Anon witnesses excellent security
-
how thoroughly was it followed through? how was ensured that no free beer software was used?
That's a great question. In my experience (15 years at MSPs and several years as a freelance consultant where I'm mostly in house one place but take side jobs) I've been the one who had to make this change.
Some companies are very serious about it. Laptops end up on some device management solution that can tell every program you've got installed and flag anything not pre-approved. Then take away everyone's ability to install outside of device management.
Some companies want to scare the users into compliance but want IT to be able to do their own thing. So they'll install some easily bypassed thing or enroll everyone but not keep an eye on their network to find rogue devices.
Some companies threaten it, pay money for a consultant to put together a plan, don't like the price, threaten to go elsewhere, and the exec who championed it finds a new job while nothing of note was done, but they're sitting on a handful of licenses for software no one is using.
I used to carry a toolkit of free software in portable format on a thumb drive and another thumb drive with a full Linux environment in case I had to do something at the first kind of company.
-
"we need this NOW"
> Package I install is immediately black listed by IT, I submit a high priority ticket and I don't hear from them for days, maybe weeks
Like what the fuck can I do
wrote last edited by [email protected]"Yes, but does one of the existing whitelisted executables fulfill the same function?"
-
This post did not contain any content.
Worked for a company that had a similar policy against free software, but simultaneously encouraged employees to use open-source software to save money. I don't think upper management was talking to the IT department.
-
"Yes, but does one of the existing whitelisted executables fulfill the same function?"
wrote last edited by [email protected]"Have you tried using MS Excel instead?"
*Looks at industrial robotics with a proprietary TPU that needs a firmware update.*
"Yes"
-
Yeah, i worked briefly at multinational japanese motor company and this was their logic. I was hired as a software developer contractor and HQ had rules stating, no open source software, no free software and the one that puzzled me the most no in house executables (WHY THE FUCK DID THEY HIRE ME?)
How were you supposed to test your software if you weren't allowed to create an executable?
-
this is supposed to be more secure because it costs money
It makes blaming someone really easy though and that's all that matters in a corporate world.
wrote last edited by [email protected]So corporations are just The Gang in It's Always Sunny In Philadelphia?
-
This post did not contain any content.
There is an entire sub-industry and probably thousands of jobs being propped up by this stupid way of thinking about software. I can't be mad at it because it pays the bills for a few of my friends...
-
“If you’re not paying for the product, then you are the product.”
The phrase has its uses, but shit like this is what happens when it's taken to the extreme.
Digital security education in schools actually give people brain tumour ffs
-
How were you supposed to test your software if you weren't allowed to create an executable?
You had to go to the balcony to test it.
-
As if the Eulas don’t make it all arbitration?
What software company allows liability for mistakes in a EULA?
Most do, but limited to the amount of the contract.
-
“If you’re not paying for the product, then you are the product.”
The phrase has its uses, but shit like this is what happens when it's taken to the extreme.
The simple exception is free software (free as in freedom). It's really not that complicated.
-
The greentext reminds me of this FAQ entry: https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-vendor
A.9.17 As one of our existing software vendors, can you just fill in this questionnaire for us?
We periodically receive requests like this, from organisations which have apparently sent out a form letter to everyone listed in their big spreadsheet of ‘software vendors’ requiring them all to answer some long list of questions […]
We don't make a habit of responding in full to these questionnaires, because we are not a software vendor.
A software vendor is a company to which you are paying lots of money in return for some software. They know who you are, and they know you're paying them money; so they have an incentive to fill in your forms and questionnaires [...] because they want to keep being paid.
[...]
If you work for an organisation which you think might be at risk of making this mistake, we urge you to reorganise your list of software suppliers so that it clearly distinguishes paid vendors who know about you from free software developers who don't have any idea who you are. Then, only send out these mass mailings to the former.
I read only part of the URL and thought this was about puzzles. Never knew the guy made Putty as well
-
This post did not contain any content.
Nice. My response is my 2-week's notice.
-
It's "more secure" because there's a specific company to blame when it goes wrong.
My old boss called that "one neck to choke".
-
I am becoming increasingly more appreciative of the fact that I have root access to "my" company provided work device.
wrote last edited by [email protected]My boss went so far as to buy Macs because we have "special needs" (we don't) because otherwise we'd be forced to use the corporate locked down crap. I'm not a big fan of macos (prefer Linux), but root access sure is nice.
-
Yeesh. I would find a new job immediately. Absolutely unhinged behavior.
Yup, my boss would get my 2-weeks notice immediately. Like same day. I'm not putting up with that BS.
-
This post did not contain any content.
My last boss got rid of the pfSense routers because "open source is not secure". I argued that pfSense has been vetted over and over and over again. Nope. "Everyone can see the source code." That's the fucking point!
TBF, pfSense isn't the fastest routing, but at our small company is was more than sufficient.
-
There is an entire sub-industry and probably thousands of jobs being propped up by this stupid way of thinking about software. I can't be mad at it because it pays the bills for a few of my friends...
I could really see companies just fork open source and give it a tweak like UI or new switches...
Terrible.
-
Security through liability
The bigger you get the more this is a thing actually.
-
My boss went so far as to buy Macs because we have "special needs" (we don't) because otherwise we'd be forced to use the corporate locked down crap. I'm not a big fan of macos (prefer Linux), but root access sure is nice.
Wait till they learn about Jamf Pro and Mosyle
(Well… granted they also have to deploy it correctly after..)
