[Ticket Closed] resolution: user should buy a macbook pro with at least the M3 processor
/s
SecOps put CrowdStrike's Falcon and Windows Defender on our Macs so we'd have about 20% CPU left for our actual dev work. That's not an exaggeration, staring at the System Monitor is all you can do when everything is locked up.
The Android emulator sucks the remainder with ease. The app performs better on a low end Android burner phone then our dev machines so at least we know our users are having a reasonable experience.
You just triggered some PTSD... years ago I had to send my CTO a recording of my screen with keyboard input lag on VSCode because CrowdStrike was eating up all my CPU.
I asked him if it was a good use of my (expensive) time to wait 30 seconds for characters to appear on my code editor.
Luckily he gave me a "special exemption" that allowed me to shut that monstrosity down !
It's so bad with my work laptop that I find myself doing work on my personal laptop and git patching it on my work laptop.
Also doesn't help that because I don't feel comfortable with all the monitoring software on my work laptop, I won't use the services I personally pay for with my work browser because I don't want the IT department scraping my personal passwords.
I had a couple of customers that deployed 7 endpoint security tools of the "hook into processes and inspect everything" variety. The exact mix was customer-specific, but if you're wondering what that looks like:
* Stand-alone "best of breed" endpoint DLP
* Stand-alone "best of breed" EDR
* Process whitelisting tool
* NAC posture assessment agent
* Three different AV agents
This is not even counting their VPN client(s) or the third party disk encryption agent they used.
I marveled at how they even got all of the agents to coexist, let alone have enough CPU left for people to do their jobs.
And after all that, your company gets hacked through a misconfigured router.
> And after all that, your company gets hacked through a misconfigured router.
Or a more likely scenario - some dev with admin on their machine grabs a malicious NPM package, EDR doesn't grab it because they successfully lobbied to have certain directories exempt for performance reasons (like DevDrive on Windows, or WSL). SSH keys get stolen, and despite all the fancy security products, the environment is still a mess (which is why there's so many products to cover up that fact) so the dev actually has keys to prod, then you're hosed.
I've seen my fair share of orgs with a plethora of security "solutions" and yet fail to understand some basic principles like least privilege or separation of concerns and think all their security software is going to save them.
Or one of the seven endpoint agents, each of which has a kernel module and at least half of which are doing dodgy process injection and read process memory shenanigans.