Given that their site is down at the moment, rendering their explanation unavailable, I'd like to point out that there is a rational argument to be made for the notion that using preinstalled and patched IE installs instead of a third party browser can increase security. I disagree with it (based on a number of factors expressed elsewhere in this thread), but it's a good argument:

You increase the number of potential security holes on a workstation by increasing the number of installed applications. Your sysadmin is responsible for both maintaining and securing IE and Firefox, and is unable to uninstall the former. This, thank God, goes away in Windows 7. In the meantime, however, you can still disable and cripple IE in a way that limits its exposure - It's just more work than most Windows-heavy, Microsoft-ceritified admins are willing to do as doing so often strips them of their preferred choice, and the tools that they've been heavily trained in locking down and adapting to their local networks. If understaffed and underfunded, forcing IE usage may actually be the right call for some agencies and offices.

Still no excuse for any IE6 or earlier builds being used in the wild.

You're right at the current price point. When the publishers and Amazon are raking in $10-20 for an ebook with no physical substance, sometimes 50-100% more than the cost of a paperback, it certainly does seem worth breaking.

Only by loosening the bounds that hold 'em and substantially dropping the price will they ever be able to effectively compete with the printed word, piracy, and free content without completely stripping out the DRM. Tightening up the DRM and raising the price (by forcing duplicate purchases in some cases) seems like a ridiculously ill-thought out move.

It's like the event logs suddenly became human readable, the shell started to suck less, and a KDE-like start menu started letting me just type in what I want without navigating the typical Windows Start Menu hell. It's harder than you might think to go back to XP after a substantial period of time on an optimized Vista install.

Not that there's any way at all that I'll defend its astoundingly slow file transfers and deletion speeds, after a service-pack and years of patches. Still, it works well enough in-game and does have some strong points from an administrator's perspective, given modern hardware and well-written drivers. (Albeit not well enough to get me to use it more than 20% of the time.)

There's an important one that you missed, that ties deeply into the first three:

Use an open, collaborative approach to all but the most important (and no, not everything is important) documentation. There's nothing like having a newb fill up a wiki with the procedures that he had to learn on the fly to get up to speed. Perspective is everything, and is frequently worth more than expertise or real official authority. It's important, as you say, to manage it and have an authoritative and openminded manager responsible for the project (and truly dedicated to it), but it's more important to get everyone involved.

Also, to hammer home the point that both you and I made in passing, informal documentation is potentially far more useful than formal documentation. Unless you've got some old fashioned boss that's willing to plunk several grand down on having a team of writers exhaustively document your projects, it is far, far more important to maintain speed and flexibility of documentation than the "officialness" of the thrown together stuff you get from swamped project leaders and ivory tower developers.

While this seems like a great way to protect an unarmed VIP (as seems to be the intent), it seems like it'd be a little bit problematic when installed in the armor of a soldier in the field. This seems like it could be more dangerous than beneficial in such circumstances, unless you also apply a number of safety precautions. What if the wearer is already firing or moving? Will it be smart enough to detect preexisting movement? Will it be smart enough to disable the wearer's firearm, in the event that he is already firing at another target?

The really important thing I bring to the table is experience in how other similar efforts have failed, and how to get around the problems that killed them.

This obviously isn't an unheard of problem, and is likely to become an even bigger issue with the noise that the American federal government is making about open standards and open source under the new administration. Any chance you'll be willing to just help everyone out at once and crank out another book? The above reads like a tagline on one I'd buy in a heartbeat.

I remember reading essays by you and others in Open Sources et al nearly a decade ago, but the state and tenor of the marketplace and political arenas have changed enough strip those works of much of their relevance.

I say sit down with one or two management oriented, calm, cool-headed people and hammer out a book offering up the same answers you say that you can give to the originator of this thread.

It's a combination of ignorant users and ignorant IT people. I've never seen a single IT person use.....a command line utility that allows you to selectively strip administrative rights on applications as you use them thatâ(TM)s been on Microsoftâ(TM)s site for years (after I pointed it out to them).

What's really frustrating is that this isn't done by default. It seems rediculous that basic userspace applications, especially the in-house developed applications like IE and Office that have consistently been at the core of most major problems over the last few years, aren't already dumped in a jail and run as unpriveleged users by default. It should be perfectly possible for the devs to strip out any legitimate need for a UAC rights escalation or even a need to leave a full-on chroot-style jail from these applications, and then to block the apps from even requesting an escalation of rights. That they haven't gone this far yet seems troubling to me.

