Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
On Mon, 2002-07-08 at 00:37, [EMAIL PROTECTED] wrote: > On 7 Jul 2002, at 9:26pm, Kenneth E. Lussier wrote: > > The people saying that they should be able to run whatever they want *ARE* > > the IT department. > > It seemed obvious to me that that is not the case. If they were the IT > department, the IT department would not be telling them to do something they > did not want to do. I must have misunderstood the begining of this, then. I understood this to be that managers, not IT, was the one saying that they had to use Windows. > > So, it would stand to reason that there are slightly different rules for > > the IT department then there are for ordinary users. > > That statement can be interpreted two different ways. > > On one hand, it could mean that the IT staff of course has all the root > passwords and such, and is entrusted to perform privileged operations, and > thus of course has to have different rules. It also means that since IT is responsible for supporting *NIX, Windows, VMS, whatever, so they need the most effective and efficient system in order to support all of those things. So what they run on their desktop will be different than the "common" user. > But it could also mean that the IT staff has different rules because > "we're IT and we can do what we want to". If you consider that acceptable, > well, that's your right, but you'll never work in a shop I control. Well, you have the right position, but the wrong attitude emphasized. It's not that IT can do whatever they want, but rather, if they are the ones who are responsible for determining standards, etc., then they need to be to be doing these sorts of things first. That way, when a user comes along and wants to do something other than the norm, the IT department can either allow or deny based on fact, reasoning, and knowledge rather than supposition. > > I think that the difference is *who* the user is. If a sales or marketing > > person wants to do their own thing, you know that only bad things will > > happen. > > I realize you're saying that with tongue-in-cheek, but it is none-the-less > an attitude I see quite a bit. Far too often, I encounter IT staffers who > think they are the members of some special elite, and that rules do not > apply to them. I consider that to be the worst kind of corruption -- like a > crooked cop. IT staff, if anything, should live up to a higher standard. IT should be held to the same standards that they set for others in most cases. As I said before, the rules are slightly different because they are the IT department. IT people should have root on the systems that they support. Marketing doesn't need root. Things like that. That doesn't mean that they can abuse their authority. However, since they are the IT department, and they are responsible for the network, and every system on it, then there are a lot of rules that don't apply to them. For example, if one of my users decided to scan my network, I would remove them from the network. I, however, scan my network on a regular basis. It's part of my job. That's what it comes down to. If you do your job, then there really isn't any time left over to do much else. > "Who watches the watchers?" It's a nice saying, but it is quite impossible to always have someone watching the watchers. It comes down to "Do you trust the people that you have hired to do their jobs?" C-Ya, Kenny -- "Tact is just *not* saying true stuff" -- Cordelia Chase Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So far I've been quietly amused by this thread. :) But now I'd like to make several points that people have sort of been dancing around in this discussion, but haven't really hit upon, that I've seen so far. 1. There was, in fact, a discussion about root access had on this list not all that long ago (I think it was about a year ago). However, being one of the primary players in (and IIRC the instigator of) that thread, I would like to point out that the "no root access" argument supported by both Paul and I was NOT that no user should ever have root access to their desktop. It was instead about the fact that under most circumstances, in an environment where security was considered important by management, that no user should NEED to have root access to their desktop (being the machine from which they access corporate IT resources like e-mail and such -- root access to "lab" machines might still be required for various reasons). While I agree with both sides on many points in the *present* discussion, I stand by that point of view. It does not preclude the idea that a skilled employee could run whatever software makes them most productive in a) environments where security is not as important, or b) on machines that have less or no access to company IT resources. Depending on exactly what level of security is required, I'll even add c) in an environment where having root access to a lone Unix workstation doesn't amount to anything, such as an environment whose IT resources are all based on Windows services. In such an environment, much of the problems associated with a user having root access to their desktop disappear (i.e. there is no NIS domain to snarf, no NFS volumes to run ragged over, etc.). If I were in a situation where I were managing an environment that had a need to control root access to users' workstations, but I had users who needed to have root access to Unix workstations to do their job, I wouldn't have any problem with that provided they were in a segregated lab, or were somehow otherwise blocked off from accessing the company's IT resources. 