corporate IT nazis
Sometimes, it becomes apparent just how good you have things.
At work, in the name of “progress”, my beautiful local-adminned and highly customised (but always up-to-date) IBM T42 laptop is being replaced with… a de-wirelessed and de-bluetoothed Dell Latitude D410. Though admittedly I’m enough of a whore for tech that I’m in a very small way looking forward to getting a new thing to play with. If only it wasn’t so limited…
So… goodbye Firefox; goodbye syncing Outlook with my phone; goodbye Ruby (Tracks and Instiki); goodbye SpamBayes; goodbye Google Desktop; goodbye GnuGrep; goodbye my ability to customise my work computing environment (it is apparently possible – oh the generosity! – to change one’s desktop wallpaper a grand total of 1 time); goodbye to a good proportion of the fun in my day.
Hello corporate uniformity; IE6; convenience for administrators; and “security”.
Yeah, security. Whereas before I was running a couple of Ruby web apps on a USB memory key, thereby keeping any potential data away from the public internet, my new solution is to… yes! run them on the public internet. That’s way more secure. Not that security is my responsibility anymore, right?
You see, it’s obvious from the fact that everything is locked down that I cannot possibly be trusted to make security decisions myself. Therefore convenience (as opposed to security) tells me to use the public internet for the things I need.
And of course run Firefox on my USB memory key. After all, what do I know. I’m just a dumb user now.
A challenge.
Martha
11 December 2005, 08:13 #
Everytime I see Instiki I think of “a hickey from Kinicky is like a hallmark”.
A can see you plotting to overthrow the Dell. Good luck.
Alan
11 December 2005, 09:19 #
Oh, a quote from Grease, right?
...and (in the light of day) I really need to stop writing these things after a few.
ben.run
11 December 2005, 09:22 #
I can’t stand to work on a computer that I do not have admin rights to!
Ben.
stephen
11 December 2005, 10:45 #
Wow. We’re managed by EDS, and yet I still legitimately have Cygwin, Perl, Python, and a bunch of other goodies.
We also have a VERY paranoid firewall and proxy setup though. :(
Michael Koziarski
11 December 2005, 16:18 #
I’ve yet to find a proxy server paranoid enough to stop apserver:
http://apserver.sf.net
Alan
11 December 2005, 16:20 #
...assuming one has the privileges to install it, of course…
Nice try, Michael. :-)
Martha
11 December 2005, 16:44 #
It did occur to me that your blog is under your real name, and quite possibly someone at your work may not like being called a Nazi.
But if anything comes of it, just have another drink and all will be well.
Mr Reasonable
11 December 2005, 19:23 #
I tried my best…..Nazi / Aussie = Naussi
Patrick
11 December 2005, 21:44 #
Martha: I don’t think anyone can really take offence to the term Nazi when used this way. It’s kind of like the Soup Nazi. Unfortunately with less soup.
My work (necessarily) is a lot more relaxed than that. True, we try very hard not to give users admin rights. On the other hand Firefox will be installed on request.
However, I work for the IT dept at my work, so come Monday when my new mac arrives only the windows box that never gets used will have the standard image on it :)
Alan
11 December 2005, 21:54 #
Martha: exactly why I expressed mild regret at my posting. But yes, another glass should smooth any of that away.
Mr Reasonable: I know you did.
Patrick: you’d at least not be the “corporate” part of the title, right? And anyway, you have Macs as an option at your work. If I remember rightly, the Nazis did not use Apple computers. Just IBM machines. (True.)
Caro
12 December 2005, 08:38 #
Stephen: I work for that company – let me guess, you work for Telecom?
Alan: the way to fix it is to make buddies with a field support/desktop engineer who will just give you admin rights when they realise you’re not going to kill your lappy :) Infact, just ask the dude that sets it up to leave the room for a few minutes while he’s logged in, and give yourself admin rights :)
Alan
12 December 2005, 08:48 #
It used to work like that (that’s more or less how I got my current setup), but not any more.
Welcome to lock-down.
Caro
12 December 2005, 09:29 #
ooohhhhh lockdown’s nothing, there’s always a way around lockdown, because whilst they lock out one-click options in a build (ie start menu is bare, no run option or display properties or control panel) etc, they usually don’t go so far as to delete the corresponding exe’s from the \\root\windows\system32 folder.
cmd.exe, compmgmt.msc, and regedt32.exe are your friends :)
stephen
12 December 2005, 13:07 #
Nah, I’m at Fonterra, where the COE (Common Online Environment) is yet to be deployed. Bless them, they surveyed everyone to assess what apps were in use before they defined the list of approved apps, so I made sure that my usual assortment of open source goodies was ESSENTIAL for my setup :-)
But thanks for the reminder about the .exes. Who knows where I might end up next. Although I’m starting to think that this might be one of the things that disqualifies companies from being on my “preferred employer” list.
Alan
12 December 2005, 19:06 #
Caro: yeah, I forgot about those. Before I got local admin that’s all I had to play with.
In more bad news, I’m getting conflicting reports on whether or not USB is locked down. If so, I’m not sure how I’ll get by without Firefox. :-)
Patrick
12 December 2005, 21:29 #
Ok, so we’re not that corporate :). There are, at least, some parallels with our student computing platform. (Apart from the Nazi part, they’re ok up there :)) And to some extent I’d love it if we could lock down most desktops. (While I’m sure you’re no menace, there are far too many people who leave stuff on their local drives, and then it’s our fault when the drive fails.)
Probably also worth noting is we almost always give laptop users admin rights. For one thing, we need them to run Windows Update.
Sometimes it’s nice being a developer. I need admin rights. At least that’s my story and I’m sticking to it.
house_monkey
13 December 2005, 12:06 #
No soup for you!
Caro
13 December 2005, 13:04 #
If USB’s locked down, then you can just go into the BIOS and unlock it down :) Short of removing the USB ports completely, there’s little they can do in the way of total USB blockage. It won’t be locked down anyway, because your mouse and keyboards will probably be USB anyway, and PDAs and things – too many USB peripherals are in regular office use to justify removing USB completely.
Alan
13 December 2005, 13:56 #
Ahhh, OK. That means I should be able to unlock WiFi and maybe Bluetooth in the Bios too.
I’ve got portable Firefox up and running and tested on one of the new machines, so it looks like USB is not locked after all. It’s quite nice – it’s using my existing Firefox profile, including my collection of extensions. Indistinguishable from the present experience (except for Java).