What (positive) contribution do your insults bring to the discussion? Can you find a less hostile way to contribute?
-Denis On Sat, Apr 22, 2023 at 4:02 PM Ben Koenig <techkoe...@protonmail.com> wrote: > Don't be such a dipshit. > > Yes, HR and Management are responsible for taking corrective action > against employees not doing their job. "Job" in this context being defined > by that employees contract so there's no reason for us to speculate and > pass judgement on whether or not IT should bother. > > What you seem to be missing in your attempt to over-compensate for your > sense of psychological supremacy is that in order to take correct action > from a management perspective, IT has to identify the digital paper trail. > That's what we do - We can and often should keep track of network > connections and report them accordingly. Whether that person gets punished > is not for us to say. > > And in some cases this has to be handled proactively. This kind of > subcontracting can create massive legal problems for some companies so even > if the manager goes and tells them to stop, its too late. Data has been > leaked and lawsuits start to fly. > > Sadly there are a lot of people in the modern linux community that seem to > believe that their understanding of IT trumps everyone else. Small, > inexperienced minds that see their own personal use case as superior to all > others. > -Ben > > > ------- Original Message ------- > On Wednesday, April 19th, 2023 at 4:43 PM, Ted Mittelstaedt < > t...@portlandia-it.com> wrote: > > > > For employees it depends if they are exempt or not. Any supervisory > employee who can fire people is automatically considered exempt and many > other employee classifications (such as programming) are considered exempt > as well. (exemption is once more IRS and state taxing authority > determination that the company has no say over) > > > > If the employee is exempt from overtime then it's illegal for the > company to require that they work a certain number of hours, or at certain > times. If the company DOES tell the employee this (that they have to track > their time) then the employee can hit them for mandatory overtime (if they > exceed 40 hours) > > > > Exempt/non exempt classifications are more commonly referred to as > salaried/hourly employees. > > > > Long and short of it is you cannot use an online form to consider "work > to be valid" for a salaried AKA exempt employee. Salaried employees are > paid BY THE JOB not by being logged into something for a certain time. > > > > Companies quite often forget that putting someone like a programmer on > salary is a two way street. The benefit from the company's point of view is > they don't have to pay overtime for one of those work-round-the-clock-push > times. But in exchange for that, the employee also doesn't have to work 40 > hours every week either. A decent salaried employee keeps an eye on time > since it's an important metric for how much work is reasonable to expect a > salaried employee to do but it is NOT the absolute metric. > > > > Companies who have tried to do it differently - that is, not pay OT and > make you work late during crunch time - and still make you work 40 hours - > regularly end up paying very large fines and back salary to people when > they get sued. It's healthy for that to happen for owners of those > companies to get slapped silly for trying to exploit workers from time to > time. > > > > Once more as I keep saying this needs to be handled from an employee > management standpoint via managers and HR not from the IT department trying > to play God and the managers being wussies and afraid to talk to employees. > > > > Is it simply that a large number of IT people are on the autism spectrum > and have social anxiety disorder that they will literally waste weeks of > company time on elaborate technical solutions that can be handled in 5 > minutes by a manager walking up to an employee and saying "hey dude you > know that thing you are doing with the VPN, well knock it off" > > > > Or is it that their anxiety disorder and desire to Play God just drives > them to believe that every other employee in the company is trying to screw > IT??? > > > > Sheesh!!! > > > > Ted > > > > -----Original Message----- > > From: PLUG plug-boun...@pdxlinux.org On Behalf Of Daniel Ortiz > > > > Sent: Wednesday, April 19, 2023 1:39 PM > > To: Portland Linux/Unix Group plug@pdxlinux.org > > > > Subject: Re: [PLUG] 3rd party vpn Defense evasion > > > > Disclaimer: some of the following if not all could be wrong. > > > > Wouldn't it be easier to deal with the credentials side to avoid this > problem in the first place? To illustrate what I mean, here's a theoretical > idea that while it might be flawed (like potential security failures), > could be useful in terms of guidance. When an employee logs in, it sends an > email to their company Gmail account complete the login in procedure. They > click the link to a Google form which requires them to be logged in to > their company Google account for the submitted form to either work or be > considered valid. Once, it's submitted, a program will allow them to finish > the login process. Also, doing something with a company Google account > could be helpful since Google records the devices you logged in with, which > if a company can check that, they can see if there is any suspicious > devices. > > > > On Wed, Apr 19, 2023 at 10:29 AM Ishak Micheil isaa...@gmail.com wrote: > > > > > We're chasing this from data science side as well. As far as charting > > > the pattern of activity and flag anomalies. > > > This should trap the subs since he/she won't be checking email, > > > responding to chat messages etc, or hopefully time of activity could > give us clues. > > > > > > I do agree, there are many VPN commercial services and they will never > > > advertise servers properties, besides there's lots of other open-VPN > > > options. > > > > > > We shall conquer! > > > > > > On Tue, Apr 18, 2023, 3:21 PM Ted Mittelstaedt > > > t...@portlandia-it.com > > > wrote: > > > > > > > -----Original Message----- > > > > From: PLUG plug-boun...@pdxlinux.org On Behalf Of John Jason > > > > Jordan > > > > Sent: Tuesday, April 18, 2023 2:00 PM > > > > > > > > > It would be nice if VPN services advertised how effectively they > > > > > stop > > > > > others from finding out who and where you really are. > > > > > > > > They are never going to do this because they are constantly tweaking > > > > their > > > > proprietary protocols to get around firewalls, and they don't want > > > > the firewall vendors knowing when they made a change to get past > firewalls. > > > > And given who some of the firewall vendors are, and what they do to > > > > people > > > > they don't like, this is very understandable. > > > > > > > > This stuff is getting very advanced nowadays since many firewalls > > > > are doing deep packet inspection, and looking specifically for > > > > patterns in packet traffic that indicate it is VPN traffic > > > > encapsulated in regular > > > > http > > > > or https traffic. So the proprietary vpn clients will modify the > > > > encrypted > > > > traffic to make it look like regular https traffic. > > > > > > > > Never forget that for you, me, and probably all the readers of this > > > > list, that creating using blocking and messing around with VPNs is > > > > really > > > > mainly > > > > an intellectual exercise, but that there are many people in the > > > > world in places like Russia and China where a secure VPN means not > > > > having people breaking their doors down in the middle of the night > > > > and hauling them off to prison - or worse. > > > > > > > > Ted >