this post was submitted on 04 Jun 2024
444 points (98.5% liked)

Technology

34828 readers
21 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] entropicshart@sh.itjust.works 40 points 5 months ago (7 children)

I’ve been debating for a while to switch windows to Linux and see how well it works for my games, thanks Microsoft for finally pushing me to do it!

Only thing keeping me on windows has been games (all other development use is far easier on Linux); but with the work that happened with Steam Deck, many games are now fully functional on Linux.

[–] fernandocarletti@lemmy.eco.br 10 points 5 months ago

Depending on what games you are playing, it should be a breeze. I ditched my windows installation last march and no regrets so far. Most of the games I enjoy run OOB in Linux, but some that I played occasionally are not supported, so I just live without them.

[–] sylver_dragon@lemmy.world 7 points 5 months ago (1 children)

Did the same. The writing has been on the wall for a long time, Microsoft's anti-user behavior is only set to get worse. I made the jump to Linux (Arch) and things have been reasonably smooth. I did have a few issues with Enshrouded, but was able to get past those with Proton-GE. The only issue I haven't worked around yet is Roblox with the kids. But, I may just have to pick up a cheap tablet for that.

[–] oo1@lemmings.world 1 points 5 months ago (2 children)

Does emulating via waydroid not work for android games? I don't really do android games so not sure how well waydroid performs for that type of stuff - but it seems okay for a few android apps i've tried.

[–] bilb@lem.monster 2 points 5 months ago (1 children)

The last time I tried that getting google play services working was a long, annoying process and did not work. I don't expect google to make any of that easy for us.

[–] oo1@lemmings.world 1 points 5 months ago

fair point, i'm very used to just using f-droid, aurora, or sideloading apks from dubious places, for my phone and tablet, that i completely forget how much android stuff "needs" google services.

I got netflix running without google play, i think installed from aurora store. It needed a script to install widevide DRM that seemed to work.

But I can imagine things like games being more of a pain especially with online.

[–] sylver_dragon@lemmy.world 1 points 5 months ago

That is a possibility. To be honest, I haven't tried very hard yet. I'm currently working on spinning up a Win10 VM in KVM and I'll see how that works. And Android emulator is another good idea, I'll have to give that a go.

[–] MystikIncarnate@lemmy.ca 5 points 5 months ago (1 children)

For me, working in IT, two things are keeping me on Windows:

  • games
  • IT tools only made for Windows.

Most remote access stuff is entirely Windows based. Sure, there's clients so you can connect to Linux, Mac, whatever, from the admin console, but the plugins and whatnot that actually show you the remote users desktop are almost entirely Windows exclusive. There's sometimes a Mac option, but almost never a Linux option.

Using something that's more common/public, like TeamViewer isn't really an option. There's a plethora of business focused RMM tools that are just web apps with Windows plugins for all the heavy lifting.

The part that gets me, is that any of these tools which allow for self hosting, can have the server and client side on Linux, but the IT team doing the work only gets Windows as an option for the remote control tools.

Infuriating.

[–] toastal@lemmy.ml 1 points 5 months ago* (last edited 5 months ago) (3 children)

Why do IT teams think being able to snoop any users screen is a good thing? Leave folks alone. Get authorized key consent to SSH into their box iff necessary.

This is why I only work with BYOD operations…

[–] MystikIncarnate@lemmy.ca 2 points 5 months ago (1 children)

There's a lot of trust required in IT. You must be a trustworthy person. Being fired for a trust related reason is basically a death sentence for an IT career. That being said, none of the tools I typically work with will provide previews of a user's screen, or such previews will be low enough resolution that reading what is on screen is basically impossible.

When we connect to a system and get a full resolution image of what's going on, pretty much always there's some on screen indication of us being connected.

IMO, this is how it should be.

The only time I've actively tried to "spy" on a user's activity, has been when requested to do so by a manager/owner, usually when pursuing an allegation of inappropriate use of a work computer. Even then it's been very rare, and I can only recall one such instance of it happening at all.

As an IT person, I will say, I could care less what you do with the equipment. I'm busy enough, I don't need to fill my day with watching you do your job. Yes, we have tools which can allow us to eavesdrop on everything you do, I don't touch them unless I absolutely must, usually only if I've been ordered to.

Another poster pointed out that work resources do not belong to you and legally, they're right. The system, including all data and work contained therein is legally the property of your employer. This includes your email and any correspondence, and anything else that work provides as a function of your employment. If you create an excel work sheet that does some data processing for you, or reformats information in a better way, during work hours, that sheet isn't yours. The ownership of the sheet is your employer. Though you did the work in creating it, your employer owns it because they paid you for the time/effort to do so.

Personally, I do whatever I can to avoid interacting with users unique files. I recently refused to work on someone's personal iPhone because it contained personal data. Though their work email was probably present on the device, I didn't want to touch it. I did however, provide instructions for them to do what they were asking themselves.

