RE: Internet access from development machines [OT]
Agreed. I can only say how I've seen CyberArk implemented at several sites. It has not been a productive outcome. It might not be implemented well. Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Ken Schaefer *Sent:* Tuesday, 23 January 2018 11:20 AM *To:* ozDotNet *Subject:* RE: Internet access from development machines [OT] Any tool can be badly implement. Poor source control could be just as much a productivity drain poor change management, as much as poor security restrictions. *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com ] *On Behalf Of *Greg Low *Sent:* Tuesday, 23 January 2018 1:18 PM *To:* ozDotNet *Subject:* RE: Internet access from development machines [OT] My concern, is that in several sites, what I now see is frustrated people who can't get their work done, at least not efficiently. Mind you, one of the sites was also worried about power. They have all the developer machines running in a lower-power mode. Uses less electricity but builds now take twice as long, etc. (And for this app, that's a long time). Yet they're discussing how to increase developer productivity. Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Ken Schaefer *Sent:* Tuesday, 23 January 2018 10:11 AM *To:* ozDotNet *Subject:* RE: Internet access from development machines [OT] Tools like CyberArk exist for a good reason. And they can sometimes be beneficial. Our platform admins only need to have a single account now – to login to CyberArk. Before they used to have numerous privileged accounts to login to all sorts of systems, and needed to remember and cycle passwords across all of them. Deprovisioning or altering access when people moved roles or left was a PITA. *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com ] *On Behalf Of *Greg Low *Sent:* Wednesday, 17 January 2018 8:18 PM *To:* ozDotNet *Subject:* RE: Internet access from development machines [OT] Or even if they are connected, you could endlessly block them from getting to what they need anyway: http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/ Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Craig van Nieuwkerk *Sent:* Wednesday, 17 January 2018 7:38 PM *To:* ozDotNet *Subject:* Re: Internet access from development machines [OT] This sounds like a decision upper management would make with no idea how developers work. It is a great idea if you need to make some layoffs and want developers to quit. Craig On Wed, Jan 17, 2018 at 6:18 PM, David Apelt wrote: Team, I have heard of suggestions that internet connectivity should be prevented from developer machines in case a security issue causes a leak of source code or similar. I know some defence companies have two computers on the desktop to prevent this from happening. Outside of defence, what are peoples experiences? Give developers internet connectivity? Have two machines? Maybe give them a remote desktop connection from internet. How many developers in your company that have internet connectivity? Thanks in advance Dave A
RE: Internet access from development machines [OT]
Any tool can be badly implement. Poor source control could be just as much a productivity drain poor change management, as much as poor security restrictions. From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Greg Low Sent: Tuesday, 23 January 2018 1:18 PM To: ozDotNet Subject: RE: Internet access from development machines [OT] My concern, is that in several sites, what I now see is frustrated people who can't get their work done, at least not efficiently. Mind you, one of the sites was also worried about power. They have all the developer machines running in a lower-power mode. Uses less electricity but builds now take twice as long, etc. (And for this app, that's a long time). Yet they're discussing how to increase developer productivity. Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> |http://greglow.me<http://greglow.me/> From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> [mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On Behalf Of Ken Schaefer Sent: Tuesday, 23 January 2018 10:11 AM To: ozDotNet mailto:ozdotnet@ozdotnet.com>> Subject: RE: Internet access from development machines [OT] Tools like CyberArk exist for a good reason. And they can sometimes be beneficial. Our platform admins only need to have a single account now – to login to CyberArk. Before they used to have numerous privileged accounts to login to all sorts of systems, and needed to remember and cycle passwords across all of them. Deprovisioning or altering access when people moved roles or left was a PITA. From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Greg Low Sent: Wednesday, 17 January 2018 8:18 PM To: ozDotNet mailto:ozdotnet@ozdotnet.com>> Subject: RE: Internet access from development machines [OT] Or even if they are connected, you could