RE: Internet access from development machines [OT]

2018-01-22 Thread Greg Low 
Agreed. I can only say how I've seen CyberArk implemented at several sites.
It has not been a productive outcome. It might not be implemented well.



Regards,



Greg



Dr Greg Low



1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax

SQL Down Under | Web: www.sqldownunder.com |http://greglow.me



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com]
*On Behalf Of *Ken Schaefer
*Sent:* Tuesday, 23 January 2018 11:20 AM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* RE: Internet access from development machines [OT]



Any tool can be badly implement. Poor source control could be just as much
a productivity drain poor change management, as much as poor security
restrictions.





*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com
<ozdotnet-boun...@ozdotnet.com>] *On Behalf Of *Greg Low
*Sent:* Tuesday, 23 January 2018 1:18 PM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* RE: Internet access from development machines [OT]



My concern, is that in several sites, what I now see is frustrated people
who can't get their work done, at least not efficiently.



Mind you, one of the sites was also worried about power. They have all the
developer machines running in a lower-power mode. Uses less electricity but
builds now take twice as long, etc. (And for this app, that's a long time).
Yet they're discussing how to increase developer productivity.



Regards,



Greg



Dr Greg Low



1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax

SQL Down Under | Web: www.sqldownunder.com |http://greglow.me



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com]
*On Behalf Of *Ken Schaefer
*Sent:* Tuesday, 23 January 2018 10:11 AM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* RE: Internet access from development machines [OT]



Tools like CyberArk exist for a good reason. And they can sometimes be
beneficial. Our platform admins only need to have a single account now – to
login to CyberArk. Before they used to have numerous privileged accounts to
login to all sorts of systems, and needed to remember and cycle passwords
across all of them. Deprovisioning or altering access when people moved
roles or left was a PITA.



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com
<ozdotnet-boun...@ozdotnet.com>] *On Behalf Of *Greg Low
*Sent:* Wednesday, 17 January 2018 8:18 PM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* RE: Internet access from development machines [OT]



Or even if they are connected, you could endlessly block them from getting
to what they need anyway:



http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/



Regards,



Greg



Dr Greg Low



1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax

SQL Down Under | Web: www.sqldownunder.com |http://greglow.me



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com]
*On Behalf Of *Craig van Nieuwkerk
*Sent:* Wednesday, 17 January 2018 7:38 PM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* Re: Internet access from development machines [OT]



This sounds like a decision upper management would make with no idea how
developers work. It is a great idea if you need to make some layoffs and
want developers to quit.



Craig



On Wed, Jan 17, 2018 at 6:18 PM, David Apelt <david.ap...@transmax.com.au>
wrote:

Team,



I have heard of suggestions that internet connectivity should be prevented
from developer machines in case a security issue causes a leak of source
code or similar.



I know some defence companies have two computers on the desktop to prevent
this from happening.



Outside of defence, what are peoples experiences?  Give developers internet
connectivity?  Have two machines?  Maybe give them a remote desktop
connection from internet.   How many developers in your company that have
internet connectivity?



Thanks in advance

Dave A

RE: Internet access from development machines [OT]

2018-01-22 Thread Ken Schaefer 
Any tool can be badly implement. Poor source control could be just as much a 
productivity drain poor change management, as much as poor security 
restrictions.


From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On 
Behalf Of Greg Low
Sent: Tuesday, 23 January 2018 1:18 PM
To: ozDotNet <ozdotnet@ozdotnet.com>
Subject: RE: Internet access from development machines [OT]

My concern, is that in several sites, what I now see is frustrated people who 
can't get their work done, at least not efficiently.

Mind you, one of the sites was also worried about power. They have all the 
developer machines running in a lower-power mode. Uses less electricity but 
builds now take twice as long, etc. (And for this app, that's a long time). Yet 
they're discussing how to increase developer productivity.

Regards,

Greg

Dr Greg Low

1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax
SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> 
|http://greglow.me<http://greglow.me/>

From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> 
[mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On 
Behalf Of Ken Schaefer
Sent: Tuesday, 23 January 2018 10:11 AM
To: ozDotNet <ozdotnet@ozdotnet.com<mailto:ozdotnet@ozdotnet.com>>
Subject: RE: Internet access from development machines [OT]

Tools like CyberArk exist for a good reason. And they can sometimes be 
beneficial. Our platform admins only need to have a single account now – to 
login to CyberArk. Before they used to have numerous privileged accounts to 
login to all sorts of systems, and needed to remember and cycle passwords 
across all of them. Deprovisioning or altering access when people moved roles 
or left was a PITA.

