I got a new job recently after being at my old place almost 15-years. I've decided I'm doing things differently this time. All my work stuff is on my work equipment, all my personal on my personal, and never the two shall meet. I don't have e-mail or slack on my phone. I don't have personal e-mail on my work computer.
It's remarkable to me how much this has improved my life. It took some getting used to, but when I'm working I focus better on work, and when I'm not I unplug. It seems obvious yet somehow leaving work behind at the end of the day escaped me before.
Also as someone who used to run an IT department, it's shocking the degree that some people fail to realize their work equipment is well works. Personal e-mail on your work laptop, I get it. Your entire collection of photography celebrating the human form in your folder of the company shared drive, why would anyone think that's a good idea?
Calendar is what kills this approach for me. I am not two different people with two different calendars, I am one person with one calendar. Scheduling & making all my appointments is really troublesome with two separate calendars.
I do this while freelancing/contracting as well. I have a macbook for client work only.
While I don't have a one for each potential client, I do use a different user for each client, and all data should remain in user space -- which is easy enough to accomplish since I need to maintain matching versions of databases anyway, there is no need to share a single data store.
I did this exact same thing at my last job, and I agree that it's remarkable how much it made both work and non work life better. Drawing hard lines can oftentimes make compliance much easier. Just the fact that I had decided to not have/do ANY personal stuff on my work computer made it very easy to focus and be extremely productive. I'm in the middle of my career, and it was by far my most productive time as a software engineer.
That being said, I didn't work myself to the bone. Instead of taking breaks with reddit, checking personal email, or spending time on social networks, I allowed myself long lunches, long walks, naps in the park or at the beach, and other forms of relaxation during the working day. This easy pace allowed me to perform some of the highest quality and most creative work of my career.
I’ve known so many people that wanted to get into crypto over the last decade and didn't even own a laptop of their own and were practically married to their employer as if that was normal (in their corporate world that was normal)
They had no way of managing private keys, privately or properly at all
They did it anyway, in one instance one person turned in their computer for routine IT maintenance and it was wiped! lol! Its pretty obvious that a person like this only had a passing interest in crypto and never made any backup
Things are so much easier now with hardware wallets that connect to iphone apps
But its shocking how people often have no separation
For me, using Facebook cookies in the same browser as work stuff blows my mind. I specifically write in the onboarding of my employees “Create a separate Chrome or FF profile to use your Facebook and other personal browsing”, and only half respect this rule, interns being specifically bad (experience workers do want work/home isolation). They receive quite a scolding when I catch them, but the damage is done: All websites have immediately registered who they are associated with, who their colleagues are, etc.
Stringent security rules and obnoxious firewalls exist because people don’t respect cool rules.
I had a similar experience after switching companies (to remote) last year. Work computer has no personal accounts/services. iPhone (and personal Mac) has no work accounts/services. No Slack, calendars, etc. I made it clear up-front that I am not available before 8AM and after 5PM M-F, but very available during work hours. Best decision I ever made!
I try to do it. One thing that helps is my Logitech MX keys, it switches to my Phone with the push of a button, so I don't feel the need so much to install Signal and Telegram on my work laptop. (I still do of course, it's just too easy... but I try because I understand the problem.) What is nice about my employer is that they ask you to fully wipe your drives (throw away the encryption key) before handing/sending in stuff. It's as much protection for them as it is for me.
What you realize when you do that is how people actually adapt. I dont mind both, I have phases when Ill be fully plugged and answer work email at 1am, which starts to create a super fun action-oriented life where it's a denser and denser tunnel of things to do, fix, answer.
But then when you stop (I got a Huawei phone which cant install most of the corporate things for national security reasons), then wow. When I leave I leave, I do dilletante stuff, eat out with my wife and nobody cares. They just call someome else. I get probably less cookie points at annual reviews but a few rushes at the end of the year can usually compensate.
Really like this approach but 7KG cabin baggage limits on lots of international flights are what makes it really hard for me. I sometimes struggle to get single laptop + iPad + charger + power bank within the limit, let alone two sets.
I think this is reasonable advice, in some settings. But for many of us, I think it’s just not practical anymore.
The lines have become too blurred. I work from home, I have one office and one desk. The computer on the desk was purchased by my company but other stuff wasn’t like my mouse or my iPad. I have work Slack on my phone, which is my personal phone. I know I should be, but I’m just not that careful anymore about what I do where.
