To think this is a joke? Companies want so much for nothing

[ALittleCrisp]

Just seen two job adverts saying "Advanced Microsoft package skills is an absolute must".

The pay? £7.80 and £7.85 an hour

This country really has a problem.

Spoke to a senior IT engineer recently who said that in 5 to 10 years time companies will stop providing employees with laptops and expect them to have and use their own.

I am sceptical about that but then now everyone expects you to have a smart phone.

A friend left her job as a legal PA to become a bus driver, earns twice as much now. OK would have been earning that if she'd worked in central London as a Legal PA, but local jobs were paying well under £20k.

I had a Graduate staff member a few years back who had taken "Business Computing" as her degree - she'd never used Excel beyond data entry, thought Word templates were magic, and had zero grasp of punctuation.

I am sceptical about that but then now everyone expects you to have a smart phone.

And you should be, it has been touted as an idea for a while but it's a security nightmare and will continue to do so long into the future, work providing laptops that can be used at home is seen as the natural progression.

Spoke to a senior IT engineer recently who said that in 5 to 10 years time companies will stop providing employees with laptops and expect them to have and use their own.

Sounds like a good opportunity for malicious actors.

Spoke to a senior IT engineer recently who said that in 5 to 10 years time companies will stop providing employees with laptops and expect them to have and use their own.

Bring Your Own Device is hardly new and shocking. It's already happening with phones, of course, which are just computers in a different shaped box. In universities, you'll find a significant proportion of laptops are self-owned, and more are self-managed, amongst the academic staff. Ditto software development shops, start ups...anywhere outside big corporates and government, and even some of the corporates are moving to BOD.

5 to 10 years? 2 to 5 years.

it's a security nightmare and will continue to do so long into the future

There will be two types of people. Those who recognise that BYOD is inevitable and work to develop new and innovative security solutions, and those that attempt to hold back the inevitable.

You are referred to the fate of mainframe-centric IT organisations in the 1980s which attempted to prevent the spread of PCs on similar grounds to see how that plays out. There aren't enough people in IT old enough to take the long view.

Bring Your Own Device is hardly new and shocking.

Never said it was new and shocking BYOD where you have email and calendar on your phone and iPad is one thing, not providing an employee with any IT equipment at all and expecting them to provide a laptop for themselves is a huge difference to me from BYOD.

I just can't see it being a good idea people e.g. editing unreleased proprietary source code (or other equivalently private data) on a personal device that they probably also use for going to dodgy porn websites, downloading trojans masquerading as pirated software and generally being an idiot.

I am not saying that doesn't happen now of course, I just don't think it's a good idea or will ever be a good idea.

The alternative seems to be to prevent employees ever doing dodgy things with their own devices - which would either require draconian control of their private devices or ...yeah no that would be the only way because they are going to do dodgy things in their own time, not all of them, but many of them.

go and ask a retired it director how “spreadsheets mean controlled data processing best done in central databases” played out.

Tell me what the solution is then? How do you solve the problem?

I predict a rise in the use of a mixture of remote desktops, virtualised environments downloaded on to user devices, and closed web-based applications. None of them are quite ready for general deployment, but the bits and pieces are there, particularly once they leverage new processor technologies like SGX and the already-widely-used-but-not-for-this [[https://developer.arm.com/technologies/trustzone]]. It is today possible to run a virtual environment on a compromised machine under the control of a malicious attacker and still maintain security within the enclave using SGX. Laptops with SGX enabled are rare, but that won't be the case in five years.

So I predict that one avenue in five years will be "bring in your SGX-enabled laptop, we install a VM on it containing what we would otherwise have put onto your work laptop, you use that VM. Another is "bring in your Trustzone-Enabled iPad Pro and we will install a trusted RDP client which you use to access our corporate whatever-Citrix-is-called-that-week boxes".

People will come up with detailed, 2019-tech objections, but I am painting broad brush solutions.

As I say: in 1985, an awful lot of people said that PCs were a flash in the pan and a threat to information governance.

Bring Your Own Device is hardly new and shocking. It's already happening with phones, of course, which are just computers in a different shaped box. In universities, you'll find a significant proportion of laptops are self-owned, and more are self-managed, amongst the academic staff.

BYOD is also in schools too. At my son's school, pupils in years 10 and 11 have to BYOD for a trial year this year.

Most job ads contain an awful lot of pretentious waffle (and irritating jargon) that seems to serve to make an employer self-important but tells you sod all about the basics of the job.

I'm of the generation who didn't do Microsoft office at school

My son started to do the ECDL when in year 7 at school, i.e. word, excel, powerpoint etc. Then the school dropped the subject at the end of that year and made the ECDL teacher redundant. So any "Office" skills he has are self-taught. They've only just started offering Computer Science but it's too late for DS as he's already in L6. So, for DS at least (and his peers at that school), they've had begger all "IT" teaching which is an absolute disgrace in this era. DS can do most things, but it's just what he's been able to teach himself.

