[tempie2024]

That is a hard one. Best to report it I think.. but it is not clear cut in general.

There would be times when going against your employer by blowing the whistle or covering up is the more moral thing to do.

Deciding where that line is not simple and there is no guide.

[ozr]

It's a guy browsing the internet a bit. This is not some deep philosophical question. You're just advocating being the type of person we'd all hate to work with.

[kortilla]

“It’s a guy browsing the internet a bit” can be game over from a security perspective. Some machines should never execute code from public web pages, full stop.

So it is a philosophical question of why the restrictions were in place in this scenario. If it was “employee productivity”, then sure, who cares. If it was an IRS computer with thousands of people’s tax returns on disk and access to millions more, then reporting was the right move.

[vasco]

If he was the most senior sysadmin it's already his responsibility to keep things safe anyway, so if you trust him for all the rest of the infra you can trust him for a proxy.

[kortilla]

The reason you report is to make the call if he should have had that level of trust in the first place.

[eru]

I'm not so sure.

I can imagine trusting someone to set up (and even enforce) eg an alcohol policy, but still be prone to alcohol abuse themselves.

Weak wills are a thing. Or people thinking they are smarter than the protocols that apply to the masses.

[vasco]

All I mean is he is the person paid to do this already so it's not extra dangerous. It's like a policeman doing a citizens arrest if they spot a crime on the off hours. It's frowned upon but you know it's the same thing they do in their job.

[eru]

Our HN user, mr-wendel, worked at the company, but I'm not sure they said what their job was. It might have been sysadmin, but since mr-wendel talks about snitching on a senior sysadmin directly to the CEO, it's save to say that the sysadmin did not report to mr-wendel; and I presume that mr-wendel was a lot lower an the pecking order.

I don't think the senior sysadmin was paid to hide browsing from the oversight?

[tracker1]

You never know... I've seen an instance where it turns out an employee was watching pr0n at work and downloading the materials to their shared profile directory. Discovered when the IT Admin was requesting a new NAS server because the current shares were full.

edit: to be clear, it wasn't the admin downloading the content.

[techproblems]

I can't agree. By far the biggest lesson that you can verify even on this thread, is that the biggest tech problems are actually people problems. Even things like tech debt are all over the place framed as project/people management rather than tech stuff at its fundamentals.

The comment already established the senior sysadmin is generally a valuable person who does a lot to flourish the company. Going out of the way to be a encumbrance towards someone who is verifiably doing their job anyways, means you're actively creating a people problem. I;d rather people learn the correct, bigger lesson here.

[eru]

> By far the biggest lesson that you can verify even on this thread, is that the biggest tech problems are actually people problems.

The opposite lesson is also useful: sometimes you can turn people problems into tech problems, and that's how you can 'solve' them.

Slightly hypothetical scenario: assume your team keeps all the source code on a shared drive. You are supposed to coordinate with your coworkers before touching any code. Sometimes that goes wrong, and looks like a people problem.

If you introduce eg git and automated-tests-before-merging, you can turn that into a technical problem.

My thesis is that organisations (and people in those organisations) can only solve so many people problems. If you lighten the load by automating some of the problems into tech problems, you have more levity on the remaining people problems.

(This happy state of affairs isn't always possible. And sometimes it can backfire.)

[kaba0]

Why would it be good to report it? Depending on what “infrastructure” stands for here, unless it is something absolutely unwise security-wise, why?

[michaelt]

When I was young, I thought that being a man of my word meant that, as I'd given my employer my word that I would follow their security policy, I should follow it to the letter - for example, never holding the door open, even for a colleague I'd worked alongside for a long time.

And I thought that petty rulebreaking was a corrosive force, something that would snowball into bigger problems down the road. As a man of honour I would work precisely my contracted hours, never a minute less, I would consider it shameful if someone so much as stole a pen from the office. The rest of the team is heading to the pub at 4pm after a lengthy day of planning meetings? Sorry guys, I don't finish until 5:30pm.

Later in my career I chilled out a lot, and learned that the actual rules are often different (and a lot more nuanced) than the written rules. And that if you've worked with a guy for a decade you can, in fact, hold the door open for him and the sky won't fall down.

[mr-wendel]

> I thought that being a man of my word meant that, as I'd given my employer my word that I would follow their security policy, I should follow it to the letter

This basically sums up my "cover story" nicely so I didn't have to admit to myself that it was more about scoring points for my own position.

Dressing up vanity as integrity is a dangerous thing.

[mierz00]

Thanks for sharing, I had difficulty empathising with the OP but this puts it in perspective.

I’m curious, did these ideas come from your upbringing?

[mierz00]

Your values are the guide.

If your values are to report someone to win brownie points with your boss, it’s probably time to revisit them.

Another great guide is asking yourself what you’re trying to accomplish.

[mr-wendel]

Imaging to do different was only one part of the lesson. The other, and bigger, part is acknowledging the difference between wanting to do the right (for not just me) thing versus that was sure to score points with authority.