views:

910

answers:

18

I work in what is effectively a large corporate - I say effectively since the company I work for is relatively small, but depends upon the network infrastructure of a larger parent company. Recently due to reasons I won't go into, the parent company who provides our Internet access decided to restrict Internet access in a blanket fashion, and access to blocked sites is now considered on a case-per-case basis (the criterion being that the site should be work-related).

Personally I feel that professional developers should have unlimited access to the Internet, and I want to get some kind of idea about what kind of liberties other developers' employers afford them in this regard.

As an example, I recently requested access to http://www.rememberthemilk.com/ and although access was granted, it was done so begrudgingly and I have been asked to provide a more convincing reason as to why I need it, given that the Outlook task manager is available. This has put a poor taste in my mouth, and I've likened this to being forced to use IE over another browser (another company policy that I won't go in to).

What do other developers expect/have access to?

+44  A: 

I personally refuse to work anywhere where programmers are treated as children. I'm there to do a job that requires a good amount of skill, and if they can't trust me to do that without treating me like a kindergartener, they don't deserve my attention.

Edit: Also, I find this essay from Paul Graham to be highly appropriate: The Other Half of "Artists Ship".

Cody Brocious
There's a difference between beeing treated as a child and the organisation adopting a (from a customer/government standpoint) responsible security profile. I guess government, military and banking is not in your list of acceptable work environments. That is, of course, entierly your choice.
Sakkle
And while I may disagree on certain points, I did find the article fascinating
Sakkle
Great essay! Thanks!
Aaron Digulla
lol - this type of attitude might work for a picasso, but most programmers paint houses.
mson
also - think of the implications if this type of attitude were applied by an end-user of a program you are writing/designing. ugh, i won't use a program that does not present font in wingdings
mson
+5  A: 

Add it to your list of annoyances. When the annoyances get larger than your salary, move on. Given the amount of time wasted surfing the internet these days, though, I suspect that you'll see more and more of this happening. Hope you can still get to StackOverflow.

EDIT: Actually, I think the thing that would bother me most is not the actual blocking. I could understand that, but the "you've got to defend yourself" attitude. I hope that it only applies to this and not requests for reasonable, legitimate resources (like an extra monitor, training, buying books). People -- including developers -- should have the ability to use the tools that make them effective. As long as using the tools isn't disruptive to the whole team, you should have wide latitude. It would probably be best if you shared a bug tracking system rather than each having his own, for instance.

tvanfosson
SO was one of the sites I had to explicitly request access to.
Eric Smith
Yeah, having to defend yourself is like motivational ballast.
cletus
The beatings will continue until morale improves.
Cody Brocious
+25  A: 

Nothing less than unrestricted access will do.

I've lost count of the number of times i've found the solution to a problem I am working on tucked away on a blog somewhere (particularly working with emerging technologies). Having to request and wait for access to get each of these solutions would have been a HUGE dent in productivity.

I can understand companies restricting on a blacklist basis for e.g. facebook, youtube but a whitelist blanket approach just isn't workable for what we do

Paul Nearney
Even blacklists don't work well for us. Facebook allows networking and afternoon enjoyment, youtube hosts tech demos, keynotes, etc... My new company blocks nothing and I love it. Performance should be the only benchmark. Meeting deadlines, etc and internet abuse should be dealt with individually
TheSoftwareJedi
Agreed entirely, TheSoftwareJedi. Trust your people to do their work and if they don't do it, deal with the problem there. I spend more time zoning out at my desk than I do on Facebook and other such sites -- should we ban comfy chairs to prevent this?
Cody Brocious
I'm not sure "networking and afternoon enjoyment" is a valid reason to allow, well, anything. Anything that helps you do your job should be OK. Posting baby pics and poking your friends doesn't seem to quite meet that standard.
cletus
+2  A: 

Depends upon the data you have access to. If you can access financial data (credit card), then PCI-DSS will require you to not be able to access the internet freely. It is a pain, but there are reasons. There should be a good process for getting access to certain sites, but the best option is to make sure developers are segregated from production data, then there is no reason to block sites other than having a "big brother" approach.

ck
pci-dss would require you to have extremely limited network access full stop. you have no business developing on a machine bound by pci-dss
annakata
A: 

I would fight back by a) Requesting access to every site I could think of, I could probably come up with a good hundred or so programming related sites and blogs i have visited semi recently given the time and motivation to do so b) Blaming any blown deadlines on the retarded policy.

