I’m not so paranoid that I don’t st

I’m not so paranoid that I don’t store anything in binary or proprietary formats, and I’m not so
insanely religious, as some open source zealots are, as to insist that all data formats must be free, but
I do think before I put my data somewhere. The questions to ask are:
• What is the impact of not being able to get this data for five minutes, five hours, or five days?
• What is the risk if this data is stolen or viewed by others outside the company?
• If the company that makes this product goes out of business, then how likely is it that someone
else will make a product that can read this data?
The history of computing is littered with companies that had to pay exorbitant amounts of money
to dead companies to continue to maintain systems so that they would not lose access to their data.
You do not wish to be one of those casualties.
KV
Dear KV,
One of the earliest hires in the company I work for seems to run many of our more important
programs from his home directory. These scripts, which monitor the health of our systems, are not
checked in to our source-code control system. The only reason they are even mildly safe is that all of
our home directories are backed up nightly. His home-directory habit drives me up a wall, and I’m
sure it would aggravate you if you were working here, but I can’t really scream at employee number
six to clean his home directory of all important programs.
Employee 1066
Dear Employee,
I agree that you can get away with yelling at employee number six only if you are, for example,
employee number two. Of course, that’s rarely stopped me from yelling at people, but then I yell
at everyone, so people around me are used to it. There really is no reason for allowing anyone,
including a high-ranking engineer, to run code from a home directory. Home directories are for a
person’s personal files, checkout from source-code control, temporary files, generated data that the
person doesn’t need to share, and, of course, pirated music and videos. All right, perhaps that last
one shouldn’t be there, but it’s better than putting it on the central file server!
There are two problems with people running things from their home directories. The first is the
issue of what happens when they quit or are fired. At that point you have to lock them out of the
account, but the account has to remain active to run these programs to maintain your systems. Now
you have an emergency on your hands, as you immediately have to convert all these programs—
without the authors’ help—to be generic enough to run in your system. Such programs often
depend on accreted bits of the author’s environment, including supporting scripts, libraries, and
environment variables that are set only when the original author logs into the account.
The second problem is that the user who runs these programs usually has to have a high level of
privilege to run them. Even if the person is not actively evil, the consequences of that person making
a mistake while logged in as himself/herself are much greater if the person has high privileges. In
the worst cases of this, I’ve seen people who have accounts that, while they aren’t named root, have
rootly powers when they’re logged in, meaning that any mistake, such as a stray rm * in the wrong
directory, would be catastrophic. “Why are they running as root?” I hear you cry. For the same
reason that everyone runs as root, because anything you do as root always succeeds, whether or not