2. In general, I agree that the IT staff usually has sufficient skill to determine what software makes them most productive. But, as anyone who has worked in IT has seen, there are always users who *think* they are skilled enough to make that same determination, but aren't. In both cases, what they should be allowed to run depends on the situation, and on the company's policy. If the company has a corporate policy that "no one shall run anything but Windows on any system connected to the corporate network," and the IT department has been tasked with strict enforcement of that policy, then the IT people should adhere to it also. However, I will admit freely that I will never work in such a place by choice (desperation for a paycheck does not count as choice). A more sensible and user-friendly approach is to have a policy which states that corporate machines will be pre-installed with supported software, and any other software installed is not supported. If you have a problem with any software you've installed, you're on your own. If you have problems that you can't overcome yourself, your system will be replaced with one that conforms to the corporate standard. If, because of your own incompetence to use and/or manage the software you've installed, you damage corporate systems, or cause problems with the corporate network, you will be subject to disciplinary action up to and including termination. And, in the event that the company has software which is not permitted to be used (such as AOL or MS-Outlook), those titles should be expressly listed in the policy, and disciplinary actions should be taken against users who break the policy. I believe there are occasions when there should be a list of banned software, but I also believe a title shouldn't go on such a list without a very good reason (like oh, say, it's primary use is to easily propogate Internet worms)... Obviously, any number of other variations are possible here. The corporation should choose a policy that makes sense to its environment, but should try to accomodate users as much as is reasonable. Contrary to popular belief, I am not in favor of policies which blindly restrict users and/or make their jobs difficult. Whenever such a policy is instituted, there ought to be a very compelling reason for doing so. 3. If you are going to have any kind of strictly enforced policy, the people who enforce the policy MUST be subject to the same policies and disciplinary actions imposed on others. The IT department will lose credibility and respect if the situation is otherwise. It is also unwise to have policies which are evaluated on a case-by-case basis, where the sole criteria is a subjective, if not somewhat arbitrary judgement of the individual user's computer skill. This is the sort of thing that breeds discrimination law
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
In a message dated: Mon, 08 Jul 2002 01:40:47 EDT [EMAIL PROTECTED] said: >On Mon, 8 Jul 2002, at 12:46am, [EMAIL PROTECTED] wrote: >> In other words, if I'm not requesting any assistance from corp IT .. > > Paul, I would expect you, of all people, not to take that stance. You and >I both know that simply connecting a system to a network involves it in the >whole support tangle. I disagree. If I come in and connect to the network, regardless of whether it's a corporate supported system or not, I can cause problems. What's the difference if that system is running the sanctioned software or not? I can cause the same, if not more problems with Windows as an average user than I can with Linux as a responsible user. Now, if you're talking malicious intent, that's different. In that case, just having any access to the network at all, be it physical or otherwise, is problematic. But I don't think you're inferring malicious intent. >From there, you can cause problems, and/or you will complain when >things don't work. I will complain when things don't work no matter what. However, at this point in time, as a Linux user, I'm more likely to know *where* the problem really lies, and call IT and provide them with a very explicit diagnosis of the problem far beyond the typical "Duh, the internet is down." Additionally, if I'm running any non-supported software, whether it's Linux or Netscape, I cannot expect *any* support from the corporate IT group at all in relation to that software. Period. That's why it's called "Unsupported". >I refuse to believe that you would honestly allow anyone to just walk >in and plug their own equipment, running God-only-knows-what, into a >network you are responsible for. You're a better admin then that. Yes, I am a good admin, but I'm also a realist and understand that I can't stop anyone from doing this is they're so determined. I can do things which will make their live miserable, like using DHCP to statically assign IP addresses based on MAC address. And anyone with a cable modem knows how difficult it is by-pass that configuration :) I may create separate networks for non-employees to connect their laptops to, or segregate conference rooms from the corporate network. But ultimately, other than just having a policy stating "Thou shalt not do