The person who decided to do that does not understand the needs of programmers. You cannot code in a bubble by yourself and expect to be in any way efficient.

Either fight back or quit, those are unacceptable working conditions.

Matt Briggs
+2  A: 

We're restricted by serious content but otherwise pretty much everything is unlimited. I use stackoverflow to find answers to problems I have, so I think the use of the Internet should be encouraged as it actually aids in the work process.

EDIT: Facebook is actually blocked too, but I can see that it can just drain your time at work as people get addicted to stuff like that.

Kezzer
It's good that StackOverflow has absolutely no addictive qualities, then. :)
unwind
I see what you did there.... :P
Sakkle
+1  A: 

We have unrestricted access, but of course you need common sense. So if you are going to download illegal or x-rated stuff, you are into big trouble.

Gamecat
Some employers cant afford, or indeed are bound by law, to take measures beyond trusting their employees common sence...
Sakkle
+8  A: 

For the people who decide such policies, the Internet is one large blob of evil, uncertainty and fear. Also, since many of them think of the "Internet" in terms of pr0n sites, Facebook, etc (i.e. "fun" sites), they see no reason why someone should spend any amount of time there.

Here are some arguments:

  • I spend a lot of time on StackOverflow answering questions. This helps me improve my skills to explain things.
  • I use Google a lot because I don't want to burden myself with knowing everything all the time. Instead, I hone my skills to find the information I need when I need it. This makes me more effective but it means that I must be able to access any site that Google might return.
  • I am a fast reader. So when I open 30 different URLs, that doesn't mean I spend half an hour on each of them. In all places I've worked so far, I was under the top 10 downloaders (both URLs and bytes), more often than not even #1.
  • I constantly monitor various blogs and information sources for new ideas to improve myself, I learn a new programming language every year (sometimes more). This makes me a better programmer - every day. I can't do that when I can only see a tiny bit of the Internet.
  • When I'm working on a problem, I'm in the flow. I ignore anything when in the flow. So if you fear that I waste my time on the Internet, how about making sure that I have enough interesting work on my plate?
  • You can find a really huge OSS mirror on http://mirrors.playboy.com/. The mirror is one of the biggest and fastest in the world. Browsing such an URL doesn't mean I'm doing anything which my contract doesn't cover.
  • And the devils answer: The new insane policy on the virus scanner has made build times go through the roof. What am I expected to do while it's fighting my Java compiler for CPU time? Stare holes in the walls? Let's get this straight. My work is what the revenue stream of this company is based on. So you get money every month because of my work. Therefore, I'd suggest that you start moving obstacles out of my way. Otherwise, I might leave and you're next.
Aaron Digulla
Another argument: lunch breaks. Everyone has (or should have) 30 minutes or more break in the middle of the day, there's no reason I shouldn't be allowed access to facebook, etc, in that time if I want.
DisgruntledGoat
disgruntledgoat - really? you couldnt think of a better name?
Agree with every point but the one about playboy.com, sounds like you're tempting fate with that one. "I read it for the open source, I never looked at the pix, honest!"
Ed Griebel
Well, the good stuff is at http://mirrors.playboy.com/ while the pictures of the hapless victims of plastic surgery are on www.playboy.com, so it's just a matter of using the correct filter setting.
Aaron Digulla
Why would anyone want to see these pictures anyway? I see naked skin all day in front of me (two hands on the keyboard). Jeez ;)
Aaron Digulla
+2  A: 

I think it's possible to work within this type of restriction as long as the assumption is that the developer, ie you, knows what sites are appropriate.

The proxy here throws up a message along the lines of 'this site seems offensive, are you sure you want to proceed? Your access will be logged' which reminds you you're being monitored but doesn't treat you like a child and assumes you know what sites you need access to in order to do your job.

