a companion discussion area for blog.codinghorror.com

Don't Forget To Lock Your Computer


I’m sure some environments must be more secure that others. Having worked at multiple sites handling highly senstive personal info, not locking your PC isn’t an option. It’s not so much someone using your access, but any data on your screen visible to anyone walking by was a bad thing (especially since the developers had more data access than almost anyone).

Goating at my current office is nonexistent, but people also leave machines unlocked rampantly (which I’m amazed to see). At my old shop, it was usually an email to the developer DL with something silly and a warning about leaving your box unlocked (then we’d lock it). It may seem silly, but after someone has that done to them, they remember to keep the box locked and in the long run avoid a bigger talking to by management.

As a side note, the most fun i had with it isn’t really goatign per se. IT screwed up and used my box for the new developer image, and by mistake had my ID as an admin on every developer box. I found a tool that let you lock/unlock machines on your netowrk as long as you had admin rights. That was a fun 30 minutes after hours. :slight_smile:


So let me get this straight. Most of you work in places where security is so important that leaving your PC unlocked even for 30 seconds is seen as a really bad thing; but where on the other hand the controls are so relaxed that making unauthorised changes to the setup of co-workers computers, sending spoof emails and other such schoolboy antics (any of which would be serious breaches of IT policy at most places that take security or auditability at all seriously) are seen as perfectly acceptable. A curious mixture of attitudes I think.


When my coworkers leave the office, I rummage through their desk and their personal belongings. I like to find some paper that looks important, then write something funny on it. One time, my coworker came back and found that her report said “Kilgore was here” at the very top. I almost busted a gut.


It’s disturbingly common here, which is why I’ve learned to
reflexively press Windows+L when I get up from my desk.

Uh…why would I want to log off from Windows 2000?

Seriously, where I work, everyone has everyone elses password (or can get it) because you never know when you’ll have to check in some code, or at least see what they’ve been doing or whatever. I think the idea is that you’ve got nothing private on your work PC, so what’s the problem?


Another subtle yet quite dangerous goating technique is changing the bookmarks’ addresses, especially around here, college dorms. But then I am not sure if that can actually be called goating because it’s a complete different practice.


And doubtless made a mental note to get a job somewhere where dev team leaders aren’t socially dysfunctional cretins and bullying isn’t the preferred means of staff feedback:

Jim G wrote:

I remember one particular episode that was less dramatic but highly entertaining for all: a programmer in my dev group was going on vacation and decided to write down his password on a piece of paper so that I could have it ‘in case I needed it’. I took it, copied it onto a much larger sheet of paper, and then stood up in the middle of the dev group, held up the sheet and said, “Everyone… may I have your attention… this is Tracey’s password.” Suffice it to say that he never did that again


I have to say, your windows system administrators probably love you for this bit of advice. HOWEVER, installing the Blue Screen Screen Saver is asking for trouble if you have relatively new desktop support technicians at your location.

Case in point, as a young intern several years ago, I would roam our cubicles attempting to make sure that our users were not having problems from time to time. One day, I happened across a computer system with this screensaver enabled, and the user was nowhere to be found. Never having seen the bluescreen screensaver before, I thought it was real, so I wrote down the exception code, and powered down the system. When I powered it back up, of course, the system came up just fine. Woo-hoo, system fixed. (‘That was easy’.)

I was fortunate that the user did not actually have any files open that hadn’t been saved, and that the system was not corrupted when I forced the power off.

My advice to all: Use a screensaver with a password, but, do not use a screensaver that will make some eager newbie bite, and think he’ll be helpful by fixing your computer for you.


make a folder on the desktop called “porn” (or something else) take a screenshot, delete the folder and copy paste the folder image to the exact place it was on the background image.


Messing with people PC’s here is practically a sport. We usually fire up outlook and being emailing the victims friends (and boss) with resignations, love letters, and out-of-the-closet notices.


Wow! Don’t any of you work anywhere that has to comply with SAAS 70, Sarbanes-Oxley, etc? In a public company, modifying another employee’s computer without his consent is usually a serious security violation that can get you fired. Maybe this is more lax in a software company, but in the finance industry there’s not going to be a warning before you’re escorted out the door.

Reread your company’s policies on this kind of stuff before adopting any of these ideas.


fantastic. i was hacked slightly on the ay this article came out. how timely. the xkcd.com was good too. also, the onion’s article on fellatio was quite appropriate.


For one off offenders I start of with a emails about buying drinks moving up to resignations etc for more persistent offenders and for those who do not change then it’s on to the auto correct facility in office. Great fun!

Security is important, getting the basics right is just as important as getting the big stuff right.


At Neteller, we used to Man-paper each other’s unlocked PCs. Man-papering basically meant quickly navigating to a href="http://www.manpaper.com"http://www.manpaper.com/a, picking the most provocative homosexual-themed picture and making it the wall paper. This went on for months and was quite effective, until upper management became concerned about the possibility of a sexual harassment lawsuit.


I find that if you switch a guy’s background to a picture of the Backstreet Boys and the text “Official Fan Club Member”, they will quickly learn to lock their computer.


“Goating”! Are you fracking serious! Do you people work in professional offices or junior high school locker rooms? I mean, really, if you have the mentality to want to pull off a mischevious (some would deem, malicious) act such as goating, then don’t consider being one of my fellow employees.

Plus, what company do you work for where you have the free time to be plotting out devious ways to sabotage your unsuspecting peers? I know, I know, someone is going to say, “hey, Kenneth, lighten up will-ya it’s all in good fun.” Well, so would running around my office naked, but it’s not proper behaviour for the workplace. Additionally, why are you touching my stuff, dirtbag? That’s just the way I feel about it. But if you’re the kind of person that gets your kicks doing this kind of stuff, ok, go ahead, my opinion certainly won’t change your ways…dork.



Why would anybody fire you for the reason of changing your co-workers desktop wallpaper? Unless your bosses practice some kind of strict dictorship, in which case you probably don’t wanna work there in the first place.


My screensaver locks after 5 minutes of non activity.
Works really well.


Given your attitude about locking your computer, I’m guessing you aren’t that well trained on not letting someone into the building because they happen to be walking behind you when you use your key.

True. I’m not at all trained in not letting outsiders in. I can use common sense though.

Of course it’s possible that someone comes in uninvited with the help of someone who has a key, but I’m sure that a stranger wandering around, looking at people’s screens would attract some attention.

It’s just not happening though. Maybe because the outsider would get caught on tape by the security cameras anyway, or maybe because there’s just not enough espionage going on in Helsinki.

Someone with a ski-mask looking at people’s screens would definitely attract attention :slight_smile:

I think we can all agree that not letting outsiders into the office in the first place is a better defense than locking your computers.


Wow! Don’t any of you work anywhere that has to comply with SAAS 70,
Sarbanes-Oxley, etc?

No. I’m at work, not in prison, and my pc is a development tool, not a production server. If someone put a silly screen saver on, i’d giggle and then take it off again. I doubt very many people here would tolerate working somewhere so strict.


It’s just not happening though. Maybe because the outsider would get caught on tape by the security cameras anyway, or maybe because there’s just not enough espionage going on in Helsinki.

I’ve caught several people walking around that others have let in that weren’t there for espionage, but for a quick buck by stealing purses/wallets/laptops. We’ve had others that have not been caught until the police were called in to review tapes and track them down and still others that were never caught. The thieves dressed according to our dress code and acted like they belonged. The average person doesn’t notice that. “Common sense” isn’t common. Don’t rely on other’s being sensible. They aren’t.