I plainly told the manager responsible for programming that we all use web extensions and there's just no way to effectively prevent programmers from running whatever software they deem necessary, so I'm suggesting to allow them in Windows group policy purely as a matter of efficiency.

It has only just occurred me how much I'm relying on his better judgment not to try and crack down on this.

Wish me and my team luck.

I hated working for a company that blocked updates for shit like Ubuntu. Redhat was the preferred and only game in town in their small world.

The same people were forcing people to use IE which is the only software I used there that actually gave me a virus. Total shit show of incompetent IT.

@Demolishun I use LibreWolf for most purposes because

- IT doesn't know about it so it's not blocked

- it doesn't follow group policy

Unfortunately, for the same reasons it can't use Windows authentication, so I still have to use Edge for authenticated company resources.

I also run Brave specifically for YouTube, which IS blocked but I have a shortcut to spawn an administrator powershell and launch it from there. Brave also allows plugins but I just vehemently hate Chrome's Ctrl+Tab logic.

@retoor I actually don't align with the librewolf idea at all, I mean I respect their zeal but I often value convenience over anonymity so the first thing I did was to loosen most of the defaults. Its main purpose to me is that it happened to be the first Firefox fork I tried that didn't read group policy.

Not even MSSQL sends telemetry by default. At least we're pretty sure. You never know with Microsoft of course.

This is so retarded.
On the company macs we are allowed to install anything downloaded from the web but the official Apple App Store is forbidden!

@Lensflare Plus, again, you are by definition allowed to compile code and run it, which negates any other restriction.

idk, you're a slave so what's it matter if they have stupid rules. as long as you can still fulfil what they're asking and they aren't harming you by sabotaging you

@retoor they got to the @root of the problem...

Oh, hi @Root!

Edit: I just realized thinking about @root is like the game. Except when you think about @root you actually win.

@Demolishun Aw, you’re sweet.

@retoor it gets much darker. just the level of treatment I'd literally find paradise for me at this rate

@jestdotty On the contrary, I care about my work precisely because I'm forced to spend so much time on it. Some people choose to completely disconnect during working hours and become a kind of wage zombie. Nothing wrong with that, but I would definitely kill myself if after a month or so I couldn't find a way to emotionally and logically engage with whatever I'm doing most of my waking life.

@retoor Given how broad strokes the developer access level is, I suspect something like that must've happened here too. Someone did a very thorough analysis to determine the minimal necessary permissions, and forgot to take into account that development involves anything that can happen in the real system and some things that can't, so when developers flooded the support channels they just gave device admin and a handful of other arbitrary things that mentioned "admin", "owner" or "authority" , and the devs have just been making do.

@lorentz literally spoiled by comparison

anyway I got PTSD for a reason. but yeah I feel like calling you a pussy. I wanted to kill myself for a while cuz of a job but it wasn't over something so trivial

At work we have an approved list of software we can install, and no others. The list changes weekly, and occasionally shrinks or items somehow get lost. We (developers) are mandated to use Macs, though everyone else in the company can use whatever they please. Mac updates are forbidden until security reviews and approves them. (kek)

IT (not security) uses some fleet management software (jamf) to auto install software and updates. It notifies us once a day about updates, except something is wrong and it notifies us about every 15 minutes. We no longer have access to sudo, and must use “admin by request” to do really any maintenance or administration, which is recorded. There is also some “osquery” (uptycs?) software that spies on all activity, browser extensions, etc.; I killed that one and somehow got away with it. Our USB ports are disabled as well, except for mouse/keyboard/charging. More generally, some tools I was required to use weren’t allowed.

Freaking amazing.

@Demolishun is this bank by any chance. This was the norm when I used to for one. 10 years ago they were still running on Windows XP and only upgraded ro Vista before I left

@PappyHans national lab

@Root In theory it's very similar here except we're a Microsoft shop through and through.

Except I'm device admin so in practice I can do whatever the hell I want with the metal.

I shudder to think how we'd live if IT were actually good at access control.

The spyware and the buggy popup come standard with your corporate ITSec department I'm pretty sure. For us thhe popup is a VPN and when it shows up your connection is gone until reboot. Someone came up with a way to crash the IP stack (or whatever bit the VPN abuses in userspace) such that it can restart independently from the rest of the OS.

hmm an ad blocker makes the devices objectively more secure, faster and more power efficient

@retoor
> what is your opinion about the signed software only action from apple?

I don‘t know anything about an action from Apple. On the mac you get a warning when you want to install stuff that‘s not signed but you can install it anyway. (same on Windows btw.)

I know that it‘s the wet dream of Apple and MS to be able to control what users can and can not install but we are not there yet. Of course my opinion is that it‘s consumer hostile bullshit.

Thinking about it… didn‘t MS have a laptop with a special version of Windows 8 or something which only allowed MS Store apps?

@retoor idk Google has been almost disabling mv2 any day now for years but most of my friends on Chrome can still block YouTube ads with uBO just fine.

I figure IT might behave as the "bell curve meme".

* For small companies they are quite chill and allow permissions to those who need it

* For mid-sized companies: they are tasked with increasing security so they become overconfident in attempts to enforce a restrictive policy. (And they might argue devs are a minority, and this is a necessity for all the non-dev employees)

* For a large company, with a larger dev org, they realise they gotta chill out and give more permissions to devs

This is just anecdotal so take it with a grain of salt

Advice: Ask colleagues to make a request similar to yours.

Never underestimate the power of multiple requests.

At the website I work for we have a user feedback inbox. If 1 person mentions an opinon we might figure it could be an anomaly, if 2 or 3 people mention the same thing we will take it way more serious.

@jiraTicket I work for a transnational. It's understood on both sides that I'm acting as spokesperson for the entire team here, but I'm not at all convinced that 10 people have that much more leverage than 1 over the cybersecurity strategy applied to many thousands of (white collar) employees worldwide.

@retoor
A white-collar employee typically refers to a professional or office worker who performs tasks that require mental or knowledge-based work. These employees often work in an office environment and generally have higher levels of education and skills compared to blue-collar workers. White-collar employees are typically involved in fields such as management, finance, sales, marketing, administration, and technology.

@retoor Marketing people are people?!

@retoor It said:

"require mental or knowledge-based work"

Marketing doesn't fit this.

white collar just means office worker, it's contrasted with blue collar which is manual labor. ChatGPT is being ridiculously elitist here by implying that blue collar work isn't knowledge based.

There are people with degrees in electric engineering on the workshop floor earning significantly more than I do with not much more experience.

@lorentz I see, then my comments can be disregarded

(But maybe it's still true that IT would somehow feel that an increased volume of requests makes the matter more pressing. Despite all logic. I know I work that way and can't help it 🤣 )

@retoor yeah, but at least electricians are usually private contractors so they're priced by the market. The stigma that it's low skill labor certainly isn't great, but they cost a fortune in Hungary now because all the capable ones emigrated so evidently a sufficient supply gap can correct the prices regardless of the public image of the profession.