 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Thu, 03 Jul 2008 23:16:17 +0300, Eero Ahonen wrote:
> Admins need to be people you can trust, because they actually can read
> your files/emails .
I've been saying that for *years*. I'd get questions every once in a
while from managers wanting to keep their IT people out of files on the
network. My first question was always "why don't you trust your IT
admins?".
Granted, there are *some* limited cases where this is necessary because
of regulations in some industries. That's what happens when people who
know nothing about technology create legislation.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Thu, 03 Jul 2008 09:43:47 -0700, Darren New wrote:
> You can't even buy a hard drive that won't hold five Commodore Pet
> computers worth of memory for every *bit* of memory a Commodore Pet
> could address.
I'm trying to remember - what was the addressable space fro the Pet?
There were so many models, but the address space was the same on all of
them IIRC.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> On Thu, 03 Jul 2008 23:16:17 +0300, Eero Ahonen wrote:
>
>> Admins need to be people you can trust, because they actually can read
>> your files/emails .
>
> I've been saying that for *years*. I'd get questions every once in a
> while from managers wanting to keep their IT people out of files on the
> network. My first question was always "why don't you trust your IT
> admins?".
A manager thinks he and only he is the boss, unless it is a woman. In
which case she thinks she is the boss. I think it comes as a surprise
when they find out that other people have more access than they. And no,
they are not going to give them the same permissions. Especially if
these people are much less pays than themselves.
In our hospital the IT people have access to all rooms and labs, even
the ones that are protected with badge readers because people may be
using e.g. genetically modified organisms or dangerous chemicals there.
It is impossible to have their access restricted (or force them to get
the right qualifications to enter). So we simply have to trust them that
they only enter in case of a real emergency, i.e one that can't be
solved by disconnecting the networkport.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 01:17:10 +0200, andrel wrote:
> Jim Henderson wrote:
>> On Thu, 03 Jul 2008 23:16:17 +0300, Eero Ahonen wrote:
>>
>>> Admins need to be people you can trust, because they actually can read
>>> your files/emails .
>>
>> I've been saying that for *years*. I'd get questions every once in a
>> while from managers wanting to keep their IT people out of files on the
>> network. My first question was always "why don't you trust your IT
>> admins?".
>
> A manager thinks he and only he is the boss, unless it is a woman. In
> which case she thinks she is the boss. I think it comes as a surprise
> when they find out that other people have more access than they. And no,
> they are not going to give them the same permissions. Especially if
> these people are much less pays than themselves.
I've only on a couple of occasions working in IT had a boss who insisted
on equivalent permissions to the ones I had. One was a relatively small
business (just a couple hundred users), and he actually backed me up, so
it made sense.
But the whole notion of having an administrator whom you don't trust is
just inherently wrong to me. If you don't trust them (as a manager) AND
can show cause WHY you don't trust them, then they shouldn't be your
sysadmin. End of story.
On the flip side of that, it's the sysadmin's responsibility to act in a
trustworthy way. I *always* had access to financial information, salary
information, and the like, and I *never* *ever* abused my authority to
see what my peers were making or find out how much the CEO was making. I
honestly just didn't care - it's not as if knowing that is going to get
me a raise anyways.
> In our hospital the IT people have access to all rooms and labs, even
> the ones that are protected with badge readers because people may be
> using e.g. genetically modified organisms or dangerous chemicals there.
> It is impossible to have their access restricted (or force them to get
> the right qualifications to enter). So we simply have to trust them that
> they only enter in case of a real emergency, i.e one that can't be
> solved by disconnecting the networkport.
That's a good level of trust. I'll bet the management puts a lot of
effort into making sure they hire people who are trustworthy.
Some companies have an "administrator agreement" that the admins must
sign that says they won't abuse their access. Last company I worked for
had that, ironically, I never did sign one - they just never asked me to.
I also have always insisted (when I've had administrative access) that I
be allowed to disable my own accounts and to *force* my boss to change
the administrative password with me not watching so they *know* I don't
have that information. As an IT person, there's nothing worse than being
even *accused* of inappropriate access once you've left the company.
That can be a career killer. I was asked to leave one job by my boss'
boss (don't know if the boss ever found out why I was leaving - it was
because he was a very poor manager and I called attention to it with his
boss - and his boss had been given the task of turning the poor manager
into a good manager; so basically, I was telling the director he was
failing at one of his main objectives, and he just didn't like it being
pointed out). I still got them to let me delete my own account and then
change the administrator (and the emergency backdoor administrator)
passwords.
