26
atheist
2y

We have a new "anti-piracy" policy at work which says we have to get written permission to install *any* software on our work devices.

Someone didn't think this through...

Comments
  • 5
    We have to ask the infosec process manager (my manager), who's just gonna delegate to me or someone on my team.

    I'm just gonna cut out the middle man...
  • 6
    @atheist Does it say who the written permission must come from? Because, if you want: "<fill in blank> hereby has written permission to do whatever the fuck software installs they deem necessary for any and all purposes."
  • 9
    Why do people always think stricter controls will stop people from breaking the rules?

    People who break the rules are going to break them anyway, so the only people you’re hurting are those who already follow them.
  • 12
    @Root Sometimes, strict controls are actually bad.

    I workled once (only 2 months) for one company whewre I was not given Local admin rights on the machine.

    And whole internet acess was restricted using... white lists. Basiclly stackoverflow was blocked.

    So I said "fuck it". So, I found a rule in the white list, they alowed *.answers.* as a patewrn.

    I made my own DNS and my own VPN endpoint (using company peinstalled VPN software) something like bla.answers.mydomain.me.

    Now I had full internet. Then, as RDP protocol was authorized, I made a setup at home.

    So basiclly I was working on a company software, but in RDP to my honme computer. Only becqause I wanted to work with some addons for VS and notepad++ and some other tools I like.

    Result ? The whole code source project was on my "unsecured" home machine.

    I would've never done that, if I could just install some plugins and notepad++
  • 6
    I spent 1 year opening tickets to allow gitbub subdomains trough our VPN. We couldn't even access the docs.github.com and neither *.github.io which some projects uses for documentation or demos.

    Every time they closed the ticket with "done" (after 2 weeks or so "working on it") it was actually not solved and I had to open another ticket 🙄

    I believe it's because some of those subdomains uses TLSv1.3 and the VPN wasn't prepared to handle that.

    Now I don't open those tickets anymore because I'm out of that place \o/
  • 5
    You can safely ignore that.

    If they want to fire you, they will find a reason.
  • 4
    @magicMirror Truth. Do what you want and be productive in the way that works for you. Then pretend to ask forgiveness when they decide they care.

    If that works, whatever. Keep doing your thing, but maybe another way.

    If it doesn’t, they were going to fire you anyway so it doesn’t matter.
  • 2
    This is indeed asinine. There are many, many solutions out there that allow for users to install a pre approved allowed list of softwares. Even ones that allow different softwares for different groups. This is Lord of the Flies style management
  • 4
    Many people don't realise that software licences often permit free use only for non-commercial users.
  • 1
    @atheist sign your own name lol
  • 3
    @electrineer this is basically why it's been created, docker desktop was a really noisy example, and that's basically what prompted it.

    At the same time, we're using GPL3 code internally, and there are commercial conversations about distributing binaries where the license issue is waved away. We have a pipeline using GPL3 code that I've been told at some point I'll be rewriting significant parts in C++.

    Think random forest, n-fold cross validation, hyperparameter tuning. 5 or 6 already reasonably well optimised libraries that are core to our pipeline that have to be replaced.

    Fortunately, our pipeline is fairly modular, sortof 20 stand alone applications, some parts we can share the source, some we can't. But still...
Add Comment