lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080523133045.GA7656@abbott.setec.org>
Date: Fri, 23 May 2008 09:30:45 -0400
From: Izaac <izaac@...ec.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Need some help with management

On Thu, May 22, 2008 at 09:51:01AM -0700, Daniel Sichel wrote:
> it's not documented anywhere. So, please help me explain why netbios and
> file shares on machines not within your network are bad ideas.

This situation is ultimately and entirely your fault.

You, i.e. your IT department, has failed to provide the services and
resources that your management needs.  As such, they are forced to
invent ways to get around you.  This is probably not the first and
will most assuredly not be the last time it will happen.  That you
know about.

Do not explain to this manager what he cannot do.  Ask him what he
wants to do.  And then provide him with what he needs.  In a simple and
straightforward manner.  Where he doesn't need to know anything about
disks and RAM and IP and firewalls or anything related to your job.

The conversation should go like this:

Y: "Hey boss, so I hear you want to set up some kinda server.  What the
story?"
B: "We want a file server."
Y: "You need to share files?"
B: "Yes.  We all have to work on the same spreadsheet and it's getting
to be a real pain to send it back and forth between us in email."
Y: <blink>  "A spreadsheet?"
B: "Yes.  We track our offered quotes in an Excel spreadsheet.  Every
morning Cindy sends out the spreadsheet to everyone in an email so
any salesman can answer questions when the prospect calls.  They email
any changes they made to her in the afternoon.  And she consolidates
them and builds the sheet for the next morning.  So, my cousin's
roomate's uncle's stepkid was visiting the other week and says, 'Why
don't you use a fileserver?  Then you can all edit the one copy and not
have to worry about a second call in the afternoon not realizing what
happened that morning.'  I mean, that's a great idea, right?  So that's
what we want to do.  We oughtta get him in here as a consultant."
Y: <cry>

At which point you'll discover the business requirement for a
database or versioning system or CRM or whateverelse.  Which you have
been utterly ignoring for the past year by reading Slashdot instead
of engaging the rest of your company and discovering its business needs.

Your job is to enable your coworkers to do their jobs more
effectively.  The computer should seamlessly integrate into their
task.  If they have to think about it, you've failed.

You support them.  They do not support you.  Check your geekgo and do
your job.

So the answer to your immediate question is:  You set up their
fileserver and acquiesce to every little feature they think that they
need.  And watch it like a hawk.  In doing so, you'll play catchup in
figuring out what they actually need.  And then you can replace that
horror with something better.

..

Great.  Just great.  Now I'm gonna feel managment-dirty all day.
I'll have to pick up a box of scouring pads from the grocery on the
way to the gym this afternoon.

-- 
. ___ ___  .   .  ___
.  \    /  |\  |\ \
.  _\_ /__ |-\ |-\ \__

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