this", there's little I *can* do to prevent this from happening. It's even worse in a large company where there are so many people, varying and disparate needs, and an understaffed IT group. You really need to know how to pick your battles. Forcing someone to use one OS over another is a battle I'd choose not to fight. I've tried and lost too many times. It's far easier to say "Sure, go ahead, but don't ask for help!". > Now, as I understand it, in your current situation, corporate IT >effectively trusts you and your group to do things right for you and your >group, irregardless of what OS you run. That distinction is critical, for >what I hope are obvious reasons. (picking nits here. There is no such word as irregardless! It's either 'regardless' or 'irrespective') Corporate IT doesn't know me from a hole in the wall. And AFAIK, they also don't have a policy against running Linux, UNIX, or MacOS for that matter. They don't support any of it, and will go out of their way to actively avoid any support type questions you may have surrounding anything but "supported software". In the end, it's much like running Linux at home and trying to call a non-Linux ISP for connection support. Mention the word Linux, and automatically it's your problem that they can't help you with. Even if you're calling to tell them their mail server is configured as an open relay :) >> Totally different scenario. > > I don't think so. Yes, the circumstances were different, but the ultimate >issue is the same: Does user convience override corproate policy? In my >book, the answer is "no". If that means I have to run MS-Windows, I run >MS-Windows, or quit. As it happens, I am rather more likely to do the >latter then the former. That does not give me the right to violate said >policy. Okay, provided there is actually a policy which states I can not do something, I agree. However, in one these e-mails, I did mention that if this was an actively enforced policy, that I would end up seeking employment elsewhere, didn't I? I agree, user convenience should not over-ride corporate policy. However, I think, as in all cases, a blanket statement cannot apply. Every situation is different. When user convenience actively threatens the smooth workings of the company, or sacrifices security "just because" then it's time to enforce policy. When there is no other policy being violated or problem being caused, then you need to pick your battles. It's like speeding. Going 75 in a 65 zone isn't usually an enforced "policy", however, going 75 in a 65 zone, and weaving in and out of traffic u
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
On Mon, 8 Jul 2002, at 12:46am, [EMAIL PROTECTED] wrote: > In other words, if I'm not requesting any assistance from corp IT .. Paul, I would expect you, of all people, not to take that stance. You and I both know that simply connecting a system to a network involves it in the whole support tangle. From there, you can cause problems, and/or you will complain when things don't work. I refuse to believe that you would honestly allow anyone to just walk in and plug their own equipment, running God-only-knows-what, into a network you are responsible for. You're a better admin then that. Now, as I understand it, in your current situation, corporate IT effectively trusts you and your group to do things right for you and your group, irregardless of what OS you run. That distinction is critical, for what I hope are obvious reasons. > Totally different scenario. I don't think so. Yes, the circumstances were different, but the ultimate issue is the same: Does user convience override corproate policy? In my book, the answer is "no". If that means I have to run MS-Windows, I run MS-Windows, or quit. As it happens, I am rather more likely to do the latter then the former. That does not give me the right to violate said policy. > I'm NOT TALKING ABOUT CORPORATE IT SYSTEMS. A Desktop is not a "Corporate > IT system", at least IMO. Well, that does change the picture quite a bit, and I can see why that stance would confuse this discussion further. Sufice it to say that I almost completely disagree with that stance. I won't get into why in this forum at this time. (We've wasted enough bandwidth as is. ;-) -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
In a message dated: Mon, 08 Jul 2002 01:01:22 EDT [EMAIL PROTECTED] said: >On 7 Jul 2002, at 11:35pm, Paul Iadonisi wrote: >> On the machine sitting on my desk to do my daily work, I *do* have control >> over it, no matter what it is running. I see no problem with a policy >> that I can support myself, so I'll use Linux. > > I assume from context that you would have no beef if you were "forced" to >use Linux, but would object to being "forced" to use MS-Windows. So, I >assume that, in the above, you really meant "what I want to", as opposed to >"Linux". We have to clear something up here. There is a huge difference between "that which is used" and "that which is supported". I am all for a set of standard, corporate-sanctioned, centrally administrated, and accepted software. IT departments are far too over-burdened to be required to support every combination of possible software currently available, whether it be on Windows, Linux, or even VMS! However, by using the corporate sanctioned/supported software, I also expect to get total and complete support for it. If I stray from that sanctioned