I'm not the one accusing IT people of having social disorders. There's clearly a double standard here and a few of you are getting ready to team up and attack the little guy.
Accsusing people of being autistic in order to win the argument is wrong. Ted has been very aggressive in this discussion and made statements that are clearly derogatory in nature. As for my contribution, I pointed out that that Ted's assertion that IT should not be involved here was wrong, and provided facts to clarify that. Maybe he (and you) can learn soemthing from that? Regardless of all that, you've made it clear that you just want to attack me. I don't appreciate the autism accusation and frankly, Ted owes everyone an apoplogy for being an abusive asshole. -Ben ------- Original Message ------- On Saturday, April 22nd, 2023 at 4:38 PM, Denis Heidtmann <denis.heidtm...@gmail.com> wrote: > What (positive) contribution do your insults bring to the discussion? Can > you find a less hostile way to contribute? > > -Denis > > On Sat, Apr 22, 2023 at 4:02 PM Ben Koenig techkoe...@protonmail.com > > wrote: > > > Don't be such a dipshit. > > > > Yes, HR and Management are responsible for taking corrective action > > against employees not doing their job. "Job" in this context being defined > > by that employees contract so there's no reason for us to speculate and > > pass judgement on whether or not IT should bother. > > > > What you seem to be missing in your attempt to over-compensate for your > > sense of psychological supremacy is that in order to take correct action > > from a management perspective, IT has to identify the digital paper trail. > > That's what we do - We can and often should keep track of network > > connections and report them accordingly. Whether that person gets punished > > is not for us to say. > > > > And in some cases this has to be handled proactively. This kind of > > subcontracting can create massive legal problems for some companies so even > > if the manager goes and tells them to stop, its too late. Data has been > > leaked and lawsuits start to fly. > > > > Sadly there are a lot of people in the modern linux community that seem to > > believe that their understanding of IT trumps everyone else. Small, > > inexperienced minds that see their own personal use case as superior to all > > others. > > > > -Ben > > > > ------- Original Message ------- > > On Wednesday, April 19th, 2023 at 4:43 PM, Ted Mittelstaedt < > > t...@portlandia-it.com> wrote: > > > > > For employees it depends if they are exempt or not. Any supervisory > > > employee who can fire people is automatically considered exempt and many > > > other employee classifications (such as programming) are considered exempt > > > as well. (exemption is once more IRS and state taxing authority > > > determination that the company has no say over) > > > > > > If the employee is exempt from overtime then it's illegal for the > > > company to require that they work a certain number of hours, or at certain > > > times. If the company DOES tell the employee this (that they have to track > > > their time) then the employee can hit them for mandatory overtime (if they > > > exceed 40 hours) > > > > > > Exempt/non exempt classifications are more commonly referred to as > > > salaried/hourly employees. > > > > > > Long and short of it is you cannot use an online form to consider "work > > > to be valid" for a salaried AKA exempt employee. Salaried employees are > > > paid BY THE JOB not by being logged into something for a certain time. > > > > > > Companies quite often forget that putting someone like a programmer on > > > salary is a two way street. The benefit from the company's point of view > > > is > > > they don't have to pay overtime for one of those work-round-the-clock-push > > > times. But in exchange for that, the employee also doesn't have to work 40 > > > hours every week either. A decent salaried employee keeps an eye on time > > > since it's an important metric for how much work is reasonable to expect a > > > salaried employee to do but it is NOT the absolute metric. > > > > > > Companies who have tried to do it differently - that is, not pay OT and > > > make you work late during crunch time - and still make you work 40 hours - > > > regularly end up paying very large fines and back salary to people when > > > they get sued. It's healthy for that to happen for owners of those > > > companies to get slapped silly for trying to exploit workers from time to > > > time. > > > > > > Once more as