Granted, I work for a startup. It’s a MBP they had shipped directly from Apple to me. I set it up and configured it myself.
The GitHub Balanced Employee IP Agreement acknowledges that this distinction is arbitrary and unhelpful:
> In California the main difference made by BEIPA is that IP developed with company equipment or relating to the company's business, but in an employee's free time and which the employee is not involved in as an employee, is not owned by the company (but the company does get a non-exclusive and unlimited license if the IP relates to the company's business). This recognizes that from the employee perspective, segregating one's life activities based on ownership of devices at hand or relatedness to an employer's potentially vast range of business that an individual employee is not involved with as an employee imposes significant cognitive overhead and often doesn't happen in practice, whatever agreements state.
If your employer wants you to have Slack on a phone, they should buy you a phone. That’s been my situation across multiple employers for 5+ years.
I plug the same monitor and mouse into a work computer and a personal computer. This isn’t hard - you can use a single dongle with all of your inputs so you only need to swap one plug. Or you could use some kind of KVM switch.
I understand that startups may not want the expense of buying hardware for their employees, and you might not want to buy your own laptop, but if you end up building something valuable in your personal time, it’s in your interest to keep these things separate. For example, you might work on a side-project which is somehow related to your employer’s business, and eventually decide to quit and start your own company. You’ll be in a more secure legal position if you used your own device for that. You might judge that you aren’t likely do do that, but you should think through the trade-off.
The GitHub agreement sounds like an improvement, but most companies don’t use it. I’m not sure how well it protects your interests. If you’re working at odd hours because you’re receiving notifications on a personal device, while you’re also working on your side-project on a work device, would lawyers agree on what is personal and what is work?
FWIW, with JAMF, your employer can ship it straight from Apple to your door, and still get their MDM all over it the second it connects to the internet the 1st time.
Do you charge your company for desk space at your house?
It's not being talked about much, but since companies are okay paying landlords billions, they seem to be shy to pay their employees for use of their homes as offices.
I agree. But I think we need to look at these things even further.
It's sensible to separate the two in principle, but the arguments forwarded by the author seem to ignore the actual substance of the issue here: that people ar not machines that can genuinely do "work" and "play" separately and that employers should not have that sort of power in the first place.
The world we should strive to build is not one where security issues are entirely removed from the equation or where employees become perfectly aligned with their employer's business needs, but one where most individuals of the society lead healthy, fulfilling, meaningful lives.
As such, it's not the employees that should remove their humanity from teh workplace, it's the workplace - the employer - that should be take (many) steps back and allow people to be people.
I understand that visual arts or being a writer are considered a different businesses than IT, that's a pretty common sense, but I guess if you're doing a website on a company property where their business is embedded systems this could be qualified as the same business (IT)?
I recently switched jobs. When I put in notice at my previous employer there was some sort of miscommunication with IT about my last day and I was shut out 2 days early, before I had a chance to wipe everything or even log out of my personal stuff (in their own chrome instance). They were not willing to undo it, but assured me everything would be instantly wiped once they received it. Couple days later I decide to check my google accounts for some other purpose and see an active session in the city where I mailed back my machine to. Same with a few other accounts. Was not thrilled with that.
I use an encrypted linux VM with a VPN on my company Mac for anything personal like listening to music or checking email. At least if they were to suddenly lock me out of my Mac, the personal data would be encrypted. If they had a problem with me doing this, I just delete a single disk image file and everything is gone.
Oh wow. So they aren’t encrypting the devices or they have a master key? We use Apple laptops at my work and when somehow I messed up changing my login credentials, the only recourse was to wipe the device because it couldn’t be decrypted.
This is such critical advice, particularly if you work for a company that does remote hardware management.
You could be fired tomorrow, and your access to your hardware revoked instantly. Apple devices, in particular, allow IT to remote lock your laptop. Whatever you had stored on the drive is lost to you, available to your employer, and you can't do anything about it.
Saying "instantly" is under selling it. It literally happens before you are fired. IT will have disabled you ability to access files before you have been informed it is happening.
If you got the laptop in a sealed Apple box (purchased by employer), and set up macOS yourself, created your own admin user and everything, does this remote access still apply?
There are many cases where this is good advice--and certainly if you're the director of the CIA. There are of course additional reasons, including company policy and as peer comment says side projects, to keep personal and work devices separate. But I also don't think one-size fits all rules apply. I'm not going to carry two laptops when I travel.
