Searching \ for '[EE] Opinions on VPN' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/index.htm?key=opinions+vpn
Search entire site for: 'Opinions on VPN'.

Exact match. Not showing close matches.
PICList Thread
'[EE] Opinions on VPN'
2008\02\12@103151 by Mike Hord

picon face
I have a problem.  My company has recently (okay, 4-5 months ago)
instated a filter on our web traffic.  Everything in or out gets checked
for "naughtiness" and blocked accordingly.

Apart from the general PITA which is someone else's opinion of the
content of a website (I've had a site containing information about
improving the sustainability of your company blocked as "Occult"
and a site selling optical equipment blocked as "Pornography", while
the unquestionably vulgar website "Tshirthell.com" went through with
no problems), the access times on websites has gone WAY up.

Some days, access to even common and usually fast websites
(Google, Wikipedia, Digikey) slows to a crawl- 30s to 2min for the
page to be accessed.  It isn't a load time issue- the request is hung
in the porno-filter server and, once it goes out, the page load very
quickly.  Fairly often, the load will fail entirely and a 503 error will
result- last Thursday, fully 60% of my page requests resulted in 503
errors.

I have discussed this with my boss, and I know many, many of my
coworkers have discussed it as well.  It seems that HR would rather
have us not working than risk that one of us look at adult content
on work time.

So, background given, I ask the big question:  how do I get around
this?

I have two ideas: first, get a cellular plan that includes data access
and hook my phone to the PC.  Use that for websurfing.  I don't
like this idea because it costs ME money and the web access will
be slower all the time, if more reliable all the time.

Second idea: set up a VPN to my home network.  I figure that will
be faster in the end than cellular, if harder to set up.  The one thing
I DON'T know is whether it will bypass the filtering software.  I'd
think so, because the filter probably just checks http traffic on port
80, but I'm not sure.

Opinions?  Other ideas?  Empathy/sympathy for my situation?

Mike H.

2008\02\12@105838 by Alex Harford

face picon face
On Feb 12, 2008 7:31 AM, Mike Hord <spam_OUTmike.hordTakeThisOuTspamgmail.com> wrote:
>
> Opinions?  Other ideas?  Empathy/sympathy for my situation?

OpenVPN is very easy to set up, although you need administrator
priviledges to install it (I'm assuming a Windows computer here).

Alex

2008\02\12@112329 by Alan B. Pearce

face picon face
>So, background given, I ask the big question:  how do I get
>around this?

Have a similar arrangement here at the government lab I work at. Soon to be
exacerbated by a government requirement to have 'approved' encryption
software on all PCs before they are allowed to be taken off site ( see
www.timesonline.co.uk/tol/news/politics/article3215887.ece
www.timesonline.co.uk/tol/news/uk/crime/article3213521.ece
www.timesonline.co.uk/tol/news/uk/article3227172.ece
business.timesonline.co.uk/tol/business/law/public_law/article646385.ece
business.timesonline.co.uk/tol/business/law/article2873186.ece
www.timesonline.co.uk/tol/news/uk/article3227938.ece
fro some of the news items ...)

>I have two ideas: first, get a cellular plan that includes
>data access and hook my phone to the PC.  Use that for websurfing.
>I don't like this idea because it costs ME money and the web access
>will be slower all the time, if more reliable all the time.

Rather than doing that, get an ordinary modem and dial out on one of the
office lines - though that may awkward if you have a digital exchange. That
way it costs the company money, and gets across the idea that they lack of
high speed hardware to do the filtering is costing them productivity.

>Second idea: set up a VPN to my home network.  I figure that will
>be faster in the end than cellular, if harder to set up.  The one
>thing I DON'T know is whether it will bypass the filtering software.
>I'd think so, because the filter probably just checks http traffic
>on port 80, but I'm not sure.

Are you sure that it doesn't block other ports anyway? A decent firewall may
block all the other ports to stop attempts at penetration of the company
site anyway.

>Opinions?  Other ideas?  Empathy/sympathy for my situation?

Yeah, I sympathise. Even with one of the biggest server farms in the UK ours
still does what you describe. And along with that the email servers get hit
with so much spam that it can sometimes take several minutes for an email to
leave my outbox, as they get so busy. Now why the outgoing mail server isn't
on a different machine to the incoming one is another matter ....

2008\02\12@112942 by Herbert Graf

flavicon
face

On Tue, 2008-02-12 at 07:58 -0800, Alex Harford wrote:
> On Feb 12, 2008 7:31 AM, Mike Hord <.....mike.hordKILLspamspam@spam@gmail.com> wrote:
> >
> > Opinions?  Other ideas?  Empathy/sympathy for my situation?
>
> OpenVPN is very easy to set up, although you need administrator
> priviledges to install it (I'm assuming a Windows computer here).