endlessly block them from getting to what they need anyway: http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/ Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> |http://greglow.me<http://greglow.me/> From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> [mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On Behalf Of Craig van Nieuwkerk Sent: Wednesday, 17 January 2018 7:38 PM To: ozDotNet mailto:ozdotnet@ozdotnet.com>> Subject: Re: Internet access from development machines [OT] This sounds like a decision upper management would make with no idea how developers work. It is a great idea if you need to make some layoffs and want developers to quit. Craig On Wed, Jan 17, 2018 at 6:18 PM, David Apelt mailto:david.ap...@transmax.com.au>> wrote: Team, I have heard of suggestions that internet connectivity should be prevented from developer machines in case a security issue causes a leak of source code or similar. I know some defence companies have two computers on the desktop to prevent this from happening. Outside of defence, what are peoples experiences? Give developers internet connectivity? Have two machines? Maybe give them a remote desktop connection from internet. How many developers in your company that have internet connectivity? Thanks in advance Dave A
RE: Internet access from development machines [OT]
On Jan 23, 2018 12:49, "Greg Low" wrote: My concern, is that in several sites, what I now see is frustrated people who can't get their work done, at least not efficiently. Mind you, one of the sites was also worried about power. They have all the developer machines running in a lower-power mode. Uses less electricity but builds now take twice as long, etc. (And for this app, that's a long time). Yet they're discussing how to increase developer productivity. That's weird. But, if a Dev needs to rebuild the entire app frequently, I'd question the design. Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775 <1300%20775%20775>) office | +61 419201410 <0419%20201%20410> mobile│ +61 3 8676 4913 <(03)%208676%204913> fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Ken Schaefer *Sent:* Tuesday, 23 January 2018 10:11 AM *To:* ozDotNet *Subject:* RE: Internet access from development machines [OT] Tools like CyberArk exist for a good reason. And they can sometimes be beneficial. Our platform admins only need to have a single account now – to login to CyberArk. Before they used to have numerous privileged accounts to login to all sorts of systems, and needed to remember and cycle passwords across all of them. Deprovisioning or altering access when people moved roles or left was a PITA. *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com ] *On Behalf Of *Greg Low *Sent:* Wednesday, 17 January 2018 8:18 PM *To:* ozDotNet *Subject:* RE: Internet access from development machines [OT] Or even if they are connected, you could endlessly block them from getting to what they need anyway: http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/ Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775 <1300%20775%20775>) office | +61 419201410 <0419%20201%20410> mobile│ +61 3 8676 4913 <(03)%208676%204913> fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Craig van Nieuwkerk *Sent:* Wednesday, 17 January 2018 7:38 PM *To:* ozDotNet *Subject:* Re: Internet access from development machines [OT] This sounds like a decision upper management would make with no idea how developers work. It is a great idea if you need to make some layoffs and want developers to quit. Craig On Wed, Jan 17, 2018 at 6:18 PM, David Apelt wrote: Team, I have heard of suggestions that internet connectivity should be prevented from developer machines in case a security issue causes a leak of source code or similar. I know some defence companies have two computers on the desktop to prevent this from happening. Outside of defence, what are peoples experiences? Give developers internet connectivity? Have two machines? Maybe give them a remote desktop connection from internet. How many developers in your company that have internet connectivity? Thanks in advance Dave A
RE: Internet access from development machines [OT]