This is about more than just pirated software. Depending on where the Beijing office got the software, it could be carrying a malware payload that handed over back doors to all of their computers. China is well known for using corporate (and other) espionage to further their political agenda. Hooking into company systems to exfiltrate any possibly valuable data is far too common.

Quite right. Given my druthers, the first and most important thing I'd do is strip them of any and all administrative rights and, most importantly, re-Ghost the boxes nightly or run them as thin clients. The security situation is so poor in-country that you shouldn't even consider letting the local staff manage their own stuff if we're talking about such a tiny little office. Five guys wouldn't warrant a separate sysadmin in the states, and it still doesn't abroad when you've seen malfeasance on this level and are operating in a country with a massive corporate espionage problem. Again I say, strip them of their rights.

Make sure you have a couple of spare, online, patched workstations ready to go for when one fails 'cause you don't want them to have to have local admin rights. Grab yourself an IP-KVM, too and make sure you have two ISPs running into the office, even if the second is just some dinky little 256kbps line. That'll give you the capability of having them jack a KVM-enabled computer into a switch or firewall for diagnostic purposes if one of the two networks goes down and you can't remote into those devices. Likewise, it'll give you the capability of taking a peak at a bad NIC prior to having them swap a workstation out for one of the spares. Having Ghost on the network or something like it would be useful at that time to allow you to replace the no-longer-spare equipment you've had to have them put into use.

If I could get approval to do so, I might also lock down their workstation's USB ports and optical media to the point of uselessness and drop a monitor-less *NIX box with good AV software somewhere in the office with a ton of USB ports and DVD-ROM drives to remotely scan and introduce anything they think they might need onto the network myself. This should, of course, also be paired with an HTTP proxy that blocks any sort of executable code beyond the stuff that's used to render a normal webpage from coming in. I'd then set up MAC address whitelisting on all networks, wired and wireless. This would be a PITA, but it would give you an extremely high level of control over the network there, going far beyond what you have now, and limiting any practical attack vectors to hardware based attacks (keyloggers) and viral attacks embedded in flash apps, PDFs, etc. I don't think I'd bother with this step back home, but it seems worth it in China. Of course, this carries with it some rather dramatic drawbacks if your "design" shop is doing software engineering, and probably shouldn't be considered. Seems perfectly reasonable if we're just talking about artists or a bunch of people running AutoCAD.

Protecting your proprietary knowledge is probably well worth the level of hassle you'd be subjecting everyone to, yourself included, by doing the above.

You forget that neither of our parties tows a truly conservative party line anymore, and that the newly nationalistic neo-conservative Republican party recently adopted an anti-immigration theme as one of its core messages. We wouldn't be having this conversation if the H-1B employees had just been employed overseas.

They may not be paid, but editors of the German "de" Wikipedia do almost exactly the same thing through their use of MediaWiki's "FlaggedRevisions" feature. Not something I'd ever endorse a thriving wiki to do, but something that can and has been done, and something that's being proposed right now on the English wiki.

Or they maintain rigid change control practices in the home. If we were to hear her side of this story, I'm willing to put down cold hard cash that she requires that changes to non-sysadmin household policies (switching milk brands at the grocery market or moving from Netflix to Blockbuster) be preceded by three forms and two meetings. You wouldn't believe the number of consultants they hired to write specifications and the amount of capital they raised for the separate fund site before they decided to order their very own test tube baby.

>Quota is about money headaches, not infrastructure headaches. Google can't help you with that.

No, it's about infrastructure. They allow for users to "apply" for more if the app is cool enough, and presumably award some free access to a higher quota - Read the grandparent post link. Google does at least offer to consider helping. Regardless, though, money buys and maintains infrastructure, and that's all that really is the issue here even if they are trying to milk most developers that use the service of a bit of cash.

I still say they shouldn't raise the level cap. The game is pretty off-balance at the current one, and I hit it with a third of the map unexplored and four-six more hours left in the primary quest. I wish they'd just drop the level of experience gained, across the board.

If nothing else, it suggests a benign, free, easily found device that can be used to distract oneself after digging up those memories. May not be particularly profound, but it was worth writing up - Not everything is particle physics. Science that is easily understood by the public at large carries an inherent value well worth pursuing.

  You just shouldn't take it to extremes. Sure knows how to pick 'em, eh?

>your project purposely obscures the code.

Interesting allegation, but could you be more specific?