MTEd
+9  A: 

The problem with 'unlimited' internet access is that there's always some idiot that spoils things for everyone else by loading up on viruses or some other malware from some dodgy site or torrent.

To be honest if you work for a large corp then you have to expect this kind of thing. I've worked as a dev for a couple of UK banks and because of regulatory compliance our internet access was pretty limited and rightly so.

I'd also say that complaining about being made to use the company provided tools such as outlook is just tough love. The computers, software and internet access belong to them, not you. We use some tools where I work that I'm not a huge fan of, but at the end of the day the tools still let me get the work done according to company standards and that's what the rest of the team uses. I suck it up because it's a trade off with the rest of the job which is ace and well paid.

I'd also have to ask why you're using an external unvetted service to store your work related task list, if that's what you're doing. That's a no-no in our book, work stuff stays in work apps/data stores, period.

And you know, if it's so bad, why not do what a lot of my buddies do. Take a laptop/netbook with a GPRS/3G modem to work and do your surfing on that.

Kev
Your netbook suggestion is what I am currently resorting to. This is really a way of determining what the general consensus is - as you've pointed out there are pros and cons.
Eric Smith
"Some idiot" can sometimes be a whole department. At a previous employer, HR discovered that a field department ran a porn ring in the evenings. In general, I don't have a problem with a bit of restriction on the extreme fringes.
Ryan Riley
It is probably a stackable offence if you are caught, but you could just plug a GPRS USB stick strait into your PC. At one of my old firms, we used a dial-up modem through the company phone system to get around the network security, but I guess that would be a bit slow these days.
Martin Brown
@panesofglass - at one of the places I worked, the duty engineer did f-all except look a pr0n for the duration of his shift. Our site basically got locked down after that. Sadly there was nothing in the emp contracts at that time that would've allowed me to sack him.
Kev
@Martin Brown - If a place restricts access this heavily, they may be smart enough to have a clause that doing an end-around by connecting via modem or EVDO is grounds for disciplinary action.
Ed Griebel
I have a buddy who bought an iPhone just to get around the network blocks at our current place of employment.
Ed Griebel
@Martin - i think it's just not worth trying to circumvent lockdowns. If there's a sudden infection of malware and your PC was the one found to have a stick plugged in then it's game over for your job. The netbook is a reasonable compromise.
Kev
@Ed - that's what the banks were like. Any attempt at circumvention meant lead to P45 and filling your possessions into a bankers box and a swift walk to the front door accompanied by the security guys.
Kev
+4  A: 

I certainly agree that unrestricted access is to be desired.

However there are situations where this can not be achieved, sadly. I find myself being denied access to certian content deemed a general security risk. Like many others, I work for a large corporation, and without going into detail, there are certain security risks theese large corporations will not take. Some of theese are silly from a programer standpoint, but when one tiny slip-up from any one of several thousands of employees could result in a security breach and potentially result in tens of thousands of customers not getting the services they expect, and indeed pay for, this is a situation we simply have to accept.

So for those of us working for large private corporations, state or government organs, military, banks or the like, unrestricted internet acess is sadly an unrealistic demand. We'll just have to learn to live with it, or if we can get a job for a smaller employer.

This however does not mean we can't try to reverse some of the policies when restricted access to safe content is keeping us from doing our job to the best of our abilities. After all... that's why we're there in the first place.

Sakkle
+1 to counter inappropriate downvote. This is a useful addition to the discussion even if you disagree with it.
Mark Brittingham
+1 - me too, it's a sensible counterpoint to the toys being thrown out of prams in some of the other answers.
Kev
Thanks... I get the impression that some voters vot more with their heart than their mind. I woulf no doubt prefer unlimited access myself, but in this day and age, it's not allways possible.
Sakkle
And my spelling leaves some to be desired, damn IE and no spelling checker :P
Sakkle
+1 too to counter the prima-donnas that will respond with "if U cant surf 4chan @ wrk U shud quit, d00d"
Ed Griebel
+1  A: 

I am fortunate enough for unrestricted access. However, I don't browse anything that would be questionable should someone peek over my shoulder.

