Some lights have separate segments where it's only straight or only left-turn. Pedestrians only have the walk sign during the straight traffic.

True but it is uncommon. It is indicated by a *red* left arrow light. I think that works.

However if there is only a green left arrow light that turns off when opposing traffic starts moving, you are still allowed to turn left, though you have to wait for a gap in the oncoming traffic. For obvious reasons (the driver is looking only at the oncoming traffic) this is when the pedestrians are hit.

> Don't listen to the amateurs. Block by default, require business justification

So your boss emals you and asks you to implement a policy (read the post) - in my opinion it is business justifiend enough, at least his (boss) responsibility. Just doing your job is not amateur in my opinion. If it is extremely stupid you should go on and warn him but nevertheless don't object and do your job.

> and offer a risk assessment for all exception requests,

This is fair - given boss request you reply - OK I'll do that but it introduces certain risks. Right on it while you review the risk assesment. Amateur enough?

> monitor and report suspicious activity.

This is obvious - it does not hold you from doing your job (what your boss expects you to do).

> Don't trust your internal users.

What does it mean?

> Segment wherever possible. Plan for failure. Exercise recovery plans. Due diligence.

Yes.

> It is the Company's network connection, block whatever you like.

If you are the owner of course.

> But, and this is important, have an easy mechanism where a user
> can submit an url,

Browsers adress bar easy enough?

> an admin can verify it is a legitimate business related site, and have the
> site whitelisted immediately. That way you can block "Big Butt Russian
> Teens" or whatever, but when the SmartFilter(tm) randomly decides
> that Fairchildsemi.com contains "adult content, sports, gambling and
> lotteries" (happened to me) the legit business use is not impeded.

Oh great. So now an admin administering f.e. 5k users network should also babysit them? :)

Consider that your company relies heavly on email usage. It is probably more important service than web - you could function without web browsing I guess... but without email service - you can all go home for what I guess. Email works similar to web - there are emails sent back and forth, emails are interpreted in client, emails can contain files (like downloads) etc. Now I don't see you arguing that you should have an admin looking and verifing every email sent to your user right? That would be extremely stupid and retarded right? Well you are sugesting exactly same stupid and retarded method for the web. Just use email scanning technologies for your email like you would use web scanning technologies for your web. Don't be retarded.

> If you want to allow open downloading, provide a restricted AV protected share
> to retrieve downloaded files, if you do not want to allow open downloading,

You DO realise that AV usually fails?

> provide one anyways but require an IT person to review it manually.

OK so from now on exept from your usuall duties as an IT administrator (I like them) now you also need to review files downloaded by 1000 users. Expect calls when urging you to review downloaded files. Expect angry people. And how you will review these files anyway? What if these files to be review are sensitive data (like medical, financial) that are not for IT eyes? Does not scale well isn't it? Legal problems no?

> Reimage nightly if paranoid.

Why nightly? Why not every 17 minutes? Why not spawn new image on every access - certainly possible.

While I agree on your view about access policy one thing struck me:

> They can as well pierce your firewall with personal VPN services, they are very cheap nowadays.

In a network structured properly (routers than IPS/security appliaces than filtering proxy) how could users pierce that with VPN services? If users can pierce your "firewall" (meaning just oubound Internet access) with cheap VPNs that you mean malware could just as easy transfer data out of your network? Something is wrong with what you are stating.

Why are you blocking access to anything? As an IT administrator it is _not_your_job_ to block anything for users and otherwise disturb them while using your network. Your job as an IT administrator is to allow your users to do their job without any unnecessary obstacles. Also keep in mind that usually (if you are not an IT service company) the users do their jobs so the company earns for your sallary - business wise - you don't earn shit, they do.

So with that in mind the structure of Internet access policy should be as follows.

- access to harmful webstites is blocked by default (like malware, phishing, hacking) - this is a no brainer and you shouldn't give anybody access to such sites - block it by default as you are protecting your company's assets (which IS your job)
- access to potentially harmful websites is blocked by default (like sites that post no technical threat but othwerwise are not legal - child pornography, hatespeech, drugs and so on) users interfacing with such sites could post image damage for your company - which is also an asset - which you need to protect (as it IS your job)
- access to certainly non work related websites (pornography, gambling) - I would probably block it by default, I don't see any reason to allow it and also I don't see anybody going to argue with you that he needs access to pornography (unless he is doing research on that)
- other websties like time wasting social media, gaming, news, etc. - basically evertything else - it is NOT YOUR JOB to put such policies in place without a request from your management (probably coming from HR)
- other policies like time/role based - also NOT YOUR JOB - this is HR
- it IS YOUR JOB to keep your users actions accountable - so it is to log all their internet access so if needed (f.e. an incident) you can present it to management - also when you are loging Internet access that in most jurisdictions it is safest to inform (on paper and let them sign that they accept the policy) your users about it

So given these rules you certainly need some kind of policy enforcing technology at your Internet access gateway. Probalby a proxy with filtering and a security appliance.

