to twiddle my thumbs until I had access to do anything useful on my computer. Eventually, he was able to sort out some of the issues with my permissions on the file system by giving me administrator access. I still didn't have internet access, but I could at least start downloading the project dependencies. This meant going through a Word document and following step-by-step instructions to run commandline processes to get the dependencies. It was a fairly long and arduous task, but I saw the files getting created, and by the end of the week, I had everything I needed and internet access. However, as time went on, I started stumbling when trying to get the project running. As it turns out, all of the dependencies that I had downloaded before getting internet access had the contents replaced with the HTML of the webpage indicating that I did not have access to access that resource.
Admin
Don't forget the fact that changing font size can crash IE, which most companies use as the gold standard Internet Browser.
Admin
i read through all the comments and the one that made the most sense is to simply download the code and take it home. Setup your own development environment and have fun. I've done this many times on many overly secure systems, who are so overly secure that copies of their code are running on dozen of insecure home systems. Good luck beating the high school dropouts on eternal dough nut breaks.
Admin
reminds me of that old story where someone "proved his fix would work" on paper, but when they tested it on an actual computer, it didn't work...
Admin
You might be a polyglot, but you don't speak MITese. Do you mean 6.001?
Admin
When faced with our users in that situation, we just changed the default web browser on their machines to Chrome. The users were almost all happier except for one guy, who'd figured out how to use bookmarks but not switched to Chrome of their own accord. (A little manual intervention fixed that.)
Fortunately our intranet sites are almost all either things that work in a modern browser or so ancient that everything can render them fine…
Admin
"Someone is going to get fired. If you win, it will be someone from IT. If you lose, it'll be you. "
I'd see that differently. If you're fired, you have won (your freedom back, and your sanity).
Admin
Yes, this is why SaaS is taking over - because you as the SaaS provider cannot be dictated to like this. You offer a product, you have control - the client only gets to choose "yes" or "no". They don't get to choose all this sort of thing - but the question doesn't even get asked. That means the CFO and CIO and c-suite don't end up misinterpreting the question, and the IT Infrastructure power hungry people are forced into a teeny tiny little corner. They no longer have control. And the SaaS provider? They're probably on a devops model, where everyone has access.
No, you cannot physically audit my hardware. It's owned by Amazon/Microsoft/Google, and they'll kindly ignore your question.
And yes, you security people? You will be finding over time you have to justify why you're there - because you might just be getting in the way without adding any value.
Admin
I read the subject and think it's bad, but pretty survivable. And then I read the content and found I underestimated the level of "bad" could be.
Btw, I'm surprised they don't trade the ability to connect to network (i.e.: reinstall the machine, unplug the network cable and never join the domain) for a machine that can get something done. From the article content it seems he cannot do anything with the machine anyway, so any improvement is improvement.
Admin
"If you can't code with paper and pen, perhaps you shouldn't be seeking code related jobs."
Yes, but if you can't even open an editor, HTF do you even read the existing source to have any idea of what you may want to do to it?