OpenVPN works extremely well. Have a WRT54G router at home running the
DD-WRT firmware acting as server.

TTYL

2008\02\12@115532 by Bob Axtell

face picon face
Alan B. Pearce wrote:
{Quote hidden}

My client uses VPN, but it seems to go down a lot... I don't know what
the cause is.

--Bob

2008\02\12@121650 by sergio masci

flavicon
face


On Tue, 12 Feb 2008, Alan B. Pearce wrote:

> Are you sure that it doesn't block other ports anyway? A decent firewall may
> block all the other ports to stop attempts at penetration of the company
> site anyway.

Shouldn't be a problem as long as the VPN is established FROM the work
machine to the home machine. The firewall should let the access be
established by the work machine and the home machine will just be seen as
responding to it.

Regards
Sergio

2008\02\12@130708 by M. Adam Davis

face picon face
On 2/12/08, Mike Hord <mike.hordspamKILLspamgmail.com> wrote:
> So, background given, I ask the big question:  how do I get around
> this?
>
> I have two ideas: first, get a cellular plan that includes data access
> and hook my phone to the PC.  Use that for websurfing.  I don't
> like this idea because it costs ME money and the web access will
> be slower all the time, if more reliable all the time.
>
> Second idea: set up a VPN to my home network.  I figure that will
> be faster in the end than cellular, if harder to set up.  The one thing
> I DON'T know is whether it will bypass the filtering software.  I'd
> think so, because the filter probably just checks http traffic on port
> 80, but I'm not sure.
>
> Opinions?  Other ideas?  Empathy/sympathy for my situation?

Most cellular data plans are limited (Verizon: 5GB/mo) which may or
may not affect you, but EDGE and EVDO speeds are actually quite
reasonable for regular browsing.

This is the first time I've worked for a company with essentially the
same issues.  Even though they block many ports, you may find a VPN
will go through if you have to work with contractors or clients that
come to your site.

Unless you have a very nice home internet plan, you may find that
access speeds are not that great either, since you're using your
upload bandwidth to send content to you back at work.  Latency will go
up significantly, depending on the speed of your computer at home as
well.

For my part, I've simply decided to let things be - it's too much
trouble to deal with.  If they wanted me to work at peak performance,
they would be doing a lot more than they are now aside from better
internet access.  As it is, a few bad apples coupled with overacting
paranoia spoil the infrastructure for everyone.

-Adam

--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - -
Moving in southeast Michigan? Buy my house: http://ubasics.com/house/

Interested in electronics? Check out the projects at http://ubasics.com

Building your own house? Check out http://ubasics.com/home/

2008\02\12@132213 by John Chung

picon face
http-tunnel client works well.

John


--- Bob Axtell <.....engineerKILLspamspam.....cotse.net> wrote:

{Quote hidden}

www.timesonline.co.uk/tol/news/politics/article3215887.ece
> >
>
www.timesonline.co.uk/tol/news/uk/crime/article3213521.ece
> >
>
www.timesonline.co.uk/tol/news/uk/article3227172.ece
> >
>
business.timesonline.co.uk/tol/business/law/public_law/article646385.ece
> >
>
business.timesonline.co.uk/tol/business/law/article2873186.ece
> >
>
www.timesonline.co.uk/tol/news/uk/article3227938.ece
{Quote hidden}

> --

2008\02\12@135054 by Richard Prosser

picon face
I have a similar problem. Without setting up a SSH tunnel or whatever,
VNC just does not work. I can't even browse the UltraVNC website
directly (or Babelfish etc)..
However, I can browse to my home PC where I have  "Circumventor"
running. This appears to be little more than a script setting up an
Apache server on my home PC that allows it to be used as a relay
station. So I browse to "EraseMErzprosserspam_OUTspamTakeThisOuTxxx.com/xxxxxxxxxxxxxxxxx/" (url
set up through no-ip.com and page setup by Circumventor) and get a
panel I can enter the url of the "forbidden" sites. There are some
limitations with Flash Media etc. but overall it works pretty well.
Main problem is speed as the signal has to go from work (in NZ) though
the intenet portal (USA) and back to home PC (NZ) and then wherever.

I think you can add password access also but have not tried that as
the url/webpage is unlikely to be guessed.

The main advantage for me is that I don't have to set up any special
software on the work PC which could be somewhat "frowned upon".  (I
can get away with the VNC client as we use it for testing).


I haven't figured out how to do the web browser based VNC via
circumventor yet but it should be simple enough to allow the home PC
to loopback to it's own ports which is all that's required.

Do a web search on the term "Circumventor" and you can download the package.



