Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
SoftTalker 4 days ago

Then why are they secret?

wkat4242 4 days ago | parent | next [-]

Because its hard to define the parts that are really sensitive. At our work people must classify every document but a lot of people choose public for everything because it doesn't enforce any restrictions. So they can just dump it in a folder and share it with the whole company. This is not what we want them to do obviously but people are lazy, don't like to create access lists. But anyway it means we can't rely on the classification. And indicator detection like credit card and social security numbers is far from perfect. A lot of sensitive info will just be text, like about new products being developed. 3D models, code, strategy emails.

Also, if people start rooting around in everything they can take things out of context. If I send a message to my boss that I think that something we're doing is stupid, if that were public it could make some waves even though internally it's inconsequential because I'm a nobody. Also, many documents might have one or two bits that hint to really important information and having them can help finding those

As you probably know, there's tons of information in a multinational and the hardest part is finding the right stuff. This is one of the main tasks I use Copilot for. Also because outlook and SharePoint search are really terrible though. If those actually worked I wouldn't need copilot so much.

reaperducer 4 days ago | parent | prev | next [-]

At most of the companies I've worked, low-grade managers love to hoard secrets. It makes them feel powerful. Someone gets promoted from Lower Level Manager Grade 4 to Lower Level Manager Grade 5 and they feel all "Oooh! Look at the new things I know!"

My mother-in-law is like this with knowing what various relatives are doing. Being the gatekeeper of knowledge gives her imagined power. I guess it's just part of the human condition.

SoftTalker 4 days ago | parent [-]

Why limit it to low-grade managers?

I know sysadmins and programmers who behave exactly they same way. They could give you permission or a script to do the thing you need to do but they'd rather have you come to them and ask them to do it. Gives them a sense of purpose, I guess.

pastage 4 days ago | parent | next [-]

Being such a person that fixes lots of stuff for other people nothing I do is secret but learning to do it seems too hard for most. What I do is try to delegate if I find people that do want to learn.

If someone shows me they are good at something they are going to have to expect being sent trickier problems.

Sometimes it might seem like I keep things a secret. I am probably just having a bad day.

dns_snek 4 days ago | parent | prev | next [-]

That has an awful lot to do with what "the thing" is. I'm sure there are a few people out there doing it just to feel more important, but often there's a good reason for denying someone access - either it's just a terrible idea to begin with or they don't know you well enough to trust you without someone else (i.e. their boss) specifically requesting it.

I could be off base here about your experience, but I know that some people made the same comments about me when I pushed back on sharing dangerous credentials with inexperienced coworkers. Damned if you do, damned if you don't.

jon_adler 3 days ago | parent | prev | next [-]

It may depend on what the script is for or the system being used. Segregation of duties is a risk mitigation principle of ISO 27001 to reduce fraud, waste, and error.

arccy 3 days ago | parent | prev [-]

i feel for sysadmins it's more a case of: we gave developers permissions and they made a mess of the system because they just copy / paste whatever drivel they saw from SO / an LLM, so unfortunately we have to limit your permissions.

kingofmen 4 days ago | parent | prev | next [-]

Because "mostly" does a lot of work in that sentence. Companies, like militaries, keep secret a lot of information that would be safe to release because they don't know which bits are highly unsafe.

samastur 4 days ago | parent | prev [-]

Paranoia and not knowing which ones fall into "mostly" category :)