Wiki Idea Shot Down
-
Well the title says it all. I was trying to add some value to myself in light of management and help our documentation problem. Didn't go well since the idea was shot down in less than a minute. Our documentation for IP assignments, guides, pc inventory, printer inventory, and many other things are in separate files scattered around everywhere. None are in same directory. In addition other departments have the same situation where they have some shared folders but only shared with a few people and several of those staff are no longer with us. So big problem I thought. Well I spun up a vm on and installed mediawiki without any issues this time and had been working on some basic documentation for our department to showcase how it would work. Guess I'm not a salesman either lol.
Anyway, the main reasons were he wanted to keep everything on our website even though there still isnt anything there and I have been there 2 years now and he said PHP is too insecure. He said he does vulnerability scans and PHP always gives him a lot of warnings and he wants to get away from anything that has PHP.
So as you can imagine I have a question if anyone knows. I don't see how PHP can be insecure and that vulnerable with as much infrastructure that uses it. As context I believe MediaWiki is built on PHP and thats what I built the department wiki with. I have used it in many projects and a few websites and have never had an issue. Is there validity to his concerns if you are properly hardening things?
What kind of vulnerability scans would be doing on a Windows 7 network with Active Directory?
Thanks in advance!
-
@jmoore said in Wiki Idea Shot Down:
Anyway, the main reasons were he wanted to keep everything on our website even though there still isnt anything there and I have been there 2 years now and he said PHP is too insecure.
Playing Devil's advocate. Why not just start putting stuff in to "our website?"
-
i was wondering why you didn't setup media wiki on their own website too.
-
That would of course work if done right but it isn't because no one uses it including the IT department. It's last update was 3 years ago. So public folders were made for each department but each department can only see their own documentation. The public folders are not used either according to management.
My idea for the wiki was have it available as an organizational resource where anyone with proper credentials can log in and edit/add information for their department that others could see but have special permissions for things that needed to stay within that department. I believed it was doable and an idea worth considering.
-
@dashrender said in Wiki Idea Shot Down:
i was wondering why you didn't setup media wiki on their own website too.
Ha! Not necessarily that, but just use whatever system is on the current site owned by the person putting the brakes on the project.
-
@eddiejennings said in Wiki Idea Shot Down:
Ha! Not necessarily that, but just use whatever system is on the current site owned by the person putting the brakes on the project.
Yes it would of course use the existing system as I don't want to invent the wheel again so to speak.
-
@jmoore said in Wiki Idea Shot Down:
So as you can imagine I have a question if anyone knows. I don't see how PHP can be insecure and that vulnerable with as much infrastructure that uses it.
This falls under "not a plausible excuse." He doesn't appear to really know what was a viable bluff and what would make him look foolish.
-
Probably would have come back and asked him what he considers to be a secure technology to his vulnerability scans without sounding insubordinate. This way, you can sound like you're trying to be a team player and still help the company.
What does he consider secure anyways? HTML5?
Another thing is, if they are already in the network then they already have the upper hand.
-
@scottalanmiller said in Wiki Idea Shot Down:
@jmoore said in Wiki Idea Shot Down:
So as you can imagine I have a question if anyone knows. I don't see how PHP can be insecure and that vulnerable with as much infrastructure that uses it.
This falls under "not a plausible excuse." He doesn't appear to really know what was a viable bluff and what would make him look foolish.
Maybe he doesn't need to because he's the boss, and was just giving any excuse to make you go away
-
@scottalanmiller said in Wiki Idea Shot Down:
This falls under "not a plausible excuse." He doesn't appear to really know what was a viable bluff and what would make him look foolish.
Alright I get that. Could be right, I really don't know. I just don't think PHP being insecure should be a reason. He also said he never liked it since the last web guy installed Wordpress to play around and they ended up with pharmaceutical ads constantly. That is just the web guy not knowing how to harden Wordpress and Apache though and php has nothing to do with that.
