Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Do IT Pros Abuse Their Power? 460

An anonymous reader writes "I have noticed that many airports and hospitals I've visited have some kind of internet usage policy in place. Some use software similar to Websense, which effectively blocks sites based on blacklisting them by category. A commonly used blacklist prevents users from accessing 'forums or discussion boards,' yet I find that often these networks allow users to access sites like Fark, Slashdot, Digg and other message boards that appeal to the technical culture one might find in the IT world. In your experience, do IT administrators abuse their supervisory powers? Has there ever been a backlash from users or management for doing so?"
This discussion has been archived. No new comments can be posted.

Do IT Pros Abuse Their Power?

Comments Filter:
  • by hedronist ( 233240 ) * on Sunday January 03, 2010 @01:15PM (#30632454)
    You must be new here. All members of /. are (or want to be) a BOFH []!
    • by Z00L00K ( 682162 )

      And those who aren't have other issues to pursuit.

    • Re:New around here? (Score:5, Informative)

      by TheLink ( 130905 ) on Sunday January 03, 2010 @01:44PM (#30632740) Journal
      A BOFH might find it more fun to manipulate data from certain websites, rather than block sites.

      e.g. the BOFH substitutes some images, and/or inserts a rather loud audioclip.

      Go figure out the details yourself.

      Even if you use SSL, the BOFH probably controls what CA certs are installed in your browser ;).
      • Re: (Score:2, Informative)

        by s0litaire ( 1205168 ) *
        Think they call it "wiki-fiddeling"

        Wiki-Fiddeling: The Art of creating Wikipedia articels, on the fly, to back up your Story / Aliby or Invoce.
        • Re: (Score:3, Informative)

          by Cederic ( 9623 )

          Nah, that's pretty mundane these days. What TheLink was talking about is intercepting and injecting packets into the http response message from the web server.

          So you think you're reading CNN, your browser thinks it's getting packets from but a server downstairs in a locked room is injecting a The Onion story as the main headline, backed up by images from a pornographic google image search for the story keywords.

          Meanwhile your boss is walking past going, "What's up?" Are you both in for a surprise..

      • by noidentity ( 188756 ) on Sunday January 03, 2010 @03:34PM (#30633598)

        A BOFH might find it more fun to manipulate data from certain websites, rather than block sites.

        Oh, you mean something like blurring or mirroring images on websites [] viewed over an open WiFi access point?

      • Re: (Score:3, Funny)

        I believe your referring to Mrs. Roberts. The ultimate work-from-home admin? []

    • Re: (Score:2, Insightful)

      by jftitan ( 736933 )

      and I don't believe any backlash will ever occur because the users/management don't know how the network works. So its a win win situation for the IT Pros.

      Management "I can't access facebook, however I noticed you can access that slashdot website of yours."
      Me "Yep, because I get news about IT related stuff... facebook is just a waste of productivity time... its your policy!"
      Management "oh, yeah. your right... could you add me to the list of allow

  • Of course (Score:5, Insightful)

    by Guiness Boy ( 1098597 ) on Sunday January 03, 2010 @01:17PM (#30632462)
    Of course we do. Get over it.
  • Since when.. (Score:5, Interesting)

    by dr_strang ( 32799 ) on Sunday January 03, 2010 @01:20PM (#30632488)

    ...are Fark and Digg considered 'technical culture' sites. Seriously, this isn't 2001. Last time I checked, the Internet had sort of entered the mainstream and 'slacking off at work' isn't really considered exclusively IT.

  • Power Corrupts... (Score:5, Interesting)

    by PCGod ( 86295 ) on Sunday January 03, 2010 @01:21PM (#30632492)

    Absolute power, is even more fun!</bofh>

    Yes, we did have something like this happen where I work. Our IT group ended up blocking all social networking sites. Our marketing department raised a fit because they use Facebook for business purposes.

    • Re:Power Corrupts... (Score:5, Interesting)

      by 2stein ( 871221 ) on Sunday January 03, 2010 @01:33PM (#30632624)

      Yes, we did have something like this happen where I work. Our IT group ended up blocking all social networking sites. Our marketing department raised a fit because they use Facebook for business purposes.