When interacting with work-owned systems, I'll modify the registry, and run command line commands without the users knowledge, in an effort to reduce the disruption to their workflow, while solving an issue. Generally this is when I have a request from that user, or the company, to get something done, such as install a piece of software. You'll be working away and poof, new software appears.

Anyone in IT unnecessarily snooping in on your files, can be fired with cause, ruining their career, if they're caught.

We have access to everything, and I mean everything, in an organization. Your email, files, databases, software.... Partly for troubleshooting, and partly for performing backups. If we don't directly have access, typically we have permission to grant access, so we can grant ourselves permission to access whatever we need to. This means that IT is one of the highest trust areas of the business. We can read the CEO's emails, send mail as anyone, access everyone's files, and delete all data on everything in such a way that it is impossible to recover. We need the access to do our jobs and violating the trust we have with that access, is unforgivable and a career-ending event.

I will say that I have not met any IT professionals who will snoop, spy, eavesdrop, or otherwise examine what you do or what data you have or interact with, without a good reason. If it happens, it's likely that someone else, such as a manager, has requested that we do. We are merely the middleman in that scenario. Bluntly, we're too busy than to just do it for kicks.

If any IT professional has violated trust, I would report it to management. It is grossly inappropriate to access a user's system without just cause.

As for notifications, that varies depending on the request. I typically only inform people when I need to remotely control their desktop (interrupting their work) and I'm generally very receptive to being asked to wait before connecting so any sensitive information can be dealt with and closed before the session is established. I have no issue with that. I don't need, nor want to know any more than I do. I'm never looking for illicit or illegal things unless they are creating a problem (excessive bandwidth use, excessive disk use, etc). For the most part, I try to stay in my lane. I'm here to help, not spy on you to get you fired.

[–] toastal@lemmy.ml 1 points 5 months ago (1 children)

Thanks for confirming some of my suspicions about how it all actually operates & the reasons for doing so.

I really just don’t like this in principle as it is way too easy to accidentally do private stuff out of convenience on a machine which is why I do like I said with BYOD & will be present for all attempts to troubleshoot a device. I don’t really see a conceptual different in my digital desktop vs. my physical one & I wouldn’t let an employer install a camera at my desk just as much or would I think it is cool for a business to have cameras in the bathroom just because they own the rental agreement. It feels like there should be some form of privacy even in these digital scenarios that never happens & it leaves a sour taste in my mouth. Is there a solution to allowing users privacy in their system or is it only considered fully private property?

[–] MystikIncarnate@lemmy.ca 1 points 5 months ago (1 children)

Legally, it's fully owned by the company.

My current workplace uses mostly cloud desktops. Basically, even if you're using a personal system, you install a remote desktop client software (it provides access to another system, it does not allow access to your system), which is used to connect to a server farm of virtual desktop servers. So the work desktop you use kind of overlays itself on your system. Your system is still there, humming away in the background, with it's only task being to shuffle your input up to the cloud, and bring down the images of your cloud desktop and display them.

There's some other features, but that's the core of it. We use a third party "remote monitoring and management" (RMM) tool to administrate company owned systems. You are perfectly capable of using the remote desktop client on a system that's not company owned. I like this model, since you can minimize or close the remote desktop at any time, and since we (the IT team) have full access to the remote desktop server farm, we can connect to your remote desktop session and see what you see, but only what's within the remote window. We can't escape it to see your computer. So if you have a problem with your work stuff, we have access to that. If you have a problem with your personal computer, we need to use a one-time-use (or ad-hoc) remote connection software like LogMeIn or something similar (specifically the LMI rescue type feature set). Once we disconnect from your personal system after doing whatever troubleshooting you asked for, we lose access to that system.

The programs change, but they do the same thing in concept. There are a number of company owned laptops and desktops we have our RMM tools on which allow us to dive into a system whenever we want.

I run a homelab, personally, and when my workplace does not give me the necessary stuff to be productive from home, what I do is build a small virtual system on my home lab, which I remote into when I work (from my desktop), so I can maintain a work/personal division. It's similar to the cloud system I'm doing at my current job, but the "remote" desktop is a VM on a server in my basement. Other times I've been given a laptop, and I'll set it up in a corner and turn on its built in remote desktop service (to allow remote desktop connections into it), then use the same protocols to connect to my work laptop.

When I'm done work, I just shut down the remote desktop connection and poof, back to my stuff on my PC.

With my current job I went another way, I got a KVM switch, which allows me to switch between two physical computers at the push of a button. (KVM is keyboard/video/mouse) When I'm done work now, I push a button and my screens (I have several) and KB/mouse all switch back to my personal desktop. Same idea but different.

I couldn't imagine using my personal computer to do work stuff directly. That's just not kosher in my mind. I have work's RMM and tools all installed on the system I use for work, and my personal system is entirely free of such things.

