WFH rejig

[Greenbank]

And...



New keyboard is lovely, plus it has media keys on the F-keys so that solves that problem too.

[Afasoas]

And...



New keyboard is lovely, plus it has media keys on the F-keys so that solves that problem too.

Good mouse mat/chair coordination

[Afasoas]

Before...

After...


Well that is phase 1 at least.
Phase 2 involves the empty computer case and wall mounted monitors.

The evolution continues, at least in small steps.



Recent changes:
* Additional wall-mounted monitors for observing infrastructure graph/pipeline status
* An external microphone and speakers makes pairing with my colleagues much more comfortable. Bye bye hot sweaty ears and ear ache. Relying on Pulse Audio's echo cancellation which thankfully, seems to work.

Also added a foot rest (not pictured).

Still to do:

* replace noisy desktop PC used to drive wall-mounted monitors with almost finished energy-efficient silent PC (CPU has been ordered but was supposed to arrive in stock + be dispatched 3 weeks ago)
* boom arm for microphone (the integral shock mount doesn't seem to be quite enough to eliminate vibration when typing in anger)
* some means of absorbing room echo - probably applying some foam tiles to the back wall
* some supplemental lighting
* replace the two work provided monitors (the lower pair) and office chair with my own equipment^*

This has probably got to wait until the new year, given that I hadn't budgeted for the new desk and accessories to make it all work and I've got to turn my attention/disposable income back to fixing up the house. I think the total cost has run to ~£1500^** including the half decent laptop, additional monitors etc..

Overall, I think the better setup has made me much more effective at work, in-terms of being able to see what is going on with our infrastructure at a glance and it has made working from home each day much less of an endurance.

*_{If I find myself in a position where I have to change jobs/take on some consultancy/go self-employed, I want to be set-up and ready to go without any further outlay - especially, if as a result of an economic slump I've been without work for any length of time}

**_{At the moment the company are relying on around 2/3 staff using their own devices for WFH. Between savings on fuel to get to work and small amount extra they are paying us in work from home allowance, the outlay should be covered in around 2-3 years, depending on extra energy use. I know the company are looking at a scheme where instead of buying computers and laptops, an additional allowance is paid for people to buy their own computers for work so I should hopefully recoup it sooner. Not that it really matters, given the difference the 'office' set-up has made}

[Mrs Pingu]

People being allowed to use their own computers to VPN into company networks always seems rather quaint.
Perhaps I'm just jealous being as our lot recently reverted to being locked down so you can't install anything yourself again, after a happy period of being able to do it without needing an admin.

[Afasoas]

People being allowed to use their own computers to VPN into company networks always seems rather quaint.
Perhaps I'm just jealous being as our lot recently reverted to being locked down so you can't install anything yourself again, after a happy period of being able to do it without needing an admin.

It maybe quaint, but it carries a lot of risk that has to be managed. And it was literally the only way we could get the entire workforce working remotely overnight. I can understand why computers employees use are locked down, if they are being used via a company VPN. Managed workstations are an absolute pain in the proverbial if they are remote. We have evaluated a good number of tools for remote management - they are either incredibly expensive, way too intrusive, don't actually work or cause too much inconvenience to users or a combination of all four.

Ideally we would get to a place where only a select few employees need VPN access, but that is some way off. In the meantime we're relying on an intrusion prevention system (IPS) to detect and drop nasty traffic trying to make it onto the company network and periodically surveying staff to make sure they are doing the needful (OS updates, firewall, encryption etc.) and not opening the company up to nasties.

[ian]

People being allowed to use their own computers to VPN into company networks always seems rather quaint.
Perhaps I'm just jealous being as our lot recently reverted to being locked down so you can't install anything yourself again, after a happy period of being able to do it without needing an admin.

Aboard the mothership, you have to tick the 'developer' box on the form. In blood. And offer them the head of someone senior, still dripping. I'm not actually a developer, but I am boss of developers*, so ha. Double ha as they gave me a Macbook.