      At the place were I currently work we have kind of a "feel free to use the internet as you wish" policy. This actually works out quite well. Sites are not filtered specifically. They basically say "hey, if you end up doing illegal stuff, you're screwed, otherwise we don't care as long as you get to do your work."

      I used to work for a financial institution before that. And they had sort of a lockdown-mania. Filtering proxies (no checking your private web mail - could be used for stealing information), read-only USB mass storage, scanning outgoing e-mail attachments etc. I guess, these rules came in place because of management being scared to death by compliance requirements, not because of IT admins abusing their power.

      And BTW: Had I wished to steal massive amounts of data, I could have still simply sent them via e-mail in a password-encrypted archive. It's a matter of trust, not only of making it difficult. So basically powerful and clueless management are equally effective as power-abusing admins.

      • by houstonbofh ( 602064 ) on Sunday January 03, 2010 @01:51PM (#30632784)
        I have seen that "lockdown" so many times, and it never works. There are no technical solutions to personnel problems. I always use this analogy; "You can make a car very secure by removing the battery and putting it up on blocks. It just doesn't make for a very good car."
        • by networkBoy ( 774728 ) on Sunday January 03, 2010 @02:08PM (#30632934) Journal

          we currently have an anti-internet micromanager.
          While the corporate policy is covered by an 'acceptable use' that is fairly liberal this guy equates having an idle page open equivalent to not working. To that end he's having our IT dept. provide him usage data from all employees. As a counter I developed an http over e-mail application that seems to be working quite nicely.

          • Re: (Score:3, Informative)

            by Jaruzel ( 804522 )

            I know the guy who deveoped this:


            And at the time I (and others) thought 'what's the point?' - but your post clearly shows there is a need apparantly.


        • by John Hasler ( 414242 ) on Sunday January 03, 2010 @03:01PM (#30633414) Homepage

          > I have seen that "lockdown" so many times, and it never works.

          It works quite well for demonstrating compliance with regulations, which is what it is for.

        • Re: (Score:3, Insightful)

          by NotBorg ( 829820 )

          It's management grasping at straws because they don't understand the work well enough to know what needs done.

          If you don't understand the job well enough to know what needs done how can you check to see if people are making progress? You can't. So the only thing you can do is run around and make sure everyone's "busy." The trouble is it's easy to look busy in front of some outsider that doesn't understand the work.

          If you don't understand the work you won't know if it is taking to long to do. People will

          • Re: (Score:3, Interesting)

            by Cederic ( 9623 )

            The trouble is it's easy to look busy in front of some outsider that doesn't understand the work.

            I find the opposite is true.

            At any moment in time, one of my team members will be telling a joke to another. A third will be browsing the web. A fourth will be on the phone asking a colleague on another floor where they're going for lunch. A fifth is arguing with a sixth and the boss is listening in without contributing.

            It looks like we're a bunch of lazy slackers. Yet.. the joke is his way of saying 'hi' and making up for the fact he's stealing a couple of hours of the other guy's time to help with somethi

    • Re: (Score:3, Funny)

      by kilodelta ( 843627 )
      When I worked for the Sec State's office in RI we were utilizing Squidproxy. Reviewing logs came to a head when the policy went out the window. It went out the window because two of we systems people noted a high administration figure surfing the web for Big, Black Beautiful Women and hotels where he could take said women.

      We brought it the the IT Director and were told we do nothing about it. So we then told him we'd no longer view the proxy logs.

      A little while later we also installed DansGuardian. Th
  • by Wonko the Sane ( 25252 ) * on Sunday January 03, 2010 @01:21PM (#30632496) Journal

    How many people here get around their workplace's blocking software by running an SSH tunnel to a proxy server on their home network?

    • Re: (Score:3, Insightful)

      by lukas84 ( 912874 )

      In a properly managed network, you won't get a direct connection to the internet AND you won't able to run any kind of SSH tunneling software.

      I know most of the proxy software i use will tear down SSH sessions established through a HTTPS proxy, if you even get that far - i usually configure them to reject self signed certificates (as those would only provide a false sense of security).

      • by Anonymous Coward on Sunday January 03, 2010 @01:56PM (#30632828)

        Even assuming you mean "reject certificates not signed by an authority I trust", as opposed to "reject self-signed certificates", it's pretty trivial to get a certificate you'd accept. I also wonder if you allow plain HTTP connections, given your stance on certificate management. HTTP connections are less secure than HTTPS with self-signed certificates, and they don't even generate a warning in the browser -- at least a self-signed certificate would let users know their connection is unauthenticated, but plain HTTP happily transmits in the clear, without encryption or authentication, with no warnings at all. That seems like a much more likely source of false security to me.

        In general, your tunnel users aren't very persistent, or you haven't noticed the ones that are -- it's not terribly difficult to setup an plain-old HTTP server and send SSH data in the body of apparently-valid HTML pages. A bit of base-64 encoding, a bit of a random real web page from the browser cache, and you'd have an awfully hard time getting a machine to determine that the web page was actually a proxy connection. It's a bit inefficient and there are TCP over TCP resend issues, but it's perfectly usable for web browsing and the like. Or assuming you just check the SSL setup but otherwise allow HTTPS traffic unchallenged through the proxy (the most typical setup for non-forging, non-plaintext proxies) you could negotiate a standard SSL session and then send raw PPP data through it, without even pretending to be a web page, or using SSH.

        Or if you're really pressed for access, you can setup a DNS-based proxy and smuggle data through in perfectly valid DNS requests and responses. The size of packets is limited, but it's running over UDP so you eliminate the TCP issues, and it's virtually unmonitored at most locations, even those that consider themselves "locked down" -- when was the last time you checked your outbound DNS logs? Do you even have outbound DNS request logging? And domains are cheap -- what if I registered a few hundred and spread out my requests across those?

        Or if you're willing to put up with a little latency you can use just about any messaging/discussion board to post data to a totally legitimate web page, which a remote proxy could then read and reply to, again on a legitimate web page. And of course there's email.

        While it's maybe worth some effort to make data smuggling more difficult, don't fool yourself into thinking you're preventing it from happening. Adding noise to the channel only limits transfer speeds -- so long as there is any way for users to inject and retrieve data to/from the Internet, even through proxies and filters, tunneling will be possible.

      • by xororand ( 860319 ) on Sunday January 03, 2010 @02:08PM (#30632942)

        Do you allow DNS on your network? OpenVPN-over-UDP-over-IP-over-DNS isn't lightning fast but it does the job most of the time. It's a neat way to (ab)use commercial WiFi hotspots too. You can't stop a determined power user except maybe with a whitelist of a small set of whitelisted remote hosts.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        With all due respect--as you certainly sound more competent than most network admins I've ever dealt with--you're at an IT site. The properly managed network is a myth and you know it. The two most common reasons for that really ought to be immediately obvious, but if they're not:

        1) No network is "properly managed", period. It's just too expensive anywhere. Somebody somewhere has an exception to the policy--even if it's documented because they needed some obscure piece of software. Or th

    • Re: (Score:2, Informative)

      Yes, but I must do so on port 21 as port 22 is blocked outright on the network.

      FTP is left wide open because the IT department uses it for any sort of file transfer, as well as the fact that they heavily rely on Websense, and its default behaviour towards FTP is to allow all incoming and outgoing connections on that port.
    • by Saint Stephen ( 19450 ) on Sunday January 03, 2010 @01:45PM (#30632746) Homepage Journal

      I always figured my employer would be really, really pissed off if they found out I did that. At best you're pointing out a massive security hole in the network. They'd just assume I'd be running ANYTHING (kiddie porn) over the tunnel, and if anything accidentally happened, and I'd been using a "hole", I'd get in huge trouble.

    • Blocked already. But there are plenty of programs you can setup at home or on web hosting sites that all you to enter a URL on and will pull the page and images and pass them to you.
    • by jon3k ( 691256 )
      We block all outbound traffic, except for specific allows (like 80 and 443 from the websense server). When netflow collector shows an excessive amount of http[s] traffic from an individual host, we investigate.

      But as for you personally, just because you can get out doesn't mean someone hasn't noticed. Usually if you're crafty enough you can find a way, but doing so probably risks either losing your job or, at best, some very serious embarrassment.
  • Everyone Does (Score:2, Insightful)

    by Entropy98 ( 1340659 )

    People in every line of work take advantage however they can. Janitors, mailmen, military personnel, police, teachers, principals, street sweepers, CEOs, mechanics, and on and on. Its human nature.

    • Re: (Score:3, Interesting)

      by psnyder ( 1326089 )

      Its human nature.

      ... to push the limits of our power and find ways to get around things. This is often seen in a negative light (as in the OP's choice of the word "abuse"), yet it's also a trait that has allowed humans to survive, thrive, and make numerous advancements.

      The OP talks about IT people white-listing websites they know to be safe because they themselves use them. I don't see this as having a negative impact for the staff or patrons of the places he mentions. If there is a negative impact, or "abuse", it com

  • (1) Yes, of course. Whenever humans get power, many of them will abuse it.

    (2) Users, all the time. Management, hardly ever. What else would you expect?

  • by lukas84 ( 912874 ) on Sunday January 03, 2010 @01:22PM (#30632516) Homepage

    Policy is made by management. I don't care if you watch gay furry porn for all the three hours you spend in the Office.

    I do care about the security of the network - so if you plug your private Laptop into the Office LAN, you won't get any connection because your machine won't authenticate. But i'll know exactly that you did so. And i'll call you out for it.

    In all the places i've worked, WebSense etc. only worked in the VLANs for the office workers. All IT networks (as did the Exec's networks) had unrestricted internet access (they still went through a malware filtering proxy, but not content filtering). This might be different in larger organizations.

    In the place i work right now, we only have a malware filter. No content filtering at all. I think it's pointless. If someone does not do his job properly, fire him. If someone does his job properly, but uses 10 minutes a day for masturbating to gay furry porn, he's still more productive than someone who takes a 10 minute smoke break every 20 minutes.

    • Re: (Score:3, Funny)

      by daveime ( 1253762 )

      If someone does his job properly, but uses 10 minutes a day for masturbating to gay furry porn, he's still more productive than someone who takes a 10 minute smoke break every 20 minutes

      I guess that depends on *where* he masturbated to gay furry porn. If it was in the smoking room, then it's understandable that the smoker needs 10 minutes ... jizz covered Marlboros are a bitch to light.

  • Digg? (Score:4, Funny)

    by Akira Kogami ( 1566305 ) on Sunday January 03, 2010 @01:23PM (#30632524)
    Digg has tech news? I thought it was all libertarianism and marijuana.
  • by Anonymous Coward on Sunday January 03, 2010 @01:24PM (#30632532)

    IT professionals would never abuse the position of responsibility with which they are entrusted. They would never use their positions to retaliate against the unthinking, uncaring, ungrateful wretches that make their lives a living, seething hell each and every day those worthless pieces of crap continue to suck air.

  • He can go to slashdot but myspace is blocked? I can spend all day listing reasons why someone might want to block myspace. I could also spend all day listing reasons why people at work should be allowed to browser slashdot.

    The submitter places _all_ interactive websites into a single category, and then complains that IT Admins are abusing their powers when some are allowed and some are not.

    They are _not_ all the same and the submitter is just looking for someone here to validate the idea that he(she?) is

  • I blame the boss. (Score:5, Insightful)

    by wheelema ( 46997 ) on Sunday January 03, 2010 @01:27PM (#30632558)

    In my experience most draconian restrictions are imposed by Management. The technical staff is simply more empowered to work around them or ignore them.

  • by rbrander ( 73222 ) on Sunday January 03, 2010 @01:32PM (#30632606) Homepage

    Generally, they'll whitelist any site that a user can come defend as needed for work.

    If there is abuse of "IT power", it's that IT passes judgment on their own staff's claim that tech-sites are needed for asking questions and finding tech solutions. But, frankly, even a very lame claim that "I need access to to check on how other local accountants are handling the new sales tax" will get a pass, too. IT staff aren't exactly Sam Spade. So any extra blind-eyes they get to their favourite sites is pretty marginal.

    The big difference is that IT staff aren't shy of asking. Other users imagine some omniscient IT that will just know they really want to chat about their cats.

  • Whats the point of having all that power if you can't abuse it?
  • by xmundt ( 415364 ) on Sunday January 03, 2010 @01:33PM (#30632622)

    Greetings and Salutations.
                Perhaps the better questions are "why ARE some websites blocked? and WHO makes that decision?" I administer web access for a client or two, and, the decision to block given websites comes from upper level management, usually NOT the IT command structure. In a business, there is an almost paranoid fear that the employees are sitting around surfing the Net instead of doing work to make money for the company. Any blocking seems focused at keeping that from happening.
                Alternatively, I go and sit at Panera Bread (a great place for good pastries, and excellent, light lunch sandwiches and such by the by...) on occasion, and have found a few websites that would not come up because they were blocked. However, it appeared that this was because the company providing the blocking had mis-catagorized them, and, once I sent a note in about the site, they ended up being unblocked. But then, If I were going to surf porn sites I would NOT be doing it in a public place like that....
                So, I suppose there are cases where IT admins abuse their powers and block sites that should be available...but I have not run into them. Amazingly enough BOFHs are human too, and, some of them ARE little Herberts....control freaks and generally annoying people. The rest of us are all genial and fun folks with a slightly twisted sense of humor.
              Dave Mundt

  • Any admin worth their pay can run rings around a net-blocker. So why piss-off the talent?
    • > Any admin worth their pay can run rings around a net-blocker.

      What Admin? Oracle admin? AIX admin? SharePoint admin? SAP admin? There is a lot of different types of admins now and what makes them worth their pay is that they help you run your business and earn money. The ability to run rings around a net-blocker is not something you put on your resume.

      Also in well implemented network it is not as easy to run around it *undetected*.

      Also by doing so you are clearly breaking the rules that your supervisor

  • Try explaining people using his razor, changes a lot how you see the world.
  • Who cares? Really? (Score:4, Insightful)

    by ZorinLynx ( 31751 ) on Sunday January 03, 2010 @01:42PM (#30632722) Homepage

    Does it matter, as long as they get their work done?

    Really, some people are too uptight about things. The only metric should be if an employee does their job. If they do their job and do it well, who cares if they visit an amusing website for a laugh to break up an otherwise dull day?

    • by tnk1 ( 899206 ) on Sunday January 03, 2010 @03:04PM (#30633426)

      You would hope that the only measurement is if someone is doing their job, but management is always trying to justify the amount that they are spending on staff. That means that it is not enough for the tasks that they expect done to be done, but they must also get as much work as possible out of each "unit" of staff that they are paying. If you have noticed, one of the things management loves to do is "cut costs", which means "lay off people".

      The business cycle works like this. New company gets loans and venture capital. If it succeeds it gets flush with money. At that point management starts spending that money like no one's business. Each exec and manager tries to get themselves noticed by creating cool things and hiring employees to increase their empire. Efficiency is not cared about because no one cares about that in a "growth" phase. At that point, it's like management is on cocaine and their jittery fingers are poised over the "spend" button.

      Eventually, this stabilizes and it becomes clear that you can't spend money like water any more. Frequently, this is some time after the company goes public. At that point, the original execs with the coke habits (real or virtual) have sold their overpriced shares and have either left or been forced out by a board that is now responsible to shareholders and the SEC. At that point, the new management, and/or the consultants that they have hired try to get a handle on the huge bloated mass of a company they have inherited, try to do something called "reaching profitability". This usually means starting to whittle down staff and make existing staff do more.

      The end result is that every sort of perceived "inefficiency" is targeted, including web access. This is not to say that there is not something that needs to be done. Chances are good that a company in this position does start off with staff bloat. Of course, in the end the new management is as ham handed as the old management, just in a different direction and instead of simply trying to cut off the fat, it turns the place into a gulag.

      The sad thing is that many of these blanket solutions are used instead of the more valid and useful method of creating and refining cost allocation models. Much like the "mass layoff", it seems that those sorts of solutions exist to create drama for something like instilling obedience or impressing the market to improve share price.

      In the end, either due to the unrecoverable status of the initial bloat, or the fact that the place is now a gulag (or outsourced), the company will fail unless it really does have a unique product that can survive that process. Welcome to the 21st Century.

      The moral of the story is: don't become personally invested in places that bother to heavily restrict your web access other than for strictly security reasons. You can work at them, but they are just jobs. If someone is willing to spend the time and money on carefully blocking your access to the internet, it's clear that you are seen as a resource that they need to squeeze more efficiency from in lieu of them actually having real, attainable goals that they can measure staff by. If they had those, they would be able to give you assignments that justify your expense and it wouldn't matter if you took 5 minutes or 5 hours to do them in, because they have refined their models and *on average*, each employee would spend the expected amount of time on it.

  • Of course they do, and network people are the worse of the lot. I have yet to be in a network shop where they did not have their computer configured so the corporate site blocker was ignored or they had another easy method of surfing any site.
    Better question is how many people use that root/admin permissions to install unauthorized software or ignored corporate policy and installed software themselves.
  • No (Score:2, Insightful)

    by dholowiski ( 236576 )

    Um, most IT pros are too busy to abuse their power.

  • IT guys typically don't abuse their authority. I've found, in the networks I've administered, management asks me to balance functionality with security. It's a very nebulous request, and typically it means that IT staff must use their best judgment when creating IT policies.

    I've found the strictest policies are in place in financial firms, and the loosest policies are in place in education, and weirdly enough, law firms.


  • There are clearly a couple different levels to this questions. The first, as might come from the worker bees, is why do they get to do things that we do not? Why does this employee get flexible hours and I do not? Why does this group get new computers and we get hand me downs. It usually involves a fairness argument and usually involves the assumption that everyone will be as undisciplined in the usage of the resources as the person asking the question. In terms of certain sites, it might be a matter of d
  • by VitaminB52 ( 550802 ) on Sunday January 03, 2010 @01:59PM (#30632854) Journal
    ... and if you don't believe me I will delete your account
  • do IT employees do anything they aren't supposed to, like playing Halo when they're supposed to be working [] for instance. Geez, how insulting.
  • thats business (Score:5, Informative)

    by DaveGod ( 703167 ) on Sunday January 03, 2010 @02:13PM (#30633000)

    In my experience the IT dept generally has rules for other people and rules for themselves. They "know what they are doing" while everybody else "can't be trusted". Their login for general usage is full administrator and bypasses websense, while I am barred from sites "listed as general business" (only sites pre-approved by IT are allowed, which they make very clear they do not do because they don't want people asking them all the time). Our email attachment limits are 2mb ("it takes up space on the server") and FTP is outright barred - even though one time it was the only way for a client to send me files IT wouldn't do it, so I went home and put it onto a USB stick.

    They install whatever they like, including such productivity tools as BBC news sports tickers. Despite pretty much being able to do everything on their work-paid cell phone, not having to multi-task or whatever they have brand-new machines. When another member of staff requires a new PC, they get an IT staff's PC and IT get a new PC. Despite the general staff doing work where screen real estate is highly productive, their monitors are 15" and 17" while IT and managers have 19" (although they were quite savvy and gave the partners 21"; monitors are the new bigger desk and chair). In my job where we do quite a lot of printing, speed and quality are important, IT also have the best printer - yet it took a week for them to notice when I unplugged it one Friday night.

    IT is all about convenience for IT. All our productivity stuff, which at any given moment 99% of staff is running at any given moment, is quite server intensive. They're all on the same server, while low-intensity stuff rarely used has three idle servers all to itself. I spend a significant portion of my time waiting for the server to respond. It's quite embarrassing when a client turns up asking for a simple copy of a report in a hurry and it takes me 10 minutes, they think I must have forgotten so they ask reception to call up and remind me they're late for their meeting. I pointed out once that the servers could be rebalanced to distribute the load but was told "that would be too much hassle".

    All the procedures are laughable. Despite almost completely phasing paper filing out, all staff's basic logins can delete data files and all the backups are kept on a shelf on site. I could obliterate the lot in one minute of madness (probably induced by dealing with IT). It would take me longer to copy it all to a couple of USB sticks, but nobody would notice until they got the blackmail letters or it was on the news.

    But let's not get all confused and think I'm bashing IT here. I can say pretty much the same thing about every single department. Like how the time it takes me to obtain new propellant pencil leads costs the firm 16x the price of the leads. If I kept one carton for work then stole the rest of the box it would be cheaper for the firm than following procedure.

    As regards other managers, few have the slightest clue about IT. Those that do just work it to their advantage - they get preferential treatment so it makes them look good.

  • Yeah, right.. this question is so stupid, I would be surprised if anyone in their right mind would attach their name to it. The answer: Yes, of course, but no more so than most any other legitimate profession (and by legitimate I rule out the predominant abundance of power abuse in American politics).
  • Everyone abuses their power, that's the point in acquiring power in the first place.

  • by EmperorOfCanada ( 1332175 ) on Sunday January 03, 2010 @04:30PM (#30633916)
    Once when presenting a web based product to the senior management the IT people at a huge company tried to block the IP address of the server in the middle of the presentation. Without missing a beat I switched over to a copy of the product that was hosted on the laptop itself. The IT guy typed furiously and then interrupted and asked what port/ IP address I was using. I told him that I had switched from TCP to UDP as something was blocking the TCP packets. He typed even more furiously trying to figure out why blocking a single IP wouldn't also block UDP. I am not sure he ever figured out what went wrong. For weeks after the presentation the IT group threw up roadblock after roadblock. We weren't compatible with their PKI, etc (we didn't use anything that would work with PKI). Even though the top people(CEO, CFO, President, and the VP of Marketing) really wanted what we were offering they simply admitted that a battle with their IT department wasn't something they could handle at this time. This was not the first IT department that tried to crap all over our product for "Technical" reasons. Even if our product were to have sucked crap that was never the reason given. It was always "bandwidth" or something not relating at all to any possible problem that our product had. I think it all boils down to IT departments being driven by fear. If all goes well the IT department risks downsizing. If anything goes wrong the IT department gets the blame. Then to top it all off the typical IT head might be around 50 years old in the average large organization and they fear the new guy who just was hired who could single handedly bring the entire department out of the depths of Novell and into the 21st century. I would recommend that any large company regularly get an outside organization to audit their IT departments and make sure that the technologies and practices are up to a reasonable standard. Best to learn now that your backups suck instead of when the good data still exists. I would be willing to venture that most organizations have a head of IT who should be replaced by one of his far younger underlings.
  • Yes. (Score:3, Funny)

    by Polo ( 30659 ) * on Monday January 04, 2010 @01:29AM (#30637772) Homepage


    Next question.

    (Please don't ask "Do cops speed?" "Do restaurant workers get free food?" "Do Real Estate Agents get cheaper houses?" etc...)

  • by noc007 ( 633443 ) on Monday January 04, 2010 @09:24AM (#30639818)
    At the company I work for, the users had unrestricted access to the internet. Then they started abusing that freedom by going to porn sites, soaking up all the bandwidth with streaming music and YouTube, and happily going to every malware website possible. We got fed up with blocking IP ranges at the firewall, having to tell a user not to stream media, and finding out how creative a user can get with getting malware. I campaigned for and got a content filter. Not everyone gets a "no internets" policy. We start off with restricting the really malicious sites first, then allow full access to those that need it (e.g. underwriting), then make category blocks like porn, and then granular as each department head sees fit. So far everyone has gotten use to it. Sites do get miscategorized from time to time, but we can unblock them and recategorize them as needed. Really we should have had something like this when I first started since there is a possibility for unrestricted access to become a liability. OP, if you want a website unblocked, put a request to the netadmin to have it unblocked. Otherwise appreciate that you do have some level of an internet connection that you're not paying for, get some means of a VPN that wont restrict internet access, or pay a hefty sum for an aircard.

Due to lack of disk space, this fortune database has been discontinued.