JoshCodes

I’m sorry your team is like that, they should do better. I get along with my company IT team, obviously working close with them has benefits, but we have a lot of oversight and executive support so giving two word answers isn’t a thing where I work, they have to give a written justification etc.

In the same sense that not everyone works where I do, not everyone has assholes in IT who deny everything. Neither of our experiences are default and I was trying to write for someone in-between. Apologies if it didn’t come across that way.

There are businesses who don’t allow spotify on the corporate device, for sure. I saw a talk delivered by a guy who did. He worked for a mining company, they wouldn’t let people install things and were inundated with policy violations. He had to change the entire company culture around who IT were, and started by letting people make install requests for apps they wanted to use. They just tracked the requests so they knew who had what, and by helping, they could be selective about where the software came from.

When people don’t have IT as a support and see them as a regulator, they don’t work with them and bad shit happens. This dudes mining company was hit, also with ransomware (this one worked), because the CFO had local admin since he didn’t want to talk to IT.

My point is

• a. they should be helping in this instance. Sorry they don’t, that’s frustrating to hear. Work culture is hard to change and I’m lucky with where I do work and the culture we have.

• b. don’t bypass security controls regardless. Sorry. It’s still not the answer. If work makes you do things a slower or more annoying way, that’s their time lost. HR will throw you under the bus for the policy violation.

That may be true for Discord but for FOSS products the security concern is the attack surface (more to patch).

Like I said to the other commenter, if they say no they should have to justify that (in written form, argued, with points), even if the reason you want it is familiarity with the tool, workflow speed ups, or it has a nicer UI. Make them work harder if they say no, and make it really clear you will go away quietly if they say yes.

I do think that companies asking users to use standard tools so they can build processes and training materials is reasonable. Using other tools means more attack surface, it means more updates, more documentation, less familiar people and it means more risk.

Also assuming your company is like most and forgets to document everything alongside the crucial processes, if you know how to do something and tie it to a FOSS product instead of say excel, they won’t be able to hire a grad that can work for cheaper and do the thing half as well.

My point is it does do something for them, but not as much as they think. They didn’t pay for the office suit for you to not use it. However, if you don’t need it, they can also stop paying for it. Justification is important. So is making ITs life difficult by making them justify decisions.

Bypassing them makes the incident response team’s life difficult, not ITs.

Okay maybe I should have said they can’t say no and appear reasonable? Was there a justification or is this guy Joseph Goebbels or something? I bet you didn’t use AI 2 years ago but probably have that running rampant.

I’d love to live in a world where I trust everyone to install software on computers, but Mr Ransomware, albeit not common, is out there waiting to fuck up the business with a portable application he found. He wanted to do something for a colleague, but we all nearly suffered for it.

Install things the right way, and if you can’t, make a case for it and get managers involved. Justify the time saved or the comfort it provides: everyone hates AI, blame it on copilot being in excel.

Bypassing security instead of working with them doesn’t help anyone and it almost always ends badly.

There was a trend of malware authors making websites to give away free video editors, I think this one appeared as capcut. They patch the binaries or use other techniques and include malicious DLLs.

Edit: you and I both are fine with people installing FOSS from github, but what happens when they get the name for the repo wrong? What happens when they go to the fake site a malware author spun up, that even has all the files they wanted?

Security is there for a reason, sorry, I know we can be annoying and add hurdles to important roles, but people get things wrong. We help with that, and bypassing us means you didn’t give us a chance to save you before you messed up (again I assume everyone on lemmy is a sysadmin Linux user so not ‘you’ but a generic user you).

On behalf of cyber and IT, just ask IT to install the thing, please. They can’t really say no to a free app and bypassing restrictions ends badly for everyone. I had a user do that with video editing software… seriously, what could go wrong? Ransomware. Literally ransomware. Lucky for antivirus it stopped it but yeah, please work with IT.