Don't be such a dipshit. Yes, HR and Management are responsible for taking corrective action against employees not doing their job. "Job" in this context being defined by that employees contract so there's no reason for us to speculate and pass judgement on whether or not IT should bother.
What you seem to be missing in your attempt to over-compensate for your sense of psychological supremacy is that in order to take correct action from a management perspective, IT has to identify the digital paper trail. That's what we do - We can and often should keep track of network connections and report them accordingly. Whether that person gets punished is not for us to say. And in some cases this has to be handled proactively. This kind of subcontracting can create massive legal problems for some companies so even if the manager goes and tells them to stop, its too late. Data has been leaked and lawsuits start to fly. Sadly there are a lot of people in the modern linux community that seem to believe that their understanding of IT trumps everyone else. Small, inexperienced minds that see their own personal use case as superior to all others. -Ben ------- Original Message ------- On Wednesday, April 19th, 2023 at 4:43 PM, Ted Mittelstaedt <t...@portlandia-it.com> wrote: > For employees it depends if they are exempt or not. Any supervisory employee > who can fire people is automatically considered exempt and many other > employee classifications (such as programming) are considered exempt as well. > (exemption is once more IRS and state taxing authority determination that the > company has no say over) > > If the employee is exempt from overtime then it's illegal for the company to > require that they work a certain number of hours, or at certain times. If the > company DOES tell the employee this (that they have to track their time) then > the employee can hit them for mandatory overtime (if they exceed 40 hours) > > Exempt/non exempt classifications are more commonly referred to as > salaried/hourly employees. > > Long and short of it is you cannot use an online form to consider "work to be > valid" for a salaried AKA exempt employee. Salaried employees are paid BY THE > JOB not by being logged into something for a certain time. > > Companies quite often forget that putting someone like a programmer on salary > is a two way street. The benefit from the company's point of view is they > don't have to pay overtime for one of those work-round-the-clock-push times. > But in exchange for that, the employee also doesn't have to work 40 hours > every week either. A decent salaried employee keeps an eye on time since it's > an important metric for how much work is reasonable to expect a salaried > employee to do but it is NOT the absolute metric. > > Companies who have tried to do it differently - that is, not pay OT and make > you work late during crunch time - and still make you work 40 hours - > regularly end up paying very large fines and back salary to people when they > get sued. It's healthy for that to happen for owners of those companies to > get slapped silly for trying to exploit workers from time to time. > > Once more as I keep saying this needs to be handled from an employee > management standpoint via managers and HR not from the IT department trying > to play God and the managers being wussies and afraid to talk to employees. > > Is it simply that a large number of IT people are on the autism spectrum and > have social anxiety disorder that they will literally waste weeks of company > time on elaborate technical solutions that can be handled in 5 minutes by a > manager walking up to an employee and saying "hey dude you know that thing > you are doing with the VPN, well knock it off" > > Or is it that their anxiety disorder and desire to Play God just drives them > to believe that every other employee in the company is trying to screw IT??? > > Sheesh!!! > > Ted > > -----Original Message----- > From: PLUG plug-boun...@pdxlinux.org On Behalf Of Daniel Ortiz > > Sent: Wednesday, April 19, 2023 1:39 PM > To: Portland Linux/Unix Group plug@pdxlinux.org > > Subject: Re: [PLUG] 3rd party vpn Defense evasion > > Disclaimer: some of the following if not all could be wrong. > > Wouldn't it be easier to deal with the credentials side to avoid this problem > in the first place? To illustrate what I mean, here's a theoretical idea that > while it might be flawed (like potential security failures), could be useful > in terms of guidance. When an employee logs in, it sends an email to their > company Gmail account complete the login in procedure. They click the link to > a Google form which requires them to be logged in to their company Google > account for the submitted form to either work or be considered valid. Once, > it's submitted, a program will allow them to finish the login process. Also, > doing something with a company Google account could be helpful since Google > records the devices you logged in with, which if a company can check that, > they can see if there is any suspicious devices. > > On Wed, Apr 19, 2023 at 10:29 AM Ishak Micheil isaa...@gmail.com wrote: > > > We're chasing this from data science side as well. As far as charting > > the pattern of activity and flag anomalies. > > This should trap the subs since he/she won't be checking email, > > responding to chat messages etc, or hopefully time of activity could give > > us clues. > > > > I do agree, there are many VPN commercial services and they will never > > advertise servers properties, besides there's lots of other open-VPN > > options. > > > > We shall conquer! > > > > On Tue, Apr 18, 2023, 3:21 PM Ted Mittelstaedt > > t...@portlandia-it.com > > wrote: > > > > > -----Original Message----- > > > From: PLUG plug-boun...@pdxlinux.org On Behalf Of John Jason > > > Jordan > > > Sent: Tuesday, April 18, 2023 2:00 PM > > > > > > > It would be nice if VPN services advertised how effectively they > > > > stop > > > > others from finding out who and where you really are. > > > > > > They are never going to do this because they are constantly tweaking > > > their > > > proprietary protocols to get around firewalls, and they don't want > > > the firewall vendors knowing when they made a change to get past > > > firewalls. > > > And given who some of the firewall vendors are, and what they do to > > > people > > > they don't like, this is very understandable. > > > > > > This stuff is getting very advanced nowadays since many firewalls > > > are doing deep packet inspection, and looking specifically for > > > patterns in packet traffic that indicate it is VPN traffic > > > encapsulated in regular > > > http > > > or https traffic. So the proprietary vpn clients will modify the > > > encrypted > > > traffic to make it look like regular https traffic. > > > > > > Never forget that for you, me, and probably all the readers of this > > > list, that creating using blocking and messing around with VPNs is > > > really > > > mainly > > > an intellectual exercise, but that there are many people in the > > > world in places like Russia and China where a secure VPN means not > > > having people breaking their doors down in the middle of the night > > > and hauling them off to prison - or worse. > > > > > > Ted
