[shubb]

Have a fun laptop, a work laptop, and maybe banking tablet?

As a good corporate drone, this arrangement is kind of forced on me, but a lot of small company / startup folks totally mix the two. Might be a good thing to not do.

Sure it doesn't protect you from e.g. a tool you need for work being compromised, but it reduces the attack surface - this guy probably wouldn't have installed handbrake on his work machine.

Another thing we do specifically because medical data is, a lot of the time I'm forced to work inside a non internet connected network that I vpn and then remote desktop to. Firewall rules mean the only thing getting in from my laptop is vnc. Some systems also require plugging into a specific physical network. Overkill for most uses but it makes losing laptops fat less scary if you can keep a lot of your stuff on a more secure remote system.

[waz0wski]

> Have a fun laptop, a work laptop, and a banking tablet?

Try out Qubes: http://qubes-os.org

[shubb]

This is a really good thing, and thank you for showing it to me.

Something like this could be good if you wanted to rapidly switch between different compartments on a single device. It would be great for e.g. keeping a 'sensitive data' compartment seperate from a 'emails and paperwork' compartment on a work laptop.

Doing something like this is certainly better than using a single device with no seperation or just user accounts.

Psychologically, I still think that training people to use different devices for different things is more likely to stick than (account seperation on steroids). This extends to physical security - not leaving a work laptop in your backpack in a nightclub cloakroom like you might a personal device. But in the end with that reason, at a small comapany where you can avoid hiring idiots, it's up to each person to decide what psychological tricks they need to get themselves to do things.

I wouldn't trust something like this to keep high security information seperate. When some exploit that escapes Xen or (for a corp) accesses windows systems otherwise securely configured, there is nothing like isolated networks to keep your blood pressure low. For most software a service dev type people you already have this - your data lives in a data center on carefully configured production servers. But for data science type users, you see a lot of people (especially in accademida) doing work with potentially scary datasets on local laptops they probably also watch pirate TV on at home, which is a bit concerning. I guess at least if they were using qubes it would be a bit better though.

[greedo]

Training users has been tried for over two decades and has largely failed to hinder black hats in any significant way.

[coldtea]

Failed on the users who took well to the training, or to those who ignored it/failed it?

Because we can always not care about those others in the context of what we should do.

[greedo]

Failed to improve computer security overall. Users (generally speaking, not HN readers) don't have the skills/inclination/time to be proficient at managing their systems. Efforts to educate them in malware avoidance, system upkeep etc etc are failures by and large.

Technology can only do so much to "protect" users from themselves, and from miscreants. Couple this with an indifference to privacy on most of the connected population, and you've got a recipe for a world where nothing is safe.

http://panelsyndicate.com/comics/tpeye

[joshstrange]

> Have a fun laptop, a work laptop, and maybe banking tablet?

I would both prefer and hate this setup. I use my personal laptop for work and having all my apps, data, settings, etc available in one place is amazing. I could get past using different computers but the sad reality is my provided work computer is underpowered compared to my 3.5 year old macbook. I can run circles around my coworker's machines on the simple fact I have an SSD. IDEA opens in seconds for me while they go get a cup of coffee. Our desktops haven't been updated in probably 4+ years and I strongly believe they'd be more productive on macOS than on whatever flavor of linux they are using (Most use Linux because they'd rather die than use Windows and they can eek a little more performance out). A number of them have older macbooks they use for meetings but they aren't powerful enough to actually develop on.

[ungzd]

"Work" usually requires more software to be installed than "fun". This "Handbrake" app may be used for creating videos for web, for example.