Those other applications come from an external vendor, we only provide the VM to run them.
We hate those even more than you do.

Sorry, those rules come from our cybersecurity insurance, or some compliance rules.
We hate them as much as you do.

IT guy here. If we give one user special rights, that login will get passed around like a blunt at a festival to “save time”.
Users are dumb and lazy, and that includes devs.

More like:
“IT people when software people talk about their requirements”

No, we won’t whitelist your entire program folder in Endpoint Protection.

My job is IT. Staffing is your job.

I dislike Ubuntu, because it literally never successfully upgraded from one release to the next.
It’s also the buggiest distro I’ve experienced, and I’ve tried quite a few. I’m talking about bugs like:

• do a fresh install
• log into Gnome
• first thing that pops up is an error message about a crashed service

or:

• do a fresh install
• open Software Center
• it doesn’t load, keeps spinning the cursor

Stuff like this disqualifies a distro for years in my opinion.

Just a heads-up: A fix is available. I got an update to libcups-filters last night.

I promise you, in the real world, fights were just as much of a shield shoving match while trying to slash your opponents ankle as they were in Europe.
The idea of a one-on-one sword fight decided by individual skill is much more of a romantic idea.

Wait, so if a visitor fails the v3 Captcha, v2 is used as a fallback?
That makes absolutely no sense.

I work in the private sector and our most essential systems run on Windows Server 2012. Because the installed applications can’t be migrated to anything else. After a reboot, there’s 21 scripts that need to be run in a specific order (with admin rights) to get the app running again. The frontend is an http webpage that’s open to the world.

The supplier of the software is a huge global corporation, market leader in their field.

Another pro tip: You don’t need to update Arch every day.
I update about once a month. Just make sure you read the news and deal with your .pacnew files.

I’m pretty sure Mint even has a graphical tool to install a newer kernel.

It’s actually touchpad-and-keyboard-friendly. IMO the perfect UI for a laptop, especially with a small screen.
If you use a 27" monitor and a mouse, it makes absolutely no sense. Use KDE für that.

A firewall by default blocks everything coming from outside going in (without being requested).
Firewalls can also block traffic going out from your PC to the internet. In a company where you need to protect against data exfiltration by employees, and as a last resort safeguard against malware communicating with outside servers, you want that. In that case, a security expert makes a detailed plan of all installed software, to determine what needs to connect from which internal IP to which external IP over which port. Then all other outbound traffic is blocked. This needs to be adjusted constantly, every time a new software is installed or an update changes a software’s requirements. It’s a full-time job.

On a home PC running Linux, that’s absolute overkill. There are no untrusted users in your home and you’re probably not the target for a directed attack by skilled actors. So just leave ufw on default, which blocks all inbound traffic and allows all outbound.

It’s less than the cost of our cybersecurity insurance, which will probably drop us on a technicality when the day comes.
And it’s not entirely an economic decision. The paper is family-owned in the 3rd generation, historically relevant as one of the oldest papers in the country, and absolutely no one wants to be the one in charge when it doesn’t print for the first time ever.

Or rather to find out if you can.

I can run a mod of doom with photorealistic graphics, all I need is a shotgun and a chainsaw.

We don’t. It’s a separate, simplified system that only lets the core team members access the layout-, editing- and typesetting-software that is locally installed on the bare metal servers.
In emergency mode, they get written articles and images from the reporters via otherwise unused, remotely hosted email addresses, and as a second backup, Signal.
They build the pages from that, send them to the printers, and the paper is printed old-school using photographic plates.

I’m just glad they got to see the consequences in another company.
Their senior IT admin had a heart attack a month after the ransomware attack.

Another newspaper in our region was unprepared and got ransomwared. They’re still not back to normal, over a year later.
After that, our IT basically got a blank check from executive to do whatever is necessary.