I keep saying this needs to be handled from an employee > > > management standpoint via managers and HR not from the IT department > > > trying > > > to play God and the managers being wussies and afraid to talk to > > > employees. > > > > > > Is it simply that a large number of IT people are on the autism spectrum > > > and have social anxiety disorder that they will literally waste weeks of > > > company time on elaborate technical solutions that can be handled in 5 > > > minutes by a manager walking up to an employee and saying "hey dude you > > > know that thing you are doing with the VPN, well knock it off" > > > > > > Or is it that their anxiety disorder and desire to Play God just drives > > > them to believe that every other employee in the company is trying to > > > screw > > > IT??? > > > > > > Sheesh!!! > > > > > > Ted > > > > > > -----Original Message----- > > > From: PLUG plug-boun...@pdxlinux.org On Behalf Of Daniel Ortiz > > > > > > Sent: Wednesday, April 19, 2023 1:39 PM > > > To: Portland Linux/Unix Group plug@pdxlinux.org > > > > > > Subject: Re: [PLUG] 3rd party vpn Defense evasion > > > > > > Disclaimer: some of the following if not all could be wrong. > > > > > > Wouldn't it be easier to deal with the credentials side to avoid this > > > problem in the first place? To illustrate what I mean, here's a > > > theoretical > > > idea that while it might be flawed (like potential security failures), > > > could be useful in terms of guidance. When an employee logs in, it sends > > > an > > > email to their company Gmail account complete the login in procedure. They > > > click the link to a Google form which requires them to be logged in to > > > their company Google account for the submitted form to either work or be > > > considered valid. Once, it's submitted, a program will allow them to > > > finish > > > the login process. Also, doing something with a company Google account > > > could be helpful since Google records the devices you logged in with, > > > which > > > if a company can check that, they can see if there is any suspicious > > > devices. > > > > > > On Wed, Apr 19, 2023 at 10:29 AM Ishak Micheil isaa...@gmail.com wrote: > > > > > > > We're chasing this from data science side as well. As far as charting > > > > the pattern of activity and flag anomalies. > > > > This should trap the subs since he/she won't be checking email, > > > > responding to chat messages etc, or hopefully time of activity could > > > > give us clues. > > > > > > > > I do agree, there are many VPN commercial services and they will never > > > > advertise servers properties, besides there's lots of other open-VPN > > > > options. > > > > > > > > We shall conquer! > > > > > > > > On Tue, Apr 18, 2023, 3:21 PM Ted Mittelstaedt > > > > t...@portlandia-it.com > > > > wrote: > > > > > > > > > -----Original Message----- > > > > > From: PLUG plug-boun...@pdxlinux.org On Behalf Of John Jason > > > > > Jordan > > > > > Sent: Tuesday, April 18, 2023 2:00 PM > > > > > > > > > > > It would be nice if VPN services advertised how effectively they > > > > > > stop > > > > > > others from finding out who and where you really are. > > > > > > > > > > They are never going to do this because they are constantly tweaking > > > > > their > > > > > proprietary protocols to get around firewalls, and they don't want > > > > > the firewall vendors knowing when they made a change to get past > > > > > firewalls. > > > > > And given who some of the firewall vendors are, and what they do to > > > > > people > > > > > they don't like, this is very understandable. > > > > > > > > > > This stuff is getting very advanced nowadays since many firewalls > > > > > are doing deep packet inspection, and looking specifically for > > > > > patterns in packet traffic that indicate it is VPN traffic > > > > > encapsulated in regular > > > > > http > > > > > or https traffic. So the proprietary vpn clients will modify the > > > > > encrypted > > > > > traffic to make it look like regular https traffic. > > > > > > > > > > Never forget that for you, me, and probably all the readers of this > > > > > list, that creating using blocking and messing around with VPNs is > > > > > really > > > > > mainly > > > > > an intellectual exercise, but that there are many people in the > > > > > world in places like Russia and China where a secure VPN means not > > > > > having people breaking their doors down in the middle of the night > > > > > and hauling them off to prison - or worse. > > > > > > > > > > Ted
