Pleasing Google's Tech-Savvy Staff 142
An anonymous reader writes "Douglas Merrill, Google Inc.'s chief information officer, is charged with answering that question. His job is to give Google workers the technology they need, and to keep them safe — without imposing too many restrictions on how they do their job. So the 37-year-old has taken an unorthodox approach. Unlike many IT departments that try to control the technology their workers use, Mr. Merrill's group lets Google employees download software on their own, choose between several types of computers and operating systems, and use internal software built by the company's engineers. Lately, he has also spent time evangelizing to outside clients about Google's own enterprise-software products — such as Google Apps, an enterprise version of Google's Web-based services including e-mail, word processing and a calendar."
Re:NO TFA (Score:2, Informative)
The question is... (Score:2, Informative)
From the article:
Re:It all comes down to this.... (Score:3, Informative)
If you are interested in how these recursive tools work, check valgrind [valgrind.org]'s documentation (interesting because it relates a bit how some design decisions were made so that valgrind could be used on itself) for example.
Re:I wish our IT was like this. (Score:2, Informative)
Re:I wish our IT was like this. (Score:3, Informative)
My management did their best to fight it, but IT has a strong pull here I guess.
Comment removed (Score:4, Informative)
Re:Nice approach (Score:3, Informative)
Show me how.
And traditional viruses/spyware won't do that.
The trouble is, modern OSes are reasonably secure at this point, and you can bet the external-facing IPs are going to be locked down. Same with internal services -- some random developer's desktop might be open, but the service is going to be secure. So what you're talking about is someone actively making a "hacking" attempt at something that, to my mind, looks pretty much impenetrable.
The only other option is something more insidious -- set up a website which exploits some browser flaw, then hope someone at Google sees it. Or sit around a wifi hotspot, praying that someone logs on with a laptop that's vulnerable, infect it, set it to phone home, then pray it is actually able to phone home, and that Google doesn't take a peek at exactly where it's phoning home to.
And a successful variation of this is still just going to give you the one insecure machine. It's not going to give you the entire network. It's probably got less of a chance of doing that than if they were extremely anal-retentive in their security policy (and refused local-admin rights, etc), because it's going to be a heterogenious network.
But then, you did just provide the perfect counterargument: The first hacker to take down their network, either internal or external facing, would be infamous. Therefore, people are trying. It's not working. Therefore, whatever Google is doing for security is working.
Re:Nice approach (Score:2, Informative)
Yes. At least in Germany. Here, you, the purchaser, need to able to reed the EULA/ToS before even buying the software.