Most of the mothership stuff is now off the VPN, other than the Atlassian crap, which unfortunately is what I have to use all the time.

*not literally, I'm not the person they hate, because it's my ideas they have to make work.

[citoyen]

We do everything on dropbox now. Some people are still allowed VPN access to the office servers for things like financial stuff, but they have to limit numbers to stop the whole thing grinding to a halt apart from anything else. I did manage to get access after much begging, since there is occasionally stuff in the archives I need to access (and life is too short to put the whole damn lot on dropbox). But when I tried to log in recently, I discovered that it seems my access have been revoked. Chiz!

Oh well, it wasn't anything I couldn't manage without, so I've not bothered trying to get access again.

[pcolbeck]

People being allowed to use their own computers to VPN into company networks always seems rather quaint.
Perhaps I'm just jealous being as our lot recently reverted to being locked down so you can't install anything yourself again, after a happy period of being able to do it without needing an admin.

It also leaved the company open to breaches of the data protection act.
If it someone's home computer what are the guarantees about protecting data at rest, is the disk drive encrypted, who else has access to it etc?

It's a minefield.

Sharepoint / Teams awful as it is is a much better solution and you can control what can be downloaded.

[FifeingEejit]

People being allowed to use their own computers to VPN into company networks always seems rather quaint.
Perhaps I'm just jealous being as our lot recently reverted to being locked down so you can't install anything yourself again, after a happy period of being able to do it without needing an admin.

Aboard the mothership, you have to tick the 'developer' box on the form. In blood. And offer them the head of someone senior, still dripping. I'm not actually a developer, but I am boss of developers*, so ha. Double ha as they gave me a Macbook.

Most of the mothership stuff is now off the VPN, other than the Atlassian crap, which unfortunately is what I have to use all the time.

*not literally, I'm not the person they hate, because it's my ideas they have to make work.

Not sure how to break it to you but...

[Afasoas]

People being allowed to use their own computers to VPN into company networks always seems rather quaint.
Perhaps I'm just jealous being as our lot recently reverted to being locked down so you can't install anything yourself again, after a happy period of being able to do it without needing an admin.

It also leaved the company open to breaches of the data protection act.
If it someone's home computer what are the guarantees about protecting data at rest, is the disk drive encrypted, who else has access to it etc?

It's a minefield.

Sharepoint / Teams awful as it is is a much better solution and you can control what can be downloaded.

Only if the corporate VPN provides access to Personally Identifiable Information.

[matthew]

So staff who have a corporate laptop get to use a VPN but they can't install software on the laptop without an IT Admin. Consultant plebs have to use laptops provided by our own companies so we can't use the VPN and have to instead connect to a server that is running a VM on the client network. We therefore can't take anything off teh network or put anything on without going through either an email or ftpp system that puts the files through a scan for nasties.

[Morat]

People being allowed to use their own computers to VPN into company networks always seems rather quaint.
Perhaps I'm just jealous being as our lot recently reverted to being locked down so you can't install anything yourself again, after a happy period of being able to do it without needing an admin.

It also leaved the company open to breaches of the data protection act.
If it someone's home computer what are the guarantees about protecting data at rest, is the disk drive encrypted, who else has access to it etc?

It's a minefield.

Sharepoint / Teams awful as it is is a much better solution and you can control what can be downloaded.

Only if the corporate VPN provides access to Personally Identifiable Information.

It will do. Or more accurately, can you prove (and document) that it doesn't?

[Morat]

Wired mouse replaced with wireless mouse.

Wireless keyboard will be delivered tomorrow according to Royal Mail.

4-pole headphone extension cable should be delivered Thu/Fri too.

Then I need to work out a way to sling the laptop under the desk (it still needs to have lots of cables sticking out of it, power and USB-C to monitor cable one side; headphones, network, HDMI to other monitor, USB to webcam, USB Garmin cable on the other side) and make it not a complete faff to get it back on to the desk if I really needed to.

