|
The article you helped with is done |
|
Monday, August 28 2006 @ 10:49 PM EDT
|
I just heard from journalist Esther Schindler of IT Business Net, who earlier picked your brains on how to keep employees from downloading software on to business computers. The article is finished. If you'd like to read it, here it is. She asked me to please tell you that she appreciated your input very, very much. She was simply bowled over by all the useful information you provided. She asked me to convey this: "And my heartfelt appreciation for the hundreds of people who responded, both publicly and privately. I'd buy every one of them a beer, but I don't think I could afford that many kegs."
|
|
Authored by: SpaceLifeForm on Monday, August 28 2006 @ 11:21 PM EDT |
Please make any links you have clickable.
---
You are being MICROattacked, from various angles, in a SOFT manner.[ Reply to This | # ]
|
|
Authored by: TonyW on Monday, August 28 2006 @ 11:31 PM EDT |
In the unlikely event of errors in this short article, please post them in this
thread.[ Reply to This | # ]
|
|
Authored by: rm6990 on Monday, August 28 2006 @ 11:42 PM EDT |
Hey PJ.
I know you are concerned about users' privacy, and another user pointed out
that
Writely isn't exactly a privacy focused web service (being run by Google and
all). I have an idea....
Have you thought about using MediaWIKI for collaborative proof-reading for
Groklaw?
http://www.mediawiki.org/wiki/MediaWiki
It is the same software that powers Wikipedia, and could potentially be used
for
Groklaw as a whole to proof-read documents. It could be installed on Groklaw's
servers, and you could limit it to a select few that regularly or have in the
past helped you work on documents (to prevent vandalism, which is rampant on
Wikipedia). Everyone could read and point out fixes in a comments section or
something, but only a select few would actually be able to commit the changes.
With Writely, AFAIK, you are limited to only a few people working on a document
at once. With MediaWIKI, you could potentially have hundreds doing the
proof-reading, and then 10 or 15 quickly double checking and committing the
changes. Unless I am overlooking something, this could speed the process up
10-fold.
Just a thought.... Not sure whether it is a suitable alternative to the current
status quo or not, but just thought I would throw the idea out there.
And yes, I also emailed this comment to you.... Figured if I emailed AND posted
it, you would for sure read it.[ Reply to This | # ]
|
|
Authored by: IMANAL on Tuesday, August 29 2006 @ 12:51 AM EDT |
While I can understand the sentiment of it-management, they can make _your_ life
miserable too.
For years I managed to escape their long fingers, until some critical pieces of
software forced me to let them chain me to their dungeons.
The worst of all, start-up went from a miserable two minutes to nearly ten
minutes. "That's a trade-off you'll have to live with I guess".
Trade-off for what?! For the joy of no benefits? Hmmmmm...
Ok, I managed to retain my privileges to install programs. No, do not test
screensavers...
---
--------------------------
IM Absolutely Not A Lawyer[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 29 2006 @ 02:35 AM EDT |
This Article reminds me of a story I read, ( can't remember
where ) about someone that got a 6 month temp contract to
cover for an absent member of staff. The problems began
very quickly when for the first day he wasn't even allowed
into the office!
This level of paranoia was rampant throughout the
organization, he wasn't even allowed contact with some of
the people who could grant him the required system
privileges to do the job he was hired for.
Eventually, after 6 weeks of sitting around and doing a lot
of reading, they agreed that there was no way for them to
allow him to do the task he was hired for and they paid of
the whole 6 month contract and let him go!
[ Reply to This | # ]
|
|
Authored by: belzecue on Tuesday, August 29 2006 @ 02:49 AM EDT |
Esther, well done on the article -- an informative, considered, and entertaining
piece.
Note to other web tech writers: see? good research pays off![ Reply to This | # ]
|
|
Authored by: Sander Marechal on Tuesday, August 29 2006 @ 04:01 AM EDT |
It's a nice article, and quite a read to, but I do miss something. The main part
of the article consist of things groklaw members have said or given advice
about. It's all a little incoherent and anecdotal. I guess I was hoping for a
more structured overview and dissemination of the pro's and con's of various
oft-used techniques. The article starts well in this respect, but looses that
focus on page two and onward. It's still a nice read though.
---
Sander Marechal
Geek, Programmer and many more, but not a lawyer[ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 29 2006 @ 08:49 AM EDT |
Diskless workstations that load a fresh image each time they are booted. The
image contains all the apps required by the company. SO you get no viruses and
no unauthorized applications.
With lots of memory on the client and one server per twenty to fifty
workstations, running speed need not be a problem. Rolling out upgrades is as
simple as upgrading a master image so you don't have to visit each pc in turn.
User data is stored on a backup server and mapped into the /home dir so the user
always gets his own customized desktop.[ Reply to This | # ]
|
|
Authored by: Sgt_Jake on Tuesday, August 29 2006 @ 12:43 PM EDT |
I'd buy every one of them a beer, but I don't think I could afford that many
kegs
Let's try... [ Reply to This | # ]
|
|
Authored by: Anonymous on Tuesday, August 29 2006 @ 01:28 PM EDT |
What I find strange about this article is the way that, especially in the
beginning, it shows so strongly how people faced with something new can forget
all of their old reference frames.
"The employee has no right to
privacy while using that equipment"
This is not just a totally
unethical position; if an employer merely stated it, it could form the basis for
legal action in many countries. Yes they employer has the right to monitor
their own systems; however, that can be done without compromising employee
privacy (e.g. only specified administrators with appropriate NDAs are allowed to
monitor and only in situations where there is a justification).
His
easiest solution? After putting a company policy in place, "Find someone you're
going to fire, oust them and make a big stink after they leave (rumor mill)
about how they were fired for repeatedly violating this
policy...."
Now, PJ goes on repeatedly about the need for
ethical description of even enemies. This should ring alarm bells to anybody
reading this site. The suggestion is essentially to slander former employees.
Probably you will get away with it, but that's not because you should be able
to.
Incidentally, if you are working with "morons" where "nothing is more
effective than fear" then you have bigger problems than just your
computers.
I hope that the author has just not thought this through, and
that if she did, she would clearly state that these things are wrong. Even so,
this kind of article can do real damage to people's freedom. Groklaw should be
distancing its self from this kind of thing. [ Reply to This | # ]
|
|
Authored by: dwheeler on Tuesday, August 29 2006 @ 04:52 PM EDT |
A quibble with the article - actually, you CAN run programs on Linux systems
without having the "executable" bit set on them, so mounting with "noexec" and
other gimmicks simply make it harder for the less savvy - not impossible. In
general, just run the program that handles the file, and pass the executable
file (and its parameters) as a parameter. E.G., if you have a shell script
named "x", then "/bin/sh x" will run it just fine.
If it's a binary file named
x, run the system loader. On Linux-based systems that's normally named
/lib/ld-linux.so.2, so "/lib/ld-linux.so.2 x" will let you run the file. *BSDs
are similar. If you can run perl, python, etc., then you can also feed it a
script that has the EFFECT of executing the program.
"Can't execute" is
actually hard to TRULY enforce SOLELY by technical means on any OS, without
being VERY restrictive in the access you grant. After all, the whole point of a
computer is to execute programs. What you CAN do is make it hard enough that
naive users can't do it, and naive users generally won't work hard enough to
subvert it.
[ Reply to This | # ]
|
|
|
|
|