My concern, is that in several sites, what I now see is frustrated people who can't get their work done, at least not efficiently. Mind you, one of the sites was also worried about power. They have all the developer machines running in a lower-power mode. Uses less electricity but builds now take twice as long, etc. (And for this app, that's a long time). Yet they're discussing how to increase developer productivity. Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Ken Schaefer *Sent:* Tuesday, 23 January 2018 10:11 AM *To:* ozDotNet *Subject:* RE: Internet access from development machines [OT] Tools like CyberArk exist for a good reason. And they can sometimes be beneficial. Our platform admins only need to have a single account now – to login to CyberArk. Before they used to have numerous privileged accounts to login to all sorts of systems, and needed to remember and cycle passwords across all of them. Deprovisioning or altering access when people moved roles or left was a PITA. *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com ] *On Behalf Of *Greg Low *Sent:* Wednesday, 17 January 2018 8:18 PM *To:* ozDotNet *Subject:* RE: Internet access from development machines [OT] Or even if they are connected, you could endlessly block them from getting to what they need anyway: http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/ Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Craig van Nieuwkerk *Sent:* Wednesday, 17 January 2018 7:38 PM *To:* ozDotNet *Subject:* Re: Internet access from development machines [OT] This sounds like a decision upper management would make with no idea how developers work. It is a great idea if you need to make some layoffs and want developers to quit. Craig On Wed, Jan 17, 2018 at 6:18 PM, David Apelt wrote: Team, I have heard of suggestions that internet connectivity should be prevented from developer machines in case a security issue causes a leak of source code or similar. I know some defence companies have two computers on the desktop to prevent this from happening. Outside of defence, what are peoples experiences? Give developers internet connectivity? Have two machines? Maybe give them a remote desktop connection from internet. How many developers in your company that have internet connectivity? Thanks in advance Dave A
RE: Internet access from development machines [OT]
Tools like CyberArk exist for a good reason. And they can sometimes be beneficial. Our platform admins only need to have a single account now – to login to CyberArk. Before they used to have numerous privileged accounts to login to all sorts of systems, and needed to remember and cycle passwords across all of them. Deprovisioning or altering access when people moved roles or left was a PITA. From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of Greg Low Sent: Wednesday, 17 January 2018 8:18 PM To: ozDotNet Subject: RE: Internet access from development machines [OT] Or even if they are connected, you could endlessly block them from getting to what they need anyway: http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/ Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com<http://www.sqldownunder.com/> |http://greglow.me<http://greglow.me/> From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> [mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On Behalf Of Craig van Nieuwkerk Sent: Wednesday, 17 January 2018 7:38 PM To: ozDotNet mailto:ozdotnet@ozdotnet.com>> Subject: Re: Internet access from development machines [OT] This sounds like a decision upper management would make with no idea how developers work. It is a great idea if you need to make some layoffs and want developers to quit. Craig On Wed, Jan 17, 2018 at 6:18 PM, David Apelt mailto:david.ap...@transmax.com.au>> wrote: Team, I have heard of suggestions that internet connectivity should be prevented from developer machines in case a security issue causes a leak of source code or similar. I know some defence companies have two computers on the desktop to prevent this from happening. Outside of defence, what are peoples experiences? Give developers internet connectivity? Have two machines? Maybe give them a remote desktop connection from internet. How many developers in your company that have internet connectivity? Thanks in advance Dave A
RE: Internet access from development machines [OT]
There’s an endless amount of things that “could go wrong”, and no possible limit on the amount of money you could spend trying to mitigate these things. Security is about managing the trade-offs between “getting things done” and “risk”. Is leaking source code the biggest risk you currently face? Maybe it is, maybe it isn’t…I don’t know. From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On Behalf Of David Apelt Sent: Wednesday, 17 January 2018 6:18 PM To: ozdotnet@ozdotnet.com Subject: Internet access from development machines [OT] Team, I have heard of suggestions that internet connectivity should be prevented from developer machines in case a security issue causes a leak of source code or similar. I know some defence companies have two computers on the desktop to prevent this from happening. Outside of defence, what are peoples experiences? Give developers internet connectivity? Have two machines? Maybe give them a remote desktop connection from internet. How many developers in your company that have internet connectivity? Thanks in advance Dave A
RE: Internet access from development machines [OT]