From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> 
[mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Greg Low
Sent: Wednesday, 17 January 2018 8:18 PM
To: ozDotNet <ozdotnet@ozdotnet.com<mailto:ozdotnet@ozdotnet.com>>
Subject: RE: Internet access from development machines [OT]

Or even if they are connected, you could endlessly block them from getting to 
what they need anyway:

http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/

Regards,

Greg

Dr Greg Low

1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax
SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> 
|http://greglow.me<http://greglow.me/>

From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> 
[mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On 
Behalf Of Craig van Nieuwkerk
Sent: Wednesday, 17 January 2018 7:38 PM
To: ozDotNet <ozdotnet@ozdotnet.com<mailto:ozdotnet@ozdotnet.com>>
Subject: Re: Internet access from development machines [OT]

This sounds like a decision upper management would make with no idea how 
developers work. It is a great idea if you need to make some layoffs and want 
developers to quit.

Craig

On Wed, Jan 17, 2018 at 6:18 PM, David Apelt 
<david.ap...@transmax.com.au<mailto:david.ap...@transmax.com.au>> wrote:
Team,

I have heard of suggestions that internet connectivity should be prevented from 
developer machines in case a security issue causes a leak of source code or 
similar.

I know some defence companies have two computers on the desktop to prevent this 
from happening.

Outside of defence, what are peoples experiences?  Give developers internet 
connectivity?  Have two machines?  Maybe give them a remote desktop connection 
from internet.   How many developers in your company that have internet 
connectivity?

Thanks in advance
Dave A

RE: Internet access from development machines [OT]

2018-01-22 Thread mike smith 
On Jan 23, 2018 12:49, "Greg Low" <g...@greglow.com> wrote:

My concern, is that in several sites, what I now see is frustrated people
who can't get their work done, at least not efficiently.



Mind you, one of the sites was also worried about power. They have all the
developer machines running in a lower-power mode. Uses less electricity but
builds now take twice as long, etc. (And for this app, that's a long time).
Yet they're discussing how to increase developer productivity.



That's weird.  But, if a Dev needs to rebuild the entire app frequently,
I'd question the design.


Regards,



Greg



Dr Greg Low



1300SQLSQL (1300 775 775 <1300%20775%20775>) office | +61 419201410
<0419%20201%20410> mobile│ +61 3 8676 4913 <(03)%208676%204913> fax

SQL Down Under | Web: www.sqldownunder.com |http://greglow.me



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com]
*On Behalf Of *Ken Schaefer
*Sent:* Tuesday, 23 January 2018 10:11 AM

*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* RE: Internet access from development machines [OT]



Tools like CyberArk exist for a good reason. And they can sometimes be
beneficial. Our platform admins only need to have a single account now – to
login to CyberArk. Before they used to have numerous privileged accounts to
login to all sorts of systems, and needed to remember and cycle passwords
across all of them. Deprovisioning or altering access when people moved
roles or left was a PITA.



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com
<ozdotnet-boun...@ozdotnet.com>] *On Behalf Of *Greg Low
*Sent:* Wednesday, 17 January 2018 8:18 PM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* RE: Internet access from development machines [OT]



Or even if they are connected, you could endlessly block them from getting
to what they need anyway:



http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/



Regards,



Greg



Dr Greg Low



1300SQLSQL (1300 775 775 <1300%20775%20775>) office | +61 419201410
<0419%20201%20410> mobile│ +61 3 8676 4913 <(03)%208676%204913> fax

SQL Down Under | Web: www.sqldownunder.com |http://greglow.me



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com]
*On Behalf Of *Craig van Nieuwkerk
*Sent:* Wednesday, 17 January 2018 7:38 PM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* Re: Internet access from development machines [OT]



This sounds like a decision upper management would make with no idea how
developers work. It is a great idea if you need to make some layoffs and
want developers to quit.



Craig



On Wed, Jan 17, 2018 at 6:18 PM, David Apelt <david.ap...@transmax.com.au>
wrote:

Team,



I have heard of suggestions that internet connectivity should be prevented
from developer machines in case a security issue causes a leak of source
code or similar.



I know some defence companies have two computers on the desktop to prevent
this from happening.



Outside of defence, what are peoples experiences?  Give developers internet
connectivity?  Have two machines?  Maybe give them a remote desktop
connection from internet.   How many developers in your company that have
internet connectivity?



Thanks in advance

Dave A

RE: Internet access from development machines [OT]

2018-01-22 Thread Greg Low 
My concern, is that in several sites, what I now see is frustrated people
who can't get their work done, at least not efficiently.



Mind you, one of the sites was also worried about power. They have all the
developer machines running in a lower-power mode. Uses less electricity but
builds now take twice as long, etc. (And for this app, that's a long time).
Yet they're discussing how to increase developer productivity.



