LOGON.EXE

« Return to Article
  • ParkinT 2012-11-27 06:32
    ...back to good ol’ 127.0.0.1

    This piece should have been titled: There's no place like HOME
  • Mike 2012-11-27 08:05
    things that couldn’t be centralized
    (Looking over shoulder) shhh! Be careful how and where you say that! The only reason it hasn't been centralized yet is because it isn't big enough for the centralists to notice. Drawing attention to it like this is akin to speaking the forbidden incantation.
  • Jack 2012-11-27 08:11
    LOGON.EXE and all of its DLLs were deployed directly into SYSTEM32. Each time a user logged on, the DLLs were replaced.
    So a user login script had permission to overwrite executable code in system space? Sounds like this place is ripe for mass pwnage.

    But at least their security policies are well enforced.

    (Hint to security people: computers don't execute policy. They execute code. When you're done perfecting your policy, you might want to spare a minute to look at what the code is doing.)
  • Fred 2012-11-27 08:15
    If the user clicked “Reject”, the program also quit- after sending a shutdown /r /t 0 to the command line, forcing the computer to reboot.
    ... aaaaand after rebooting, what then? Why, another login and another appearance of the same dialog. In other words, an infinite loop. Why not simplify things a bit by ignoring the clicks on Reject?
  • Ho Miscreant! 2012-11-27 08:15
    It almost sounds like a self-inflicted virus.
  • LazerFX 2012-11-27 08:22
    Correct response - "I quit..."

    Headaches like that aren't worth the hassle. Sooner or later, that company will have to start changing policies properly.

    (Captcha: "Causa", yep, this is the causa lotta problems.)
  • Smug Unix User 2012-11-27 08:28
    Oops did the network cable get unplugged? Let me plug it back in after the script finishes. Great now I can replace LOGON.EXE with notepad.exe problem solved.
  • snoofle 2012-11-27 08:29
    On the upside, if a user rejects the agreement, they can't download any porn if the machine keeps rebooting.

    Just curious: what if they're trying to login to a machine that is also running some control software on the production line? You know, the way support folks sometimes do? So not only is the login refused, but the entire machine cycles?

    I can just hear it now: Hey, why TF did the whole production line just shut down? Sorry, I mis-clicked and it rebooted.
  • Matthijs 2012-11-27 08:42
    Fred:
    Why not simplify things a bit by ignoring the clicks on Reject?

    Presumably, the idea is that logged in users have a choice to accept the policy upon logging in. It makes (some) sense to log out a user who rejects the IT policy. Rebooting tends to have that effect. Of course, a simple "shutdown.exe -t 0 -l" would just force a logout instead of a reboot, but presumable there are Reasons.
  • WC 2012-11-27 08:43
    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.
  • LonesomeProgrammer 2012-11-27 08:49
    The real problem is the rediculous attitude of the CFO and the company buying his crap.

    Because CFO had no way of rejecting a policy that is even against the law (sexual harrassment), he seems to be under the assumption that he has the right to violate it.

    Interesting. I have never explicitly accepted the fact that it is against the law to murder anyone, therefore the next time I will murder anyone the Police ought to give me a sheet with "No more murdering. Accept/Reject?" and set me free in case I Accept or keep me in jail if I decide to Reject.

    America: the place where the rule book reigns over common sense at all times.
  • betlit 2012-11-27 08:50
    errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?

    here in the company where I work (Switzerland) every employee signs an agreement (PAPER!) when hired and that's it...
  • ubersoldat 2012-11-27 08:58
    snoofle:
    machine that is also running some control software on the production line


    Well, if that kind of machine is plugged to the whole network and is also under the same AD domain (or whatever is called) you've got a bigger WTF in your hands.
  • matthewr81 2012-11-27 09:02
    WC:
    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.


    Had a similar incident where bad code got released and the person that released it never made a rollback copy. The fix was trivial (just a missing file), but no one that had proper access was able to be reached. Month end, bills had to go out... so I made a local copy that could point to production and gave it to my colleague running the billing software to use instead. He was able to get everything out on time.

    Come Monday, my boss wrote me an official reprimand for violating policies. When I asked him what the "correct" solution was in that scenario, he admitted there was none other than what I did.

    Before I left the company, the issue came up again. I followed policy this time and we lost $10,000+ in interest alone until my boss was available.

    When you live in a world of black and white, you will lose when the roulette ball hits green.
  • Nite 2012-11-27 09:04
    We do it here because it's on the list of things that the auditors (federal and state) want to see when they check us annually, and if it's not there we get dinged in the report and have to explain to the board of directors why we don't have it.

    "It's a pointless waste of time" < "The Feds say do it"
  • 50% Opacity 2012-11-27 09:11
    ParkinT:
    ...back to good ol’ 127.0.0.1

    This piece should have been titled: There's no place like HOME


    localhost, sweet localhost
  • Anoldhacker 2012-11-27 09:31
    WC:
    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.