list, I cannot expect to recieve one modicum of support from the IT group. It is in that spirit that I advocate a user's right to any software they want to use to help them get their job done. Just don't expect it to be supported, or to recieve any help at all with it! > Well, that might work in a small shop, where you are the sole IT guy who >reports directly to the company owner. But it breaks down in a large shop, >where you are expected to be part of a team. Someone else already wrote >something on this subject, better than I could: > > "Also, I find it interesting that an individuals personal needs seem to >always over-ride the greater good of the company. Does no one ever think >about what's more important in the long run anymore? Do people just not >care?" -- Paul Lussier Hmmm, smart guy! Couldn't have said it better myself! :) However, let's take this in context. I do not now, nor have I ever said, advocated, or even thought for a minute that the individual needs of one person, whether it be me or the CEO of any company, or even Ben should over-ride the greater good of the company. This quote was also made in reference to a CEO who believed he should get whatever the hell he wanted *because* he was CEO. Not because he had a legitimate need for whatever it was that day, or because it was in the interests of the company either in the short term or the long term. He simply wanted things his way, which also happened to be in direct contradiction to the basic security practices/policies he himself agreed were a good idea. So, he was not only setting a bad example, but he was coming right out and saying that none of the (very few) policies that did exist mattered, or should even be followed. After all, if he wasn't willing to follow them, why should anyone else bother? If there is a direct threat to the company as a whole, or if the use of Linux, or your OS of choice, is problematic to the company or long-term goals of the company, then you probably shouldn't do what you are trying to do. However, I haven't yet seen this become an issue for anyone yet by just using a "non-corporate standard piece of software". Even Microsoft, who admit to still using a UNIX based environment in the development and production of their own products! -- Seeya, Paul It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
In a message dated: Mon, 08 Jul 2002 00:37:39 EDT [EMAIL PROTECTED] said: >On 7 Jul 2002, at 9:26pm, Kenneth E. Lussier wrote: >> The people saying that they should be able to run whatever they want *ARE* >> the IT department. > > It seemed obvious to me that that is not the case. If they were the IT >department, the IT department would not be telling them to do something they >did not want to do. Unless, like in many large companies, there are multiple "IT" groups. I've been in several different situations like this where I was the UNIX/Engineering IT person and there was a completely separate "Business IT" group to support all non-engineering needs. This is the situation I find myself in today. I was hired to be the engineering "UNIX guy", but the "corporate standard" for desktops is Windows. Since I'm the one supporting UNIX, I put a UNIX on my desk in the form of Linux. The only "corporate IT" support I require is when it comes to accessing corporate maintained systems. In one case this was in the form of a request for them to run an IMAP server so I could use fetchmail. They fortunately said yes. They well could have said no, and would have happily accepted that, since I still had options in the form of Codeweavers and/or Ximian for access to an Exchange server. If I have a problem with my OS, corp. IT won't help me get that new .dep or .rpm installed, nor will they assist with my e-mail client questions. But I don't expect them to, since a) they haven't a clue if it's not MS, and b) they officially don't support *any* of the sw I use. I would like to clarify some things in this debate. When I first started the campaign against the "I'm forced to use Windows" claim, I: a) took that as "It's an all Windows company, and I don't want to go through all the work/hassle it might take to get Linux on my system" excuse to whine about Windows. b) interpreted it as a claim made strictly in reference to a single user's desktop system on which they were the sole user c) have had less than 2 consecutive hours of sleep since last Tuesday, and may have come across sounding a whole lot more harsh than I meant to :) -- Seeya, Paul It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
On 7 Jul 2002, at 11:35pm, Paul Iadonisi wrote: > On the machine sitting on my desk to do my daily work, I *do* have control > over it, no matter what it is running. I see no problem with a policy > that I can support myself, so I'll use Linux. I assume from context that you would have no beef if you were "forced" to use Linux, but would object to being "forced" to use MS-Windows. So, I assume that, in the above, you really meant "what I want to", as opposed to "Linux". Well, that might work in a small shop, where you are the sole IT guy who reports directly to the company owner. But it breaks down in a large shop, where you are expected to be part of a team. Someone else already wrote something on this subject, better than I could: "Also, I find it interesting that an individuals personal needs seem to always over-ride the greater good of the company. Does