I never heard from them again. Well, I bumped into the boss at a trade
show a few years later, and he acted like I should be happy to see him.
I wasn't, but I was polite to him, while still getting out of the lunch
area as quickly as was reasonably possible.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> I'm trying to remember - what was the addressable space fro the Pet?
Same as every 8-bit computer, I'd think. 64Kbytes. (I just picked
Apple and Commodore pretty much at random as popular machines.)
--
Darren New / San Diego, CA, USA (PST)
Helpful housekeeping hints:
Check your feather pillows for holes
before putting them in the washing machine.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Thu, 03 Jul 2008 16:43:17 -0700, Darren New wrote:
> Jim Henderson wrote:
>> I'm trying to remember - what was the addressable space fro the Pet?
>
> Same as every 8-bit computer, I'd think. 64Kbytes. (I just picked
> Apple and Commodore pretty much at random as popular machines.)
Ah, yes, that sounds right. Don't know why that didn't occur to me.
I'll chalk it up to "pre-holiday brain shutdown". ;-)
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Jim Henderson" <nos### [at] nospam com> wrote in message
news:486d5613@news.povray.org...
> On Thu, 03 Jul 2008 23:16:17 +0300, Eero Ahonen wrote:
>
> > Admins need to be people you can trust, because they actually can read
> > your files/emails .
>
> I've been saying that for *years*. I'd get questions every once in a
> while from managers wanting to keep their IT people out of files on the
> network. My first question was always "why don't you trust your IT
> admins?".
I see a similar question on the SQL forums all too often.
How do I prevent the database administrators from seeing the
views\procs\data in a database?
Simple answer: You don't
I was in a training course once with a whole bunch of sysadmins (windows
server 2003) and while the instructor was out of the room, one was boasting
that he could surf any website regardless of the company's internet usage
policy and he would never get caught.
For some reaon, I found that a most offensive attitude for a sysadmin to
have.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Fri, 04 Jul 2008 06:32:51 +0200, Gail Shaw wrote:
> "Jim Henderson" <nos### [at] nospamcom> wrote in message
> news:486d5613@news.povray.org...
>> On Thu, 03 Jul 2008 23:16:17 +0300, Eero Ahonen wrote:
>>
>> > Admins need to be people you can trust, because they actually can
>> > read your files/emails .
>>
>> I've been saying that for *years*. I'd get questions every once in a
>> while from managers wanting to keep their IT people out of files on the
>> network. My first question was always "why don't you trust your IT
>> admins?".
>
> I see a similar question on the SQL forums all too often.
>
> How do I prevent the database administrators from seeing the
> views\procs\data in a database?
> Simple answer: You don't
It's just amazing to me that this attitude exists in business. At the
same time, it's not surprising to me because clearly the people who are
asking these questions don't understand the meaning of "unrestricted" in
the phrase "unrestricted access".
> I was in a training course once with a whole bunch of sysadmins (windows
> server 2003) and while the instructor was out of the room, one was
> boasting that he could surf any website regardless of the company's
> internet usage policy and he would never get caught.
The funny thing is, a sysadmin who thinks like that is more or less bound
to get caught violating the policy. My first rule of use of systems in
the office: *Always* assume someone else is watching. It might also be
appropriate to add "and they're out to get you." - even valid sysadmin
decisions to restrict access lead to users with a chip on their shoulder
who want to show you up. Don't give them the chance: Follow the same
rules you expect them to follow.
Otherwise, when they find out (and they will), you're the one with
"hypocrite" tattooed on your forehead. And that follows you to every job.
> For some reaon, I found that a most offensive attitude for a sysadmin to
> have.
I would agree with that.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Jim Henderson wrote:
> On Fri, 04 Jul 2008 06:32:51 +0200, Gail Shaw wrote:
>
> The funny thing is, a sysadmin who thinks like that is more or less bound
> to get caught violating the policy. My first rule of use of systems in
> the office: *Always* assume someone else is watching. It might also be
> appropriate to add "and they're out to get you." - even valid sysadmin
> decisions to restrict access lead to users with a chip on their shoulder
> who want to show you up. Don't give them the chance: Follow the same
> rules you expect them to follow.
>
> Otherwise, when they find out (and they will), you're the one with
> "hypocrite" tattooed on your forehead. And that follows you to every job.
>
>> For some reaon, I found that a most offensive attitude for a sysadmin to
>> have.
>
> I would agree with that.
>
seconded
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
> Dunno. I have loads of files on my computer that I wouldn't want to put
> on a shared drive. Financial documents, scripts with passwords embedded
> in them, drafts of letters, etc.
But on a *work* computer?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