    I take it you never working in validation / test? Happened repeatedly at IBM.
  • Steve The Cynic 2012-11-27 09:34
    50% Opacity:
    ParkinT:
    ...back to good ol’ 127.0.0.1

    This piece should have been titled: There's no place like HOME


    localhost, sweet localhost

    Sweet localhost Alabama?

    (Not an American of any sort...)
  • Ben Jammin 2012-11-27 09:43
    Steve The Cynic:
    50% Opacity:
    ParkinT:
    ...back to good ol’ 127.0.0.1

    This piece should have been titled: There's no place like HOME


    localhost, sweet localhost

    Sweet localhost Alabama?

    (Not an American of any sort...)

    Localhost, localhost on the range.
  • RockyMountainCoder 2012-11-27 09:46
    errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?


    Here in America, stupidity and ignorance are commonly-accepted mitigating factors for people to escape responsibility, and it's flat-out the law in Georgia.

    ... or haven't you been watching our Presidential elections the last 12 years or so?
  • Steve The Cynic 2012-11-27 10:01
    betlit:
    errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?

    here in the company where I work (Switzerland) every employee signs an agreement (PAPER!) when hired and that's it...

    This reminds me of when I was a younger man than I am today, back in 1989, ffs. My wife and I were renting an apartment in a small complex in the southern-most parts of New Hampshire, and the complex's administrator asked us to separately initial certain parts of the agreement (especially those related to not being allowed to keep pets). She had the good grace to look slightly embarrassed about the whole thing, and explained that some people, given the chance, would try it on, saying that they hadn't really read the agreement (should be no defence in law, I know, but people are stupid about that sort of thing), and to avoid arguments, they would get people to initial those sections to show that their attention had been drawn to them.

    This repeated showing of the agreement is made of the same stuff. It's not exactly about stupidity as such, but more about trying to plug any wiggle-room for the sort of bloody-minded individual who was working as CFO for this company.

    And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)
  • Paul 2012-11-27 10:17
    Steve The Cynic:
    separately initial certain parts of the agreement ... some people, given the chance, would try it on, saying that they hadn't really read the agreement
    But you didn't make me initial the part about late fees, so I shouldn't have to pay them! I should be able to have my payments as late as I want. Even months late. Hell, why should I have to pay at all?

    {Boom}

    Another whining liberal socialist cheater goodfornothing marxist thief gone to his just reward...
  • shepd 2012-11-27 10:20
    Steve The Cynic:
    This reminds me of when I was a younger man than I am today, back in 1989, ffs. My wife and I were renting an apartment in a small complex in the southern-most parts of New Hampshire, and the complex's administrator asked us to separately initial certain parts of the agreement (especially those related to not being allowed to keep pets). She had the good grace to look slightly embarrassed about the whole thing, and explained that some people, given the chance, would try it on, saying that they hadn't really read the agreement (should be no defence in law, I know, but people are stupid about that sort of thing), and to avoid arguments, they would get people to initial those sections to show that their attention had been drawn to them.

    This repeated showing of the agreement is made of the same stuff. It's not exactly about stupidity as such, but more about trying to plug any wiggle-room for the sort of bloody-minded individual who was working as CFO for this company.

    And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)


    Actually, she is smart. In some circumstances, especially if it is managed to be defined as a contract of adhesion or something similar, having proven that the person indeed did provably inform themselves of every section and had the opportunity to comment on or change them could be a defense to it. Did you know in Canada anti-drunk driving clauses in rental car contracts have been considered unenforceable for similar reasons?
  • LOGON.EXE 2012-11-27 10:26
    By reading this comment, you agree to abide by our IT policies (123.6, 216.2, and 551.A).

    Of course, TRWTF is using Windows to manage mission-critical hardware. Windows servers are bad enough, but locked-down corporate workstations?

    It's enough to make you feel illum (captcha)
  • skington 2012-11-27 10:27
    ParkinT:
    ...back to good ol’ 127.0.0.1

    This piece should have been titled: There's no place like HOME


    To be fair, exactly that phrase was in a comment immediately afterwards.
  • foo 2012-11-27 10:44
    Ben Jammin:
    Steve The Cynic:
    50% Opacity:
    ParkinT:
    ...back to good ol’ 127.0.0.1

    This piece should have been titled: There's no place like HOME


    localhost, sweet localhost

    Sweet localhost Alabama?

    (Not an American of any sort...)

    Localhost, localhost on the range.
    My localhost is my localdomain!
  • PiisAWheeL 2012-11-27 11:01
    There's no place like ROOT# because I am the king of my castle!
  • PleegWat 2012-11-27 11:14
    Haven't seen initialling sections, but it's common here on certain types of contracts to require the bottom of each page to be initialled.

    I assume this proves you read that page, and the other party cannot replace the sheet by a different version later on.
  • Gaza Rullz 2012-11-27 11:16
    Ho Miscreant!:
    It almost sounds like a self-inflicted virus.