no one ever think about what's more important in the long run anymore? Do people just not care?" -- Paul Lussier > If it's not already established that ... some of us don't expect to ever > have to use Windows on our own desktops, then it's not the place for me. This, I think, is a key point here. You are free to choose the manner of your employment. If you are asked to do something you dislike, be it run Windows or flip burgers, you can either (1) suck it up and do it anyway, or (2) object, and if your objection is overruled, resign. (Note that the first choice does not preclude further lobbying efforts on your part. But you do not get to break the rules while lobbying for them to be changed.) > I don't believe leaving a company for these reasons is, as some would say, > immature. Heh. I would say they are the only reasons for leaving a company. You can make good money managing a McDonald's. Doing something you like is far more valuable. :-) -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
In a message dated: Sun, 07 Jul 2002 22:54:46 EDT [EMAIL PROTECTED] said: > I find your stance rather hypocritical, In what way? All I'm saying is that a user should be able to run Linux on their desktop especially if they're willing to do so "on their dime" so to speak. In other words, if I'm not requesting any assistance from corp IT, I'm not making any trouble, and I'm not breaking any rules (other than the "we run windows" mandate), where's the harm? Especially if it increases my productivity! >given the involved and heated debate that once went on in this very >forum with regard to whether or not users should have root access to >their workstations, with you weighing in quite stringently on the "no" >side. :) Totally different scenario. At the time, we were discussing users who: 1. were accessing centrally controlled file systems with root priviledges 2. had the ability to su to root, then su to other users and access data they should not have access to. 3. did not have a need for root access on their desktop systems. 4. could easily accomplish their work without root access to the desktop system which also had access to the centrally located corporate file systems. (IOW, their work did not require access to NFS file systems, but might have required root priviledges, which could have been granted on a separate machine, via VMWare, or using sudo.) I'm saying that a user should be able to use Linux as their Desktop OS. Sure, using Linux may present some of the same security concerns we were attempting to address by disallowing root on the desktop. However, there are some differences: 1. In a sight using Windows, how concerned with security are they really? 2. SMB may not be the greatest, but it at least has user level authentication, which is something NFS does not. > What it basically boiled down to was that corporate IT staff has to >support and maintain corporate IT systems -- including all production >networks and computers that connect to them -- and, in such an enviornment, >with IT staff rightly being held accountable for it all, the IT staff should >have every right to insist you run things "their way". Now that "their way" >and "your way" are not mutually inclusive, you suddenly change your tune. I'm NOT TALKING ABOUT CORPORATE IT SYSTEMS. A Desktop is not a "Corporate IT system", at least IMO. A Corporate IT system is something a.k.a. a server, something which is a central resource to the company or organization as a whole. A desktop is just that, one individual's system which, if taken offline indefinitely, would pose no threat to the environment at all (at least, it shouldn't). > Don't give me the "I'm more productive on Unix" line, either. :) The >productivity argument was put forward during the "root access" debate, and >your position was that reliable corproate operations trumped that, even in >cases where root access was not just a matter of productivity, but being >able to do your job at all. Your position was that, if root access was well >and truly required, a special lab enviornment, carefully isolated from the >production enviornment, was the only acceptable approach. And I still maintain that argument. But that doesn't negate that I, and many others are more productive on a UNIX-based OS. There is a huge difference between me running Linux on my PC to perform the same basic functions (i.e. web surfing, e-mail, document creation, etc.) and someone having root access to a desktop in an all UNIX environment on their desktop, that will, by design, also allow them to impersonate other users and allow them access to data they shouldn't have access to. One is a question of security, the other is of productivity. And yes, often times these two concepts are mutually exclusive or at the least, inversely proportional. However, I, as a user, am not compromising anyone's security by using Linux in an otherwise all-Windows world. In that case, there's little I can do that I couldn't also do using Windows anyway! > So, Paul, I'm curious: Is there a real difference here, or is it just that >you were getting your way before, and in this semi-hypothetical situation, >you're not? :-) No, I believe there is HUGE difference! And it has nothing to do with me not getting my way. I'm running Linux on my system, I'm happy :) Previously, with the desktop-root-access situation, we "lost" in the sense that people maintained their root access, however, we won in many other senses: 1. We were allowed to significantly tighten security once we showed mgmt how easily their e-mail could be accessed. (nothing like showing the CEO everyone in the company had access to his e-mail when it's o