Many years before I left my company, I purchased my own equipment for personal use. I actually had better equipment than that provided by my employer.
They monitored the living bejeezus out of my work equipment, and wouldn't let personal equipment (including phones) connect to the corporate network.
It was pretty overboard, but my company was seriously paranoid. It actually caused problems. For example, we wrote optimized C++, and optimizing on a monitored system is...difficult; especially with some of the custom gnarlyware we got from companies like Intel.
It also meant that I never worried about mixing my personal work with company work. If I had personal equipment at work, I would use 4G/hotspot. Not ideal (so I didn't really do anything more than check emails at work). It also allowed me to get to some of the banned sites (the company had a nasty habit of banning exactly the kinds of sites that optimizers like to read).
Another benefit was that I left my work equipment at work, so I couldn't easily be roped into doing out-of-band work. I had a great excuse.
It was annoying, but fine with me. I think the company went way overboard in their paranoia, but it was their company, and they got to set the rules. I have never had any interest in causing issues with them, so I was careful not to do anything that would step on their toes. They pretty much returned the favor.
I laughed reading this article. It draws a very broad conclusion of "No personal use" based on a straw man story of a cleared person (wait for it) viewing "high risk porn sites" on his work laptop. Yes, there's an argument for not engaging in NSFW activities on employer assets or being extra cautious when you hold a security clearance. There's also a big difference between that and, say, posting on HN which I'm doing right now. It's shades of gray based on individual circumstances.
Anec-tangent: when I left a start-up, I turned in the company laptop. Then when I asked if I could buy it back (since it nicer than my personal laptop), they just gave it to me for free. That was a really nice and totally unexpected gesture.
Later I gave that laptop to someone to learn to code on and now they're a full-time software engineer.
There's a lot of "one device versus two device" discussions here. I have a work laptop and a personal laptop that I use carefully to try and keep things separate. But, this means I'm now ~doubling the environmental impact of electronic devices (impact of production, disposal). So there's tension, in my mind, between the public/private work separation and minimizing the damage I'm doing the environment.
In all fairness, I suspect me buying 2 laptops every 3-4 years instead of one laptop over the same period is a small environmental impact compared to other things (air travel, dietary choices). But it also seems like that's not a reason for me to ignore its impact. And the aggregate cost of many people having 2 laptops instead of 1 is probably worth considering.
I thought about ways to only have one device (running my personal "machine" as a VM on my work laptop or vice versa) but couldn't come up with anything cleanly satisfactory.
Obvious stupid uses of work laptops are beyond the pale, but I can see why someone would check their gmail from a work laptop (I'm posting this on my work laptop while my code compiles).
But one thing I found which is great is setting up my work and personal laptops next to each other on a laptop holder and doing everything through external monitors.
At my desk I have an adjustable laptop holder which holds my work and personal laptops, as they're both macbooks switching between my work and personal laptop is as simple as unplugging a couple usb-c hubs, plugging them into the other laptop (the port is 1 inch away), and pulling out my other keyboard.
I totally don't agree with his sentiment. And I manage 200,000 endpoints (computer and mobile)
This sentiment is a typical early 2000s mindset. It no longer works in this world where the line between business and private lives have blurred. And it wasn't just the pandemic that did that, this has been going on much longer.
Who wants to bring 2 laptops on a business trips? Or 2 phones for that matter? Computing is flexible in the age of the cloud. Mobile OSes are really good at separating personal and private data (think of Android's Work Profile and iOS's User Enrolment). Personal computers (either Mac or Windows) don't do this as well yet, but at least they're a hell of a lot more secure with everyone enforcing disk encryption now.
But we should remember that technology is there to serve us. If the tech can't deal with our increasing mix of private and business, we'll just have to make it better at that. Telling people not to do it just won't work.
I have one exception: Installing personal apps on a work computer is not really OK (unless the application has already been approved for work too). On mobile this is fine because of the more rigid separation.
PS: This is not just my opinion, it's the company's policy. We explicitly allow personal use (including apps) of mobile devices and most personal web usage on company laptops (though blocking malicious sites and stuff that's not really "business oriented" :) ). We do block some things like sideloading on mobile. Our devices are still secure because we enforce what's important (like decent passwords, full disk encryption). Our users are happier because we don't treat them like children. We're happier because we don't need to approve every taxi app anymore that a user would want to use on their work phone during a business trip. We just make sure their apps can't access the work apps. On mobile this works really well and on PC/Mac it's in the works.
