Conversation

Notices

1. Embed this notice
   Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 24-Jan-2024 07:30:55 JST Rich Felker

   This is all horrifying and *not* how a vpn client should work, at all. https://infosec.exchange/@dazo/111806793643536439

   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 24-Jan-2024 07:30:54 JST Rich Felker

     in reply to

     The reasonable, user respecting concept of what a VPN should be: a service that provides a network route you can use as you choose.

     The BOFH idea of what a VPN should be: MDM-like monstrosity that takes over your device's network management.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 24-Jan-2024 07:31:51 JST Rich Felker

     in reply to

     • wrosecrans

     @wrosecrans The worst is when some company with this junk wants to contract with you (as an external consultant) on some development, audit, whatever and they somehow don't understanding you can't run their invasive MDM client on your infrastructure they don't own or have authority over. 🤦

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Rich Felker (dalias@hachyderm.io)'s status on Wednesday, 24-Jan-2024 07:31:52 JST Rich Felker

     in reply to

     • wrosecrans

     @wrosecrans I would put that shit inside a user+mount+net namespace and tunnel into it with veth or tun/tap...

   • Embed this notice
     wrosecrans (wrosecrans@mstdn.social)'s status on Wednesday, 24-Jan-2024 07:31:53 JST wrosecrans

     in reply to

     @dalias At a previous job, a coworker and I maintained a .so that you could LD_PRELOAD when running the corporate VPN client. It was a public repo on the internal git server. We never even got in trouble for the sort of open rebellion against the MDM junk because enough people understood working around the on-paper ironclad policy as simply necessary for doing any work.