Or even if they are connected, you could endlessly block them from getting to what they need anyway: http://blog.greglow.com/2018/01/09/opinion-treat-staff-like-adults/ Regards, Greg Dr Greg Low 1300SQLSQL (1300 775 775) office | +61 419201410 mobile│ +61 3 8676 4913 fax SQL Down Under | Web: www.sqldownunder.com |http://greglow.me *From:* ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] *On Behalf Of *Craig van Nieuwkerk *Sent:* Wednesday, 17 January 2018 7:38 PM *To:* ozDotNet *Subject:* Re: Internet access from development machines [OT] This sounds like a decision upper management would make with no idea how developers work. It is a great idea if you need to make some layoffs and want developers to quit. Craig On Wed, Jan 17, 2018 at 6:18 PM, David Apelt wrote: Team, I have heard of suggestions that internet connectivity should be prevented from developer machines in case a security issue causes a leak of source code or similar. I know some defence companies have two computers on the desktop to prevent this from happening. Outside of defence, what are peoples experiences? Give developers internet connectivity? Have two machines? Maybe give them a remote desktop connection from internet. How many developers in your company that have internet connectivity? Thanks in advance Dave A
Re: Internet access from development machines [OT]
This sounds like a decision upper management would make with no idea how developers work. It is a great idea if you need to make some layoffs and want developers to quit. Craig On Wed, Jan 17, 2018 at 6:18 PM, David Apelt wrote: > Team, > > I have heard of suggestions that internet connectivity should be prevented > from developer machines in case a security issue causes a leak of source > code or similar. > > I know some defence companies have two computers on the desktop to prevent > this from happening. > > Outside of defence, what are peoples experiences? Give developers > internet connectivity? Have two machines? Maybe give them a remote > desktop connection from internet. How many developers in your company > that have internet connectivity? > > Thanks in advance > Dave A >
Re: Internet access from development machines [OT]
Lots of version control systems rely on internet connectivity, they might be firewalled but they are still connected. On Jan 17, 2018 17:59, "Stephen Price" wrote: > I did some Angular 2 Dev in 2016 while it was in late beta. Our internet > was whitelisted. > > It was horrible and whoever implements this on their developers hates > them, and should be stabbed. > > The whole JavaScript Dev debacle is hard enough WITH full internet access. > Just don't. > > There must be a solution to your issue with security perspective, but > there is a wrong way to go about it. > > cheers, > Stephen > > On 17 Jan. 2018 3:18 pm, David Apelt wrote: > > Team, > > I have heard of suggestions that internet connectivity should be prevented > from developer machines in case a security issue causes a leak of source > code or similar. > > I know some defence companies have two computers on the desktop to prevent > this from happening. > > Outside of defence, what are peoples experiences? Give developers > internet connectivity? Have two machines? Maybe give them a remote > desktop connection from internet. How many developers in your company > that have internet connectivity? > > Thanks in advance > Dave A > > >
Re: Internet access from development machines [OT]
I did some Angular 2 Dev in 2016 while it was in late beta. Our internet was whitelisted. It was horrible and whoever implements this on their developers hates them, and should be stabbed. The whole JavaScript Dev debacle is hard enough WITH full internet access. Just don't. There must be a solution to your issue with security perspective, but there is a wrong way to go about it. cheers, Stephen On 17 Jan. 2018 3:18 pm, David Apelt wrote: Team, I have heard of suggestions that internet connectivity should be prevented from developer machines in case a security issue causes a leak of source code or similar. I know some defence companies have two computers on the desktop to prevent this from happening. Outside of defence, what are peoples experiences? Give developers internet connectivity? Have two machines? Maybe give them a remote desktop connection from internet. How many developers in your company that have internet connectivity? Thanks in advance Dave A
Internet access from development machines [OT]
Team, I have heard of suggestions that internet connectivity should be prevented from developer machines in case a security issue causes a leak of source code or similar. I know some defence companies have two computers on the desktop to prevent this from happening. Outside of defence, what are peoples experiences? Give developers internet connectivity? Have two machines? Maybe give them a remote desktop connection from internet. How many developers in your company that have internet connectivity? Thanks in advance Dave A