The point I would like to bring up is speed. We have a DSL connection and it is slow enough that it sometimes takes a page a minute or so to load. This sort of gets in the way of things when you are trying to look something up quickly.

+2  A: 

To me there are acceptable and unacceptable things to block.

Acceptable:

  • Adult sites;
  • Gambling sites;
  • Facebook/Myspace/etc;
  • etc.

Also, internet should be fast. If I can't download a file from springsource.org at at least 200k/second the company is wasting my time and their money while I sit around and wait for downloads.

I think unfettered access on a corporate network is unrealistic and unjustifiable. Companies need to protect themselves against lawsuits (and someone having a racy screensaver they downloaded on the corporate network can be viewed litigiously as being an environment permissive of sexual harassment). But any such system should be exclusionary not the other way around (in that everything is allowed except what isn't rather than what you have, which is nothing is allowed except what is).

I worked at acompany that had pretty stupid policies like they blocked any site with 'mp3' in it (even though those characters can and do appear in MD5 hashes sometimes used as IDs so those got randomly blocked) and, what's worse, anything with 'blog' in it. Seriously, blogs are extremely important to developers looking for answers to problems.

Now like your situation they would approve exceptions on a case by case basis (and the HR manager took personal responsibility for this!) but it was ridiculous. When you need an answer, you need an answer.

In the end we just used ssh tunnelling to bypass the proxy. Problem solved (and, due to oddities in our network config, it was faster too even though I tunnelled through my home ADSL router).

You may think I'm going overboard but I honestly would consider walking from such an environment. Things are almost certainly going to get worse. It's such a red flag for an organisation that is in the death throes of bureaucratic and political suffocation.

But if you're determined to keep your job and want to avoid justifying why sites should be allowed (I would) I'd use ssh tunnelling (if possible).

cletus
Once my boss asked me to confirm which day I had taken vacation, and the fastest way I could do that was to check my facebook... so it can be work related :)
JoelFan
+2  A: 

Why don't you suggest that instead of blocking everything and getting permission to unblock sites they unblock everything and then only block specific non-work/time-sink sites. They should be able to identify these from their logs (facebook and myspace will pop up, I'm certain).

If they won't go for this, just request access to every site you need that you find blocked, keep a count of how often you have to make a request, and bring it up periodically with your line manager as an impediment to your productivity. All of this may make no difference of course - the difficulty of getting a corporate policy changed increases in relation to the size of the corporate. In which case you just have to decide whether you're going to put up with it, or find a job somewhere else.

gkrogers
Essentially the blacklist method you mention above is how things were running before the mysterious event that precipitated broad-based blocking occurred.
Eric Smith
What you ought to watch out for are any signs that this kind of Theory X management is becoming the norm. For example, not allowing to make or receive personal calls, or requiring you to fill in timesheets accounting for time in 15 minute blocks, but not allowing you book time to admin.
gkrogers
+3  A: 

As a developer I expect access to certain resources when I negotiate for my contract, one of those is reasonable access to the internet (I say reasonable because if I'm caught surfing porn sites or wasting time on Facebook then sure I'd expect to be reprimanded or fired. Reasonable is a negotiated term in most cases). If I have a legitimate reason for using/referencing a site then I expect unrestricted access to that site - without having to jump through hoops to get access to that site.

Given that a lot of the information I search for is undocumented nuances of "features" and workarounds in .NET, quite often I'll find the information on some obscure blog, community or newsgroup post which I might not have access to otherwise.

Aside from internet access, I also expect to have room in my cubicle for a decent selection of my library - if not a bookcase for the whole thing. In an ideal world, I don't want a phone on my desk - if people need to talk to me, they can come and talk to me. If they've gotta make the effort to come and do that, they're more likely to find solutions to problems on their own instead of coming and pestering me for answers and if they made the effort to come and find and talk it me, helping them find a solution is the least I can do... but that's another topic entirely.

BenAlabaster
+1  A: 

One solution is to have a handful of shared workstations dedicated to web browsing, and shared between all the developers in a lab.

