I love your incredibly naive and arrogant attitude. Everyone has personality fla...

mattmanser · on Sept 14, 2012

Firstly, I meant FF and Chrome, not sharing apps. Regardless, I would understand, vaguely understand, that limitation in the DoD, well not really actually, but 99.99% of us aren't working in the DoD or health are we? 99.99% of us are working in situations where the data is highly specific and only useful in an incredibly targeted intrusion that fairly trivial social engineering could access and a much greater attack vector is being exposed in poorly written web apps exposing entire DBs to the world if only anyone could be bothered to hack your local estate agent. But they can't be bothered.

Stopping people installing Chrome's not going to change that and you're utterly delusional to think otherwise.

Pretending otherwise is pandering to the security theatre that is gripping our country at the moment. If someone wanted into your DB, they will get in. Deep down you know that. And Chrome's not going to be how they do it. No, an employee, someone, somewhere, will give them access. People are you weak point, not the systems. Couple that with massively weak internal controls usually exposing your data to everyone in your company. They might have to sleep with them, they might have to hire a prostitute or something crazy like that, but they'll get in. Sneakers style! China's recent spate of 0-day's has also proven that a determined attacker will get in.

Or maybe you'll 'lose' another laptop.

Secondly, I am a professional programmer. Not an enthusiast. Grow up with your childish name calling.

Thirdly, I have also worked for a wide variety of companies as a drone, a lot, as I temped my way through Uni. At the time in 2000-2003 I didn't realise that being able to program was special. If only I could go back and tell me I would be far richer. Almost in their entirety the IT departments have been incompetent. This was before they even thought of blocking websites. I could regale you with tales of negative gas readings due to estimated bills not resulting in credits to customers at one of the largest energy suppliers in the UK. I could tell you of being given the entire delivery DB of schedules of one of the three collection cash delivery agencies in the UK 3 months before they were hit by a series of robberies just after those deliveries and never, ever getting an interview by the police.

Fourth, I have been in contact with hundreds of client IT departments the majority of which couldn't tell their ass from their elbow IT-wise, who didn't know that their servers had become zombies mailers or that something as simple as installing SQL server on a DC was a big no-no. One company I worked had the bright idea of making their programmers first-line support. Eye-opening.

Fifth, I have met hundreds of programmers in my time, there are only about 5 I would actually trust to program my toaster, let alone my heart monitor. Most programmers will only have a vague clue who Linus Torvals is. And the sysadmins I've met are often people not good enough to become programmers. Those rare other kind are like finding a diamond! I was chatting to a programmer friend I occasionally go for a pint and a curry with yesterday who works for a 100 person IT department in the NHS and no-one there knows what Github is. Or who Scott Hansleman or Scott Gu were, even though they work entirely in .Net, mainly with web apps.

There are a lot of people in IT at the moment who just do not belong here. We're still in the crazy "quack" phrase of our profession where it's hard to tell someone good from someone espousing nonsense.

In here, in HN, there's a solace, so many people actually know what they're talking about. It was refreshing when I first found it 4 years ago, and sometimes I forget.

Don't forget. Never forget that at the moment most IT people suck. If there's someone detached from reality, it's you.

tl;dr Letting your users install Chrome or FF is froody. You're talking to a battle hardened veteran, n00b.

18pfsmt · on Sept 15, 2012

You certainly seem to have good insights, but your tone is a bit caustic, and I think many of us would appreciate it if you toned it down a bit.

NB: I'm just an enthusiast/ hobbyist, so perhaps you don't care about my opinion.

dusing · on Sept 15, 2012

I think he was responding in the same tone he was addressed in, for better or worse.

mattmanser · on Sept 15, 2012

And I was a bit tipsy, making me more argumentative. Sorry!

eckyptang · on Sept 15, 2012

Likewise. Sorry too and I am now, so sorry for the current argument :)

(this is not personal and never is).

eckyptang · on Sept 15, 2012

My conclusions are unchanged. Some replies to confirm my position on the matter:

1. People are the weak point. Yes. Anticipating their actions and protecting against them is the task at hand. This is not security theatre - it's simply sensible considering human nature. People will not get at our production database if they try (we get regular attempts but our properly designed tiered security architecture and mandatory access control system prevent it every time and will as we adapt and re-evaluate regularly).

2. Losing laptops. Not a problem. We've lost a couple. We plan for that. They are fully encrypted TPM equipped laptops and there is no data on them anyway as our methods from (1) are applied. If someone got one, cracked the encryption or decapped the TPM chip and got in, they'd get nothing of value. We actually paid a rather well known ex-black hat a lot of money to steal one from one of our staff and try and get in and they couldn't.

3. I'm a professional programmer (red brick MEng, EE for 6 years embedded and VLSI, 15 years programming and architecure). So are my colleagues. We don't employ run of the mill guys. We start at the high end and have qualification requirements that would scare the shit out of a Google candidate. We don't employ the sort of people who can't tell arse from elbow. We know they exist but the agents don't dare send us their CVs. We're not interested in rock stars or ninjas or any of that crap - just people who know what they are doing.

4. I've worked for asshats too. In the corporate world, these aren't actually that common these days. I deal with a lot of large corporate financial customers for our product (FTSE100 types) and they know what they are doing.

5. I worked for the NHS for 3 years. No-one in the NHS needs to know what or who the hell Github or Hanselman or Gu are. It has precisely no bearing on the NHS. Does celebrity tech culture really matter there? No. That just undermines your entire argument.

6. As for quackery: it's easy to separate wheat from chaff, unless you are chaff.

There are very few people on HN who live in the "real world" i.e. outside startup culture. There is a consensus of opinion, but it's not all right. In fact a lot of it is plain wrong and driven purely by irrational worship rather than realistic well-thought-out and tested arguments (37signals, Elon Musk, JGC, Atwood, Spolsky to name a few)

As for the froodyness of FF or Chrome, froodyness is IE and Group Policy for the foreseeable future (not Chrome's piss poor implementation and unpredictable support lifecycle).

The fact you mention n00b implies that you still suffer from a childish mentality as well, therefore backing up my points again.

As for the time here - I've lurked in HN through many fads, phases etc for about 4 years. I decided recently to exercise my opinion a bit as there are some seriously bad ideas being promoted and I do not want the next generation of people to be terribly influenced by them.