It's a give and take. The early 2000's us-against-them BOFH total lockdown thing just doesn't fly anymore.
Writing a personal doc on the work machine is a non issue assuming a) it’s not sensitive in any way and b) it’s not getting you in trouble any other way.
Of course I do my personal coding on my own machine because of ownership/legal issues.
But replying with Gmail to my plumber or drawing my new kitchen using the CAD software on my work laptop or writing the invitations to the neighborhood barbecue if it’s more convenient? I’m just going to assume nothing bad will come of it.
Sensitive data, competing business, security risks, sure. But that’s pretty rare. Convenience easily trumps it.
I used the company laptop as a personal laptop for far too long as well until this year. Even when I considered leaving my job, I thought to myself "well crap, then I need to buy a new laptop first", so my ability to find a new job was tied to my current employer (imagine being fired and have to hand over my only laptop).
Separating work and personal machines also improved my WFH experience. When I shut down my work laptop, I put it in the drawer and the work day is done. Whatever happens, I will have to deal with it the next morning. And to avoid that, no deployments at about 1h before I leave so I don't get dragged into hot-fixes. If it's an urgent fix and it's end of day, I just stay a little longer, at least I have more control that way and no phone calls interrupting my evening.
My first ever office job was working for a local government, where one of the first things they told me when giving me a laptop was that the previous person in the position had been FOIAed and had to hand over the laptop to attorneys in the past so to be very careful about anything I did. This attitude has served me well in life.
I have a desktop at work that belongs to the company, but I used my personal laptop since not so long ago. Most other employers uses their personal devices. I just opted for a desktop for a question of practicality, not having to carry around a laptop and connect it every day. I of course still use my laptop or a home desktop if I work from home.
If you have a good relationship with your boss you can do that, in the company we all manage our own devices, meaning that the operating system and stuff is decided and installed by whoever uses the computer (Linux, Windows, macOS, whatever you are more practical, that is also an advantage since we ensure you can develop a project on all platforms). Also we have basically have all admin access on everything personal and everything that is shared (shared computers in the office, network equipment, servers, etc).
I could not see working on a place where I have to pay attention on what I do on a particular device if not they will punish me. To me it doesn't really make sense, the computer that I'm using is mine till I use it, of course if I change job that computer will be formatted and used by another person.
There is this concept but to me it only slows down work. If I have to do something personal related on the desktop at work I do it on the desktop, similarly if I'm at home and I have to do a fix on a production system I do that on my personal laptop, or I answer a Teams call from a coworker from my mobile phone.
> who in addition to accessing those university resources also visited several "high-risk" porn sites, one of which had placed cookies on the computer.
Get this, Charlie; get this, Charlie! It's cookies... Cookies! Oh, the humanity!
I get to see the crazy stuff people do on work laptops all the time. After letting one guy go for poor performance, a quick scan of his machine showed he was spending a majority of his time reading and commenting on incel message boards. Nevermind the porn.
Never ever put anything personal on a work laptop. I recommend remote desktoping to your personal machine and doing all your personal stuff on that machine, so you get the best of both worlds.
Don't work for a company that wants to "manage" your computer for you. You are assuming liability regardless if you manage it or they manage it. What you end up getting is usually crappy hardware, a bunch of redundant software that is terribly managed and outdated, and being told how to do your job and what software you can use even though you're supposed to be the expert.
The same people installing SolarWinds and requiring you use Outlook with 10 different comprised extensions will be the first to try blaming their employees for installing Docker or kubectl because it wasn't approved software yet you were brought in to be the container expert.
Firefox is handy if you want to occasionally do personal stuff on a work-provided Windows PC, since it has it's own proxy settings (where Chrome uses the Windows settings). Also DNS-over-https. So if you run a proxy on an outside host, it's all still reasonably separated.
I suppose you could wrap it with Windows sandbox[1] if you're paranoid.
[+] [-] Volundr|4 years ago|reply
It's remarkable to me how much this has improved my life. It took some getting used to, but when I'm working I focus better on work, and when I'm not I unplug. It seems obvious yet somehow leaving work behind at the end of the day escaped me before.
Also as someone who used to run an IT department, it's shocking the degree that some people fail to realize their work equipment is well works. Personal e-mail on your work laptop, I get it. Your entire collection of photography celebrating the human form in your folder of the company shared drive, why would anyone think that's a good idea?
[+] [-] ip26|4 years ago|reply
[+] [-] LanceH|4 years ago|reply
While I don't have a one for each potential client, I do use a different user for each client, and all data should remain in user space -- which is easy enough to accomplish since I need to maintain matching versions of databases anyway, there is no need to share a single data store.
[+] [-] _9omd|4 years ago|reply
That being said, I didn't work myself to the bone. Instead of taking breaks with reddit, checking personal email, or spending time on social networks, I allowed myself long lunches, long walks, naps in the park or at the beach, and other forms of relaxation during the working day. This easy pace allowed me to perform some of the highest quality and most creative work of my career.
[+] [-] vmception|4 years ago|reply
They had no way of managing private keys, privately or properly at all
They did it anyway, in one instance one person turned in their computer for routine IT maintenance and it was wiped! lol! Its pretty obvious that a person like this only had a passing interest in crypto and never made any backup
Things are so much easier now with hardware wallets that connect to iphone apps
But its shocking how people often have no separation
[+] [-] kritiko|4 years ago|reply
[+] [-] requirementyogi|4 years ago|reply
Stringent security rules and obnoxious firewalls exist because people don’t respect cool rules.
[+] [-] heroHACK17|4 years ago|reply
[+] [-] teekert|4 years ago|reply
[+] [-] xwolfi|4 years ago|reply
But then when you stop (I got a Huawei phone which cant install most of the corporate things for national security reasons), then wow. When I leave I leave, I do dilletante stuff, eat out with my wife and nobody cares. They just call someome else. I get probably less cookie points at annual reviews but a few rushes at the end of the year can usually compensate.
[+] [-] 1vuio0pswjnm7|4 years ago|reply
Thought maybe I was the only one. Text messaging is enough. Not even using any trendy apps, just a few basic things from F-Droid.
[+] [-] jcun4128|4 years ago|reply
[+] [-] talkingquickly|4 years ago|reply
[+] [-] markus_zhang|4 years ago|reply
[+] [-] samjbobb|4 years ago|reply
The lines have become too blurred. I work from home, I have one office and one desk. The computer on the desk was purchased by my company but other stuff wasn’t like my mouse or my iPad. I have work Slack on my phone, which is my personal phone. I know I should be, but I’m just not that careful anymore about what I do where.
Granted, I work for a startup. It’s a MBP they had shipped directly from Apple to me. I set it up and configured it myself.
The GitHub Balanced Employee IP Agreement acknowledges that this distinction is arbitrary and unhelpful:
> In California the main difference made by BEIPA is that IP developed with company equipment or relating to the company's business, but in an employee's free time and which the employee is not involved in as an employee, is not owned by the company (but the company does get a non-exclusive and unlimited license if the IP relates to the company's business). This recognizes that from the employee perspective, segregating one's life activities based on ownership of devices at hand or relatedness to an employer's potentially vast range of business that an individual employee is not involved with as an employee imposes significant cognitive overhead and often doesn't happen in practice, whatever agreements state.
- https://github.com/github/balanced-employee-ip-agreement
I hope that more employee agreements move this direction so we can stop trying to enforce this distinction.
[+] [-] sjfidsfkds|4 years ago|reply
I plug the same monitor and mouse into a work computer and a personal computer. This isn’t hard - you can use a single dongle with all of your inputs so you only need to swap one plug. Or you could use some kind of KVM switch.
I understand that startups may not want the expense of buying hardware for their employees, and you might not want to buy your own laptop, but if you end up building something valuable in your personal time, it’s in your interest to keep these things separate. For example, you might work on a side-project which is somehow related to your employer’s business, and eventually decide to quit and start your own company. You’ll be in a more secure legal position if you used your own device for that. You might judge that you aren’t likely do do that, but you should think through the trade-off.
The GitHub agreement sounds like an improvement, but most companies don’t use it. I’m not sure how well it protects your interests. If you’re working at odd hours because you’re receiving notifications on a personal device, while you’re also working on your side-project on a work device, would lawyers agree on what is personal and what is work?
[+] [-] winrid|4 years ago|reply
HARD disagree. Use a separate personal machine and a KVM switch or hub/dock.
I work from home, and I just switch machines. I also have cut off times for when I am allowed to do personal things vs work.
The more you mix play and work, the worse both end up being.
[+] [-] astockwell|4 years ago|reply
[+] [-] varispeed|4 years ago|reply
It's not being talked about much, but since companies are okay paying landlords billions, they seem to be shy to pay their employees for use of their homes as offices.
[+] [-] dorian-graph|4 years ago|reply
I too disagree, and aside from that, it's such a defeatist attitude.
[+] [-] robtherobber|4 years ago|reply
It's sensible to separate the two in principle, but the arguments forwarded by the author seem to ignore the actual substance of the issue here: that people ar not machines that can genuinely do "work" and "play" separately and that employers should not have that sort of power in the first place.
The world we should strive to build is not one where security issues are entirely removed from the equation or where employees become perfectly aligned with their employer's business needs, but one where most individuals of the society lead healthy, fulfilling, meaningful lives.
As such, it's not the employees that should remove their humanity from teh workplace, it's the workplace - the employer - that should be take (many) steps back and allow people to be people.
[+] [-] loa_in_|4 years ago|reply
[+] [-] jcomis|4 years ago|reply
[+] [-] Sebb767|4 years ago|reply
The activity might just be that the laptop connected to the internet, but I'd still consider changing passwords.
[+] [-] treesknees|4 years ago|reply
[+] [-] ViViDboarder|4 years ago|reply
[+] [-] timr|4 years ago|reply
You could be fired tomorrow, and your access to your hardware revoked instantly. Apple devices, in particular, allow IT to remote lock your laptop. Whatever you had stored on the drive is lost to you, available to your employer, and you can't do anything about it.
Don't mix business and personal hardware.
[+] [-] underwater|4 years ago|reply
[+] [-] wvenable|4 years ago|reply
Having work emails/chat/etc on my phone has been a great benefit -- it means I can be untethered from desk but not miss anything important.
[+] [-] pageandrew|4 years ago|reply
[+] [-] GekkePrutser|4 years ago|reply
Though I would prefer to see stricter separation like Android Work profile on computers too.
[+] [-] andrewshadura|4 years ago|reply
[+] [-] tomjen3|4 years ago|reply
[+] [-] eikenberry|4 years ago|reply
[+] [-] ghaff|4 years ago|reply
[+] [-] ChrisMarshallNY|4 years ago|reply
They monitored the living bejeezus out of my work equipment, and wouldn't let personal equipment (including phones) connect to the corporate network.
It was pretty overboard, but my company was seriously paranoid. It actually caused problems. For example, we wrote optimized C++, and optimizing on a monitored system is...difficult; especially with some of the custom gnarlyware we got from companies like Intel.
It also meant that I never worried about mixing my personal work with company work. If I had personal equipment at work, I would use 4G/hotspot. Not ideal (so I didn't really do anything more than check emails at work). It also allowed me to get to some of the banned sites (the company had a nasty habit of banning exactly the kinds of sites that optimizers like to read).
Another benefit was that I left my work equipment at work, so I couldn't easily be roped into doing out-of-band work. I had a great excuse.
It was annoying, but fine with me. I think the company went way overboard in their paranoia, but it was their company, and they got to set the rules. I have never had any interest in causing issues with them, so I was careful not to do anything that would step on their toes. They pretty much returned the favor.
[+] [-] atlgator|4 years ago|reply
[+] [-] mLuby|4 years ago|reply
Later I gave that laptop to someone to learn to code on and now they're a full-time software engineer.
[+] [-] privong|4 years ago|reply
In all fairness, I suspect me buying 2 laptops every 3-4 years instead of one laptop over the same period is a small environmental impact compared to other things (air travel, dietary choices). But it also seems like that's not a reason for me to ignore its impact. And the aggregate cost of many people having 2 laptops instead of 1 is probably worth considering.
I thought about ways to only have one device (running my personal "machine" as a VM on my work laptop or vice versa) but couldn't come up with anything cleanly satisfactory.
[+] [-] tj-teej|4 years ago|reply
But one thing I found which is great is setting up my work and personal laptops next to each other on a laptop holder and doing everything through external monitors.
At my desk I have an adjustable laptop holder which holds my work and personal laptops, as they're both macbooks switching between my work and personal laptop is as simple as unplugging a couple usb-c hubs, plugging them into the other laptop (the port is 1 inch away), and pulling out my other keyboard.
https://www.amazon.com/gp/product/B081GY4NM9/
[+] [-] GekkePrutser|4 years ago|reply
This sentiment is a typical early 2000s mindset. It no longer works in this world where the line between business and private lives have blurred. And it wasn't just the pandemic that did that, this has been going on much longer.
Who wants to bring 2 laptops on a business trips? Or 2 phones for that matter? Computing is flexible in the age of the cloud. Mobile OSes are really good at separating personal and private data (think of Android's Work Profile and iOS's User Enrolment). Personal computers (either Mac or Windows) don't do this as well yet, but at least they're a hell of a lot more secure with everyone enforcing disk encryption now.
But we should remember that technology is there to serve us. If the tech can't deal with our increasing mix of private and business, we'll just have to make it better at that. Telling people not to do it just won't work.
I have one exception: Installing personal apps on a work computer is not really OK (unless the application has already been approved for work too). On mobile this is fine because of the more rigid separation.
PS: This is not just my opinion, it's the company's policy. We explicitly allow personal use (including apps) of mobile devices and most personal web usage on company laptops (though blocking malicious sites and stuff that's not really "business oriented" :) ). We do block some things like sideloading on mobile. Our devices are still secure because we enforce what's important (like decent passwords, full disk encryption). Our users are happier because we don't treat them like children. We're happier because we don't need to approve every taxi app anymore that a user would want to use on their work phone during a business trip. We just make sure their apps can't access the work apps. On mobile this works really well and on PC/Mac it's in the works.
It's a give and take. The early 2000's us-against-them BOFH total lockdown thing just doesn't fly anymore.
[+] [-] alkonaut|4 years ago|reply
Of course I do my personal coding on my own machine because of ownership/legal issues.
But replying with Gmail to my plumber or drawing my new kitchen using the CAD software on my work laptop or writing the invitations to the neighborhood barbecue if it’s more convenient? I’m just going to assume nothing bad will come of it.
Sensitive data, competing business, security risks, sure. But that’s pretty rare. Convenience easily trumps it.
[+] [-] wreath|4 years ago|reply
Separating work and personal machines also improved my WFH experience. When I shut down my work laptop, I put it in the drawer and the work day is done. Whatever happens, I will have to deal with it the next morning. And to avoid that, no deployments at about 1h before I leave so I don't get dragged into hot-fixes. If it's an urgent fix and it's end of day, I just stay a little longer, at least I have more control that way and no phone calls interrupting my evening.
[+] [-] neaden|4 years ago|reply
[+] [-] Grimm1|4 years ago|reply
There has been at least one high profile case over the last few years over people who didn’t do that.
[+] [-] alerighi|4 years ago|reply
If you have a good relationship with your boss you can do that, in the company we all manage our own devices, meaning that the operating system and stuff is decided and installed by whoever uses the computer (Linux, Windows, macOS, whatever you are more practical, that is also an advantage since we ensure you can develop a project on all platforms). Also we have basically have all admin access on everything personal and everything that is shared (shared computers in the office, network equipment, servers, etc).
I could not see working on a place where I have to pay attention on what I do on a particular device if not they will punish me. To me it doesn't really make sense, the computer that I'm using is mine till I use it, of course if I change job that computer will be formatted and used by another person.
There is this concept but to me it only slows down work. If I have to do something personal related on the desktop at work I do it on the desktop, similarly if I'm at home and I have to do a fix on a production system I do that on my personal laptop, or I answer a Teams call from a coworker from my mobile phone.
[+] [-] AshamedCaptain|4 years ago|reply
Get this, Charlie; get this, Charlie! It's cookies... Cookies! Oh, the humanity!
[+] [-] nasalgoat|4 years ago|reply
Never ever put anything personal on a work laptop. I recommend remote desktoping to your personal machine and doing all your personal stuff on that machine, so you get the best of both worlds.
[+] [-] encryptluks2|4 years ago|reply
The same people installing SolarWinds and requiring you use Outlook with 10 different comprised extensions will be the first to try blaming their employees for installing Docker or kubectl because it wasn't approved software yet you were brought in to be the container expert.
[+] [-] tyingq|4 years ago|reply
I suppose you could wrap it with Windows sandbox[1] if you're paranoid.
[1] https://docs.microsoft.com/en-us/windows/security/threat-pro...