top | item 40558850

(no title)

tempie2024 | 1 year ago

That is a hard one. Best to report it I think.. but it is not clear cut in general.

There would be times when going against your employer by blowing the whistle or covering up is the more moral thing to do.

Deciding where that line is not simple and there is no guide.

discuss

ozr|1 year ago

It's a guy browsing the internet a bit. This is not some deep philosophical question. You're just advocating being the type of person we'd all hate to work with.

kortilla|1 year ago

“It’s a guy browsing the internet a bit” can be game over from a security perspective. Some machines should never execute code from public web pages, full stop.

So it is a philosophical question of why the restrictions were in place in this scenario. If it was “employee productivity”, then sure, who cares. If it was an IRS computer with thousands of people’s tax returns on disk and access to millions more, then reporting was the right move.

tracker1|1 year ago

You never know... I've seen an instance where it turns out an employee was watching pr0n at work and downloading the materials to their shared profile directory. Discovered when the IT Admin was requesting a new NAS server because the current shares were full.

edit: to be clear, it wasn't the admin downloading the content.

techproblems|1 year ago

I can't agree. By far the biggest lesson that you can verify even on this thread, is that the biggest tech problems are actually people problems. Even things like tech debt are all over the place framed as project/people management rather than tech stuff at its fundamentals.

The comment already established the senior sysadmin is generally a valuable person who does a lot to flourish the company. Going out of the way to be a encumbrance towards someone who is verifiably doing their job anyways, means you're actively creating a people problem. I;d rather people learn the correct, bigger lesson here.

eru|1 year ago

> By far the biggest lesson that you can verify even on this thread, is that the biggest tech problems are actually people problems.

The opposite lesson is also useful: sometimes you can turn people problems into tech problems, and that's how you can 'solve' them.

Slightly hypothetical scenario: assume your team keeps all the source code on a shared drive. You are supposed to coordinate with your coworkers before touching any code. Sometimes that goes wrong, and looks like a people problem.

If you introduce eg git and automated-tests-before-merging, you can turn that into a technical problem.

My thesis is that organisations (and people in those organisations) can only solve so many people problems. If you lighten the load by automating some of the problems into tech problems, you have more levity on the remaining people problems.

(This happy state of affairs isn't always possible. And sometimes it can backfire.)

kaba0|1 year ago

Why would it be good to report it? Depending on what “infrastructure” stands for here, unless it is something absolutely unwise security-wise, why?

michaelt|1 year ago

When I was young, I thought that being a man of my word meant that, as I'd given my employer my word that I would follow their security policy, I should follow it to the letter - for example, never holding the door open, even for a colleague I'd worked alongside for a long time.

And I thought that petty rulebreaking was a corrosive force, something that would snowball into bigger problems down the road. As a man of honour I would work precisely my contracted hours, never a minute less, I would consider it shameful if someone so much as stole a pen from the office. The rest of the team is heading to the pub at 4pm after a lengthy day of planning meetings? Sorry guys, I don't finish until 5:30pm.

Later in my career I chilled out a lot, and learned that the actual rules are often different (and a lot more nuanced) than the written rules. And that if you've worked with a guy for a decade you can, in fact, hold the door open for him and the sky won't fall down.

mierz00|1 year ago

Your values are the guide.

If your values are to report someone to win brownie points with your boss, it’s probably time to revisit them.

Another great guide is asking yourself what you’re trying to accomplish.

mr-wendel|1 year ago

Imaging to do different was only one part of the lesson. The other, and bigger, part is acknowledging the difference between wanting to do the right (for not just me) thing versus that was sure to score points with authority.