On Thu, 03 Jul 2008 16:43:17 -0700, Darren New wrote:

> Jim Henderson wrote:
>> I'm trying to remember - what was the addressable space fro the Pet?
> 
> Same as every 8-bit computer, I'd think.  64Kbytes.  (I just picked
> Apple and Commodore pretty much at random as popular machines.)

Ah, yes, that sounds right.  Don't know why that didn't occur to me.  
I'll chalk it up to "pre-holiday brain shutdown". ;-)

Jim

Post a reply to this message

"Jim Henderson" <nos### [at] nospamcom> wrote in message
news:486d5613@news.povray.org...
> On Thu, 03 Jul 2008 23:16:17 +0300, Eero Ahonen wrote:
>
> > Admins need to be people you can trust, because they actually can read
> > your files/emails .
>
> I've been saying that for *years*.  I'd get questions every once in a
> while from managers wanting to keep their IT people out of files on the
> network.  My first question was always "why don't you trust your IT
> admins?".

I see a similar question on the SQL forums all too often.

How do I prevent the database administrators from seeing the
views\procs\data in a database?
Simple answer: You don't

I was in a training course once with a whole bunch of sysadmins (windows
server 2003) and while the instructor was out of the room, one was boasting
that he could surf any website regardless of the company's internet usage
policy and he would never get caught.

For some reaon, I found that a most offensive attitude for a sysadmin to
have.

Post a reply to this message

On Fri, 04 Jul 2008 06:32:51 +0200, Gail Shaw wrote:

> "Jim Henderson" <nos### [at] nospamcom> wrote in message
> news:486d5613@news.povray.org...
>> On Thu, 03 Jul 2008 23:16:17 +0300, Eero Ahonen wrote:
>>
>> > Admins need to be people you can trust, because they actually can
>> > read your files/emails .
>>
>> I've been saying that for *years*.  I'd get questions every once in a
>> while from managers wanting to keep their IT people out of files on the
>> network.  My first question was always "why don't you trust your IT
>> admins?".
> 
> I see a similar question on the SQL forums all too often.
> 
> How do I prevent the database administrators from seeing the
> views\procs\data in a database?
> Simple answer: You don't

It's just amazing to me that this attitude exists in business.  At the 
same time, it's not surprising to me because clearly the people who are 
asking these questions don't understand the meaning of "unrestricted" in 
the phrase "unrestricted access".

> I was in a training course once with a whole bunch of sysadmins (windows
> server 2003) and while the instructor was out of the room, one was
> boasting that he could surf any website regardless of the company's
> internet usage policy and he would never get caught.

The funny thing is, a sysadmin who thinks like that is more or less bound 
to get caught violating the policy.  My first rule of use of systems in 
the office:  *Always* assume someone else is watching.  It might also be 
appropriate to add "and they're out to get you." - even valid sysadmin 
decisions to restrict access lead to users with a chip on their shoulder 
who want to show you up.  Don't give them the chance:  Follow the same 
rules you expect them to follow.

Otherwise, when they find out (and they will), you're the one with 
"hypocrite" tattooed on your forehead.  And that follows you to every job.

> For some reaon, I found that a most offensive attitude for a sysadmin to
> have.

I would agree with that.

Jim

Post a reply to this message

Jim Henderson wrote:
> On Fri, 04 Jul 2008 06:32:51 +0200, Gail Shaw wrote:
> 

> The funny thing is, a sysadmin who thinks like that is more or less bound 
> to get caught violating the policy.  My first rule of use of systems in 
> the office:  *Always* assume someone else is watching.  It might also be 
> appropriate to add "and they're out to get you." - even valid sysadmin 
> decisions to restrict access lead to users with a chip on their shoulder 
> who want to show you up.  Don't give them the chance:  Follow the same 
> rules you expect them to follow.
> 
> Otherwise, when they find out (and they will), you're the one with 
> "hypocrite" tattooed on your forehead.  And that follows you to every job.
> 
>> For some reaon, I found that a most offensive attitude for a sysadmin to
>> have.
> 
> I would agree with that.
> 
seconded

Post a reply to this message

> Dunno. I have loads of files on my computer that I wouldn't want to put 
> on a shared drive. Financial documents, scripts with passwords embedded 
> in them, drafts of letters, etc.

But on a *work* computer?

Post a reply to this message

>>> I would have recommended a USB memory stick, myself.
>>
>> That only works if you *have* a USB stick. :-P
> 
>     If the files are that important, I'm sure he can buy one. They're 
> cheap.

Not in 20 minutes flat, no.

[Recall that we're in the middle of nowhere.]

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*

Post a reply to this message

>> I've been saying that for *years*.  I'd get questions every once in a
>> while from managers wanting to keep their IT people out of files on the
>> network.  My first question was always "why don't you trust your IT
>> admins?".
> 
> I see a similar question on the SQL forums all too often.
> 
> How do I prevent the database administrators from seeing the
> views\procs\data in a database?
> Simple answer: You don't

Er... like, WTF?

The sysadmin has absolute power. They can do *anything*. Up to and 
including completely replacing the entire OS with one that will allow 
them to do whatever they want. You *cannot* prevent somebody who wields 
that kind of power from doing whatever the hell they want - so they had 
*better* be worthy of such trust!

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*

Post a reply to this message

On Fri, 04 Jul 2008 09:03:49 +0100, Invisible wrote:

> Er... like, WTF?

Well, it's not that difficult to understand - this is what happens when 
technically incompetent people decide how to implement policy.

From what you've seen, you've witnessed some of this behaviour firsthand.

That said, there are ways, for example, to prevent a sysadmin from seeing 
files in a filesystem.  File-level encryption, for example - or directory-
level.  With Linux, this is almost so simple as to be trivial using encfs 
(of course with requisite Linux-foo skills).

But ultimately, yes, you're right - a sysadmin needs to be worthy of the 
trust placed in them.  That's rule #1.  They may not be able to get at 
the encrypted files, but the sure could still nuke them.

Jim

Post a reply to this message

Jim Henderson wrote:

> Well, it's not that difficult to understand - this is what happens when 
> technically incompetent people decide how to implement policy.

What's technical? The sysadmin is, by definition, God. You can't stop 
God from doing things. QED. You don't need to know a thing about 
technology to comprehend this extremely simple principle.

> That said, there are ways, for example, to prevent a sysadmin from seeing 
> files in a filesystem.  File-level encryption, for example - or directory-
> level.  With Linux, this is almost so simple as to be trivial using encfs 
> (of course with requisite Linux-foo skills).

Yeah, sure, but the *key* has to be stored somewhere. ;-)

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*

Post a reply to this message

>> That said, there are ways, for example, to prevent a sysadmin from seeing 
>> files in a filesystem.  File-level encryption, for example - or 
>> directory-
>> level.  With Linux, this is almost so simple as to be trivial using encfs 
>> (of course with requisite Linux-foo skills).
>
> Yeah, sure, but the *key* has to be stored somewhere. ;-)

Just use Windows built-in encryption, that works off your login password 
doesn't it?  Even if the admin can remotely log in, they won't be able to 
read your encrypted files unless they somehow get your password.

Or just zip things up with a password.

Post a reply to this message