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
On 7 Jul 2002, at 9:26pm, Kenneth E. Lussier wrote: > The people saying that they should be able to run whatever they want *ARE* > the IT department. It seemed obvious to me that that is not the case. If they were the IT department, the IT department would not be telling them to do something they did not want to do. > So, it would stand to reason that there are slightly different rules for > the IT department then there are for ordinary users. That statement can be interpreted two different ways. On one hand, it could mean that the IT staff of course has all the root passwords and such, and is entrusted to perform privileged operations, and thus of course has to have different rules. But it could also mean that the IT staff has different rules because "we're IT and we can do what we want to". If you consider that acceptable, well, that's your right, but you'll never work in a shop I control. > I think that the difference is *who* the user is. If a sales or marketing > person wants to do their own thing, you know that only bad things will > happen. I realize you're saying that with tongue-in-cheek, but it is none-the-less an attitude I see quite a bit. Far too often, I encounter IT staffers who think they are the members of some special elite, and that rules do not apply to them. I consider that to be the worst kind of corruption -- like a crooked cop. IT staff, if anything, should live up to a higher standard. "Who watches the watchers?" -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
On Sun, 2002-07-07 at 22:54, [EMAIL PROTECTED] wrote: > On Sat, 6 Jul 2002, at 5:58pm, [EMAIL PROTECTED] wrote: > > Hmmm, I say: "You hired me to do a job and for my expertise required to > > do that job..." > > I find your stance rather hypocritical, given the involved and heated > debate that once went on in this very forum with regard to whether or not > users should have root access to their workstations, with you weighing in > quite stringently on the "no" side. :) [snip] Though I don't presume to answer for Paul (Lussier), I will say that I don't find his stance hypocritical at all. As a matter of fact, they can both be seen as the very same position. I (and I presume, Paul L.) am a System Administrator. Anywhere I work, it is highly likely that I will be working in the IT department. The point, I believe, about no root access, is that we, the IT department, need control of the machines that we are responsible for. On the machine sitting on my desk to do my daily work, I *do* have control over it, no matter what it is running. I see no problem with a policy that I can support myself, so I'll use Linux. But I've been commissioned by the company to support everyone else in the company, so I will only support what is officially sanctioned (though you won't find me doing desktop support any time soon ;-)). If and when the company decides to allow anyone in the company use AtheOS, or Plan 9, or whatever else we don't know about, provided you sign something committing to fixing any problems or incompatibilities yourself that are the result of using an OS not sanctioned by IT, then you can use what you want. But because *we* are supporting *you*, *we* get to decided what we support. But I would likely never argue this to employees outside of IT. I would instead lobby for the company to officially sanction the use of Linux on the desktop. But not so vigorously as I used to. Why not? Because, as I said, I'm fed up and I'm done fighting. At one recent job I said to the CEO and others that I was making it my mission to keep the workplace a friendly place for those who wished to use Linux on the desktop exclusively. I said that I knew that would be a challenge. The CEO didn't think it would be a challenge and welcomed me to embark on that mission. Turns out it was more of a challenge than he thought. That battle has pissed me off enough that it is no longer my mission. It is my expectation. If it's not already established that Linux is a fact of life in many Unix system administrator's lives and that some of us don't expect to ever have to use Windows on our own desktops, then it's not the place for me. This is why I have three choices left today: contracting, starting my own business, flipping burgers. At least, that's the way it's going to be until businesses smarten up, stop the "Death March Towards Redmond (tm)," and start letting the inevitability of Linux and other Free Software take hold. (Apologies to the *residents* of Redmond, WA.) > So, Paul, I'm curious: Is there a real difference here, or is it just that > you were getting your way before, and in this semi-hypothetical situation, > you're not? :-) > > (For those wondering, I personally see both sides as having valid > arguments (in both debates). I think the issues cannot be simplied to a > blanket statement that works everywhere.) All that's required is that "it works for me," not everywhere. I don't believe leaving a company for these reasons is, as some would say, immature. I've said something to the effect of "My goals and the company's goals have been diverging for a while, now. It's time for me to move on." And later welcomed people to question me for the details. Those details were a strengthening partnership with Microsoft and an increasing hostility to living in a pure Linux/Unix world through forcible standardization on M$ document formats. (Three years ago, that was more of an issue that it is today.) Yes, this is a tougher market. But after getting some very encouraging support from my sister, I realized that I do still have choices. They're tough ones and the do involve more risk than I'm used to taking, but they are choices, nonetheless. -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Corporate IT policy (was: Open SSH for Red Hat 6.2)
