I’m normally a pretty binary guy. There are very few shades of grey in my world. There’s right and wrong. Black and white. Moral or immoral. But sometimes I just can’t make up my mind, and this is one of them.
Vancouver operations manager John Mang sent out this directive today:
Do not, under any circumstances, install any applications / programs on DaletPlus workstations. Installation of non-CBC software must be done by our radio maintenance team, and requires my express approval.
Why?
The operational parameters of DaletPlus are very specific and can be adversely affected by other applications. These effects can be local to your computer, or spread to other computers and even infect the networks.
(Translation: There’s a chance, as with any software, that something you install could conflict with another app on your system.)
John goes on to warn that in “the very near future,” all DaletPlus workstations will be “locked to ensure the ongoing reliability of the system.” More than that, any “non-approved applications” are going to be removed — along with all related data.
Take that, you naughty iTunes installers! You know who you are!
Listen, John’s a good guy and I know he’s not doing this because he’s having a bad day today. Having spent a lot of my career in I.T. I get the logic at work here. Having a “clean-slate” computer is always easiest to support. And frankly, left to our own devices, many of us plebs would install all sorts of weird-ass software.
But.
A far bigger risk to CBC workstations is actually our web browser standard: IE6. Its “Active X” technology can install all sorts of crap on workstations. I’ve seen far too many people blindly click Yes on pop-ups that say “Do you want a fancy-pants toolbar for your browser?” and then wonder why their computer is slow, Dalet crashes, etc.
Applications aren’t our big problem. Our web browser standard is.
We need to move to Firefox, and fast.
|
Email This Post |
| Workstations and Desktops |
Dedicated stations are the most reliable, and if you care about the network and your co-workers who use it, then you can easily applaud Mang’s helpful enforcement of strict use of a terminal’s software.
Bring your iBook if you want to have fun.
Firefox really rocks, doesn’t it?
Awesomely bitchin’ in George speak.
Why on earth did anyone get admin or power user privileges on those stations?
Without that level of system rights a “Standard” windows user should not be able to install anything “moderately” dangerous to the network onto the system.
Don’t blame the users, they don’t know better. Instead let’s point the blame at the people who a) didn’t set the policy correctly, b) didn’t implement it correctly, or c) execute it access controls correctly (os vendor)
I’m waiting for IT to finally lock us down so that we don’t have local admin rights on our Windows boxes. I know a lot of people will complain, but it will make supporting the workstations a heck of a lot easier - and probably reduce the incidence of virus infections by orders of magnitude.
Well locked down workstations are nothing new. The DALET station I am working on right now is locked down. It won’t let you run exe files, although there are ways around it if you’re smart about it. That’s important because I am in a station with no local IT support. They aren’t going to fly in someone just to install an ftp client on my computer.
BTW, Firefox is not one of the approved pieces of software
It has problems with iMusique and I think REPO database as well. If they started putting it on machines, support would get all kinds of calls asking why those web based apps won’t work.
Re: Firefox as the corporate standard. I know there was some talk about this a few years ago and the plan was to make it the standard…
However….
HR under your fingernails (hr.cbc.ca) came along and doesn’t work in firefox.. so IE it is.
Buried in this I find a potentially deeper problem.
It’s already quite straightforward to lock down IE - even IE6 - so that ActiveX controls simply won’t install. It won’t even ask the user. It just won’t do it.
But … as a big company, I’m making an educated guess that the CBC has some internal, intranet, applications that run using ActiveX. And - locking down the browser would kill those applications.
This is always the downside of locking down the browser settings. Heck, my copy of IE at home - where I used Firefox - is so locked that you can’t even sign-on to most websites!
If you do have those ActiveX applications lurking about - and the place to start looking would be either HR, accounting, or purchasing - then not only will you not lock down IE, you won’t switch to Firefox either.
i’m waiting for someone to buy programming production software that works, simply and easily and does what it we need it to do.
dalet is a beast, and while it appears dalet plus will be better, it still thinks of sound files as something other than a sound file — something that needs huge amounts of infrastructure and silliness to manipulate and send across the country.
it’s a damn MP3 — or wav file — and not some new fangled digital nightmare that needs to be managed.
my vote goes for adobe audition loaded autonomously (unlimited tracks!!!! simple editing!!!! intuitive interface!!!!) and a simple file sharing /archiving program with a player interface for broadcast.
Cumbersome software systems only lead to cumbersome IT problems resulting in cumbersome solutions, (like locking down workstations).
Firefox as standard isn’t an option, as we have IE-only internal web apps. (I know, I know, welcome to the nineties.)
Anyway Julian et al are right, it’s definitely not as much of a threat as users doing crazy things (”Hey look, someone just mailed me a dirty needle! Think I’ll stick it in my arm!”)
My concern is that the apps that are approved will be too limited. For example, Adobe Audition has all kinds of effects that are useful in doc making. Will it be allowed?
I use firefox for exactly everything, except the few lame internal ceeb pages that call for IE. what, are we subsidising microsoft or something?
also, I grow weary of the attitide… which comes up in some of these posts, that the IT department somehow runs the company.
We’re broadcasters, people. IT is there to help us do that. Not to slap us on the wrist when we don’t do stuff their way.
“We’re broadcasters, people. IT is there to help us do that. Not to slap us on the wrist when we don’t do stuff their way.”
Securing workstations so that they remain usable does actually count as help. Making sure that limited resources are used effectively? Also help. Setting it up so that you don’t waste half your time dealing with worms and viruses, or jumping for the delete key to get rid of gross-out porn spam, and that you can continue to use the applications that you need to do your job without them being broken by irrelevant applications that have nothing to do with your job? Similarly help.
