[baz00]

Worth also pointing out that sometimes when you're in a corporate dystopian hell hole do not expect to be able to actually request or install software on your device. What is there is what you have and trying to get it changed is an exercise in taking on the bureaucracy. It's not worth it. Many people have tried and failed.

Back in the dark ages, we had a horrible reporting engine in Word VBA that pulled report definitions off a fileshare and cut and pasted bits of templates together and then printed them. Literally there was a computer in the office the IT team hadn't taken back because the guy had quit and we logged it in as one of us and ran that .doc all day to do numerous engineering reports. This was quicker and cheaper than filing a PO for the reporting option on the CAD/CAM software which would have taken at least 18 months, involved consultants and eaten at the project budget.

So when everyone bitches about Excel VBA being used for horrible things, the cause is probably further up the stack.

The other cause is what I call monkey hammer. If you give a monkey a hammer he's going to hit things. Everything looks like a VBA solution when you're a monkey and the only hammer you have is VBA. I am a slightly more evolved primate these days.

[liotier]

I suspect that dystopian environments of locked-down mandatory corporate Windows laptops with no software installation privileges, firewalled networking and even the USB ports disabled are also part of the reason for every function being crammed into the browser to the point that the browser has become an operating system host... Creativity (and catastrophes) happens where there is freedom: local scripting and browser scripting !

[TeMPOraL]

Yes. At this point it's well-known that ports 80 and 443 are the two ports no company[0] can afford to block. This means, among other things, that making your product as a webapp is by far the best approach if you want to "worm your way into" corporate environments, as any worker can use it out of the box, while anything else would require IT approval.

--

[0] - Except those creating high-security environments with airgaps and whatnot, but that's a special case.

[actionfromafar]

Proxies can be pretty harsh too. Not sure if we have a whitelist or a blacklist but it’s pretty restrictive.

[letsdothisagain]

Yeah in the early 2000s Java was supposed to be the universal platform of write once run everywhere. And then every IT department locked Java out, so we said fuck it and wrote everything in PHP.

[anthk]

>no software install...

https://portableapps.com

I think there's even a Lazarus IDE available for every company user who wants to create reliable RAD based software bound to corporateware.

[liotier]

Depends on the level of corporate restrictions. Workstations with the "developer" policy applied may do that (if they managed to smuggle the executable through the HTTP proxy, and as long as the program doesn't open an inbound port - upon which event the OS kills it) but others can only run whitelisted executables. Every day I miss the Debian computer I have at home.

[nolongerthere]

Best practice security recommendation for executables these days (in corp env) is to block all execution of all executables outside of protected folders, i.e. Program Files and Windows. Severely limits the initial attack surface (disable that rule or supply chain attack).

As a developer who hates installing programs that might be one offs, I hate the idea of it, but I can't deny the benefits.

[anthk]

That was my idea from the beginning among forbidding macros in Office and enforcing text email everywhere for corporate comms among an internal Jabber/SIP server for group videoconferences and a hacked up News (NNTP) server for internal discussions and news, which would be one of the best tools to implement an easy discussion board to mark both issues and schedules. But $BOSS won't like that, they want to execute anything everywhere.

[baz00]

Try getting those through a corporate DLP proxy.

[kabes]

You say creativity happens where there is freedom, but I often hear artists claim they work best when given constraints.

[cableshaft]

> sometimes when you're in a corporate dystopian hell hole do not expect to be able to actually request or install software on your device. What is there is what you have and trying to get it changed is an exercise in taking on the bureaucracy. It's not worth it. Many people have tried and failed.

Been at a company that was like this to developers. We couldn't approval to get anything installed, and IT was just plain hostile. They also demanded six months notice for us to get a server that was a copy of an existing computer (we wanted to use it for staging).

I also once built an exe for our internal app in Visual Studio, got a call from IT, they said I had a virus on the computer, requested screen share access, and I watched them navigate to the bin folder and delete the .exe I just built (and just the .exe file).

Had to go through a nice long process to get them to stop doing that. Also they didn't seem to understand that I'm a developer and I develop software for the company.

[j33zusjuice]

What you call monkey hammer is actually the “golden hammer,” or “law of the instrument.” Idk if that matters to you, but it’s an already defined thing.

https://en.m.wikipedia.org/wiki/Law_of_the_instrument

[BobaFloutist]

I'm pretty sure they were referring to the established aphorism "When all you have is a hammer, everything looks like a nail."

[aksss]

I think it's one and the same, no? Your aphorism is literally cited in the first paragraph of the "Law of the instrument" linked above.

[jeffwask]

Crossed with a thousand monkeys and a thousand typewriters.

[baz00]

It's an extrapolation of that. The golden hammer gives too much credibility to the people weilding the tool.

[Modified3019]

“Monkey hammer” is definitely very illustrative of a particular kind of chaos, I like it.

[mschuster91]

> Worth also pointing out that sometimes when you're in a corporate dystopian hell hole do not expect to be able to actually request or install software on your device.

The problem is, cybersecurity insurances nowadays have that limitation as mandatory for coverage... and for good reason.