    It virus like self like almost sounds-inflicted a.
  • Manadar 2012-11-27 11:30
    As a rule of thumb:

    Never deploy new software on Friday if you value your weekend.
  • ahhhh 2012-11-27 11:34
    Not that an errant login script randomly replacing files in system32 is a good thing, but the correct way to fix this is to deploy your dependencies along side your executable... that is not in system32 but into the application directory. Alternatively, letting the IT folks shut down prod for a weekend might be a better way to make them play nice with their customers.
  • Lockwood 2012-11-27 11:35
    You put cornify on "sexual"?

    Remy is a dirty clopper.
  • Steve 2012-11-27 11:58
    This didn't happen to me. But damn if it doesn't sound like most of the companies I have worked for.

  • DrPepper 2012-11-27 12:00
    Why did they wait until friday at 6:00 pm then go home? If I were to deploy something that might potentially bring down the entire network (or render all the computers on the network inoperable, same thing) I'd do it Monday morning, and plan on being at work late into the night.
  • Zylon 2012-11-27 12:03
    Remy still doesn't grok em dashes. Either that or the posting interface is turning them into single hyphens and he's too busy embedding stupid hidden crap to FIX THEM.
  • Squire 2012-11-27 12:20
    What I like is the problem caused by the CFO could have been resolved without technology at all.

    Re-word the logon policy to say something like:

    "Clicking 'OK' and continuing to use corporate systems constitutes agreement with this policy. If you do not agree with this policy, click 'OK' then log off immediately."

    Problem solved.
  • herby 2012-11-27 12:21
    Manadar:
    As a rule of thumb:

    Never deploy new software on Friday if you value your weekend.

    So that's why they call it "Patch Tuesday". Always wondered about that!
  • Lerch 2012-11-27 12:38
    Paul:
    Steve The Cynic:
    separately initial certain parts of the agreement ... some people, given the chance, would try it on, saying that they hadn't really read the agreement
    But you didn't make me initial the part about late fees, so I shouldn't have to pay them! I should be able to have my payments as late as I want. Even months late. Hell, why should I have to pay at all?

    {Boom}

    Another whining liberal socialist cheater goodfornothing marxist thief gone to his just reward...


    Excellent. Problem(s) solved.

    captcha: quibis; They quibis'd about the problem...We solved it.
  • jay 2012-11-27 12:41
    WC:
    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.


    I had a prof in college who had previously worked for British Rail. He said that the union there -- and I don't know if this was that particular union's idea or something many of them do, I've never heard of it elsewhere, whatever -- he said the union there had a negotiating tactic they used when things got nasty that they called "to rule". When the company wouldn't agree to the union's demands, the union would retaliate by following ALL company policies to the letter. They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.
  • jay 2012-11-27 12:49
    Steve The Cynic:
    This reminds me of when I was a younger man than I am today, back in 1989, ffs. My wife and I were renting an apartment in a small complex in the southern-most parts of New Hampshire, and the complex's administrator asked us to separately initial certain parts of the agreement (especially those related to not being allowed to keep pets). She had the good grace to look slightly embarrassed about the whole thing, and explained that some people, given the chance, would try it on, saying that they hadn't really read the agreement (should be no defence in law, I know, but people are stupid about that sort of thing), and to avoid arguments, they would get people to initial those sections to show that their attention had been drawn to them.

    This repeated showing of the agreement is made of the same stuff. It's not exactly about stupidity as such, but more about trying to plug any wiggle-room for the sort of bloody-minded individual who was working as CFO for this company.

    And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)


    A couple of years ago I refinanced my house, and of course I had to sign this huge stack of papers. The loan officer was surprised that I actually read all the papers before signing them. She said most people just buzz through and sign them all. Like, wow. The biggest contract most people will ever sign in their lives, involving hundreds of thousands of dollars, and they'll sign it without even reading it?
  • Yazeran 2012-11-27 12:58
    Manadar:
    As a rule of thumb:

    Never deploy new software on Friday if you value your weekend.


    Amen brother!

    I explicitly only allow the servers I'm responsible for to auto update Monday through Wednesday, that way I have Thursday to clean up any mess and hopefully still be able to leave on time Friday....

    So far I have been able to awoid fan + excrement on a Thursday, but you never know. *ducks and looks for the sandbag falling*

    Yours Yazeran

    Plan: To go to Mars one day with a hammer
  • Flash 2012-11-27 13:07
    jay:
    They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.


    Work-to-rule or "restrictive practices." See it here:
    http://www.youtube.com/watch?v=_RUYn8adavM
  • chubertdev 2012-11-27 13:19
    this.

    Manadar:
    As a rule of thumb:

    Never deploy new software on Friday if you value your weekend.


    the guys who did that should have been taken out back and beaten with a keyboard.
  • neminem 2012-11-27 13:22
    jay:
    They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.

    TvTropes calls this Bothering by the Book, and gives many examples (notably, a "real life" section at the bottom.)
  • Oh THAT Brian 2012-11-27 13:36
    At the large multi-national company that I used to work for, we had a piece of software that was installed on every corporate PC we owned. Not only was it used to push patches, but also software upgrades.

    One weekend, the architect made a few changes and tested them locally. Of course, no documentation - that could wait!

    He promptly went on a 2 week vacation in the wilderness - no phone, no cell phone, no CB radio - NOTHING! We had PCs dropping like flies the next Monday.

    Fortunately, one of the other senior programmers was able to figure out what he had done and backed it out. We only lost about half the day.

    We were waiting for the show when he got back - absolutely nothing happened! Not even a "Sorry about that" email.

    He must have had some REALLY GOOD compromising pictures of someone!!
  • Calli Arcale 2012-11-27 13:38
    There is no law requiring this sort of banner. This is born out of idiocy and concentrating primarily on satisfying the audit without thinking about what the purpose of the audit is. The audit becomes the end to quality, not the means.

    Having a screen that people have to click on is fairly standard in America, not because of any law or because it makes sense but because it produces an artifact you can put into an audit to prove that yes, absolutely you told the employee that. It really has no more value than that, and honestly, they totally could've (and should've) fired the CFO for what was going on. Policies are totally enforceable without this kind of crap. It's just you can't pass your security audit without being able to prove you've done something to inform the users.
  • urza9814 2012-11-27 13:46
    Calli Arcale:
    There is no law requiring this sort of banner. This is born out of idiocy and concentrating primarily on satisfying the audit without thinking about what the purpose of the audit is. The audit becomes the end to quality, not the means.

    Having a screen that people have to click on is fairly standard in America, not because of any law or because it makes sense but because it produces an artifact you can put into an audit to prove that yes, absolutely you told the employee that. It really has no more value than that, and honestly, they totally could've (and should've) fired the CFO for what was going on. Policies are totally enforceable without this kind of crap. It's just you can't pass your security audit without being able to prove you've done something to inform the users.


    Of course they could and should have fired him anyway; and had he been any other worker, they most certainly would have. But he's CFO, so instead they made the real workers waste a few hours and nearly halt production for the entire weekend in order to protect his reputation.
  • BlueBearr 2012-11-27 13:52
    TRWTF is that the solution should have been to update the standard warning message to contain this sentence at the end:

    By clicking OK and logging into this system, you indicate that you agree to and will abide by these policies. If you do not agree, do not log onto this system.
  • d 2012-11-27 14:19
    Search the source code of this page for

    click me

    it's an interesting script!
  • CTO Idiot 2012-11-27 14:25
    Al should have left it and let them stew in their own juices and explain that the idiotic CTO told them he couldn't change anything.
    How do these morons get these jobs?
  • CFO Idiot 2012-11-27 14:31
    Yes I agree to more porn.
  • cellocgw 2012-11-27 14:55
    betlit:
    errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?

    here in the company where I work (Switzerland) every employee signs an agreement (PAPER!) when hired and that's it...

    No law, but lots of corporate lawyers and IT heads (aka damn fools) who think putting a bunch of crap on the screen and interfering with your workflow will somehow save everyone from floods, plagues, and locusts. I've tried never logging off, but when IT pushes Microsoft "updates," Windows7 has no qualms about hard-quitting all my apps regardless of unsaved work and forcing reboot. arrrggh
  • Mark S. 2012-11-27 15:02
    jay:

    A couple of years ago I refinanced my house, and of course I had to sign this huge stack of papers. The loan officer was surprised that I actually read all the papers before signing them. She said most people just buzz through and sign them all. Like, wow. The biggest contract most people will ever sign in their lives, involving hundreds of thousands of dollars, and they'll sign it without even reading it?


    I share in your amazement.

    The last time I closed on a house, we asked for every paper that would be involved at the earliest opportunity. When we got the loan approval, we asked for the contract, etc.

    A few days before the closing, my wife called the agent and asked for a complete copy of all the final paperwork to review. They were reluctant to give us that, so she told them "My husband is going to read every page of it. If you want to sit there and watch him read for a couple hours, that's ok with me."

    They sent us the paperwork.
  • PG4 2012-11-27 15:19
    Calli Arcale:
    There is no law requiring this sort of banner. This is born out of idiocy and concentrating primarily on satisfying the audit without thinking about what the purpose of the audit is. The audit becomes the end to quality, not the means.


    Your comments about audits rings very true. However.....

    The reason for the "Go to Jail Banner" on systems is simple. Back in the day when a system out of the box said

    Welcome to node MaxWTF01, Please login
    Username:

    Some little punk got away with hacking a machine. He said, "But it said Welcome, how was I to know that was a private system?"

    The end result is it is the same as a no trespassing sign. It will not keep away someone out to get you. It keeps them from claiming they didn't know they were on non-public property.
  • foxyshadis 2012-11-27 15:36
    TFA:
    Each time a user logged on, the DLLs were replaced. The plant management software depended on some of those DLLs- but expected a newer version than the versions corporate IT was deploying with each login.

    Nah, gotta be fake. There are no industrial automation systems running on anything newer than XP, with most of them being a mix of OS/2, Win98, NT4, and 2000. No way they could be using newer versions of the DLLs.

    Steve The Cynic:
    And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)

    Mark Hurd is currently the ur-example of the fact that executives aren't immune to firing.
  • David 2012-11-27 15:48
    In many states you are allowed to sign the mortgage document and then backout up to 24-48 hours after signing for precisely this reason.
  • foxyshadis 2012-11-27 15:49
    Oh THAT Brian:
    We were waiting for the show when he got back - absolutely nothing happened! Not even a "Sorry about that" email.

    He must have had some REALLY GOOD compromising pictures of someone!!

    Management memories are short, unless they really have it in for someone. By the next day, they were already distracted by other fires. By the next week, most people probably wouldn't have noticed if he never returned. By the time he did, he probably got a "hey, don't do that again, ok?" if any manager even remembered at all, otherwise it was just his coworkers busting his balls over it.
  • monkeyPushButton 2012-11-27 15:50
    Nite:
    We do it here because it's on the list of things that the auditors (federal and state) want to see when they check us annually, and if it's not there we get dinged in the report and have to explain to the board of directors why we don't have it.

    "It's a pointless waste of time" < "The Feds say do it"
    At least where I work we can get away with just doing it every year at the start of the school year and that satisfies the auditors.
  • AN AMAZING CODER 2012-11-27 16:09
    LonesomeProgrammer:
    The real problem is the rediculous attitude of the CFO and the company buying his crap.

    Because CFO had no way of rejecting a policy that is even against the law (sexual harrassment), he seems to be under the assumption that he has the right to violate it.

    Interesting. I have never explicitly accepted the fact that it is against the law to murder anyone, therefore the next time I will murder anyone the Police ought to give me a sheet with "No more murdering. Accept/Reject?" and set me free in case I Accept or keep me in jail if I decide to Reject.

    America: the place where the rule book reigns over common sense at all times.


    There's a big difference between law and policy. It's probably not against the law to download porn onto corporate machines, but it's damned sure against the law.


    I've worked on a system similar to this before, and I can tell you there's definitely a valid reason behind requiring EXPLICIT acceptance (a clear option to not accept the policy) instead of just IMPLICIT acceptance. It removes plausible deniability.


    Also, not knowing something is wrong or against the law is in fact a valid defense, however not knowing that murder is wrong or against the law requires you to be found criminally insane.

    Note that it being a legal defense doesn't mean you'll get away with it, but it does mean you COULD get away with it. Which is the point -- remove as much doubt as possible.
  • AN AMAZING CODER 2012-11-27 16:15
    cellocgw:
    betlit:
    errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?

    here in the company where I work (Switzerland) every employee signs an agreement (PAPER!) when hired and that's it...

    No law, but lots of corporate lawyers and IT heads (aka damn fools) who think putting a bunch of crap on the screen and interfering with your workflow will somehow save everyone from floods, plagues, and locusts.


    The level of irony here is amazing if you think that's the purpose.

    It's no different than miranda rights. It's not going to stop you from doing anything, it's just going to deny you the ability to say you didn't know you could/couldn't do it. And how many times do we hear of people getting off because they weren't read their miranda rights?

  • EvilCodeMonkey 2012-11-27 16:19
    AN AMAZING CODER:
    LonesomeProgrammer:
    The real problem is the rediculous attitude of the CFO and the company buying his crap.

    Because CFO had no way of rejecting a policy that is even against the law (sexual harrassment), he seems to be under the assumption that he has the right to violate it.

    Interesting. I have never explicitly accepted the fact that it is against the law to murder anyone, therefore the next time I will murder anyone the Police ought to give me a sheet with "No more murdering. Accept/Reject?" and set me free in case I Accept or keep me in jail if I decide to Reject.

    America: the place where the rule book reigns over common sense at all times.


    There's a big difference between law and policy. It's probably not against the law to download porn onto corporate machines, but it's damned sure against the law.


    I've worked on a system similar to this before, and I can tell you there's definitely a valid reason behind requiring EXPLICIT acceptance (a clear option to not accept the policy) instead of just IMPLICIT acceptance. It removes plausible deniability.


    Also, not knowing something is wrong or against the law is in fact a valid defense, however not knowing that murder is wrong or against the law requires you to be found criminally insane.

    Note that it being a legal defense doesn't mean you'll get away with it, but it does mean you COULD get away with it. Which is the point -- remove as much doubt as possible.


    I can't tell if you just don't know the difference between "law" and "policy", if you're trolling, or if you really screwed up while writing your rant.

    My impression is that the "AMAZING" in your name is pretty much similar to the "INCREDIBLE" in Paula Beans case.
  • AN AMAZING CODER 2012-11-27 16:28
    EvilCodeMonkey:

    I can't tell if you just don't know the difference between "law" and "policy", if you're trolling, or if you really screwed up while writing your rant.

    My impression is that the "AMAZING" in your name is pretty much similar to the "INCREDIBLE" in Paula Beans case.



    I hit send, then checked my post for trollisms and said NOOOOOOOOOOOOOOO! When I saw the aforementioned mistake :-(


    OKAY :-(
  • Nappy 2012-11-27 16:29
    The real WTF is that they needed DLL's (in system32!) to show a dialog with some text and two buttons
  • chubertdev 2012-11-27 16:34
    AN AMAZING CODER:
    EvilCodeMonkey:

    I can't tell if you just don't know the difference between "law" and "policy", if you're trolling, or if you really screwed up while writing your rant.

    My impression is that the "AMAZING" in your name is pretty much similar to the "INCREDIBLE" in Paula Beans case.



    I hit send, then checked my post for trollisms and said NOOOOOOOOOOOOOOO! When I saw the aforementioned mistake :-(


    OKAY :-(


    Muphry's Law, don't sweat it.
  • Mike Rore 2012-11-27 16:46
    Nappy:
    The real WTF is that they needed DLL's (in system32!) to show a dialog with some text and two buttons


    It is completely possible if you implement your solution in VB5 or VB6.

    Then again...
  • Zaph 2012-11-27 17:25
    LonesomeProgrammer:
    ...therefore the next time I will murder anyone the Police ought to...

    the NEXT time ?
  • Silverhill 2012-11-27 17:39
    monkeyPushButton:
    At least where I work we can get away with just doing it every year at the start of the school year and that satisfies the auditors.
    This reminds me of an anecdote about a village schoolmaster in England. Every year he dutifully filled out the standard form to send to the head office (Education Ministry?), which included a blank for the size of his schoolroom.
    One year he decided not to fill in that blank, since they already knew the size from previous reports.
    No go. The form was returned with the command that he fill it out completely.
    So he did -- but with a size that was twice the actual number. He waited for them to catch the discrepancy and give him flak about it, but nothing happened; it was accepted.
    In the next several years he doubled the size again, and again, and again, until the schoolroom (appeared to be) as big as St. Paul's Cathedral. No negative response from headquarters.
    The next year, he reduced the s1ze to about 2 square meters. No negative response.
    By then he had demonstrated that no person needed the information on the form; only the system did....
  • Silverhill 2012-11-27 17:39
    Silverhill:
    monkeyPushButton:
    At least where I work we can get away with just doing it every year at the start of the school year and that satisfies the auditors.
    This reminds me of an anecdote about a village schoolmaster in England. Every year he dutifully filled out the standard form to send to the head office (Education Ministry?), which included a blank for the size of his schoolroom.
    One year he decided not to fill in that blank, since they already knew the size from previous reports.
    No go. The form was returned with the command that he fill it out completely.
    So he did -- but with a size that was twice the actual number. He waited for them to catch the discrepancy and give him flak about it, but nothing happened; it was accepted.
    In the next several years he doubled the size again, and again, and again, until the schoolroom appeared to be as big as St. Paul's Cathedral. No negative response from headquarters.
    The next year, he reduced the size to about 2 square meters. No negative response.
    By then he had demonstrated that no person needed the information on the form; only the system did....
  • chuni530 2012-11-27 17:49
    I can see that ok. If they reject it then they don't need a computer because they won't work on it so reboot for the next employee that will accept the policy.
  • Psychosmurf 2012-11-27 17:54
    matthewr81:

    When you live in a world of black and white, you will lose when the roulette ball hits green.


    Or, indeed, red
  • HoHum 2012-11-27 18:21
    WC:
    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.
    I have worked a LOT of places where arbitrary adherence to policy is far more important than keeping the lights on....

    It's a lose-lose situation - if you do nothing and let it crash and burn then it's your fault because you're the techo who should be able to wave a magick wand (TM). If you fix the issue everyone jumps up and down about how there was no adherence to policy or procedure. I remember a (reasonably critical) system having some major issues, and the people I worked with insisted on 5 revisions of a document that explained to a third party contractor how to copy the files we had modified onto the production server. Apparently this particular TLA's technical experts need (simple) unix commands spelled out to them to guarantee that they execute them properly....
  • Wyrm 2012-11-27 18:36
    "All this because someone was caught with his pants on his ankles" ... and didn't know he was not supposed to?
    And management says "Well, he wouldn't have if he knew he agreed not to, so just let him say he wants to so he disagrees with company policy." ?!?

    TRWTF is not the technical issue (though that in itself is a bit funny). It's just that management decided to change the way the policies were displayed so people could actually reject them. What do they do then, spend their days looking at a rebooting computer?

    Company policies is supposed something you agree to when you join (either that or you don't join). You sign a paper and agree not to do bad things. Being reminded of this on your computer is useless in my opinion, but it's not anything you should have the option to reject.
  • moz 2012-11-27 19:04
    Steve The Cynic:
    And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)

    I don't know that there's anything special about whichever country you're talking about, but the tricky part in removing senior staff tends to come when you try to find people to replace them.

    If the damage to your company's reputation from whatever the CFO did isn't that great, it may not be worth the hassle.
    WC:
    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.

    In this story, there were two people who were both willing and able to prevent the factory from being closed down all weekend.
  • Norman Diamond 2012-11-27 19:08
    foxyshadis:
    TFA:
    Each time a user logged on, the DLLs were replaced. The plant management software depended on some of those DLLs- but expected a newer version than the versions corporate IT was deploying with each login.
    Nah, gotta be fake. There are no industrial automation systems running on anything newer than XP, with most of them being a mix of OS/2, Win98, NT4, and 2000. No way they could be using newer versions of the DLLs.
    The events in the article gave me the impression that the client machines were running Windows 95 or 98, where it was common for random programs (or non-random ones) to overwrite system DLLs with older versions or wrong language versions etc.

    Some industrial machines used to run on MS-DOS, and some of those systems could be jammed in with those hideous versions of Windows without the amount of rewriting they would need for the NT series. (This doesn't excuse the existence of those hideous versions of Windows. Anyone who needed MS-DOS should have stayed with MS-DOS.)
  • Norman Diamond 2012-11-27 19:14
    Oh THAT Brian:
    We only lost about half the day.

    We were waiting for the show when he got back - absolutely nothing happened! Not even a "Sorry about that" email.

    He must have had some REALLY GOOD compromising pictures of someone!!
    He had screenshots of the CFO's monitor.
  • Norman Diamond 2012-11-27 19:16
    Remy Porter:
    <!-- Have you tried turning it on and off again? -->
    You're right, that's a better way to do it than the IT Crowd's version. If we turn it on and see Vista boot, we should turn it off again, immediately. There's no need to run LOGON.EXE when the system is already corrupt.
  • Glenn 2012-11-27 20:05
    Still happens today. One has to wonder about the purpose of the rules, when following them to the letter brings the company to its knees.
  • Watson 2012-11-27 21:04
    AN AMAZING CODER:
    I've worked on a system similar to this before, and I can tell you there's definitely a valid reason behind requiring EXPLICIT acceptance (a clear option to not accept the policy) instead of just IMPLICIT acceptance. It removes plausible deniability.


    "I didn't know I wasn't allowed to use company resources to download porn for my own amusement."

    Pretty broad notion of what is plausible, there.
  • Bad guy 2012-11-27 21:10
    Smug Unix User:
    Oops did the network cable get unplugged? Let me plug it back in after the script finishes. Great now I can replace LOGON.EXE with notepad.exe problem solved.

    If it's properly enforced security policy, it'd mean most user are not member of local administrators group and you can't replace LOGON.EXE with anything.

    (Domain policy files always execute under domain admin context)
  • Beamter 2012-11-28 01:49
    Here in Germany it is called "Dienst nach Vorschrift"
  • Steve The Cynic 2012-11-28 04:44
    jay:
    WC:
    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.


    I had a prof in college who had previously worked for British Rail. He said that the union there -- and I don't know if this was that particular union's idea or something many of them do, I've never heard of it elsewhere, whatever -- he said the union there had a negotiating tactic they used when things got nasty that they called "to rule". When the company wouldn't agree to the union's demands, the union would retaliate by following ALL company policies to the letter. They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.

    It's particularly effective when the union members normally do extra stuff beyond the rules say they have to. Like teachers helping out keeping order in the school dining hall at lunch time. I went to school in the UK in the 1970s (and the US in the early 1980s, but that's another story), and the NUT's[*] extensive bouts of work-to-rule action meant that we had to bring in packed lunches from home two weeks out of three some years.

    [*] NUT = National Union of Teachers. It has a singularly appropriate abbreviation, given that it has historically been dominated by the Loony Left.
  • Brayden 2012-11-28 05:37
    I had to do this once for an assessment at TAFE. For some reason the GPO for this didn't work. So I made a cheap little visual basic script that had a small warning and an "Ok" and "Cancel" button.

    Ok just caused the program to exit, Cancel ran shutdown /l /t 0
    I don't see why these people couldn't have just done it in visual basic rather than having libraries etc. downloaded.
  • David 2012-11-28 05:48
    Steve The Cynic:
    I went to school in the UK in the 1970s (and the US in the early 1980s, but that's another story), and the NUT's[*] extensive bouts of work-to-rule action meant that we had to bring in packed lunches from home two weeks out of three some years.


    I went to school in the UK in the 1970s too, and I dont remember anything like that. Perhaps you lived in a really shitty area. Up north somewhere?
  • Neil 2012-11-28 11:16
    PiisAWheeL:
    There's no place like ROOT# because I am the king of my castle!
    Are you perhaps thinking of root#? (Remember Unix is case-sensitive.)
  • Mason Wheeler 2012-11-28 12:44
    jay:
    WC:
    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.


    I had a prof in college who had previously worked for British Rail. He said that the union there -- and I don't know if this was that particular union's idea or something many of them do, I've never heard of it elsewhere, whatever -- he said the union there had a negotiating tactic they used when things got nasty that they called "to rule". When the company wouldn't agree to the union's demands, the union would retaliate by following ALL company policies to the letter. They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.


    I've heard that referred to as a White Rebellion, as in, you're clearly in open rebellion, but you don't do anything "black" (obviously against the rules) or even anything that's a gray area; you stay completely within the "white" area of the rules, and use the rules against the boss.
  • Worf 2012-11-28 15:55
    Mark S.:
    jay:

    A couple of years ago I refinanced my house, and of course I had to sign this huge stack of papers. The loan officer was surprised that I actually read all the papers before signing them. She said most people just buzz through and sign them all. Like, wow. The biggest contract most people will ever sign in their lives, involving hundreds of thousands of dollars, and they'll sign it without even reading it?


    I share in your amazement.

    The last time I closed on a house, we asked for every paper that would be involved at the earliest opportunity. When we got the loan approval, we asked for the contract, etc.

    A few days before the closing, my wife called the agent and asked for a complete copy of all the final paperwork to review. They were reluctant to give us that, so she told them "My husband is going to read every page of it. If you want to sit there and watch him read for a couple hours, that's ok with me."

    They sent us the paperwork.


    We didn't read it for ours. But that's because it's all in legalese, and the best person to read it and go over the documents and loan agreements was... a lawyer. So we had our lawyer go over the documents for us. Even the mortgage - there were some terms she had to find to ensure we had the right one. The lawyer arranged for all the site surveys and everything as well, plus checking with the title office, etc.

    Yes, you can do it without using a lawyer, but if you've got one, the loan agreement is easily another document for review.
  • Norman Diamond 2012-11-28 19:00
    Brayden:
    Ok just caused the program to exit, Cancel ran shutdown /l /t 0
    I don't see why these people couldn't have just done it in visual basic rather than having libraries etc. downloaded.
    Doing it in Visual Basic requires having libraries etc. downloaded.
  • Mr.Burns 2012-11-29 20:48
    hehe yes this is used by motormen (Train drivers) in mumbai. They call it work-to-rule agitation. This entails running the train to the slowest possible speed allowed by rule. Result is mega bottleneck train traffic and general frustration of travellers.
  • Steven J 2012-11-30 11:13
    BlueBearr:
    TRWTF is that the solution should have been to update the standard warning message to contain this sentence at the end:

    By clicking OK and logging into this system, you indicate that you agree to and will abide by these policies. If you do not agree, do not log onto this system.

    That's what I was thinking!
    "But I didn't know I was agreeing to it!"
    "well, it says it right there..."
  • NotHere 2012-11-30 16:56
    >> is there some law requirement i don't understand ..

    No, there's not. You understand everything just fine.

    IT admins over here tend to go overboard with warnings etc that are properly handled by the HR department's paperwork.

  • justme 2012-11-30 19:18
    foxyshadis:
    TFA:
    Each time a user logged on, the DLLs were replaced. The plant management software depended on some of those DLLs- but expected a newer version than the versions corporate IT was deploying with each login.

    Nah, gotta be fake. There are no industrial automation systems running on anything newer than XP, with most of them being a mix of OS/2, Win98, NT4, and 2000. No way they could be using newer versions of the DLLs.

    Steve The Cynic:
    And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)

    Mark Hurd is currently the ur-example of the fact that executives aren't immune to firing.


    Perhps they didn't have $50 million to give him when they "fired" him.
  • ezra abrams 2012-12-01 17:12
    thanks for the trick - last refi, they wouldn't send us stuff, took an hour and a half

    I have read, that in Britain, there are Gov't documents that need to be signed by people who don't have security clearance to read the documnet; you sign with your eyes averted, so you don't read the top secret stuff.

    PS: our first close, I"m reading away and it says, title to this property is subject to a lien from Mrs...blah blah

    so I asy, whoa !!
    and all the lawyers and RE people look at me with that, christ, another newby expression on their faces, and one of the lawyers says, thats from 1923 , we can all initial it and move on...

    I think the point is, that for us, we do this a couple of times in our lives, but for all the other people in the room, they do this weekly or more often, its no biggie, although one of my friends, a lawyer, says he has seen documents with the numbers wrong, so it does pay to check
  • ezra abrams 2012-12-01 17:14
    here in the US, working to rule is a pretty common tactic
    google
    "union slowdown "working to rule""
    and you will get a lot of hits
  • Myself 2012-12-02 11:23
    WC:
    most companies aren't stupid enough to berate someone that saved them tons of money.


    You have not had much work experience, have you?

    Don't expect to get an MBA with your approach! People that save the company money are obviously clever, and represent a risk to their superiors. They are normally sacked first.

  • SQLDave 2012-12-05 22:58
    here in the company where I work (Switzerland) every employee signs an agreement (PAPER!) when hired and that's it...


    But that's so.. NON-green! <shudder>
  • Kazeto 2013-01-04 23:44
    Fred:
    If the user clicked “Reject”, the program also quit- after sending a shutdown /r /t 0 to the command line, forcing the computer to reboot.
    ... aaaaand after rebooting, what then? Why, another login and another appearance of the same dialog. In other words, an infinite loop. Why not simplify things a bit by ignoring the clicks on Reject?

    For one thing, people who aren't good with computers need some sort of visible reaction to their action of clicking the button. Otherwise they'll assume they are free to click on the other button now because they clicked on the "reject" one first, and it would all go back to the original "ok" message.