-
@dashrender said in Wiki Idea Shot Down:
@scottalanmiller said in Wiki Idea Shot Down:
@jmoore said in Wiki Idea Shot Down:
So as you can imagine I have a question if anyone knows. I don't see how PHP can be insecure and that vulnerable with as much infrastructure that uses it.
This falls under "not a plausible excuse." He doesn't appear to really know what was a viable bluff and what would make him look foolish.
Maybe he doesn't need to because he's the boss, and was just giving any excuse to make you go away
Sounding incompetent is never smart, boss or not. You don't want someone documenting your lack of understanding for when you go to HIS boss to ask for a promotion since YOUR boss doesn't know he's doing.
-
@nerdydad said in Wiki Idea Shot Down:
Probably would have come back and asked him what he considers to be a secure technology to his vulnerability scans without sounding insubordinate. This way, you can sound like you're trying to be a team player and still help the company.
What does he consider secure anyways? HTML5?
Another thing is, if they are already in the network then they already have the upper hand.
Well I was trying to be a team player mostly and trying to do something that I really thought was a good idea to show people I can think about an issue they have complained about before and come up with a solution. I would like to be an admin someday so I try to learn as much as I can and think about my organization's issues.
-
@scottalanmiller said in Wiki Idea Shot Down:
@jmoore said in Wiki Idea Shot Down:
So as you can imagine I have a question if anyone knows. I don't see how PHP can be insecure and that vulnerable with as much infrastructure that uses it.
This falls under "not a plausible excuse." He doesn't appear to really know what was a viable bluff and what would make him look foolish.
No he knows. His internal built website is more secure than all of PHP......
-
@jmoore said in Wiki Idea Shot Down:
He also said he never liked it since the last web guy installed Wordpress to play around and they ended up with pharmaceutical ads constantly. That is just the web guy not knowing how to harden Wordpress and Apache though and php has nothing to do with that.
That's like saying "I don't like Ford because the last time I rode in one we went to a movie and I didn't enjoy it." Either he knows he's being insanely irrational or he REALLY doesn't know how this stuff works.
-
@dashrender said in Wiki Idea Shot Down:
Maybe he doesn't need to because he's the boss, and was just giving any excuse to make you go away
You could be entirely right there Dash. Telling me php was insecure just tells me that whoever set it up did something wrong with whatever app it is working with.
-
@scottalanmiller said in Wiki Idea Shot Down:
Sounding incompetent is never smart, boss or not. You don't want someone documenting your lack of understanding for when you go to HIS boss to ask for a promotion since YOUR boss doesn't know he's doing.
I certainly get that and had no intention to imply that or put him on the spot. I just presented the wiki I had worked long and hard on to him then he asked if it was built on php which I answered yes to. You know the rest
-
@jmoore said in Wiki Idea Shot Down:
@dashrender said in Wiki Idea Shot Down:
Maybe he doesn't need to because he's the boss, and was just giving any excuse to make you go away
You could be entirely right there Dash. Telling me php was insecure just tells me that whoever set it up did something wrong with whatever app it is working with.
It tells you that he either doesn't know how any of it works, or he doesn't know what is plausible. Either way... he doesn't know enough to have a conversation about it and sound like he's aware of what you are discussing.
Much like AshleyJR in the recent SW RAID thread. Huge thread about RAID, turns out he doesn't even know what RAID 1 is so where his math is coming from no one knows.
-
@jmoore said in Wiki Idea Shot Down:
I certainly get that and had no intention to imply that or put him on the spot.
Sounds like you didn't. His lack of basic knowledge in the area combined with wanting to push an agenda without adequate reasoning put him on the spot, most likely.
-
-
@scottalanmiller said in Wiki Idea Shot Down:
That's like saying "I don't like Ford because the last time I rode in one we went to a movie and I didn't enjoy it." Either he knows he's being insanely irrational or he REALLY doesn't know how this stuff works.
Well i can't believe that he doesn't know how it works so he most likely just didn't like the idea for whatever reason and that was the first thing he thought of.