Of course you should assist your HR staff with sugesstions on what can and can't be done with your systems/budget restrains and so on. You should implement the policies as HR or your boss tell you. You just don't want to decide on that matter - it is NOT YOUR JOB.

If you are an engeener in service providing company your certification level is essential for HR of this company. Be it Cisco, Microsoft, Oracle, IBM, Citrix, VMware or whatever - the company providing services (like implementation) usually needs to have certified employers to reach certain partner level (like Gold, Platinium and what-the-fuck-they-had-invented-recently). It is just a business for these companies to sell certifications for their products.

Is it important to have certifications? Well just look at the policies FOR EMPLOYERS that the vendors in your area of interest are providing.

I think you meant ODF, not OOXML. But thanks for proving that the name Microsoft chose for their format is purposely confusing!

Solidarity. Yes. I love and up your comment. I live in Poland which by Greek standards is kind of poor. I see poor people everyday, I also face hard working people daily. The ones which build up the economy on which Greece can now bargain for details - please also think about us who lend you the money. We are a community.

Greece LIED/MANIPULATED their financial reports to get credits. You can't blame banksters for that.

So are you contradicting me or what? What I've meant that I like Greeks - and we (Polish people) can party with them all night long. Well we tend to get a bit more druk in the process but I blame the climate for that. Whatever man. :)

Slavic. I meant slavic.

> So you're proud to be paying taxes spent in the wrong way? Congratulations on being part of the problem.

Yeah I love people who tend to bend words tho their liking. I KNOW that in my country I guess that about 20% of taxes that I pay are spent wrong. But the other 80% are spent for pensions for elderly people (it is called generational agreement), for my FREE health care, for the roads I use, for police and firemen that keep me safe, for FREE education and so on. In general the notion of taxes is OK with me. So congratulations on not getting the facts right. Go on and invent somekind of larger society without the need to contribute to it. Please go on. Teach me.

I don't quite understand what they are cheering about. They have put themselves into this situation and really there is no good outcome now for them. They take the EU conditions and further tighten expenses (drastically) or leave eurozone and stay between Turkey, Russia and the EU. Also in the second choice (leaving the EU) they go back to Drahma and face weeks lasting deep crisis and than 5-10 years of economic recession. Really no reason to cheer in my opinion.

And for the record - I love Greece as a tourist. I've been there many times but I also recall that they have a culture of not paying taxes which in my opinion is stupid and unpatriotic. Mind you - I am Polish and here also people HATE to pay taxes - they know that their taxes are being spent in wrong ways usually, the taxes fuel a caste of mindless clerks etc. but nevertheless Polish people DO PAY taxes like VAT and icome.

For what I know the Greeks as a tourist I know that they had a culture of mass avoiding the taxes - f.e. in late 90's I were on holiday in Greece and common practice was to use credit card for payment - best bargaining method. You just go to shop, pick some wares and tell to pay with credit card - imediately they dropped the price to the minimum and begged you to pay in cash (since using credit card would produce paper trail and taxing). And it was extremely common. Also in restaurants - go, eat and then wave credit card - the payment would drop from f.e. 2200 drahmas to 1000 (!!!) with a promise of further discount the next day. Really. Not to mention thousands of not finished housed used as finished houses (another reason for not paying taxes).

I have nothing against the Greeks - I like them - they are kind, warm and similar to slavian people. But they need to learn that paying taxes is what makes you country function. They need to learn that if they are into some international community they can't lie about their finances to get a credit. And so on.

Wrong. The LGPL license of free Qt allows you to keep the source code to your program secret.

I think it was GPL in the long past but they changed at least 10 years ago.

That was true, but Google was pretty quick to copy it. They now seem to have incorporated it into their 3D view as well, which makes panning somewhat better (and more importantly hides the worst defects in the 3D view by limiting the projection to a POV very similar to where the texture map image was taken from).