Regards,



Greg



Dr Greg Low



1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax

SQL Down Under | Web: www.sqldownunder.com |http://greglow.me



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com]
*On Behalf Of *Ken Schaefer
*Sent:* Tuesday, 23 January 2018 10:11 AM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* RE: Internet access from development machines [OT]



Tools like CyberArk exist for a good reason. And they can sometimes be
beneficial. Our platform admins only need to have a single account now – to
login to CyberArk. Before they used to have numerous privileged accounts to
login to all sorts of systems, and needed to remember and cycle passwords
across all of them. Deprovisioning or altering access when people moved
roles or left was a PITA.



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com
<ozdotnet-boun...@ozdotnet.com>] *On Behalf Of *Greg Low
*Sent:* Wednesday, 17 January 2018 8:18 PM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* RE: Internet access from development machines [OT]



Or even if they are connected, you could endlessly block them from getting
to what they need anyway:



http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/



Regards,



Greg



Dr Greg Low



1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax

SQL Down Under | Web: www.sqldownunder.com |http://greglow.me



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com]
*On Behalf Of *Craig van Nieuwkerk
*Sent:* Wednesday, 17 January 2018 7:38 PM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* Re: Internet access from development machines [OT]



This sounds like a decision upper management would make with no idea how
developers work. It is a great idea if you need to make some layoffs and
want developers to quit.



Craig



On Wed, Jan 17, 2018 at 6:18 PM, David Apelt <david.ap...@transmax.com.au>
wrote:

Team,



I have heard of suggestions that internet connectivity should be prevented
from developer machines in case a security issue causes a leak of source
code or similar.



I know some defence companies have two computers on the desktop to prevent
this from happening.



Outside of defence, what are peoples experiences?  Give developers internet
connectivity?  Have two machines?  Maybe give them a remote desktop
connection from internet.   How many developers in your company that have
internet connectivity?



Thanks in advance

Dave A

RE: Internet access from development machines [OT]

2018-01-22 Thread Ken Schaefer 
Tools like CyberArk exist for a good reason. And they can sometimes be 
beneficial. Our platform admins only need to have a single account now – to 
login to CyberArk. Before they used to have numerous privileged accounts to 
login to all sorts of systems, and needed to remember and cycle passwords 
across all of them. Deprovisioning or altering access when people moved roles 
or left was a PITA.

From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On 
Behalf Of Greg Low
Sent: Wednesday, 17 January 2018 8:18 PM
To: ozDotNet <ozdotnet@ozdotnet.com>
Subject: RE: Internet access from development machines [OT]

Or even if they are connected, you could endlessly block them from getting to 
what they need anyway:

http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/

Regards,

Greg

Dr Greg Low

1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax
SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> 
|http://greglow.me<http://greglow.me/>

From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> 
[mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On 
Behalf Of Craig van Nieuwkerk
Sent: Wednesday, 17 January 2018 7:38 PM
To: ozDotNet <ozdotnet@ozdotnet.com<mailto:ozdotnet@ozdotnet.com>>
Subject: Re: Internet access from development machines [OT]

This sounds like a decision upper management would make with no idea how 
developers work. It is a great idea if you need to make some layoffs and want 
developers to quit.

Craig

On Wed, Jan 17, 2018 at 6:18 PM, David Apelt 
<david.ap...@transmax.com.au<mailto:david.ap...@transmax.com.au>> wrote:
Team,

I have heard of suggestions that internet connectivity should be prevented from 
developer machines in case a security issue causes a leak of source code or 
similar.

I know some defence companies have two computers on the desktop to prevent this 
from happening.

Outside of defence, what are peoples experiences?  Give developers internet 
connectivity?  Have two machines?  Maybe give them a remote desktop connection 
from internet.   How many developers in your company that have internet 
connectivity?

Thanks in advance
Dave A

RE: Internet access from development machines [OT]

2018-01-22 Thread Ken Schaefer 
There’s an endless amount of things that “could go wrong”, and no possible 
limit on the amount of money you could spend trying to mitigate these things.

Security is about managing the trade-offs between “getting things done” and 
“risk”.

Is leaking source code the biggest risk you currently face? Maybe it is, maybe 
it isn’t…I don’t know.


From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On 
Behalf Of David Apelt
Sent: Wednesday, 17 January 2018 6:18 PM
To: ozdotnet@ozdotnet.com
Subject: Internet access from development machines [OT]

Team,

I have heard of suggestions that internet connectivity should be prevented from 
developer machines in case a security issue causes a leak of source code or 
similar.

I know some defence companies have two computers on the desktop to prevent this 
from happening.

Outside of defence, what are peoples experiences?  Give developers internet 
connectivity?  Have two machines?  Maybe give them a remote desktop connection 
from internet.   How many developers in your company that have internet 
connectivity?

