[korlja]

Back in the day, if your pencil was dull, you sharpened it with your own personal workplace sharpener. You could replace your pencil or maybe even typewriter by just going to the supplies closet and get a new one. Security was done by cleaning your desk and locking the file closet in the evening. Also, the friendly security guy at the main entrance greeted you nicely and knew your face.

Nowadays, if there is a problem with your pencil-equivalent computer plus word-processor, you have to get support from hardly available technicians. You cannot just take the next computer out of a nearby supplies closet. Even worse, after an update, all computers company-wide break at the same time in the same way, no chance for a quick fix. Security is done by weird processes that must be followed to the letter, including learning a new "key profile" by heart every 8 weeks instead of just taking along the company-provided file-closet-key on a keychain. If you use the company provided email client like it is built to be used, e.g. click on attachments, you are at fault for breaking policy and endangering security. If you fail to use obscure processes that said email client doesn't actually want you to use to check for the originator address of an email, you are endangering security. Same for the fancy new phone-replacement-software that needs you to download and execute arbitrary executables which you aren't supposed to do. And the guard at the door has been replaced by an RFID badge that any kid in the subway standing next to you can clone with his phone. Of course you are supposed to know this and wrap that badge in tinfoil outside company premises.

IT issues are so debilitating because users are powerless to fix them. They are blamed for problems that arise just because of the mandated software being unsuitable and insecure. All this gets papered over by heavy processes such that even the people in IT who are trying to help are powerless, bogged down in ticket-pushing busywork, and tons and tons of policies that actually do nothing useful.

[jbluepolarbear]

The number one issue with IT is that companies don’t see the value in having a full support staff and hire the bare minimum to get stuff done. My wife worked for a few big enterprise companies in Denver and they’d only have 4-8 people supporting hundred each. Higher ups choose the software and hardware, they’re stingy with licenses, only replace hardware every five years, will have a faulty computer repaired dozens of times before getting replacements, buy hardware that’ll be obsolete in a year), upgrades are all computers at once because the software doesn’t support testing groups. A funny example is she recently helped a hospital network upgrade to new computers in 2021; none of the computers support windows 11 so they have to buy new computers again because their new software doesn’t support windows 10. This happens all the time.

[lordnacho]

This is an accounting problem. If you get your act together and buy a load of new hardware, hire staff to maintain it, there's a definite number attached to it.

If you let your teams get bogged down with crappy hardware and no support, you also pay, but nobody can count where the losses were and what they sum up to.

Like an invisible tax, you end up paying one way or another, but you'll never know how much and whether it was a good trade.

[themitigating]

A pencil is a simplisic writing device whereas a computer and its software is significantly more complex. Not to mention it communicates with external devices like mice, keyboard, wifi, website, and email

Mandated software, like security products, don't exist on a pencil because it can steal all your financial data from an external connection.

IT has policies because of past failures and regulations. They are also bogged down because a ticket can take anywhere from 5 mins to many days and it's impossible to accurately predict what frequency of each type of problem will occur from the known set or how long it each will take. Companies hire a decent amount but they also can't over staff a dept just so everyone gets their issues fixed instantly.

Users can't fix their computer most of the time because they don't know how. A pencil either needs to be sharpened, needs to be replaced, or is working. Everyone can be taught how to do those three things in a short amount of time.

One office object that's not a computer and would be a better comparison is the copy machine. It's a troupe about how often they broke.

[pessimizer]

The comment that you're replying to isn't arguing that computers shouldn't be complicated, or that we don't need them to be. It's pointing out that they are complicated, and in a way that leaves most people powerless.

There's no need to run in and defend computers, or security policies.

[danaris]

Except that there is.

Maybe not from korija in particular; you're probably right about their specific intentions writing that post.

But I've seen posts—hell, I've met people in person—that clearly put forward the opinion that computers are a mistake, they're overly complex, and we need to go back to the time before they existed.

Most of the time, this is at least couched in the form of "Aw, man, these computers are just so dang complicated, y'know? I can never get 'em to work right! You know how it is, right?" But there have been multiple occasions where it was much less playful and much more seriously "computers don't help, they only make things worse, I hate them and we should just all go back to pencil and paper."

Poe's Law[0] is around for a reason.

[0] https://en.wikipedia.org/wiki/Poe%27s_law for those who aren't familiar

[korlja]

I do think computers are a huge net positive.

And for what we need computers to do, there is a necessary, irreducible complexity involved, so there is a limit to how simple things could be even in theory.

But the problem isn't with that necessary complexity per se. It is the lack of knowledge in the responsible upper layers of any organisation about how to deal with that. Computers are complex, as essential as pen and paper (or more) and exhibit highly correlated failure modes (i.e. one faulty update or one trojan takes down all of them, just like a fire burns all your papers). This means that a large amount of resources should be expended to prevent problems from occuring in the first place, because they are usually large-scale and severe. Instead, IT gets the minimum amount of resources to keep up with constant firefighting. Also, risk-prevention is frowned upon, the new shiny or the crap everyone uses always has priority, even if it increases risk. Because nobody ever got fired for buying HAL or something.

[danaris]

Right; exactly. This is the kind of sensible analysis of the situations you described that is needed to actually solve them, rather than just decide that computers were a mistake and throw them out (or, as is much more common, throw up your hands and claim that this is unsolvable).

[themitigating]

The comment isn't saying

"computers are complex unlike a pencil" it's mostly complaints about IT "heavy processes such that even the people in IT who are trying to help are powerless, bogged down in ticket-pushing busywork, and tons and tons of policies that actually do nothing useful."

My defense was attemping to explain they are difficult compared to other office products ait's to be expected.

His comment seems to imply that there's failure in the IT process or the way it's run that cause the issues. In other words "we have a process for pencils that work , why not computers " as if process can be scaled linearly

[BrandoElFollito]

> RFID badge that any kid in the subway standing next to you can clone with his phone

Please do not spread FUD. Except for antique technologies. (MCF-1, ...) you can't clone RFID devices.

[korlja]

It isn't FUD if it is still true for a majority of deployments, even new ones.

One popular example: EV chargers still rely on easily cloneable Mifare Classic for access and billing and are only very slowly changing over to more secure alternatives. And in case it isn't obvious: Mifare Classic security problems were literally more than a decade old knowledge when EV chargers started to be deployed.

https://community.nxp.com/t5/NFC/good-alternative-for-EV-cha...

It isn't FUD if reality is that bad...

[blueflow]

Many "security" tokens are just... tokens. Literally an ID that is writable and readable to any close device.

If you think its antique... like, its still widely in use today, i think you are wrong.

[throwaway787544]

Access company Kisi's blog post from 2018 on hacking 125Khz and 13.56Mhz cards: https://www.getkisi.com/blog/how-to-copy-access-cards-and-ke...

Hardware device that copies many keys including encrypted: https://icopyx.com/

[chris_wot]

Ah yes, the good old days where everything was so much more efficient without a computer.