Internet Explorer 8

[ReverendSlappy]

They're out there. I can say that some of the best decisions I've made have happened after I put myself in our users shoes.

Our situation is a bit different as we're a very technical company and not only does IT provide for our users we also provide the infrastructure in which our products run on -- which is used by our clients.

I've discovered that if I cause an outage (it happens) that the best thing I can do is to take a few incoming calls -- it helps me understand what I just did. Not only that -- if I randomily grab a support case once or twice a day and call the client themselves it is amazing how impressed they are by getting someone on the phone who can personally directly take care of their issue.

It also helps to just sit down randomly with users and see how they work. Often , 10 minutes of attention by those that can change something, can save several people hundreds of hours per year.

Luckily I'm in an enviornment where I can do the above. Not that it couldn't be done in a larger corporation if directed so by IT management.

Bingo. And the thing is, if business's default position is to just sit idly by and incessantly complain, and management's default response is to threaten outsourcing (and I mean "threaten", not just use it as a lever to force competitiveness), that will never happen. That's all I'm saying: If management isn't taking an active role in making sure their subordinates are effectively communicating their expectations and/or aren't measuring whether they're being met or not, I've no sympathy for them. Those kinds of processes are applied to every single other operations group and yet so many senior management types just expect everything IT to happen like magic -- and for free. And of course, it doesn't work that way.

I personally am not convinced that half the crap "IT" does in many companies accomplishes much more than slowing down computers, slowing down employees, while making themselves look important, and claiming to "protect data" from "evil hackers"--when 95% of what they do isn't going to stop a person smart enough to jack or damage the data in the first place.

If I had to guess, I'd say that, yes, on balance there probably is more security infrastructure in general than may be bare-bones necessary. But there's a lot that goes into that: For one thing, you don't create security schemas based on just the threats that exist right now. And you don't apply security measures narrowly; the "coarser" you do it, the more likely you are to catch real threats.

It's a difficult job, but the balance can be struck. It just takes competent people -- on both the IT and the business sides -- to make it happen.

What do you expect when you take IT folks out of tech schools and then have vendors selling security products to them all day? They have no ****ing idea what the *real* threats are. Nor do they understand the real problems of the company. They also fail to understand that they are there to SERVE the company and support the company's mission.

The problem is that "serve the company and support the company's mission" thing falls apart real fast when all the company displays is contempt for your entire job function and demonstrates nothing other than an interest in fomenting an adversarial relationship. Bill said it: It cuts both ways, and without a real partnership, a real two-way street, it's game-over.

 

[wsuffa]

Again, so you've (supposedly) run into a couple lousy IT groups. Super. Painting them all that color is certainly a good way to make sure you get the kind of service you want going forward.



Then you have "NEVER" seen an IT group after people like me have come along -- and have "NEVER" seen any other competent one. I'm guessing, however, that "NEVER" is more than a little hyperbolic.

And in the situations that have existed before I've come along, no, they weren't proactive. But that's not where the story stops: In the best operations, gaps happen. Things fall through the cracks. And in the worst operations, gross incompetence runs rampant. But if your default position in any discussion of basic technology security measures is "IT SUCKS!!!", which shows no interest in taking the next step -- effectively communicating that you have a problem to whom you're supposed to communicate it -- I'm supposed to believe that you're a part of the solution and not a part of the problem? Don't think so.



And once again, I'll point out that if the wrong people are getting promoted to senior-level positions, that's a problem bigger than IT. But I suppose that makes for a more complicated discussion, not conducive to "WAAAH! IT SUCKS!"

Edit: And speaking of other operations groups (which IT really is), that's exactly what it should be treated like. Any other operations group has empirical expectations of them set, have their performance quantitatively measured, and are held accountable when they don't meet their goals. Those are management functions, and if they aren't in place and effective who in their right mind, with any bit of sense or competence whatsoever could possibly be surprised when things fall apart? And again, if the default position is a puerile "IT SUCKS!!! I WANT AN AIRCARD!" where exactly are things supposed to go from there?

Of course, Slap, you're right. You're always right. Us mere management and users don't have a clue.

I'm done with this discussion.

 

[ReverendSlappy]

I'm done with this discussion.

Since you clearly have no interest in paying attention to what I'm saying, which -- much like having no interest in actually engaging IT in a meaningful fashion -- means nothing productive will come of it, I can't say I blame you.

 

[Maverick]

In an attempt to get this thread back on the original subject I thought I would post this message that I received today from Checkpoint. It speaks to an exploit that effects the listed operating systems, the IE browser and MS DirectShow. It's because of issues like this that I personally use Firefox with the NoScript add-on.