What was more annoying is that in later years, the teachers expected them to prepare Power Point presentations, the MFL department expected them to make their own video/movie of a French poem, and the music department expected them to use composition software to make pieces of music - all without any actual teaching of the software they were supposed to use! Left hand not knowing what the right hand doing.

SGX sounds interesting (just looked it up), but surely there'll always be bugs to exploit?

I guess that's equally true on company controlled machines though :3

but surely there'll always be bugs to exploit?

It's about risk management. Will people be doing BYOD at GCHQ or AWE? Clearly not: the rules on what you can take in (not much) and out (rather less) are very strict. Computers which have processed that sort of stuff are physically destroyed after use, down to in some cases RAM.

But if we're talking about "the sales orders for supermarkets" or even "medical records of hundreds of individuals", the buildings are not guarded by nice men and women with guns, you aren't searched down to explaining every single item on your keyring, there is no attention paid to tempest and they don't take angle grinders to the motherboard when they scrap computers.

So if there's a narrow edge-case bug in SGX, meh, what of it? "A strong, well-resourced, well-motived attacker with formidable technical capabilities can under certain circumstances penetrate the commercial data of a large UK retailer?" So what? The staff aren't cleared, and you could get the same information by standing around outside offering free Mars Bars.

Security is about risk management, and appropriate controls for the value of the data and the capability of the threat sources, taking into account the direct and indirect cost to the business of those controls, not about spurious claims of absolute security.

Security is about risk management, and appropriate controls for the value of the data and the capability of the threat sources, taking into account the direct and indirect cost to the business of those controls, not about spurious claims of absolute security.

So great, but theres a whole range of use cases between GCHQ and a supermarket, so where do you draw the line?

And no, I do not want my unanonymised medical records sitting around on the personal devices of anyone thanks if for no other reason than I want a clear and unambiguous chain of responsibility for that data and its use. I don't expect people with guns to be going after it or anything and I don't really expect anyone to be interested in it, but I don't want it needlessly exposed nonetheless.

editing unreleased proprietary source code (or other equivalently private data)...

you lost me there

luckily, some people love that shit

for this girly, driving a lorry seems so much more relaxing somehow ...

Most job ads contain an awful lot of pretentious waffle (and irritating jargon) that seems to serve to make an employer self-important but tells you sod all about the basics of the job.

Totally agree - 99% of job seeking seems to be designed to inflict misery on a candidate :)

Outside of London, maybe that's fair for junior admin. In London you'd really be looking 25 - 30k. Unless entry level, in which case they probably don't know a pivot table from a master slide.

Another example of how distorted the ideas are of salaries in London. Basic admin jobs in London pay much less than this - unless maybe you're in the finance or legal world. I would expect a basic starter admin job to pay around 20K or even less. I work for a big international company that takes graduates from top universities, many with master's and PhDs. They start at 21K, and the top of the payscale is around 26K after several years.

I work for a big international company that takes graduates from top universities, many with master's and PhDs. They start at 21K, and the top of the payscale is around 26K after several years

^ a bit speechless at this. Is this in London? What can you say about this ...

It would be OK money of course if housing was cheap, but it isn't, so its pretty low.

I had a graduate job back in 2000 and this was outside of London, I was paid £17000 which seemed peanuts then but is worth about £28000 now according to inflation calculator

To be fair, I remember reading the job description for one of my previous roles (I had got in the back door by covering a maternity contract and then getting taken on) and I was rather surprised by how complex they made it sound.

5 to 10 years? 2 to 5 years.

That is depending on the work, the hipster dev jobs that check in and out of github etc you can bring an ipad along of you wish, but confidential stuff that would need to be remote wiped would require you giving a lot of access to your employer.

The BYOD is slight buzz word that won't be happening that quick there are far too many security holes in it, GDPR pushed it further into the grass as well.

DP has just started a job where he drives a box van/small lorry (I've never seen it but I think it's the biggest you can drive on a normal, but old style car licence, before they restricted categories) and they're already pestering him to go through his HGV test so he can drive the company's larger vehicles. He might one day, but he's just getting settled into this job for now.

It sounds like that could be a 7.5t (Class C1) which can be driven on grandfather's rights if license acquired before '97. It's technically a HGV as over 3.5t.

Definitely a good way to learn the required skills. I feel the same way about getting my articulated license. It's less of a jump than from car to the 26/32t ones I drive now, but what scares me is that the type of work you often do (depot/RDC deliveries) involves reversing onto bays with literally dozens of other drivers parked up watching. 😬 Scary for a noob!