I’m no IT booster, and I’m no saint when it comes to use of computing resources, but that letter was not a slap on the wrist. It was a professional doing their job with a lot more politeness than they were required to employ. A slap on the wrist would be locking down your desktop box and re-imaging it on a nightly basis.
The official word in Vancouver is NO FIREFOX. I have not been given an official reason for this, but as it is our new online timecard system (and many other apps like Imusique) won’t work with FF. But doesn’t mean it conflicts with using IE for those programs.
If they want us to use IE exclusively - fine. Just don’t look at us when the next virus appears.
I can understand the desire to not crash the new D+ after spending a whack of $ on it. But at the same time, do they really think we’re going to be installing illegal P2P programs?
John did say in the message that some software we require will need to be approved - so my old copy of CoolEdit2000 is fine as long as I tell I.T. I’m using it.
right on j, I totally agree, the problem is nothing that covers our needs exists, and custom software is usually a bad idea, although if you can keep the custom software to the minimum, and just integrate existing pieces and do a good job of doing it, say Audition + MySQl for media management + wxWidgets for making simple onair players and such, its certainly possible.
again, I don’t think it’s ITs place to be giving “slaps on the wrist”, whether they’re deserved or not.
If people are messing up their computers with apps not relevant to their jobs deal with them. Ditto if they’re polluting workstations with pop-up spam.
As for the rest of us, I don’t buy the line that it’s the IT department’s job to exercise all sorts of control and tell me how to use the equipment. If anyone, that role belongs to management.
And John Mang *is* management — the ops manager, in fact. It seems to me it *is* his role to look out for problems with newly installed programs, like DaletPlus, that are essential for putting programming on air.
he might manage the IT deparment but he doesn’t manage me.
IT is there to help us do our jobs, not stifle us.
Another option is to emerge from the Stockholm Syndrome and stop using Windows.
Check your IE-only applications, all of which should be thrown out, two ways: In stock Opera, and in Opera and Firefox with the user-agent string customized to pretend it’s IE.
IE6 + Windows is the most impoverished Web-browsing environment in current usage. The sooner you get away from it, the better.
Maybe we should just sell our Windows licenses on eBay, give everyone a link to the Ubuntu ISOs, and have the ghost of Rodney Dangerfield spontaneously assemble a party in the Atrium.
Maybe you should just look at the slim minority of Macintosh users in the building who never ever have the trouble you do.
For Unix-related stuff, I am one of those users. We’ve got our own troubles, let me tell ya (like a bunch of corporate apps we can’t easily use, even by faking the User-agent header). There are also more than a few non-web applications that I need to keep an old Windows machine around for, because they’re simply not available for, or run like cold molasses on the Mac.
Also, I’ve previously worked at a fairly large all-Mac shop (and I mean all, from the CSRs to the CEO via the datacenter), and it’s not the network Utopia you might think, though it is easier to lock things down.
Being one of the IT hacks who’s running around taking away everybody’s right to install Legend of the Red Dragon and DOOM on the webservers I have to say that this is a pretty benign situation, but of course I have a bias. There is a constant balance that needs to be found between allowing users to do whatever they want when they have occasional needs that aren’t encompassed by whatever the current set of corporate standards are and making sure that the core services that are deemed broadcast critical (like Dalet) are (as) always available (as possible). I am sure that none of the gentle posters on this article are guilty parties, but I’ve seen and heard of some pretty absurd things being installed on various systems that should have been locked down… audio encoders being used for surfing the web, video games installed on video editing workstations… that sort of thing. As Lee R. points out, if you have software you need to do your job there’s a very, very good chance you can get an exemption from the official policy. Just check with your local PC support folks, the ITSC or if you can’t get what you need there you can call me, I’ll try to put you in touch with the right person; I’m easy to find, there aren’t that many Gabriels in IT.
As far as windows, IE, etc. go… well, I think the situation is somewhat overstated. IE stinks, but it doesn’t stink *that* badly and Firefox is far from perfect. I’m a dyed in the wool non-Windows user, I have a Mac and a Linux workstation in the office, support Linux servers for a day job and use a Mac and some FreeBSD servers at home but IE is not *as* bad as a lot of people say. I’d sooner support a locked down WinXP box running IE than a desktop Linux box where every user had root. In my experience most problems with Windows workstations actually boil down to unrestricted privs (often due to design limitations of Windows) and lack of patching (for long standing issues), very few people get hit by 0 day exploits. Storm in a teacup. I think it’s a matter of perspective.
No, Gabriel, IE6 really *is* “that bad.” No tabs, terrible standards compliance (don’t discount that; CBC Web developers spend half their time fixing IE6 bugs), and simply insane user-interface bugs, like duplicating the current page (in-use form fields and all) when you want a new *blank* document. Plus of course an absolutely rampant an neverending list of security bugs.
Custom versions of Firefox and Opera with specific settings are easily obtained. There’s no reason *at all* why every CBC workstation can’t have *two* browsers. Everybody who reads this blog has at least two on their home computers.
And I forgot the very biggest user-interface deficiency of IE6, much worse than absence of tabs: Text resizing. Apart from the fact that IE6 (*and IE7*!) cannot resize text sized in pixels (px), which you scarcely ever find on standards-compliant sites, the big problem is you’ve got nothing but two sizes smaller and two sizes higher than your current size, IE6 calculates font sizes incorrectly in the first place, and you have no real keyboard shortcuts (Ctrl-plus and -minus).
People who complain they don’t like Web probably don’t like the ugly, small-type Web that IE6 sticks them with. If you have to use Windows, then XP or Vista with an LCD monitor, font smoothing turned on, and Firefox or Opera is a pleasant browsing experience.
Really, IE6 is about as useful in 2007 as VisiCalc. Time has marched on.