On 2024-01-20 10:14, Peter King via talk wrote:
Can't say that I disagree with any of this. I protested when the UofT decided to amalgamate all its services on Microsoft Server (to no avail), and even more so when they made it all but impossible not to use Outlook (after using mutt happily for years and years) - on the grounds that Outlook somehow had "more modern" security, which turned out to be doublespeak for "proprietary closed-source protocols" for accessing the mailserver that they now controlled. Rewriting links and pushing their brand is the completely predicable result.
A few years ago I found a package that would proxy IMAP into an Exchange server. If I remember correctly it was called davmail. It made some of the problems with a clients insistence on Exchange go away.
I tried to warn people in IT that this was all security theatre, but they, like me, were victims of decisions made by administrative staff rather than made by informed technical experts. There you have it.
Just recently I was told that the University would not allow me to ssh in to my office computer "because ssh had to be protected from the internet" (!), and instead I was supposed to use some binary blob to create a VPN into the UofT network -- and how having one point of entry into the whole system, trusted internally, "improves" security over a single ssh connection to a single computer, I could not tell you (and neither can they). But it's policy, so that ends discussion.
I have been on both sides of that argument and there is something to be said for a single point of control. Generally speaking control over VPN users means that if you remove a user you have blocked their access. Random port forwards are harder to keep track of. However you could have run SSH from your office computer to your home computer and set up a port forward. [snip] -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||