Why? My friend needed a way to use his Bluetooth mouse and keyboard on a PC with Bluetooth disabled due to policy restrictions. This tool acts as a bridge, relaying Bluetooth input over USB. It also lets you use Bluetooth peripherals with older devices that only support USB input.
Tech: Written in Go, optimized for Raspberry Pi Zero W.
I love HN’s community and often lurk here—I’m hoping this project is useful or at least sparks some interesting discussions. Feedback and contributions are welcome!
Protip: If their company's IT section is like the one at my old company, they are quite unlikely to like this solution, either.
But it's very clever. Kudos.
Another thought around this is that I don't even think there's anything intrinsically insecure about BT as an attack vector but most likely some old policy based on security issues that existed in the early days of Bluetooth. Or at least I don't know of any, but I'm no expert in this so I would love to hear other people's insights here.
It sucked. Big time, but they had the clout.
Remote work at startups has largely removed my need for this kind of behavior. Now I'm mostly just mad that I can't always run Linux at work anymore.
Well.
Other departments ask for equipment, but only hear no back. Management product like Monday? No. Dedicated solution for jobs they don't understand? Hell no!
It's tough to be part of this. I know security is hard. Budget limit stuff. But we can, and should do better.
Same here, though I've never been in a significantly restrictive place with no authority (in current long-term DayJob I have some involvement in decisions wrt what restrictions are appropriate, and what exceptions to them are appropriate).
If someone is in a truly restrictive environment, they should take care. A deliberate breach of policy could be a job terminating excuse, or at least further justification, if someone wants them out of the way for any other reason, and in such circumstances a workaround and a breach will be seen in the same light.
My company's IT department is Windows clickops people who hire other Windows clickops people. When something goes wrong that requires the command line, they spend five figures on a consultant to fix it. Ditto for the few dozen Linux machines in the company.
Some of our departments, including mine, run Macs. I can't count the number of times I've had someone from IT tell me "OK, now click 'Start'…" or whatever the Windows convention is these days.
All they'd have to do is hire one guy who knows the command line, and one guy who knows how to support Macs. There must be a hundred people in the IT department, but they keep hiring the same type of people over and over.
I wish it was unique to my company, but there was an identical situation where I worked a few years ago.
Wired connections are inherently more difficult to attack. In security critical applications banning bluetooth is perfectly reasonable.
The best way to correctly fight Shadow IT is to provide equipment and services so good nobody would even care using something else.
Some people will always want to bring their own equipment, but a lot of it is caused by penny pinching or lack of options
Also: if you work with certain customer data a good way to not only loose your job, but a ton of money would be to e.g. put that data into your shadow IT that might be running on some servers somewhere. E.g. people constantly asked us to use Zoom "because it is free and works", but we were in the public sector and a contract with them that guaruantueed the privacy of our clients would have costed a significant fraction of our yearly IT budget — and we are required by law to have such a contract.
When you then ask those people if they want to part with that money suddenly nobody is so adamant anymore.
This was especially true for memory sticks, but keyboards, and even bus-powered things like fans (or nerf turrets) would get banned.
They had the power to get you fired, if you crossed them.
They did not like my team, because we were the only ones in the building, that knew what bullshitters they were.
We had all kinds of scary tech, like custom-compiled metrics software from Intel.
They insisted that all of our machines run their malwa- er, security software.
It would totally screw up our measurements.
It quickly grows past the 2-3 sanctioned models. Everyone wants something not on the list, lots of bickering of "why was that model chosen?", etc. Well that pre-approved model is $150, this is only $175. Bob got that $175 model, this is only $200, it's not that much. Jenny got that $200 model, this is only $250. Jenny's got a $250 keyboard? I gotta upgrade, here's this $300 model... Wait did the company just buy Bill a 55" 4K display? I need that too...
Suddenly your $150/person budget has exploded to replace everyone's equipment for $1,000+ otherwise it's just not fair someone else got more.
Personally I'm fine with me buying and owning my own kb+m. Maybe give a once a year or two office hardware stipend or whatever. Then otherwise make basic stuff available for free. If you're wanting a $200 keyboard you're probably wanting a particular $200 keyboard, and it's probably not one of those 2-3 approved models.