You should look at a USB-C docking station or a dongle.
I have a Dell Thunderbolt dock, so the laptop lives under the desk with a single USB-C cable. The docking station is on the desk under a monitor
https://www.dell.com/en-uk/shop/accessories/apd/210-ARJD

Or just look for a Ugreen or similar usb-C dongle on Amazon and leave it permanently attached to monitors.
I have a USB-C monitor too, which is a good thing (TM) - it has a wired ethernet port and normal USB ports

Surely the correct answer to this conundrum is a desktop computer that can stand on the floor. By mounting a laptop under the desk you're ignoring the advantages of a laptop (screen, size, portability) and only using the ones which are compromised (performance, heat, connectivity).

.... but taking full advantage of the "workplace provided" function

OK, well Free wins

[Afasoas]

People being allowed to use their own computers to VPN into company networks always seems rather quaint.
Perhaps I'm just jealous being as our lot recently reverted to being locked down so you can't install anything yourself again, after a happy period of being able to do it without needing an admin.

It also leaved the company open to breaches of the data protection act.
If it someone's home computer what are the guarantees about protecting data at rest, is the disk drive encrypted, who else has access to it etc?

It's a minefield.

Sharepoint / Teams awful as it is is a much better solution and you can control what can be downloaded.

Only if the corporate VPN provides access to Personally Identifiable Information.

It will do. Or more accurately, can you prove (and document) that it doesn't?

This is a hypothetical.
But my personal take on this is, it is absolutely doable with appropriate network segmentation, firewall rules and practices to give assurance (for example, appropriate monitoring/alerting and conducting of penetration tests).

[quixoticgeek]

So staff who have a corporate laptop get to use a VPN but they can't install software on the laptop without an IT Admin. Consultant plebs have to use laptops provided by our own companies so we can't use the VPN and have to instead connect to a server that is running a VM on the client network. We therefore can't take anything off teh network or put anything on without going through either an email or ftpp system that puts the files through a scan for nasties.

Which fuckwit came up with that policy?!?

J

[FifeingEejit]

Sounds not massively different from a set up a mate had when he joined an FinTech company in Edinburgh donkeys years ago.
They were lodging in one of the financial offices in Edinburgh and remoting onto their development VM in Wellington NZ.
The company flew, so they eventually set up properly and recently bought space in "not Edinburgh"

Sent from my BKL-L09 using Tapatalk

[Greenbank]

Replacement keycaps turned up early - they'd originally said they'd be here late December having to come all the way from China but were shipped from the UK nice and early.

Not quite a perfect match, but I knew this. Different sized Enter key, left shift key and \ | key. Also no replacement # ~ key at all. Hardly a problem and I'll look to replace those individually.

Before:-



After:-



and front on:-

[Morat]

People being allowed to use their own computers to VPN into company networks always seems rather quaint.
Perhaps I'm just jealous being as our lot recently reverted to being locked down so you can't install anything yourself again, after a happy period of being able to do it without needing an admin.

It also leaved the company open to breaches of the data protection act.
If it someone's home computer what are the guarantees about protecting data at rest, is the disk drive encrypted, who else has access to it etc?

It's a minefield.

Sharepoint / Teams awful as it is is a much better solution and you can control what can be downloaded.

Only if the corporate VPN provides access to Personally Identifiable Information.

It will do. Or more accurately, can you prove (and document) that it doesn't?

This is a hypothetical.
But my personal take on this is, it is absolutely doable with appropriate network segmentation, firewall rules and practices to give assurance (for example, appropriate monitoring/alerting and conducting of penetration tests).

Those are all good security practices but what if the employee has a legitimate need to access docs that contain PD? They'll end up with a copy on their personal machine. The personal computer isn't controlled by the mothership and it's up to the user at that point to protect their machine from all threats. Some people are quite capable of this, but others are not.