Thanks in advance
Dave A

RE: Internet access from development machines [OT]

2018-01-17 Thread Greg Low 
Or even if they are connected, you could endlessly block them from getting
to what they need anyway:



http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/



Regards,



Greg



Dr Greg Low



1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax

SQL Down Under | Web: www.sqldownunder.com |http://greglow.me



*From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com]
*On Behalf Of *Craig van Nieuwkerk
*Sent:* Wednesday, 17 January 2018 7:38 PM
*To:* ozDotNet <ozdotnet@ozdotnet.com>
*Subject:* Re: Internet access from development machines [OT]



This sounds like a decision upper management would make with no idea how
developers work. It is a great idea if you need to make some layoffs and
want developers to quit.



Craig



On Wed, Jan 17, 2018 at 6:18 PM, David Apelt <david.ap...@transmax.com.au>
wrote:

Team,



I have heard of suggestions that internet connectivity should be prevented
from developer machines in case a security issue causes a leak of source
code or similar.



I know some defence companies have two computers on the desktop to prevent
this from happening.



Outside of defence, what are peoples experiences?  Give developers internet
connectivity?  Have two machines?  Maybe give them a remote desktop
connection from internet.   How many developers in your company that have
internet connectivity?



Thanks in advance

Dave A

Re: Internet access from development machines [OT]

2018-01-17 Thread Craig van Nieuwkerk 
This sounds like a decision upper management would make with no idea how
developers work. It is a great idea if you need to make some layoffs and
want developers to quit.

Craig

On Wed, Jan 17, 2018 at 6:18 PM, David Apelt 
wrote:

> Team,
>
> I have heard of suggestions that internet connectivity should be prevented
> from developer machines in case a security issue causes a leak of source
> code or similar.
>
> I know some defence companies have two computers on the desktop to prevent
> this from happening.
>
> Outside of defence, what are peoples experiences?  Give developers
> internet connectivity?  Have two machines?  Maybe give them a remote
> desktop connection from internet.   How many developers in your company
> that have internet connectivity?
>
> Thanks in advance
> Dave A
>

Re: Internet access from development machines [OT]

2018-01-16 Thread mike smith 
Lots of version control systems rely on internet connectivity, they might
be firewalled but they are still connected.

On Jan 17, 2018 17:59, "Stephen Price"  wrote:

> I did some Angular 2 Dev in 2016 while it was in late beta. Our internet
> was whitelisted.
>
> It was horrible and whoever implements this on their developers hates
> them, and should be stabbed.
>
> The whole JavaScript Dev debacle is hard enough WITH full internet access.
> Just don't.
>
> There must be a solution to your issue with security perspective, but
> there is a wrong way to go about it.
>
> cheers,
> Stephen
>
> On 17 Jan. 2018 3:18 pm, David Apelt  wrote:
>
> Team,
>
> I have heard of suggestions that internet connectivity should be prevented
> from developer machines in case a security issue causes a leak of source
> code or similar.
>
> I know some defence companies have two computers on the desktop to prevent
> this from happening.
>
> Outside of defence, what are peoples experiences?  Give developers
> internet connectivity?  Have two machines?  Maybe give them a remote
> desktop connection from internet.   How many developers in your company
> that have internet connectivity?
>
> Thanks in advance
> Dave A
>
>
>

Re: Internet access from development machines [OT]

2018-01-16 Thread Stephen Price 
I did some Angular 2 Dev in 2016 while it was in late beta. Our internet was 
whitelisted.

It was horrible and whoever implements this on their developers hates them, and 
should be stabbed.

The whole JavaScript Dev debacle is hard enough WITH full internet access. Just 
don't.

There must be a solution to your issue with security perspective, but there is 
a wrong way to go about it.

cheers,
Stephen

On 17 Jan. 2018 3:18 pm, David Apelt  wrote:
Team,

I have heard of suggestions that internet connectivity should be prevented from 
developer machines in case a security issue causes a leak of source code or 
similar.

I know some defence companies have two computers on the desktop to prevent this 
from happening.

Outside of defence, what are peoples experiences?  Give developers internet 
connectivity?  Have two machines?  Maybe give them a remote desktop connection 
from internet.   How many developers in your company that have internet 
connectivity?

Thanks in advance
Dave A

Internet access from development machines [OT]

2018-01-16 Thread David Apelt 
Team,

I have heard of suggestions that internet connectivity should be prevented
from developer machines in case a security issue causes a leak of source
code or similar.

I know some defence companies have two computers on the desktop to prevent
this from happening.

Outside of defence, what are peoples experiences?  Give developers internet
connectivity?  Have two machines?  Maybe give them a remote desktop
connection from internet.   How many developers in your company that have
internet connectivity?

Thanks in advance
Dave A