[sclug] Personalised web content filtering
Dickon Hood
dickon-ml at fluff.org
Thu Jun 16 10:46:31 UTC 2011
On Thu, Jun 16, 2011 at 11:29:42 +0100, Neil Haughton wrote:
[ bad idea ]
: (BTW I am already familar with the 'this is an HR issue not a technical one
: and you shouldn't employ staff you don't trust' argument, but I need to
: treat it as a technical issue and find a technical solution, if I can. The
: idea is to be safe rather than sorry, to shut the stable door before the
: horse bolts, and quietly open the door when the company is confident that
: the horse is not the bolting type. And then keep the horse happy enough not
: to want to bolt in future.)
By locking things down so much, your horse is going to get remarkably
pissed off as it is.
And what's to stop them walking off with the source code on a USB stick?
Better: a USB stick masquerading as a smartphone? If your answer is 'oh,
we just disable the USB ports', then make sure you've also nobbled the
Firewire ports in the BIOS, as you can read the entire system memory over
that just by plugging something in. It requires no interaction with the
host OS whatsoever.
In short: you're right: it's an HR problem, not a technical problem. No
technical solution you put in place will do anything other than severely
piss your horses off, to the extent that they may well consider bolting.
The trick here is to ensure your horses don't wish to leave *first*, not
at some jam-tomorrow future point.
In answer to your question: no, no idea. You could probably do something
unwise with squid ACLs and NTLM auth, but that'll mandate the use of IE,
and isn't foolproof anyway; we attempted something (briefly) at the BBC
for similar (ie., clueless HR) reasons, and abandoned it some three years
after starting.
In other news, sort() in shell:
<http://dis.4chan.org/read/prog/1295544154>.
Dickon Hood
--
Due to digital rights management, my .sig is temporarily unavailable.
Normal service will be resumed as soon as possible. We apologise for the
inconvenience in the meantime.
This email was sent from a colocated server, and needs no excuses.
More information about the Sclug
mailing list