[mcshroom]

Our network is very much restricted to company laptops. Those laptops are locked down rather strictly, to the extent I can't even use my wireless keyboard with mine as the company are worried about interception of keypresses.

MS Teams was rolled out hurriedly in March, and we are slowly making it more functional, but security concerns have meant we can only use teams on our personal devices, and quite a few of the functions are limited.

[davelodwig]

People being allowed to use their own computers to VPN into company networks always seems rather quaint.
Perhaps I'm just jealous being as our lot recently reverted to being locked down so you can't install anything yourself again, after a happy period of being able to do it without needing an admin.

It also leaved the company open to breaches of the data protection act.
If it someone's home computer what are the guarantees about protecting data at rest, is the disk drive encrypted, who else has access to it etc?

It's a minefield.

Sharepoint / Teams awful as it is is a much better solution and you can control what can be downloaded.

Only if the corporate VPN provides access to Personally Identifiable Information.

It will do. Or more accurately, can you prove (and document) that it doesn't?

This is a hypothetical.
But my personal take on this is, it is absolutely doable with appropriate network segmentation, firewall rules and practices to give assurance (for example, appropriate monitoring/alerting and conducting of penetration tests).

Those are all good security practices but what if the employee has a legitimate need to access docs that contain PD? They'll end up with a copy on their personal machine. The personal computer isn't controlled by the mothership and it's up to the user at that point to protect their machine from all threats. Some people are quite capable of this, but others are not.

People using personal computers to do work is just a sign to me that the company is too tight to buy employees proper hardware, and if they can't be bothered / afford that, then what else are they not doing or cutting corners on. 

Edit--

Just thought if they can't / won't buy you a computer to use, then they probably are not doing any of the things Afasoas suggests that costs more than a laptop and a vpn connection once you start paying your IT department to get things sorted out.

Edit--

My current employers provide me with a pretty decent laptop and expect me to only do work on it and only store data at certain classifications on it, everything else goes into SharePoint, stuff above that rating well it's air gapped network time and you won't be working on that from home.  On our client sites, they are expected to provide kit, the data and the end results are theirs so they have to pony up the tools, which usually turn out to be VM's rather than physical machines.

[davelodwig]

Our network is very much restricted to company laptops. Those laptops are locked down rather strictly, to the extent I can't even use my wireless keyboard with mine as the company are worried about interception of keypresses.

MS Teams was rolled out hurriedly in March, and we are slowly making it more functional, but security concerns have meant we can only use teams on our personal devices, and quite a few of the functions are limited.

Mines had it's camera and microphone ripped out, does make teams calls interesting.

[Afasoas]

Those are all good security practices but what if the employee has a legitimate need to access docs that contain PD? They'll end up with a copy on their personal machine. The personal computer isn't controlled by the mothership and it's up to the user at that point to protect their machine from all threats. Some people are quite capable of this, but others are not.

We have had a policy of 'you don't put company data onto computers' for years. As the business relies on G-Suite and other browser-based SaaS applications, there is never actually a need to do download any documents. Sadly there is not (yet) an option to prevent download of G-Suite documents ... but regular rebuilds of machines (automated, every two weeks, + 5% random chance on any given morning) effectively enforces this practice. Increasingly, we are moving people in HR and other roles onto Chromebooks which have user data encrypted by default. That doesn't stop someone downloading and emailing themselves sensitive data, but we've always taken a pragmatic view that we don't want to stop people from being able to do their job ... because then you get end users who work against you rather than work with you.

[L CC]

And...



New keyboard is lovely, plus it has media keys on the F-keys so that solves that problem too.

Tissues on the windowsill. Mmhmmm.

[Mrs Pingu]

And...



New keyboard is lovely, plus it has media keys on the F-keys so that solves that problem too.

Tissues on the windowsill. Mmhmmm.

That's why the bear is looking out the window...

[Polar Bear]

So relieved to not be drinking whilst reading this.  🤣