Jean

Microsoft DirectShow Exploit
(CVE-2008-0015, 972890)

This exploit involves drive-by attacks originating from thousands of newly-compromised Websites. These Websites transfer malware to the victim computer through a vulnerable DLL in Microsoft DirectShow video streaming software. Exploit code is currently available in the wild and there is no patch available at the time of this writing.
Attack Details
This attack affects the following operating systems:

• Windows XP Service Pack 2 and Windows XP Service Pack 3
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP2 for Itanium-based Systems

The attack works in the following way:

• The user visits (or is redirected) to either a legitimate Website that has been infected or an entirely malicious Website. In either case, the Website hosts a JavaScript file and a data file that allow the hacker to exploit the vulnerability that exists in Microsoft DirectShow.
• Computers with the affected OS and IE browser versions and the DirectShow ActiveX plug-in (msvidctl.dll) receive a malicious payload via drive-by. (This drive-by is undetectable to the user.)

The malicious payload allows the attacker to gain the same user rights as the local user. Such rights give the attacker a range of abilities such as downloading more malicious programs, redirecting a victim’s Web searches, and intercepting information that the user types or keeps on the computer.

 

[SkyHog]

In an attempt to get this thread back on the original subject I thought I would post this message that I received today from Checkpoint. It speaks to an exploit that effects the listed operating systems, the IE browser and MS DirectShow. It's because of issues like this that I personally use Firefox with the NoScript add-on.

Jean

Microsoft DirectShow Exploit
(CVE-2008-0015, 972890)

This exploit involves drive-by attacks originating from thousands of newly-compromised Websites. These Websites transfer malware to the victim computer through a vulnerable DLL in Microsoft DirectShow video streaming software. Exploit code is currently available in the wild and there is no patch available at the time of this writing.
Attack Details
This attack affects the following operating systems:

• Windows XP Service Pack 2 and Windows XP Service Pack 3
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP2 for Itanium-based Systems

The attack works in the following way:

• The user visits (or is redirected) to either a legitimate Website that has been infected or an entirely malicious Website. In either case, the Website hosts a JavaScript file and a data file that allow the hacker to exploit the vulnerability that exists in Microsoft DirectShow.
• Computers with the affected OS and IE browser versions and the DirectShow ActiveX plug-in (msvidctl.dll) receive a malicious payload via drive-by. (This drive-by is undetectable to the user.)

The malicious payload allows the attacker to gain the same user rights as the local user. Such rights give the attacker a range of abilities such as downloading more malicious programs, redirecting a victim’s Web searches, and intercepting information that the user types or keeps on the computer.

2 points:

1) This exploit requires a user to allow ActiveX scripts to run.
2) This is why IT has the control to stop people from allowing ActiveX scripts to run.

 

[ReverendSlappy]

2) This is why IT has the control to stop people from allowing ActiveX scripts to run.

Whatever, Nick. You're just a jack-booted, brown-shirted, ignorant, power-hungry, thuggish bully bent on taking over everybody's systems and crippling their business. How dare you not just permit everybody to do whatever they want, whenever they want -- real, legitimate, and critical security risks be damned? Haven't you stopped to consider that there might be business critical applications (that you don't support, didn't approve, have never been told about, and aren't even aware exist because Joe Schmuckatelli user decided he's more important than the processes put in place to manage these things) that might break if you turn that off?

Clearly your management should find somebody else to support them -- and pay them less.

 

[flyingcheesehead]

Wow.

I think everyone should just get a Mac, and then most of the IT department could go away.

 

[ReverendSlappy]

Wow.

I think everyone should just get a Mac, and then most of the IT department could go away.

Hey Kent, not every company can be a digital media firm with beanbag chairs, ping pong tables, Wii and a bong.

Seriously, though, no matter the OS or manufacturer or productivity suite that's used, so long as there are people involved, there will be problems that need to be fixed. That means there needs to be an IT operation that both supports the business and has the support of the business. If either half of that equation is missing, no variety of system is going to work very well -- and the answer to the lack of either most certainly isn't to simply throw one's hands up and screech, "IT sucks!", complain just for the sake of complaining and leave it at that. That's the only point I keep trying to make, and the idea that some are so inexplicably resistant to.

 

[mikea]

Yeah. That's exactly what I'm saying.



Oh, yeah, because you know that "shareware" app is completely free. There's no cost whatsoever associated with it when the 62 people you told about it call up the helpdesk bitching about how "This fax application that Mike on the other side of the floor showed us just stopped working! Fix it now, and I don't care if you've never heard of what I'm talking about and don't have any means whatsoever of supporting it! You guys SUCK!" Yeah, the time the people get to waste talking on the phone with those people is totally free -- not to mention the time that all the people with legitimate issues wind up spending on hold. But yeah, IT just locks stuff like that down because we like to. Yeah.

What about getting the app approved did you fail to read?

There's a process with multipage forms and a standards board that has to vote to approve it and all kinds of crap designed to make you give up, - including how the app is supported.

 

[ReverendSlappy]

What about getting the app approved did you fail to read?

There's a process with multipage forms and a standards board that has to vote to approve it and all kinds of crap designed to make you give up, - including how the app is supported.

So you did go through the approval process, saw it to completion, and it was denied? In that case, somebody who outranks you ixnayed it or authorized someone to put the kibosh on it -- which is absolutely no different than when somebody senior to you nixes budget, doesn't give you headcount you want, squashes a project, or denies any other kind of resource request. That's just the way the cookie crumbles.