RP

On 13/02/2008, John Chung <kravnusspamspam_OUTyahoo.com> wrote:
{Quote hidden}

2008\02\12@181945 by Jake Anderson

flavicon
face
Putty/SSH is probably your best bet.
You can set it up as a proxy in IE/etc (SOCKS 5 127.0.0.1:8080)
and your stuff just leaves over one port.
Putty is a ~300kb download will run direct from a flash disk without
installation and theres a bunch of how to's for doing exactly that

If your feeling keen tell ssh to listen on port 53(DNS) at your home
address (a port forward in your firewall will do) and you can generally
get free net access from all those wireless hotspots around the place.

Easiest and most secure way to get ssh running for this on a windows
machine is probably a virtual machine.
Install vmware
grab the "ubuntu minimal" iso
make a new VM with that iso as the cd drive (bridged networking).
boot it and follow the prompts
once you get in
sudo apt-get install openssh-server

then

ifconfig

This will give you the MAC address and ipaddress that its taken
Go into your router and use those to give it a static lease, while your
there forward ports 80,22,443 and 53 to the ip address of your new
server (destination port 22)

Putty can run over a http proxy (the proxy at your work) as well so if
they block all outbound access except for http you can still tunnel out.


Mike Hord wrote:
{Quote hidden}

2008\02\13@211115 by peter green

flavicon
face

> Are you sure that it doesn't block other ports anyway? A decent firewall may
> block all the other ports to stop attempts at penetration of the company
> site anyway.
>
>  

Afaict the big hole in most firewalls is port 443, it is used by https
(http over ssl). Being an encrypted protocol there is not much they can
do to monitor/cache it and few places dare to cut it off. They could
throttle it or do traffic analysis to look for non http like traffic I
guess but I bet few places bother.

2008\02\13@215803 by Sergey Dryga

face
flavicon
face
Mike Hord <mike.hord <at> gmail.com> writes:

>
> I have a problem.  My company has recently (okay, 4-5 months ago)
> instated a filter on our web traffic.  Everything in or out gets checked
> for "naughtiness" and blocked accordingly.

A couple of suggestions:
1. If the websurfing benefits your work, make a case for your boss/IT to unblock
specific sites;
2. If it does not, do not do it.  Spend more time actually doing the job, and
become "the" boss who sets the rules.

To some extent, the filter does exactly what it is supposed to do: prevent waste
of time surfing internet for personal pleasure (of course, these are other ways
to waste time...).  Inappropriate surfing creates liability for both company and
employee in many different ways.  In my past experience I had to fire a person
for this, and it is not fun for that person, nor it is for me.

Setting up VPN or other ways to defeat the system will just make IT upset.  If
they are smart, they will figure it out and just block it, or they can go
through administrative route and act through your boss.

Sergey

2008\02\14@083313 by Xiaofan Chen

face picon face
On Thu, Feb 14, 2008 at 10:57 AM, Sergey Dryga <KILLspamregisterKILLspamspamdryga.us> wrote:
>  To some extent, the filter does exactly what it is supposed to do: prevent waste
>  of time surfing internet for personal pleasure (of course, these are other ways
>  to waste time...).  Inappropriate surfing creates liability for both company and
>  employee in many different ways.  In my past experience I had to fire a person
>  for this, and it is not fun for that person, nor it is for me.
>
>  Setting up VPN or other ways to defeat the system will just make IT upset.  If
>  they are smart, they will figure it out and just block it, or they can go
>  through administrative route and act through your boss.
>

This is the best answer. Previous answers talked only about the
technical aspect.
However the company must have some reasons to do that and the proper
procedure is to talk to your boss and IT department to try to solve the problems
no matter how "stupid" you feel the policy is.

Xiaofan

2008\02\14@172749 by Gerhard Fiedler

picon face
Xiaofan Chen wrote:

> On Thu, Feb 14, 2008 at 10:57 AM, Sergey Dryga <RemoveMEregisterTakeThisOuTspamdryga.us> wrote:
>> To some extent, the filter does exactly what it is supposed to do:
>> prevent waste of time surfing internet for personal pleasure (of
>> course, these are other ways to waste time...).  Inappropriate surfing
>> creates liability for both company and employee in many different ways.
>>  In my past experience I had to fire a person for this, and it is not
>> fun for that person, nor it is for me.
>>
>> Setting up VPN or other ways to defeat the system will just make IT
>> upset.  If they are smart, they will figure it out and just block it,
>> or they can go through administrative route and act through your boss.
>
> This is the best answer. Previous answers talked only about the
> technical aspect. However the company must have some reasons to do that
> and the proper procedure is to talk to your boss and IT department to
> try to solve the problems no matter how "stupid" you feel the policy is.

Did you guys read the OP? It seems you're responding to a different post...
:)

Gerhard

2008\02\14@215623 by Xiaofan Chen

face picon face
On 2/15/08, Gerhard Fiedler <spamBeGonelistsspamBeGonespamconnectionbrazil.com> wrote:
{Quote hidden}

Hmm, I believe both of us read the OP.

The OP wrote:
> I have discussed this with my boss, and I know many, many of my
> coworkers have discussed it as well.  It seems that HR would rather
> have us not working than risk that one of us look at adult content
> on work time.

So he has to talk to his boss and let the boss (or the boss's boss)
sort out the issue with HR/IT and not to use technical means to
work around the problem. Setting up a VPN is not the solution.

Xiaofan

2008\02\15@042316 by Cedric Chang

flavicon
face
{Quote hidden}

Depends on your personal ethics and axioms of life.   I worked on a
nuclear power plant construction project where I constantly violated
the stated procedures for installation and testing and documentation.
My methods were safer and faster.  I was repeatedly threatened with
termination by various HR types.  Each time, the construction VP told
HR to go away.

On another job , I was hired to determine why a project was late and
over-budget.  I determined that there were many reasons and the one
that really caught my attention was that the VP of manufacturing ( who
was very experienced and intelligent ) was deliberately baiting the
engineering department to do stupid things.  Which they did.  Without
realizing that that the VP was manipulating them.  Why was he doing
that ?  I never learned why.  The VP contacted HR and told them that
I was sexually harassing his personal assistant.  I have always had
an eye for good looking chassises with a brain ( guilty as charged )  
so I
had fallen into the habit of having lunch with the PA once or twice a  
week.
She was also married.  The VP felt ( this is my theory ) that I was  
using
the PA as a conduit into his department.  I was called into the  
office of
the HR head and reamed out for being a 'sexual predator'.  Then I was
terminated.  I said that was fine and turned in my report later that  
day.
I was then asked to talk to a guy from the UK who had originally  
hired me.
I had talked to him once only before.  I went to his office.
( I should mention that he
outranked everyone at the Chicago facility where I had been working.
This was because he was a muckity-muck at the British firm that owned
the US company. )  He offered me some wine and said "Quite a mess".
I agreed.  He said he would like to give me a "$5000 going away gift".
I said thanks, I appreciated it but I preferred to be paid for what I  
was
hired to do and that part of it was up to date.  Gives me a laugh every
time I think about it.

A friend of mine who was working at the Chicago facility told me I  
was crazy.
4 months later, the project was terminated, the president of the Chicago
company was fired, my friend was given a couple months work in the U.K.
and as far as I could determine, the VP of manufacturing retired.  
Probably
spends his time now sticking pins into life-like dolls.
Cedric

2008\02\15@050825 by Apptech

face
flavicon
face
> Depends on your personal ethics and axioms of life.   I
> worked on a
> nuclear power plant construction project where I
> constantly violated
> the stated procedures for installation and testing and
> documentation.
> My methods were safer and faster.

I completely understand what you were aiming at and why
you'd do it. I also note that you set yourself up for two
possible problems - one which should matter to you.

1.
Things go badly wrong.
People die.
Your non observance of SOP is noted.
It was not causal in the deaths but
... boring details glossed over ...
You end up in jail.

2.
Things go badly wrong.
People die.
Your non observance of SOP is noted.
Careful analysis of what happened shows that (possibly due
to an unfortunate combination of coincidental events) your
non standard procedures were a causal and avoidable link in
the chain that lead to fatalities. While it is also shown
that you could not reasonably be aware that what you did
would cause these deaths that was the outcome because of
what you did.
You end up in jail.

The 2nd scenario above is by no means an unreal one.

On November 28th 1979 Air NZ DC10 ZK-NFP / flight 901
impacted Mt Erebus in Antarctica killing all 257 people on
board. The subsequent investigation revealed a long and
unbelievable string of coincident actions by unrelated or
semi related (business wise) people plus some bad company
policy plus some pilot lack of enough wisdom that ultimately
lead to the fatalities. The repercussions in NZ have not
totally died down to this day. Interestingly, the original
air accident investigator was killed a few days ago while
out for his daily walk when an 18 year old lost control of
their car.

The total scenario makes fascinating and salutary reading
(Gargoyle knows) BUT several of the events in the chain
included a major course calculation error uncaught for many
years, an independent transposition of two digits which had
a trivial effect on the course, a correction of the
transposition error which subsequently lead to the original
"correct" course being reinstated without anyone being aware
or informed. (Macmurdo sound was replaced by My Erebus). Add
to that all the usual lack of training, lack of briefing,
poor maps, lack of introduction to Antarctic conditions and
more and the scene was set for a national tragedy. There
were so many repercussions and so much fallout that nobody
to this day has pointed the finger at one of the guys in the
middle who "just did his job better" - but not quite well
enough. If he had not done so the 'accident' would not have
occurred. Nobody cares because there were and are bigger
issues. But in other circumstance he would have gone to jail
(rightly enough as such things are measured) with the death
of 257 people on his hands.

Moral:    Take great care when bypassing proper and/or
approved methodologies in mission critical or life critical
systems that your better-cheaper-faster solutions don't
become part of a chain of events that has catastrophic
results which you are unable to predict.

As by definition you are unable to predict such things,
think carefully indeed in such situations.



       Russell






2008\02\15@065215 by Gerhard Fiedler

picon face
Xiaofan Chen wrote:

> Hmm, I believe both of us read the OP.
>
> The OP wrote:
>> I have discussed this with my boss, and I know many, many of my
>> coworkers have discussed it as well.  It seems that HR would rather
>> have us not working than risk that one of us look at adult content on
>> work time.
>
> So he has to talk to his boss and let the boss (or the boss's boss) sort
> out the issue with HR/IT and not to use technical means to work around
> the problem.

His words sound as if he did this already. You guys (you and Sergey) seem
to part from the assumption that his boss and/or the people at HR/IT who
are responsible for the unlucky situation are reasonable. This may just be
flat wrong. A good indication that they are not is that the problem exists
in the first place, for such a long time.

> Setting up a VPN is not the solution.

Why not? Let's look at this from a moral POV. The objective of the
department that set up the web traffic cop is clear: they want to prevent
employees from browsing non-business related sites. As a side effect they
severely harm the work of employees who need to browse sites as part of
their job function. Now one of those harmed employees finds a technical way
to improve the browsing capabilities and uses it only for job-related
browsing. Where is the moral problem?

Of course, it may be prohibited by some kind of employment contract, but
chances are it's not. If it's not, where's the problem at all?

In case the people who instituted this are not reasonable or not willing to
improve the situation for reasons outside their control, Mike's only
options are accepting it (which can be seen as a waste of life time),
changing jobs (this may be more harmful to the company than him using
technical means to improve browsing capabilities) or find a technical
solution.

Categorically saying that this is "not the solution" without getting into
the exact details of the situation sounds a bit... categorical :)

Gerhard

2008\02\15@072257 by Alan B. Pearce

face picon face
>Moral:    Take great care when bypassing proper and/or
>approved methodologies in mission critical or life critical
>systems that your better-cheaper-faster solutions don't
>become part of a chain of events that has catastrophic
>results which you are unable to predict.
>
>As by definition you are unable to predict such things,
>think carefully indeed in such situations.

Not only that, but the reasons for the SOP may not be obvious to you.

I remember when I worked for a government laboratory in NZ, in the late
1970s, they had the first industrial robot in the country. It was available
for trialling on industrial sites, to allow industries to evaluate the
usefulness of such a device to them. One industry that trialled it used it
to put work pieces into a press, which had a guard that had to be closed to
allow the press to operate. It was not clear to me exactly what happened,
but for some reason the interlock on the guard was disabled, 'as the robot
didn't need it, it controlled the press when the arm was out of the way'.
Unfortunately someone got killed because they got trapped by the robot at a
critical point in the cycle. The whole process may have worked faster
without the interlock, and been safe enough for the robot, but people were
still involved.

2008\02\15@084920 by Apptech

face
flavicon
face
> >Moral:    Take great care when bypassing proper and/or
>>approved methodologies in mission critical or life
>>critical
>>systems that your better-cheaper-faster solutions don't
>>become part of a chain of events that has catastrophic
>>results which you are unable to predict.
>>
>>As by definition you are unable to predict such things,
>>think carefully indeed in such situations.
>
> Not only that, but the reasons for the SOP may not be
> obvious to you.

OR    even if you do see the reasons for the SOP, and do
have a better cheaper faster method, be aware that your
bypassing it may catch someone else out because they think
that THEY in turn are modifying SOP in isolation, whereas
you instead interact with each other.

Which is something like what happened at Erebus, but it
wasn't done on purpose.

I'd have to check the details again but it went something
like.

Original course was intended to be XXX.ABCxxx.
It was calculated in error as XXX.ABC.
The small error of .000xxx was so small in practice that
changing it made no practical difference.
This course was directly "over" the Erebus volcano. Good
view intended no doubt.

BUT somebody unknown entered this as XXX.CBA - an entry
"typo"
This course was down Macmurdo sound.
N flights flew this course on auto with pilot discretion to
takeover manually.

Some while later, as part of routine procedures a person
checking the calculations found the
XXX.ABCxxx / XXX.ABC error.
Being a tidy soul, and quite possibly because this was part
of their job, they initiated an action to have the error
corrected. This lead to the fatal crash even though the
correction was correct and they may have been doing their
job.

What happened was that the erroneous XXX.CBA was corrected
to XXX.ABCxxx.
Whereas this SHOULD have lead to a course change of .000xxx
it instead resulted in a large jump (.ABCxxx - .CBA
whatever)

This placed the course back over the volcano, where it had
originally been intended to be.
But never had been.

ALL the prior flights had been down Macmurdo.
All the advice said Macmurdo.
Probably (memory dims) notes etc from other flights said
Macmurdo.

First Antarctic flight for this pilot.
Whiteout conditions.
NO training in what happens in Antarctic whiteout.
No maps provided - he had a minor atlas of his own.

The story goes that the air traffic controllers at Macmurdo
were stoned, but only they will ever know.

The aircraft flew towards a white volcano over rising ground
in whiteout conditions.

Somewhat short thereof they flew a large sideways figure 8
either to try to establish visual position or to try to give
the passengers a view.

They obviously got no view at all as any view at all would
have saved them.

They then proceded to fly into the side of the volcano at
full speed.
The ground warning radar sounded in far too little time for
them to pull out.

Last words - a man getting it right under lethal pressure -
the phrasing comes out of the handbook -

"Go round power, please."

Apart from the airlines poor performance, and the pilot
depending on his inertial guidance system and his course
plotters when flying in whiteout below the altitude of a
large volcano "somewhere nearby", if any of the people who
had participated in the course plotting and corrections had
followed right through, all would have been well. Odds are
the SOP didn't say "when correcting an error, check that the
value actually in use is the erroneous value that you are
correcting". In retrospect that is an obvious thing to do,
but it may have well been the first time in decades where it
actually made a difference. In this case to the whole
country - nobody in NZ, they said, did'nt know somebody who
knew somebody on the flight. Two removes is a bit close when
a whole country is involved.

Aside:        NZ's great living icon died a few weeks ago.
Sad for him and family, although he had had a long and
successful life and it was past time we got some other heros
instead of dwelling in the shadow of one man. Whatever. BUT
he was meant to be on the above flight as guest commentator,
but couldn't make it for some reason, so his good friend
Peter Mulgrew took his place. He and Mulgrew had been there
(at ground level) and many other wild and dangerous places
together . Mulgrew was in the cockpit with the pilots,
presumably trying to work out their location, at the time of
impact.




       Russell




2008\02\15@093854 by Alan B. Pearce

face picon face
>Somewhat short thereof they flew a large sideways figure 8
>either to try to establish visual position or to try to give
>the passengers a view.

Reading the Chippindale information, they flew something like that to come
down through a clear hole in the cloud.

See http://www.stuff.co.nz/4398335a6479.html for an interview with Ron
Chippindale, the crash investigator.

2008\02\15@094018 by Xiaofan Chen

face picon face
On Fri, Feb 15, 2008 at 7:51 PM, Gerhard Fiedler
<EraseMElistsspamconnectionbrazil.com> wrote:

> > Setting up a VPN is not the solution.
>
> Why not? Let's look at this from a moral POV. The objective of the
> department that set up the web traffic cop is clear: they want to prevent
> employees from browsing non-business related sites. As a side effect they
> severely harm the work of employees who need to browse sites as part of
> their job function. Now one of those harmed employees finds a technical way
> to improve the browsing capabilities and uses it only for job-related
> browsing. Where is the moral problem?
>
> Of course, it may be prohibited by some kind of employment contract, but
> chances are it's not. If it's not, where's the problem at all?
>

The problem is chances are that the IT department has already policy
in place saying that this (setting up unauthorized software to circumvent
company IT policy) is against the policy. And this has been my
experiences.

Xiaofan

2008\02\15@114611 by Apptech

face
flavicon
face
> >Somewhat short thereof they flew a large sideways figure
> >8
>>either to try to establish visual position or to try to
>>give
>>the passengers a view.
>
> Reading the Chippindale information, they flew something
> like that to come
> down through a clear hole in the cloud.

Can't have been clear enough to be useful, alas. If they had
had even a rough idea of where they were they would not have
proceeded as they did.


> See http://www.stuff.co.nz/4398335a6479.html for an
> interview with Ron
> Chippindale, the crash investigator.



       R

2008\02\15@134545 by Sergey Dryga

face
flavicon
face
Xiaofan Chen <xiaofanc <at> gmail.com> writes:

{Quote hidden}

Gerhard,

Even reasonable people might not realize the impact on business operations
immediately.  In addition, there may be other factors influencing their
decision, such as (i) lack of time - poor excuse but very real; (ii) other
issues that cannot be discussed with everyone; (iii) fear/unwillingness to
challenge HR rules due to litigation environment, etc.

The moral problem with the technical solution is this: Who decides (proves)
that rogue VPN is used for job-related activities?  

In every company I have been, sys admin will scream, or take the head off,
of anybody who sets up unauthorized service on internal network.  
And they are absolutely right. It is sys admin's job to keep internal network
operational and safe.  A rogue VPN does not fit in any definition of safe.  
Even if it is setup for job-related activities, it can as easily be used to
dump confidential data out of control of the company.  If we look at this
issue from this point of view, I can see repercussions from Sorbanes-Oxley
act compliance, 21 CFR part 11 compliance (not sure if it is applicable in
this case, but it is in my company) and probably a host of other laws and
regulations (even maybe DMCA).  
Now, I am not saying that all these laws are great, but they are laws and why
one would set himself up for potential prosecution is beyond me.  

So again,from technical point of view, this is a fine and solvable problem.
>From the point of view of business life, technical solution for this specific
problem is not a good one.  This problem should be solved using bureaucratic
means.


Sergey




2008\02\16@023424 by Richard Prosser

picon face
Just a couple more comments.

a) The company I work for operates a similar regime. Getting it
changed is just not going to happen. There are filters that do net let
us email some attachment types (exe, bas etc.) to each other on the
internal network. This is really inconvenient at times so a number of
workarounds have been developed (change the extension to something
permitted, zip with encryption, send the zip andthe encryption key)
This workaround is, in fact, suggested by our local IT dept.
So, given some workarounds are "allowed", who says what isn't -
provided the intent of the rule is not broken.

b) There is a famous quote from someone (TS Elliot ?) relating to
progress and how it is a result of people breaking the norms or the
rules. Similar to "Do what you've always done & get what you've always
got" but related to  the progress of civilization in general. The same
thing could be seen to apply to working within artificial boundaries.
We  are employed for our ablity to use our skills and be innovative.
We can hardly be blamed for being innovative in finding better ways of
doing things.

(Not that either of the above arguments could be expected to assist if
everything turns to custard.)

RP

On 16/02/2008, Sergey Dryga <RemoveMEregisterEraseMEspamEraseMEdryga.us> wrote:
{Quote hidden}

> -

2008\02\16@063525 by Gerhard Fiedler

picon face
Sergey Dryga wrote:

>>> Why not? Let's look at this from a moral POV. The objective of the
>>> department that set up the web traffic cop is clear: they want to
>>> prevent employees from browsing non-business related sites. As a side
>>> effect they severely harm the work of employees who need to browse
>>> sites as part of their job function. Now one of those harmed employees
>>> finds a technical way to improve the browsing capabilities and uses it
>>> only for job-related browsing. Where is the moral problem?

> Even reasonable people might not realize the impact on business operations
> immediately.  

Right. I don't know, but Mike said that it's been several months and that
he did talk. That was my point (one of them) -- suggesting to him to talk
seems to be trying to break open an open door. And it seemed that talking
didn't solve the problem.

> In addition, there may be other factors influencing their decision, such
> as (i) lack of time - poor excuse but very real; (ii) other issues that
> cannot be discussed with everyone; (iii) fear/unwillingness to challenge
> HR rules due to litigation environment, etc.

Exactly. Which brings us back to why talking may not help sometimes and a
technical solution may be the only possibility to change the quality of
internet access in some cases.

> The moral problem with the technical solution is this: Who decides (proves)
> that rogue VPN is used for job-related activities?  

I think you're mixing things up here. Morality doesn't need proof; in fact,
you can't prove morality. Mike decides what he uses the VPN ("rogue" is
already implying a value, but that's what we're discussing, isn't it?) for.
If he uses it only for legitimate purposes, it's all ok, morality-wise, I
think. If he doesn't, there may be a morality problem, depending on your
moral axioms. But that's not a moral problem; that's, if it is one, a legal
problem or a responsibility chain problem or whatever... just not a moral
problem.

As Richard said: "provided the intent of the rule is not broken," it's hard
to construct a moral problem, with whatever (reasonable) moral axioms you
want to use.

> In every company I have been, sys admin will scream, or take the head
> off, of anybody who sets up unauthorized service on internal network.
> And they are absolutely right. It is sys admin's job to keep internal
> network operational and safe.  A rogue VPN does not fit in any
> definition of safe.  

I agree with that. But that has to do with the sys admin's job, not with
morality. And you said correctly that it: is their job to keep the network
not only safe, but also operational. And what Mike is saying is that
they're not doing their job on that end.

> Now, I am not saying that all these laws are great, but they are laws and
> why one would set himself up for potential prosecution is beyond me.  

You may have a point that there are legal implications. I don't know about
that aspect, and agree with you -- I wouldn't want to risk legal
prosecution for something like that. But my point was about the morality of
the story, not the legality. The two are not necessarily the same.

> This problem should be solved using bureaucratic means.

That's of course the best solution, but as we all know not always a
possible one. It's like it is with engineering: many problems "should" be
solved the "right" way, but a number of constraints require shortcuts and
second-choice (by whatever priorities) solutions.

Gerhard

2008\02\16@153933 by Sergey Dryga

face
flavicon
face
Gerhard Fiedler <lists <at> connectionbrazil.com> writes:

> > The moral problem with the technical solution is this: Who decides (proves)
> > that rogue VPN is used for job-related activities?  
>
> I think you're mixing things up here. Morality doesn't need proof; in fact,
> you can't prove morality. Mike decides what he uses the VPN ("rogue" is
> already implying a value, but that's what we're discussing, isn't it?) for.
> If he uses it only for legitimate purposes, it's all ok, morality-wise, I
> think. If he doesn't, there may be a morality problem, depending on your
> moral axioms. But that's not a moral problem; that's, if it is one, a legal
> problem or a responsibility chain problem or whatever... just not a moral
> problem.

Gerhard, I see your point and agree with it.  I was looking at it from
sys-admin's point of view.  From this POV, any unauthorized VPN or service on
network is "rogue".  
>From Mike's POV, he decides what is and is not a moral use.  

The morality of this is beyond the point.  The point (question) was what to do
about inadequate internet access.  My suggestion is to solve the problem
bureaucratically, rather than technically.  

I think we are close to have exhausted the thread.  I would read you response
with interest, but will probably not respond.  Thank you for great discussion.

Sergey


'[EE] Opinions on VPN'
2008\03\06@221620 by Vitaliy
flavicon
face
Mike Hord wrote:
> Apart from the general PITA which is someone else's opinion of the
> content of a website (I've had a site containing information about
> improving the sustainability of your company blocked as "Occult"
> and a site selling optical equipment blocked as "Pornography", while
> the unquestionably vulgar website "Tshirthell.com" went through with
> no problems), the access times on websites has gone WAY up.
>
> Some days, access to even common and usually fast websites
> (Google, Wikipedia, Digikey) slows to a crawl- 30s to 2min for the
> page to be accessed.  It isn't a load time issue- the request is hung
> in the porno-filter server and, once it goes out, the page load very
> quickly.  Fairly often, the load will fail entirely and a 503 error will
> result- last Thursday, fully 60% of my page requests resulted in 503
> errors.
>
> I have discussed this with my boss, and I know many, many of my
> coworkers have discussed it as well.  It seems that HR would rather
> have us not working than risk that one of us look at adult content
> on work time.

My favorite story on the topic goes back to the days when I was working as a
contractor for an IT company, installing cables and repeaters for a network
backbone in a shopping mall in California. There were ten people on my team,
with each person getting paid at least $250/day. We could not do our work
for lack of D-rings (a 65-cent piece of hardware). Apparently, just prior to
the project start, the company implemented a new policy, requiring all
purchases to go through the purchasing department.

The result? We would report at 8 am each morning, sit around a chat for
about two hours, and go back to the hotel. Five man-, hotel-, and equipment
rental-days were wasted, at a cost I would estimate to be well in excess of
$5000. Could have easily been avoided if the team lead had the authority to
spend $300 at a local hardware store.

I have worked for companies that treat employees with suspicion and
distrust, and I've encountered my fair share of paranoid rules and policies
that accomplish nothing, except badly hurt the morale.

<shameless plug>
In our company, a great majority of employees have office keys and business
credit cards, and are trusted to make the necessary purchases. All employees
enjoy a great deal of autonomy in making the day-to-day decisions affecting
their work. Sure, mistakes happen occasionally (someone gets careless and
overspends/overpays for an item), but the damage is far outweighed by the
high morale, enthusiasm, and the number of creative ideas that people come
up with to overcome the obstacles they encounter. "Trust is the best
motivator"

The girl who was constantly minimizing her browser window and later was
found to have been browsing adult and employment sites, was fired after
three weeks on the job. Today, she would not have lasted three days (this
was also found to be a very important morale booster).
</plug>

My suggestion to Mike would be, try to get the decision makers to understand
that their methods are bad for the company, and un-implement the policy. And
if you find that your words fall on deaf ears, I'd say it is time to start
looking for a company that does not treat its employees as lazy crooks.

Vitaliy

More... (looser matching)
- Last day of these posts
- In 2008 , 2009 only
- Today
- New search...