… mostly the other way around?

Theoretically it is possible that a compromised machine could compromise a USB stick. If you are at the point where you are having to worry about government or corporate entities setting traps at the local library? You… kind of already lost.

Which is the thing to understand. Most of what you see on the internet is, to borrow from a phrase, Privacy Theatre. It is so that people can larp and pretend they are Steve Rogers fighting a global conspiracy while necking with a hot co-worker at an Apple store. The reality is that if you are actually in a position where this level of privacy and security matters then you need to actually change your behaviors. Which often involves keeping VERY strong disconnects between any “personal” device and any “private” device.

There have been a lot of terrible (but wonderfully written) articles about journalists needing to do this because a government or megacorporation was after them. Stuff like having a secret laptop that they never even take out of a farraday cage unless they are closer than not to an hour away from wherever they are staying that night.

I think any “privacy oriented OS” is inherently a questionable (kneejerk: Stupid and reeks of stale honey) strategy in the first place.

A very good friend of mine is a journalist. The kind of journalist where… she actually deals with the shit the average person online larps and then some. And what I and her colleagues have suggested is the following:

Two flash drives

• One that is a livecd for basically any linux distro. If you are able to reboot the machine you are using and boot to this, do it. That helps with software keyloggers but obviously not hardware
• One that is just a folder full of portable installs of the common “privacy oriented” software (like the tor browser) supporting a few different OS types.

Given the option? Boot the public computer to the live image. Regardless, use the latter to access whatever chat or email accounts (that NEVER are logged into on any machine you “own” or near your home) you need.

It isn’t about being reasonable.

If you are expected to track your time to this degree (and, to make it clear, the majority of employers actively don’t want you to), there is a reason. That reason usually being different funding sources. Generally a mix of grants and clients.

And if a client or grant source finds out you are lying about those? Maybe you only had enough work to do 34 hours instead of 40 hours in one week. Would you be cool paying extra because the guy repairing your muffler had a slow week?

And if people think being proud of a tool that openly talks about what everyone else silently does isn’t a red flag for employers? Hey, its a great job market so I am sure none of that will matter.

Tracking time is fine.

Normalizing your time to the hours you were supposed to work is a massive no no. Especially if you are expected to break down your hours per project.

I mean, you obviously do it. But you never put it in writing.

Pretending the most important use of bit torrent is Linux ISO’s is the kind of cya that people giggle at.

If a candidate I am interviewing has a tool to change their reported hours to me or clients on their public GitHub? That person is radioactive no matter how many times they say “but don’t do anything naughty wink wink”

So … it is a tool to automate time fraud?

Make sure to put this front and center on your CV

I selfhost my own nextcloud for notes and documents that I would like on my phone but not via google.

It is not a google docs/gmail/whatever replacement. They’ve spent the past few years hardening it and pushing for all the hallmarks of enterprise first software (e.g. making it a complete fustercluck to not have a proper domain name) but you still have stability and performance issues and the occasional upgrade issue that fucks up everything

I would also point out that if you aren’t selfhosting, what are you actually getting out of this? You are just spreading your data out to other companies who are often less transparent about how they monetize you.

The “vibe” doesn’t really matter. You are getting paid to do a job, you are gonna do it. You can’t refuse to write documents because you have to use Word instead of Google Docs or whatever.

No, it really is the training. Because the most obnoxious thing in the work force is an old white guy. They can’t outright say “no”. But they will do everything in their power to talk about how EVERYTHING is a blocker and they can’t get any work done because nobody wanted to teach them something. Or nobody was able to answer the questions that they refuse to ask. And so forth.

Having a database of training videos or even an outsourced consultant goes a long way toward “Hey Jon? Nobody gives a shit. Do your job”. Whereas having to link to just a document or explain something yourself is how they will actively refuse to ever retain any information.

Things get weird as corporations increasingly have power comparable to nation states.

But, generally, I would rather a megacorporation than a government. Because megacorps are at least “smart enough” to pretend they aren’t trying to take over the world. Whereas governments have a tendency to justify a lot of horrible shit for righteous reasons.

But, in a perfect world? I would rather a wide range of different donors and backers but mostly clustering around maybe fortune 500 companies instead of fortune 10?

My buddies and I have worked at companies that went through similar transitions and reversions.

The issue is not the cost or even the ideology. It is the training and support. There are a LOT of really good training resources for MS Office and, at least for millennials, outright education in k-12. So, by switching to libre office or anything similar, you are suddenly putting a large burden on yourself and random enthusiast youtubers who will start advertising nordvpn partway through explaining what a pivot table is. Because the vast majority of people don’t know how to google “how to edit the footer for slides in Libre Office”

And that RAPIDLY adds up to being a lot more expensive than even the full priced licenses from MS. your more technically competent staff suddenly have very large support burdens because “Oh, I just have a quick question” and that increases their burnout.

That said, it is going to be really interesting in the next 5-10 years (… assuming the world doesn’t end in a series of thermonuclear explosions first) since gen-z are very much brought up on Google Docs and the like. So even MS Office will have a significant training overhead for new hires.

At one of my other jobs we had to migrate a codebase from SVN to Git. it… was incredibly overdue and it was making for a greater burden on new hires who had to learn an antiquated toolset to contribute. But it was a genuine concern because most of the existing developers who understood “where the bodies were buried” had already “suffered through giving up on CVS for no good reason”. And we genuinely had to acknowledge that we would lose staff “on both sides” and, while I am not proud to admit it, more or less set up a few underperforming early career staff to be sacrificial lambs. Making it a point to let Old Fuck #5 know that the guy who was struggling to understanding how to write performant kernels was available to work through how to write a commit message. That way the rock stars who we were dependent on would not put in their notice.

And having a government as a significant backer for an open source project is a great recipe for conflicts of interest and general trust erosion.