But oh, if it's something IT-related that gets quashed, oh, then Holy Hell, it's a testament to the dumbassery and jack-booted thuggishness of tech workers everywhere! Bring on the outrage and the Dilbert quotes, post haste, so adequate angst and snark may be righteously rained down upon them and their boundless ignorance!

 

[gprellwitz]

Getting back to the topic, I've been finding that Oracle Application Server Portal has a built-in rich text editor that throws an error when you attempt to format text in IE8, but not in IE7. Of course, Oracle hasn't approved much (any?) of their technology stack on IE8 yet. I'm going to a meeting tomorrow where we're discussing which IE version we'll standardize on next. We're currently on IE6.

 

[ReverendSlappy]

Getting back to the topic, I've been finding that Oracle Application Server Portal has a built-in rich text editor that throws an error when you attempt to format text in IE8, but not in IE7. Of course, Oracle hasn't approved much (any?) of their technology stack on IE8 yet. I'm going to a meeting tomorrow where we're discussing which IE version we'll standardize on next. We're currently on IE6.

That sounds like a fun meeting...

 

[Maverick]

Getting back to the topic, I've been finding that Oracle Application Server Portal has a built-in rich text editor that throws an error when you attempt to format text in IE8, but not in IE7. Of course, Oracle hasn't approved much (any?) of their technology stack on IE8 yet. I'm going to a meeting tomorrow where we're discussing which IE version we'll standardize on next. We're currently on IE6.

We have been warned that certain B2B apps on customer portals won't work with IE8. I believe it's database issues so maybe the back end is Oracle. We're still standardized on IE6 but I only use IE when it's business related site that doesn't support Firefox. I am finding that those occasions are becoming more and more rare.

Jean

 

[gprellwitz]

We have been warned that certain B2B apps on customer portals won't work with IE8. I believe it's database issues so maybe the back end is Oracle. We're still standardized on IE6 but I only use IE when it's business related site that doesn't support Firefox. I am finding that those occasions are becoming more and more rare.

Jean

Many of the people I've spoken with say that most Oracle things work fine with IE8 though, as I noted, there are exceptions. And these days Oracle is a lot more than just the back end, as I'm sure you know. Between the database, Oracle Forms, Application Server (including Portal), WebLogic, their multitude of ERP systems, etc., they are involved in many of the applications we run here. And as far as I know they haven't certified any of their stuff on IE8, which mainly means that you have to prove that it doesn't work on IE7 either if you encounter a problem that may be due to a browser.

 

[flyingcheesehead]

Ahh, once in a while I just have to click "view post" to remember why certain people are on my ignore list.

 

[ReverendSlappy]

Ahh, once in a while I just have to click "view post" to remember why certain people are on my ignore list.

I didn't realize there was an "Ignore the Obviously Good-Natured Joke and the Content of the Conversation At The Same Time" list.

 

[ScottM]

We have been warned that certain B2B apps on customer portals won't work with IE8. I believe it's database issues so maybe the back end is Oracle. We're still standardized on IE6 but I only use IE when it's business related site that doesn't support Firefox. I am finding that those occasions are becoming more and more rare.

Jean

Wow Jean you used 'standardized' and 'IE' in the same sentence

 

[Maverick]

Wow Jean you used 'standardized' and 'IE' in the same sentence

Yeah, me too!

 

[mikea]

Wow Jean you used 'standardized' and 'IE' in the same sentence

Did a tell you about when I was on the team the choose the new email client? It had to be "multiplatform - Windows 3.1, Windows 98, Windows XP. It took a lot of meetings until the requirements were only met with Exchange.

 

[Ghery]

It is so funny that I work with so many other companies and we can argue all morning long about a technical topic, but at lunch time we unite and ***** about our respective IT departments. It is a universal truth. Gherry, you are one of the few Intel guys I have heard say that they get good support. The guys in Portland do not seem to share your opinion. They do like the shuttle though!!

Well, I didn't say (at least, I don't think I did) that they are perfect. Just reading some of these posts leads me to think they aren't as bad as some others. Now, I was ready to nuke someone last summer. I was going to be working from home for 3 weeks following my prostate cancer surgery and the evening before going in the hospital I tried logging on to the company network using VPN. I guess I hadn't used it recently enough and they had revoked my access. I got support on the phone and they needed me connected (hard wire) to the network to fix it. Oh, and the approval would take 3 days before they could do that. I guess that guy in Bangalore (or whereever he was) could hear me without benefit of the phone. They needed my boss's approval, so I called him at home. They short circuited the process and by the time I drove to the plant (1/2 hour) they were able to get me up and running again. It was that or I wasn't working for 3 weeks. I wasn't really a happy camper about that time.

I get a kick out of some of our people when they comment that the shuttle from OLM to HIO is a small plane. It's a B-1900. I just smile and comment that there's nothing remotely that large in my logbook. And the ERJ-135s we run elsewhere are quick, and best of all, NO TSA BS!!!