I don’t think so. I think there are quite a lot of people with a very shallow knowledge of European history, who saw few Nazi symbols carries by Ukrainian Nazi and then are ready to assume this position. Most of these people want to be anti-imperialists when it comes to US or UK (often being from US themselves), so this makes it handy: US supports Ukraine, I have seen Ukrainian Nazis, Russia called this denazification, Russia is enemy of US and that’s how they get this position.

Of course, they hardly have idea of the Ukrainian perspective as a colony, as subject to an imperial power before etc.

Because Ukraine is carrying out a righth-wing genocide? Are you still looking for the WMD in Iraq or you just selectively choose which imperialistic bs to believe?

Why are you assuming that the female relative is a “need” in order to empathize and not just a way to feel closer to the problem? I think it’s fair that if you have deep connections with someone, their problems become your problems. It doesn’t mean you wouldn’t care about that if you didn’t have that connection.

For the most part I don’t think about it at all. I guess you only consider things when they cause extra effort, in this case it mostly doesn’t so it’s very unconscious. That said, I generally use the few gendered ones I know (I listed in another comment) because it is the way my native language works.

By the way, from grammar perspective English is a very simple language. Compared to similar languages (French, Italian etc.), for example, verbs are much simpler too. The harder part of English I think has to do with pronounce.

OK, but ugro-finnic languages are incredibly harder compared to English, I would say even much harder than German (saying this as a basic Estonian speaker - which is similar to Finnish from what I can tell).

I still use actress, does that make me sound weird? Same for masseuse/masseur, waiter/waitress, hostess/steward (on a plane) and I can’t think of anything else right now.

I wish this could be blamed on current or recent (or right wing) governments. The progressive demolition and/or privatization of welfare (from healthcare to social security nets) is a process that goes on for at least 20 years now, carried out by all the main parties.

But bringing it down is 1)illegal, 2) costly (DDoS cost money), 3) not guaranteed (CDNs can be very resilient) and 4) doesn’t show the collective support that not visiting the site does.

Learning to support others when you realize your carry is bad, tilted etc. is indeed one of the best skills for a support. Providing vision and general support to the one (or two) good players in the game is totally a winning strategy.

Also we don’t say “I died stupidly to grant vision”, we say “limit testing”.

Great points. Not only the output cannot be trusted, but also reviewing code is notoriously a much more boring activity than writing it, which means our attention is going to be more challenged, in addition to the risk of underestimating the importance of the review over time (e.g., it got it right last 99 times, I will skim this one).

After 2 years it’s quite clear that LLMs still don’t have any killer feature. The industry marketing was already talking about skyrocketing productivity, but in reality very few jobs have changed in any noticeable way, and LLM are mostly used for boring or bureaucratic tasks, which usually makes them even more boring or useless.

Personally I have subscribed to kagi Ultimate which gives access to an assistant based on various LLMs, and I use it to generate snippets of code that I use for doing labs (training) - like AWS policies, or to build commands based on CLI flags, small things like that. For code it gets it wrong very quickly and anyway I find it much harder to re-read and unpack verbose code generated by others compared to simply writing my own. I don’t use it for anything that has to do communication, I find it unnecessary and disrespectful, since it’s quite clear when the output is from a LLM.

For these reasons, I generally think it’s a potentially useful nice-to-have tool, nothing revolutionary at all. Considering the environmental harm it causes, I am really skeptical the value is worth the damage. I am categorically against those people in my company who want to introduce “AI” (currently banned) for anything other than documentation lookup and similar tasks. In particular, I really don’t understand how obtuse people can be thinking that email and presentations are good use cases for LLMs. The last thing we need is to have useless communication longer and LLMs on both sides that produce or summarize bullshit. I can totally see though that some people can more easily envision shortcutting bullshit processes via LLMs than simply changing or removing them.

I like the idea of canaries in documents, I think is a good point but obviously it only applies to certain types of data. Still a good idea.

Looking at OP, they seem a small shop, with a limited budget. Seriously the best recommendation I think is to use some kind of remote storage for data (works as long as the employee complies) and to make sure the access control is done in a decent way (reducing the blast of employee behaving maliciously). Anything else is probably out of reach for a small company without a security department.

Maybe I sounded too harsh, that’s just because in this post I have seen all kinds of comments who completely missed the point (IMHO) and suggested super complicated technical implementations that show how disconnected some people can be from real technical operations, despite the good tech skills.

DLP solutions are honestly a joke. 99% of the case they only cost you a fortune and prevent nothing. DLP is literally a corporate religion.

What you mentioned also makes sense if you are windows shop running AD. If you are not, setting it up to lock 1 workstation is insane.

Also, the moment the data gets put on the workstation you failed. Blocking USB is still a good idea, but does very little (network exfiltration is trivial, including with DLP solutions). So the idea to use remotely a machine is a decent control, and all efforts and resources should be put in place to prevent data leaving that machine. Obviously even this is imperfect, because if I can see the data on my screen I can take a picture and OCR it. So the effort needs to go in ensuring the data is accessed on a need basis.

Jamf doesn’t do anything for this problem, besides costing you a fortune in both license and maintenance/operation. Especially if you are not a Mac shop.

MDM at most can be used as a reactive tool to do something on the machine - as long as the one with the machine in their hand leaves the network connection on.

There are much cheaper solution to do that for 1 machine, and -as others correctly pointed out- the only solution (partial) here is not storing the data on a machine you don’t control. Period.

Yeah, that’s what I wrote too, but that is still a very fragile way. For once, you depend on a network connections, or in the local firewall not blocking you etc.

Reactive, on-demand ssh is something you can do for tech support, not for security imho.

Disk encryption is a control against lost or stolen device and malicious physical access (kinda). Storing the data elsewhere is more a control (or the basis for controls) against malicious insiders.

Your ability to SSH in the machine depends on the network connectivity. Knowing the IP does nothing if the SSH port is not forwarded by the router or if you don’t establish a reverse tunnel yourself with a public host. As a company you can do changes to the client device, but you can’t do them on the employee’s network (and they might not even be connected there). So the only option is to have the machine establish a reverse tunnel, and this removes even the need for dynamic DNS (which also might not work in certain ISPs).

The no-sudo is also easier said than done, that means you will need to assist every time the employee needs a new package installed, you need to set unattended upgrades and of course help with debugging should something break. Depending on the job type, this might be possible.

I still think this approach (lock laptop) is an old, ineffective approach (vs zero-trust + remote data).

Useful for standardized management of fleets, but requires personnel to maintain and configure it, but I don’t think it’s very effective (or feasible - I doubt they will even join the call for a 1-device contract) for what OP needs.

This is honestly an extremely expensive (in terms of skills, maintenance, chance of messing up) solution for a small shop that doesn’t mitigate at all the threats posed.

You said correctly, the employee has the final word on what happens to the data appearing on their screen. Especially in the case of client data (I.e., few and sensitive pieces of data), it might even be possible to take pictures of the screen (or type it manually) and all the time invested in (imperfect) solutions to restrict drives and network (essentially impossible unless you have a whitelist of IPs/URLs) goes out the window too.

To me it seems this problemi is simply approached from the wrong angle: once the data is on a machine you don’t trust, it’s gone. It’s not just the employee, it’s anybody who compromises that workstation or accesses it while left unlocked. The only approach to solving the issue OP is having is simply avoiding for the data to be stored on the machine in the first place, and making sure that the access is only for the data actually needed.

Data should be stored in the company-controlled infrastructure (be in cloud storage, object storage, a privileged-access workstation, etc.) and controls should be applied there (I.e., monitor for data transfers, network controls, etc.). This solves both the availability concerns (what if the laptop gets stolen, or breaks) and some of the security concerns. The employee will need to authenticate each time with a short-lived token to access the data, which means revoking access is also easy.

This still does not solve the fundamental problem: if the employee can see the data, they can take it. There is nothing that can be done about this, besides ensuring that the data is minimised and the employee has only access to what’s strictly needed.

Isn’t that a quote from Snatch?