limonfiesta

Unless it’s for SMTP only, it’s probably a back end sever to some other front facing box, or service, that has IP addresses whitelisted for email.

I’m pretty sure I read one of his comments elsewhere talking about tunneling everything over SSH, so I assume that’s what he meant, but I could be mistaken.

Regardless, using an EOL distro as an internet facing SSH server that’s 8 years behind on SSH updates, is probably a bad idea.

We’re not talking about some punch card COBOL machine he jimmy rigged with network access, it’s an old Debian Linux box with SSH enabled.

It’s not like Metasploit would have a tough time finding unpatched vulnerabilities for it…

I’m assuming they meant that they were company phones, and that additionally they were required for any work related MFA requirements.

If that’s the case, it would be YubiKey in addition to, not instead of.

As for the time tracking software, those are often part of a much larger accounting, payroll, and/or HR software suite. Having his team spin up Windows vms, or even have separate older windows boxes somewhere, probably makes more financial sense than not. At least, until they can switch to a more modern suite that has a web portal.

You realize that gig economy is the neoliberal slang for a poverty class work, but without the rights of workers, right?

So you’re criticizing people who are forced by the system in which we live, to be ordered around by a fucking algorithm, and then take abuse from people who have enough money to NOT work in the gig economy, but no where near enough to actually own the servant class they get off on abusing.

You just answered your own question. How many users click approve without thinking? How many install Xposed modules that intentionally, or unintentionally, create security issues?

I didn’t say rooting will break your security, just that it can. Rooting exponentially increasing the attack surface, which for some users isn’t a concern, but for your average user, it probably should be.

In this case, this person wanted to increase his privacy, which is why I recommended what I did.

Also, FWIW, there’s a reason why GrapheneOS and DivestOS specifically design their ROMS to NOT be rooted and to RELOCK the bootloader.

Rooting can harm the security of your device, significantly.

I understand you’re wanting to root for privacy reasons, and I’m not saying you should never root, just understand the risks.

Instead, I’d suggest keeping your Pixel and installing GrapheneOS.

Or, find another phone that is supported by DivestOS.

Both of those ROMs are privacy and security hardened and relock your bootloader for a secure boot.