On Sun, 2002-07-07 at 22:54, [EMAIL PROTECTED] wrote: > > What it basically boiled down to was that corporate IT staff has to > support and maintain corporate IT systems -- including all production > networks and computers that connect to them -- and, in such an enviornment, > with IT staff rightly being held accountable for it all, the IT staff should > have every right to insist you run things "their way". Now that "their way" > and "your way" are not mutually inclusive, you suddenly change your tune. There is one major point being excluded here, and I'm sure that it is just an oversight ;-) The people saying that they should be able to run whatever they want *ARE* the IT department. If someone in IT has the job of administering mostly *NIX servers/systems, than it makes sense that they will be less productive if they are forced to use Windows. It also stands to reason that since they are the ones that have to support everything anyway, that they can support themselves. > Don't give me the "I'm more productive on Unix" line, either. :) The > productivity argument was put forward during the "root access" debate, and > your position was that reliable corproate operations trumped that, even in > cases where root access was not just a matter of productivity, but being > able to do your job at all. Your position was that, if root access was well > and truly required, a special lab enviornment, carefully isolated from the > production enviornment, was the only acceptable approach. Reliable corporate operations are very important, and most times they will win out over user comfort (unless that user is Sr. Mgmt, and then their ego wins out over stability ;-). However, corporate stability relies heavily upon the productivity of the IT department. So, it would stand to reason that there are slightly different rules for the IT department then there are for ordinary users. Of course, another solution is to install VMWare and have it running all the time in a minimized window. When a manager or other self-important type walks by, just maximize the window. I for one was never much for rules to begin with ;-) > So, Paul, I'm curious: Is there a real difference here, or is it just that > you were getting your way before, and in this semi-hypothetical situation, > you're not? :-) I think that the difference is *who* the user is. If a sales or marketing person wants to do their own thing, you know that only bad things will happen. If an IT person wants to do something, chances are that either 1) there is a really good reason for it, or 2) it's really cool ;-) > (For those wondering, I personally see both sides as having valid > arguments (in both debates). I think the issues cannot be simplied to a > blanket statement that works everywhere.) I don't think that there is a blanket answer. It needs to be a case-by-case basis. C-Ya, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Corporate IT policy (was: Open SSH for Red Hat 6.2)
On Sat, 6 Jul 2002, at 5:58pm, [EMAIL PROTECTED] wrote: > Hmmm, I say: "You hired me to do a job and for my expertise required to > do that job..." I find your stance rather hypocritical, given the involved and heated debate that once went on in this very forum with regard to whether or not users should have root access to their workstations, with you weighing in quite stringently on the "no" side. :) What it basically boiled down to was that corporate IT staff has to support and maintain corporate IT systems -- including all production networks and computers that connect to them -- and, in such an enviornment, with IT staff rightly being held accountable for it all, the IT staff should have every right to insist you run things "their way". Now that "their way" and "your way" are not mutually inclusive, you suddenly change your tune. Don't give me the "I'm more productive on Unix" line, either. :) The productivity argument was put forward during the "root access" debate, and your position was that reliable corproate operations trumped that, even in cases where root access was not just a matter of productivity, but being able to do your job at all. Your position was that, if root access was well and truly required, a special lab enviornment, carefully isolated from the production enviornment, was the only acceptable approach. So, Paul, I'm curious: Is there a real difference here, or is it just that you were getting your way before, and in this semi-hypothetical situation, you're not? :-) (For those wondering, I personally see both sides as having valid arguments (in both debates). I think the issues cannot be simplied to a blanket statement that works everywhere.) -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *