Yet Another Cycling Forum
General Category => The Knowledge => Ctrl-Alt-Del => Topic started by: tiermat on 23 July, 2008, 10:25:42 am
-
Lawyer says client was protecting city's code (http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/07/22/BAGF11T91U.DTL&tsp=1)
<WARNING: the below does contain some conjecture and assumptions>
So the guy is protecting "his" network, there are no set rules about who he can trust to hand administrator passwords to. There may or may not be a plot afoot to "manage him out of the business". What does he get for his trouble?
Banged up on $5M bail, until his trial.
Glad I don't work there, after all it is not THAT difficult to find out passwords windows or linux boxes, and if they are using Cisco routers Cisco actually publish a guide on their website of how to reset the enable password.
Having been a sysadmin for a large network, and being managed by IT illiterates, I can understand where the guy is coming from. I would have stopped well short of putting myself in aposition where jail time beckons though. Afterall that is why tamper evident envelopes are available, and fire safes.
-
Why didn't they just type OVERRIDE like they do in the films?
-
Sounds like a bloke with principles to me.
-
Having being asked in the past by people in authority to break rules there to protect both sensitive data and the staff managing it, I understand fully how the guy feels.
-
Having being asked in the past by people in authority to break rules there to protect both sensitive data and the staff managing it, I understand fully how the guy feels.
As have I, and my reply is always the same, i.e. NO! (even, in one case, when the MD of the company asked me to do something that was unethical IT-wise)
I agree with Charlotte, looks like the guy had principals.
-
Agreed. Top bloke.
-
If I was asked to do something unethical would I do it? Well, if the alternative was losing my job, yes. I have kids to support.
However, I'd first write down my objections and lodge them with the head of HR and the company secretary. If the action was truly dodgy, these people might have something to say about it.
-
Having being asked in the past by people in authority to break rules there to protect both sensitive data and the staff managing it, I understand fully how the guy feels.
As have I, and my reply is always the same, i.e. NO! (even, in one case, when the MD of the company asked me to do something that was unethical IT-wise)
I agree with Charlotte, looks like the guy had principals.
He was being done for kidnapping?!?! ;)
-
Ethics? BOFH?
++?????++ Out of Cheese Error. Redo From Start.
-
Why didn't they just type OVERRIDE like they do in the films?
Not running Holywood OS I guess. http://c2.com/cgi/wiki?HollywoodOs (http://c2.com/cgi/wiki?HollywoodOs)
-
If I was asked to do something unethical would I do it?
Hm. We get asked to go against the rules all the time. Most of the time, we do - but we're entrenched and we know the people who can bend us, and who's just an oik. It's tricky because of course any of these senior types could be a bad 'un, but the alternative is to hidebind the operation in procedural clag.
Having said that, we definitely don't have anything that only one person has access to, ever, anywhere. That's daft. That one person could get hit by a bus tomorrow.
-
Having said that, we definitely don't have anything that only one person has access to, ever, anywhere. That's daft. That one person could get hit by a bus tomorrow.
Quite, and I don't buy the "single hero building the city's network either".
Sorry, I've seen far too many of these people in Admin teams to believe it. The guy is
1) an idiot
2) delusional
3) Been watching too many films
If your boss is authorised to have a password, you give it to him. If your boss asks you to so something borderline un-ethical, you clear it with their boss. If your boss asks you to do something illegal, then you go up the chain until you find someone who cares. My experience of large companies is that the mere mention of the word "ethics" results in new underwear all round and things are resolved quickly.
-
If your boss is authorised to have a password, you give it to him. If your boss asks you to so something borderline un-ethical, you clear it with their boss. If your boss asks you to do something illegal, then you go up the chain until you find someone who cares. My experience of large companies is that the mere mention of the word "ethics" results in new underwear all round and things are resolved quickly.
It's surprising how much senior people do care.
Years ago, I witnessed extreme bullying of junior staff by a Department manager, who was at reporting-to-board level. I kept my head down, then wrote a very carefully worded description of the event. I gave the letter directly to another manager who was at the same level, expecting to be told to shut up. This was a biggish company, several thousand employees and 2billion euro turnover.
To my amazement and faint horror, I found out that the letter was copied and handed out to the entire board (with my name on it!). They then gave a copy to the Department manager and told him to pack his bags, there and then. Dismissal for extreme misconduct.
-
Hm, I've never been asked to do anything illegal. I've been asked to do stuff that was plain daft, and have refused outright: that's been tense, but ultimately when we lay out our reasons, we can bludgeon our managers into at least a compromise.
Lone hero? Loose cannon.
We had one here. He got results fast, users loved him, but he cut corners and after six months had left a huge, horrible hairball of a mess. So we fired him.
Systems that require a hero are crap systems. You need at least two people at the top with the ubergoober passwords (domain admins, switch admins and the like). Then you hand out task-related access in a nice granular fashion. That's big-systems-admin 101.
-
Systems that require a hero are crap systems. You need at least two people at the top with the ubergoober passwords (domain admins, switch admins and the like). Then you hand out task-related access in a nice granular fashion. That's big-systems-admin 101.
Absolutely.
Good, stable systems are boring systems. Systems where asking for an access-rights change takes hours, not minutes (ie, done properly rather than hacked in), while someone checks that the change won't screw things up.
System that work and keep on working.
-
Systems that require a hero are crap systems. You need at least two people at the top with the ubergoober passwords (domain admins, switch admins and the like). Then you hand out task-related access in a nice granular fashion. That's big-systems-admin 101.
Absolutely.
Good, stable systems are boring systems. Systems where asking for an access-rights change takes hours, not minutes (ie, done properly rather than hacked in), while someone checks that the change won't screw things up.
System that work and keep on working.
Changes take a while because defined repeatable procedures are followed and everyone understands why the procedures are there and abides by them.
-
You've also got to wonder a bit about the "computer engineers" at the "Technology Department" who couldn't get into these systems without the passwords. Most systems have some sort of back door, which admittedly should make it obvious that it's been used (ie won't let you know what the password is, but will let you change it, so it's obvious that it's been changed). If you have physical access to the system, you should be able to get into it.
Worst case you may need to take the machine down to some level (eg Single User state in Solaris), but it shouldn't be impossible.
If nothing else, as others have said, the fact that they found themselves in a position where the guy had metaphorically gone under a bus, and they didn't have access to the passwords is not exactly much of a sign of their competence.
-
Bit more info on the /. story: Slashdot | SF Admin Gives Up Keys To Hijacked City Network (http://it.slashdot.org/it/08/07/23/1515203.shtml)
-
My spidey-sense is sniffing a rich loam of egos bruised, grudges harboured, sticks got entirely the wrong way around and more. Sounds like the time the Plymouth lads ran off with the club longship because they didn't trust anyone else to do it right, then proceeded to oaf it up themselves.