undefined | Better HN

0 pointssimondedalus6y ago0 comments

this is getting really boring and repetitive, but you didn't give a "cheaper" solution, you gave an administratively more expensive solution (change files on machines rather than bulk remove an app which is out of the box functionality for many products IT like this would use), along with moving the goal posts; the goal is "keep my DNS filtering working," not "make sure no one ever gets to the porn site."

of course, you would need to do more in chrome (and windows/osx/ubuntu generally) to stop traffic to a site if a student knows what they're doing. that's not the point. the point is: we have this control in place. we've agreed it's working well enough. people can bypass the control simply by using firefox. to avoid adding overhead, we ditch firefox (for now). it's that simple.

as for future-proofing, that's a luxury. ...and part of why it's a luxury is that some goals ("make all traffic to any porn sites impossible on our school network") just aren't going to be met by budget IT.

re: BYOD, for that i go over to the armchair tech purist side i'm afraid, and just say "well, you allow that, so you need to get over that they can use VPNs and stuff. you're not DOJ or some wealthy corporation with important IP assets and equally 'important' VIP execs that insist on bringing their OSX 10.6 MBP to work. you don't get to have all the cool controls that might allow BYOD. sorry."

0 comments

close046y ago

You didn't understand OP's comment and realized only after I pointed out that HE is the one with the BYOD problem where uninstall can't fix anything. I'm not the one moving the goalposts. His only option is applied outside of the client, at network level. As for the other schools, the effort they put in today bought them a week or two at most. More than enough time for the students to have "workarounds" in place and access anything they want since as you said the admin has no resources to control what's happening on the machine. But you know, it's unwise to pay too much, but it's worse to pay too little; buy cheap, buy twice; poor man pays twice.

They were better off uninstalling Chrome. Firefox at least can be controlled with a config file and a script to do bulk copy, Chrome wants GPOs and without lockdown you have a ton of extensions in the store to make your DNS filtering redundant. I believe the latter is the better option but if a config file is beyond the possibilities of the school admin I expect their browsers to be fully unmanaged and at the mercy of the user. It can't be both ways.

I appreciate that you finally confirm what I said from the beginning: It is a half assed job (because doing it properly "is a luxury"). Uninstalling just kicks the problem down the road and lets "future you" deal with it a few days or weeks later.

> an app which is out of the box functionality

Begs the question why put in effort to install then uninstall it when there was no need for either. I'm not in their head but one thing's for sure, your explanation relies on conflicting argumentation. We're talking about a hypothetical Schrödinger's admin that at the same time both has and hasn't got the resources to do the work.

Cheerio.