I also want to include a short story. Recently a client started a ticket about our company logo being on their personal computer. I grabbed that ticket up and immediately identified the system, and removed it from our system. I followed up with the user to verify that by removing it from our system, the icon disappeared (indicating our monitor agent was fully uninstalled), they confirmed, and I closed the ticket. I kept thinking it's grossly inappropriate for our software to be on their personal system, and I wanted to get it fixed ASAP. Not everyone is the same, I've known users that want or e remote management tools on their personal systems. I don't understand it, but I can't tell them that it can't be there either (the customer is always right, applies in this context).

As I hope I've demonstrated, neither myself, nor anyone I work with, nor anyone I've worked with in the past, would ever take such an opportunity to snoop or spy on them, but I'd rather not have that liability hanging over my company. All it takes is for one person to have the software on there and accuse us of stealing their private data (say, leud pictures) and publically posting that information on the internet, and I'm sure the policy would change. Of course, we wouldn't do that, but all it would take is the accusation.

It's a bad day for us when we see something we shouldn't, especially if upon seeing it, we're morally obligated to contact the authorities (in the case of illegal content such as child porn). If course, if something like that is observed by a tech, we must do something about it, but we don't want to have to get involved in that sort of thing, so we're pretty careful about it. To put it simply, we're not looking for anything, and we don't want to snoop through your stuff, because if we do and we find something we shouldn't, there's going to be hell to pay. Not only in the fact that now we need to report it to the police, but also that we need to be able to justify why we were able to see it in the first place. If we can't justify why we were looking at the content, that's probably grounds for termination and getting blacklisted from IT, even if it had a positive result (like a pedo being sent to jail).

Bluntly, it's not worth the risk, paperwork, or inevitable trouble that we'll face if we do.

Keeping a good separation between personal and work minimizes the risk of IT seeing something that shouldn't, even if it's not illegal/illicit. Even your personal financial information. I don't want to know. I had a call recently with a user who couldn't log into their bank, and through testing, I was on the lookout for errors while they logged in. As soon as login was successful and their accounts were up, I minimized my remote control so I didn't see more than I absolutely had to, of their bank info. I got them into the accounts. I don't care what the accounts are, or what is in them. It seems minor, but that is that users personal information which I do not need to know. I solved their login problem with the site, so I'm done.

I probably have a hundred of other examples, even some where my co-workers had to contact authorities, I'm pretty sure.... Every decent IT tech knows that this is a risk and we do what we can to avoid getting caught up in it. We don't want to have to answer those questions.

If you ever have IT connect to your computer and your background goes black, there's a reason. At first it was bandwidth related, and we'll still say that as the reason, but a large reason why we still do it, even into an age of high speed internet, is because a lot of people put pictures of their family, friends, sometimes even inappropriate content, as their desktop wallpaper. It's hard to miss when it's your wallpaper. So if it's blacked out when we connect, that's one less possible problem we have to deal with.

I'll stop, but if you have questions for a random internet IT guy, please feel free to ask.

Take care.

[–] toastal@lemmy.ml 2 points 5 months ago

That I could prefer: using a remote VM for the work & being able to opt out of a company provisioned device if possibre. It’s much easier to not pollute a VM & you will want to disable it as soon as you are done anyhow to free up local resources/connections.

[–] xilona@lemmy.ml 1 points 5 months ago

Well said!👏

[–] laughterlaughter@lemmy.world 0 points 5 months ago

Why do you care what other co-workers see on your work laptop? It doesn't belong to you.

[–] PumpkinEscobar@lemmy.world 3 points 5 months ago (1 children)

Most steam games just work. Make sure to go to settings and compatibility and let it use compatibility for all games. Look at something like bottles for a front-end to let you set up and use wine / proton for other launchers, etc….

[–] BReel@lemmy.one 4 points 5 months ago (1 children)

You can also use Steam itself to run external launchers via proton! Might not be the best way, but it was super easy for a noob like me to figure out.

Let’s me play ffxiv (non steam) and bnet games quite easily!

[–] hellofriend@lemmy.world 1 points 5 months ago

In order to get my copy of Cyberpunk (GOG) working I ended up running GOG Galaxy via Steam and launching the game from it. Possibly the most ape brained solution to that problem, but if it works it works lol

[–] nephs@lemmygrad.ml 2 points 5 months ago

I use a combo of lutris and proton, if you're looking for keywords.

[–] dinckelman@lemmy.world 1 points 5 months ago (1 children)

I have yet to find even one game, from the stuff i play, that doesn’t work as well, or better. Obvious exceptions include games with a client anticheat though

[–] hellofriend@lemmy.world 2 points 5 months ago

Was a bitch for me to get HOMM3 set up. But in the end I got it working. Would certainly be more plug n play on Windows, but I don't mind a little inconvenience if it means I'm not supporting from fuckass tech bro that wants my data.

[–] monkeyslikebananas2@lemmy.world 0 points 5 months ago

I just did it with Linux Mint. Works great. No issues so far. Just do it.