[Ansil849]

> I try to not mix work and personal content on the same laptop

It's kind of jaw dropping to me at how this is still not the norm and how people gratuitously mix personal and work content on the same devices, both mobile and desktop.

[dotancohen]

Purchasing, carrying, and maintaining two devices is expensive, heavy, and tedious. Easy always beats safe. Not to mention that there may be significant overlap between work and play for some people. I code Magento (PHP) during the day and contribute to open source PHP efforts as a hobby. In which environment (work or personal) should my notes and bookmarks be?

When I have a company issued laptop I use two machines. When I don't, then I use two accounts on the same machine. Most Linux distros even allow fast account switching in different virtual consoles. I use a different background and panel color for the personal and work environments. It's not a perfect solution, but neither is separate devices.

[can16358p]

This.

My work and hobby life is completely entwined. I have one powerful machine and micromanage my time by switching between windows of work and leisure.

Add the fact that I do coding as work and video editing as a hobby which both need powerful machines, and it would be very stupid, unmanageable, and inconvenient to buy two MacBooks.

[pharmakom]

Dual boot or at least have 2 users.

[can16358p]

I constantly switch between windows and micromanage time.

That's just impossible.

[Stratoscope]

I remember when I worked at an Alphabet company and they offered the option of using your personal phone to sign in to work stuff. (It wasn't Slack, it was one of the seventeen different chat systems they had going at the time.)

There was a teensy-weensy little caveat: Google IT could wipe your personal device at any time!

No thanks.

[yjftsjthsd-h]

That's... odd. Was this a long time ago? Because these days Android has work profiles that specifically exist to let you shove work stuff in its own separate space that can be managed separately from the rest of the device, and Google itself not using the feature that they built into the OS to support that exact situation would seem really weird.

[rwiggins]

Google does use Android work profiles - if you have an Android device. Unfortunately, iOS doesn't really have an equivalent concept (e: see comment below), so device-wide privileges are necessary there.

Everyone has their own level of comfort, of course. I've worked for two employers now whom I've given the power to erase my personal iPhone in exchange for the convenience of not needing to lug around a second phone.

Disclosure: I work at Google; opinions are my own.

[saagarjha]

iOS has user enrollment which is broadly equivalent: https://support.apple.com/guide/deployment/user-enrollment-a.... Google does not adopt this (but it could, b/234963918).

[rwiggins]

Oh, thanks for the link. Looks like I'm out of date. Seems to be a relatively newish feature (~2020), but on the surface that does seem ideal. I haven't dug into the specifics, so I'm not sure if there's a gap preventing its use or if it's just a matter of priorities.

[saagarjha]

I don't have any real insight into this but my guess would be that enterprise stuff moves slowly and often has complaints about the new solution not having all the management features they used to use.

[Stratoscope]

Yeah, it was a while ago, and it's possible that I could be remembering some details wrong. It just struck me as "no, I would rather carry a separate work phone if I have to."

[yjftsjthsd-h]

Oh yeah, given that choice I would, and have, done the same! I just thought it was a mostly solved problem these days (but would like to know if not)

[inferiorhuman]

Yeah BlackBerry 10 had a similar feature called BlackBerry Balance. Still I'd rather carry two separate phones.

[macintux]

That’s a widespread problem. I worked for a dramatically smaller IT firm and it also gave employees the opportunity to register their phones with the company’s Exchange service; when I asked my boss whether we should warn them about the power that gave us, he felt it would just cause unnecessary alarm.

[idontpost]

Your boss was an asshole.

[bryanrasmussen]

well, probably, but maybe it meant that while it gave the power to do this he would never do it. However one should never say never in business, so maybe naive.

[sofixa]

At least on Android, adding a corporate account explicitly lists what access you're giving to the corporate administrators.

[tannhaeuser]

Umm, I remember a time when Personal Computers were seen as universal, do-it-all devices. And there was this expectation, you know, that your FOSS-OS will put all your security and privacy choices into your hand. That was roughly before folks took the red pill and went all-in on intransparent browser apps and would program their change-the-world app for themselves, to be released when ready. Unlike today where they flaunt non-novel, insignificant, uninspired crap on github.

[can16358p]

I work for many different software projects.

I also do a lot of 4K video editing both as a hobby and occasionaly for work.

I also switch between tasks a lot daily.

I am mobile.

Yeah it would be perfectly economic, riskless, convenient, and definitely manageable to carry two fully specced MacBook Pros in my bag.

Not even jumping into the software licensing territory.

[ChrisMarshallNY]

Slack makes it easy. Terrible UX. I’m hoping it improves.

I have a set of different organizations in Slack, but I used to keep getting them mixed up (embarrassing).

What I did, was assign a different color theme to each org (on Mac. Doesn’t work on iOS). Helps me to differentiate quickly.

[rhinoceraptor]

Pretty much no company will pay for a work phone these days, even if you have on-call duty.

[lodovic]

I put a prepaid sim card in my old phone and use it exclusively for work 2fa. Now I can turn off that phone at my convenience and when this gig is over I can just switch to a new sim.

[Delk]

That sounds very culturally dependent. I don't know where the other people in this discussion are based, though.

[eurasiantiger]

If you work from home, have a separate work laptop, but connect it to the same network with your home computers, it’s all for nothing.

[saagarjha]

How so? Hopping around in your home network should not be possible by default and would be a gross overreach by any IT department, even beyond “you put data on this device and therefore we will search the entire thing”.

[lodovic]

Indeed, my work laptop is heavily firewalled, always assumes to be on an unsafe network, and uses a vpn and zscaler. Say you are on an airport wifi - I wouldn't expect corporate IT to scan the neighboring devices. No way it's going to snoop around on my home network, that would just expose the machine.

[eurasiantiger]

Interesting perspective difference; I was referring to protecting the work computer from threats, not the home network from corporate. You must work at happy places…

Apparently you would also be surprised by how common it is to use a home printer, a home wifi access point, etc. and have IoT devices in the network. Corporate firewalls and scanners only protect against unauthorised connections and known threats; zero-day exploits can still be much more effective from a local network.

[saagarjha]

I have a pretty dim view of endpoint security, seeing it mostly as a thing that works against me rather than for me. I feel that any threat model that includes "zero-day exploits" is almost always poorly formed and sensationalist, rather than grounded in a genuine evaluation of security tradeoffs.

[Aeolun]

Carrying two machines around all the time is no fun.