On Sat, 29 Aug 2020 08:36:50 -0400, Mayayana wrote:

> "Deloptes"  wrote
>
> | Mayayana wrote:
> |
> | > When you combine the corporate security model with | > SOHo usage
> you get crazy risk.
> |
> | @Mayayana, I am becoming a fan of you.
>
>   Thank you. I don't actually find many people agree
> with that. Even most programmers, having been trained in a corporate
> environment, subscribe to the idea that all will be well as long as
> everyone is restricted to being a lackey user with no rights to do
> anything but write their own MS Word files.

I started programming in 1978 and have a slightly different take on it. I
was in the industry 2-3 years before COBOL appeared. Before that almost
all commercial software was written assembler and the lifetime of a lot
of systems was 3-4 years. No online access - the programmers friend was a
12 key card punch and the main problem was that there was no
documentation maintained and bugger-all comments in programs, so a lot of
code was unmaintainable.

I ran into online programming (on a teletype) in 1970 and by 1973 'glass
teletypes' had appeared. From 1973-1975 or so terminals started to appear
on mainframes but most commercial programming was in COBOL and a lot was
still done with card input and source held on mag tapes or disks. We had
local greenscreen terminals and no connectivity outside the office. This
was on a job in 1976/77 on an ICL 2903 but I don't recall any more than
cursory attention to security: it just wasn't an issue in those days.
Throughout this era that was little attention given to security or to
maintaining system documentation - one company (Smiths Industries) had a
fixed policy that all documentation was destroyed as soon as a system or
fix went live despite this being the period when systems lifetimes
started to extend quire drastically.

After a year off, I started work at the BBC in 1978 (ICL 2966 / COBOL
IDMSX database) and in about 1980 I did my first real online system, an
online music planning system for Radio 3. Again, no external connectivity
and 24 x 80 greenscreens, but we did use online logins and the login name
controlled what a logged-in user could do: music producers could enquire,
the music planning staff could update programs, their supervisors could
update the music and performer catalogues used to plan, record, perform
and reuse musical programs and concerts, and the sysadmin could do
everything. We wrote better documentation that for any earlier system I
worked on, but it still wasn't great.

Its fair to say that I never saw either good documentation or serious
concern about system security until I joined Logica in 1984: there both
were de rigeur.


--
Martin    | martin at
Gregorie  | gregorie dot org

--- SoupGate-Win32 v1.05