Date: Tue, 27 Sep 2005 21:55:58 -0400
From: The Latest Monkey
To: jwz@jwz.org
Subject: xscreensaverI've been looking through all the xscreensaver documentation, but cannot seem to find a way to over-ride the checking of ~/.xscreensaver. We want to set one system-wide default for all users and not allow them to have their own custom prefs saved. We want this to ensure everyone has the screensaver enabled after x minutes with locking enabled. Do you know of a solution to this issue?
Date: Tue, 27 Sep 2005 19:10:49 -0700
From: Jamie Zawinski <jwz@jwz.org>
To: Monkeyboy
Subject: Re: xscreensaver> We want to set one system-wide default for all users
You can do that by editing the global app-defaults/XScreenSaver file.
> and not allow them to have their own custom prefs saved.
That's impossible. Even if you were to modify xscreensaver, you can't stop them from downloading their own copy of xscreensaver from my web site unless you only give them computers that are bolted down, locked shut, not connected to the internet, and don't have CD drives or USB ports. You also can't stop them from simply not running it in the first place.
> Do you know of a solution to this issue?
Yes. Treat your co-workers as co-workers instead of as criminals or children. Set the policy and expect your colleagues to follow it because it is their job to do so, and not because of some halfassed technical impediment.
Request permission to quote in any and all forthcoming books on management, strategy, IT, marketing, internet marketing and damn where any I can.
One of the best said statements on the workplace in ages.
Set the policy and expect your colleagues to follow it because it is their job to do so.
Ha. Like most employees ever follow any corporate policy unless forced to do so (or threatened to do so).
If it's their job to follow the policy, it's inherently coercive. Follow policy, continue with job. Breach policy, have problems.
I would like to try to get people away from the idea that you have to add an extra layer of threat and punishment courtesy of a technical solution (We Should Filter Everything That Bad People Could Use To Do Bad Things) when you could try to not punish everyone for the misdeeds of a few.
Too true.
I think that's the problem with most jobs today. See, I thought my job was to find problems in software, apparently my real job is to read and follow policy.
If employees weren't so shit-scared about policy, they might be able to actually focus on their tangible business-oriented job functions.
That being said, no one in my company actually follows all the stated policies, about half of which the entire executive team admits are CYAs and not really expected to be followed. (Except for those policies that I wrote, of course. :) )
Well all policies contain an implicit threat, at least if you're working for an "at-will" employer.
And these days, who isn't?
The only friends of mine who aren't, are teachers.
Well, anyone in academe. I work for a large state university. I'm a pretty good employee, as short-tempered drunks go, but if I ever just, like, quit working, it would take a year of paperwork to dislodge me.
Those of us working in a country with reasonable employment laws?
i would argue that if employees aren't following the policy, there's a decent chance that it's a bad policy. either that or an exceptionally poor job is being done of motivating the employees.
If you're ever in any leadership position, you now have something to stare at and meditate over for hours on end to clear your head of the stupids. Best to take your "perseverence" poster with the kayak team down and put that statement up in its stead.
No. If you give the morons an option, they'll still try to install dancing baby screen savers, they'll still open attachments from their friends (because it came from their friend, so it must be safe), and they'll still choose passwords like "dragon" and "hello".
Here you go, this will look way better on your wall than some guy on a mountain:
Treat your co-workers as co-workers instead of as criminals or children. Set the policy and expect your colleagues to follow it because it is their job to do so, and not because of some halfassed technical impediment.
But seriously, if you treat your coworkers with contempt, you deserve contemptible coworkers.
If they’re running XScreensaver, what do you care whether they open attachments and so forth? They can’t be running Windows or Office. How many macro viruses have you gotten from StarOffice or KOffice?
Studies show that users forced to adhere to complicated password policies write them down and tape them to their monitors. Safety?
Studies show that users forced to adhere to complicated password policies write them down and tape them to their monitors. Safety?
