On 2024-01-20 10:14, Peter King via talk wrote:
Can't say that I disagree with any of this. I protested when the UofT
decided to amalgamate all its services on Microsoft Server (to no
avail), and even more so when they made it all but impossible not to
use Outlook (after using mutt happily for years and years) - on the
grounds that Outlook somehow had "more modern" security, which turned
out to be doublespeak for "proprietary closed-source protocols" for
accessing the mailserver that they now controlled. Rewriting links
and pushing their brand is the completely predicable result.
A few years ago I found a package that would proxy IMAP into an Exchange
server.
If I remember correctly it was called davmail.
It made some of the problems with a clients insistence on Exchange go away.
I tried to warn people in IT that this was all security theatre, but
they, like me, were victims of decisions made by administrative staff
rather than made by informed technical experts. There you have it.
Just recently I was told that the University would not allow me to ssh
in to my office computer "because ssh had to be protected from the
internet" (!), and instead I was supposed to use some binary blob to
create a VPN into the UofT network -- and how having one point of
entry into the whole system, trusted internally, "improves" security
over a single ssh connection to a single computer, I could not tell
you (and neither can they). But it's policy, so that ends discussion.
I have been on both sides of that argument and there is something to be
said for a single point of control.
Generally speaking control over VPN users means that if you remove a
user you have blocked their access.
Random port forwards are harder to keep track of.
However you could have run SSH from your office computer to your home
computer and set up a port forward.
[snip]
--
Alvin Starr || land: (647)478-6285
Netvel Inc. || Cell: (416)806-0133
[email protected] ||
---
Post to this mailing list [email protected]
Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