A company I used to work for did this, though they spoiled it with some silly mistakes:

  • Having a shared login, so although it was logged, they didn't know who had been to what sites
  • Giving a handful of developers web access on their own workstations, so the remainder became jealous and also kept requesting it.
  • Not locking the machine down, so anyone could install software on the shared machine, inevitably breaking it (admittedly this is a hard problem, but requiring individual logins would have discouraged it.)
  • Using an external blacklist, so querying it for each URI delayed page loading by about 2 seconds.
  • No additional virus scanning. The hard drive was checked, but USB flash drives weren't.
finnw
A: 

You work for a corporation and misunderstand your place. You are a cog in a machine. If you cannot adapt to the strictures of your client/employer, you will find that both you and your employer will be dissatisfied (and everyone - especially you - can be readily replaced).

There are usually reasons for forcing workers to comply with rules. You may think it's silly for restricting access to sites, but given the insecurity of the internet, are you willing to pay the price for a security breach? Just because you are a programmer does not mean you won't be tricked by a malicious site or fall prey to attacks. And when the incident occurs, do you think your annual salary even begins to cover the cost of recovery?

There are browser specific attacks as well - while IE is the most highly targeted because it is the most widely used, do you think your corporation should have to pay for extra IT staff and expertise, just so you can use the browser of your choice?

Having said all that, the way to get what you want is to provide a business case for the consequences of the policy change. If you want Firefox supported - demonstrate how it will make money or save money - and make sure you think through all the consequences, because I'm pretty sure that in most scenarios the company will have considered things better than you. If you want unlimited internet access, demonstrate why it is necessary and how you will protect the company assets.

Learn you place boy (read with Southern accent from Cool Hand Luke).

When you have your own company, you can make the decisions, until then, adapt to your given environment and make the most of it. Do continue to make suggestions for improvements, but know that there are a lot of people smarter and more experienced than you.

@those artistes who won't work for someone because [put reason here]...

see you at the bread lines...

mson
Protip: not everyone likes being a cog in a machine. By treating your developers like this, you can ensure you're going to get poor work out of them. "The beatings will continue until morale improves."
Cody Brocious
The universe does not care if the ant doesn't like being an ant. It is still an ant.
mson
My developers are very happy - we have fun at work (hell we even have a wii) and off-work with paintball and video games. They are treated with the respect they are due and they likewise treat everyone else with respect. We are a bit prima dona, but wth - we produce quality code at low cost.
mson
+1 - sensible post. Some developers really do love to inflate their ego's and sense of importance. At then end of the day we're employees just like the sales, support and janitors. Don't like something? Leave or put up and shut up.
Kev
-1 Sorry, have to mark this down. In most cases using Firefox isn't a luxury. It's a necessity. Both for testing compatibility of the sites you write as well as debugging style/layout problems (ie Firebug). Can't do it with IE. You have to be realistic but this is a little too "tow the line".
cletus
@cletus - i'm definitely not 'tow the line'. i'm pragmatic. your case for firefox depends on the environment. if you are developing an internet app for broad use, the logic applies. however, if you are building intranet/extranet app where you can decide the browser, it does not.
mson
Software engineers are professionals, not unskilled/semi-skilled help like janitors. Treating them like warm bodies instead of respected professionals ensures that you are self-selecting people who don't want respect - who are not the people bringing your company success.
Paul Nathan
@mson: even if you're developing an intranet application that only needs to work on IE, it's STILL MUCH MUCH easier to develop that on Firefox. IE has nothing as good as Firebug.
cletus
if software engineers were considered professionals.... we wouldn't have been able to outsource half of them to India.
gbjbaanb
+1  A: 

Where I work, every link is monitored by WebSense and some are filtered and others blocked. It seems like a logical point in many ways for me. If I'm going on-line to do something, I don't mind it being recorded as I am using company resources, just like I'd expect some phone calls to be taped or meeting room meetings to be taped from time to time.

Sites being blocked may be more of a good thing since this prevents some stupidity like the gambling or porn sites that may pop up if things aren't monitored. So, I don't expect unlimited access, though I do like having some freedom and if my job performance is good then this shouldn't be discussed at length, whereas if my performance drops I could see having it cut back in that case.

JB King