Depends. If the threat is "protecting against intruders coming in through the network", then yes, a complicated password taped to the monitor provides increased safety.
If the threat is "disgruntled co-workers attempting to masquerade as you" or "industry spies breaking into the office after hours", then not.
For every intruder on the network attempting to crack their passwords, there are twenty disgruntled employees attempting to wreak havoc from the inside. Network threats are mostly automated attacks, viruses and DDOSes.
MediaWiki gets that shite all the time. I suspect most installations are on corporate intranets. So of course the first thing people ask for is how to install this software designed for world-wide open reading and contribution, and lock it down in ways that are either actually impossible or so stupidly difficult it's clear they're trying to use a carriage-whip as a screwdriver. The usual answer is "Locking it down in the manner you describe is completely contrary to its design and structure and is unlikely to be a feature of any priority in the foreseeable future." I fully expect a fork in the near future dedicated to a corporate version of MediaWiki meant to implement full security of the type demanded by morons and by its nature absolutely chock-full of holes.
unless you only give them computers that are bolted down, locked shut, not connected to the internet, and don't have CD drives or USB ports
Right now, he's probably rubbing his chin, going, "you know, I never thought of that..."
What's interesting about the implicit issue here is the amount of time and inherently money that goes into this sort of thing without close cost/benefit analysis.
I had been in charge of a LAN for a TV station for about a year. We built up our own infrastructure and had cablemodem service and whatnot. The policy we had set up was basically, if the work you need to get done is done when it needs to, if you want to hit Yahoo or eBay on your break, you've probably earned it, just stay off the adult sites.
Then corporate decided we needed a WAN and took the whole thing over. Naturally the content filtering went in a month later, and corporate IT wasn't prepared to think that department heads might actually use eBay to save the company money. It took another month for them to figure out how to poke holes in the policy so that selected computers could get through.
And suddenly reporters researching health-related topics were getting locked out because they were accessing "questionable" websites.
This is not to say that somebody in the building wasn't abusing their priveledges, someone probably was. Our management argued that it should be the supervisor's job to detect if someone's work wasn't getting done, which would indicate a problem. How many manhours between corporate and local were wasted implementing and then selectively breaking this policy? Did it equal the amount of time "wasted" by non-work eBay browsing?
Meanwhile, of course, the pornspam and viruses just kept rolling into everyone's brand-new Exchange mailboxes...
The guy could have just written a script to delete all of the .xscreensaver files in everyone's home directories periodically if he is so desperate.
Wish you did management seminars.
"Shut the Fuck Up, You Dumb Fuck: Inspiring Employees the jwz Way"
You know, here in Chile we have a Senator that does exactly that kind of stuff. He gets paid a gazillion dollars for it.
That is pretty impressive. It's like three parts blind punk rage and two parts weasely corporate slogan. It's like someone sent the demotivator posters to the wrong address, and they're only now tickling the back of some pinstripe nimrod's brain.
I am willing to bet that a thick Chilean accent would make it all perfect, though.
That would be the best seminar ever.
I hate corporate douchebaggery as much as anyone, but do keep in mind that healthcare organizations are required by the HIPPA privacy laws that screensavers must come on after a short period of time and that users should not be able to override this.
Are you SERIOUS?
Jesus.
I've heard health care people complaining about HIPPA but I had no idea it was so... nanny-ish.
And you're not supposed to keep your passwords on a postit note on your monitor. But you can keep them on a postit note inside a 'secure' container, like a locked desk drawer. HIPAA is all kinds of fun.
Unfortunately, it's also needed. This is an industry that still isn't quite sure why you shouldn't email identified patient information in plaintext.
HIPPA also requires that all data about a patient be destroyed exactly two years after that patient's death. Imagine implementing this heuristic for backups.
The law does not take implementation concerns into account. Ever.
This is not true. Whoever interpreted hippa this way was mistaken.
164.312(2)(iii) Automatic logoff (Addressable). Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
It is generally accepted that a screensaver with password that comes on after a short period of inactivity meets this rule. There is lots of information online about this.
I need a screensaver that makes it looks like I am in the middle of editing my boss's medical records.
I had this problem when I worked at a university, one of the student workers was continually on AIM when she had other work to do. Her manager came to me and asked me to keep the student from connecting to AIM. The conversation paraphrased:
Me: "You've caught her on AIM repeatedly after telling her repeatedly to not use AIM?"
Manager: "Yes."
Me: "And she's not a full time employee past her probationary period?"
Manager: "No."
Me: "Well, the thought occurs that you're trying to find a technical solution to an HR problem. And if you block AIM she's just going to find another way to fuck off at work. So I think you guys need to have a talk."
Manager: *hrmph*
Really, this passive-aggressive management style and fear of confrontation with slacking/insubordinate employees needs to stop.
jwz for president.
Is this what they mean when they say Linux isn't enterprise ready?
If you want a SunRay you know where to find it.
There is one situation where I can understand why this would be wanted. If the 'workers' really are children. I spent two years working in a High School and without at least some measure of technical enforcement (or auditing) many a student will run riot on you for the sheer thrill of doing so or to impress their peers. The argument often goes that it's a discipline problem and I'd agree with that. But some students will still act up no matter how hard you come down on them and if you don't have a measure of technical safeguards your workstations will quickly descend into chaos. Students love changing that scrolling text screensaver in Windows so that it reads "X is a slut/skank/fag" or some other unpleasantness.
"Students love changing that scrolling text screensaver in Windows so that it reads "X is a slut/skank/fag" or some other unpleasantness."
Yeah, but that's about all they'll do. When I was in high school we had a bunch of computers that were barely locked down at all. The marquee screensaver got changed to "This class sucks" all the time, but that was it.
Halfway through my 5 years there we got new computers. They had Bess on them, which got in the way of actual research. (We circumvented Bess by running Netscape Navigator Gold 3.04. I guess I should thank JWZ for that). Furthermore, I lost two nights of work on the yearbook when the computers were, without warning or precedent, reimaged by the sysadmins.
I'm siding with him on this one. Punk kids are a minor nuisance, Holier than thou administrators are pure hell.
So give them a fucking kiosk instead of a computer!
Look, I maintain computers in a bar. With drunk people. People who were stupid before we sold them things that make them stupider. I know from hostile users. If you don't trust them, you don't trust them, but don't expect them to be able to make use of the tools you give them unless those tools work. If all someone needs to do their job is a web browser and an AIM client, then only give them that. But if they need to actually use a computer then you're going to have to trust them enough to not fuck it up, because the ability to fuck it up goes hand in hand with actually being able to make the box do what the box is for.
at the risk of incurring The JWZ Rage, what is so wrong about wanting all computers on a network to screen-lock after a certain ammount of time? I can think of about a hundred perfectly reasonable cases where that would be very desirable. Companies generally like uniform security policies, and it certainly sounds like that's all they want to do.
Isn't this like the fifth time I've said this here? Are you posting without reading the comments first?
There is nothing wrong with that being company policy, and the default behavior.
There is everything wrong with crippling your employees' machines because you don't trust them enough to follow your policies. Especially since this sort of thing is only truly enforcable via employment contract, not through technical means.
I realize this is probably outside the scope of this posting, but did Monkeyboy make an attempt to defend his point of view?
The discussion here has shown that there are semi-legitimate reasons to desire such a thing (ignoring the side of the conversation about halfassed technical impediments, the role of kiosks in such a lock-down environemtn, etc).
I'm really curious if Monkeyboy had a real reason for wanting this (HIPPA or the like), or if Monkeyboy is just implementing draconian rules 'cause his boss told him to.
He did not, and I think there's zero chance he had any reason other than "my boss told me to".
I haven't seen any semi-legitimate reasons here. Only stupid ones that are just "my boss told me to" dressed up with bigger words.