I’d like to tack on that this point can be used to highlight why this is so. It’s a deep concept that can be explained simply and produces a lasting positive impact.

Everyone has fantasies. Sometimes we want them to be realized. Most often: we don’t. Many people carry internal shame because of their fantasies and some of those people have difficulty with intimacy because of it.

Good sex with other people requires our investment in their comfort and pleasure. This can be emotionally complex and fulfilling to navigate. Masturbation is free of those complications but we often make up the difference via fantasy. This is normal and there’s no need to confuse one space for the other. Masturbation and sex may fulfill similar basic needs on the surface but, in practice, they are very different exercises. It’s normal for one’s preferences to be different for each and for those preferences to shift over time.

Don’t worry about “normal”. Focus on having a healthy, honest, and emotionally aware sex life instead.

Sure! That’s an SMTP Relay. A lot of folks jumped on the poopoo wagon. It’s common wisdom in IT that you don’t do your own email. There are good reasons for that, and you should know why that sentiment exists, however; if you’re interested in running your own email: try it! Just don’t put all of your eggs in one basket. Keep your third party service until you’re quite sure you want to move it all in-house (after due diligence is satisfied and you’ve successfully completed at least a few months of testing and smtp reputation warming).

Email isn’t complex. It’s tough to get right at scale, a pain in the ass if it breaks, and not running afoul of spam filtering can be a challenge. It rarely makes sense for even a small business to roll their own email solution. For an individual approaching this investigatively it can make sense so long as you’re (a.) interested in learning about it, (b.) find the benefits outweigh the risks, and (c.) that the result is worth the ongoing investment (time and labor to set up, secure, update, maintain, etc).

What’ll get you in trouble regardless is being dependent on that in-house email but not making your solution robust enough to always fill its role. Say you host at home and your house burns down. How inconvenient is it that your self-hosted services burned with it? Can you recover quickly enough, while dealing with tragedy, that the loss of common utility doesn’t make navigating your new reality much more difficult?

That’s why it rarely makes sense for businesses. Email has become an essential gateway to other tooling and processes. It facilitates an incredible amount of our professional interactions. How many of your bills and bank statements and other important communication are delivered primarily by email? An unreliable email service is intolerable.

If you’re going to do it make sure you’re doing it right, respecting your future self’s reliance on what present-you builds, and taking it slow while you learn (and document!) how all the pieces fit together. If you can check all of those boxes with a smile then good luck and godspeed says I.

There’s some good advice in the comments already and I think you’re on the right track. I’d like to add a few suggestions and outline how I think about the problem.

Ask if the vendor has installation administrator guides, whitepaper, training material, etc. If yes: ask that they send it to you. You may also be able to find these on the vendor’s website, customer portal, or a public knowledgebase / PDF repo.

I would want to know three things.

1. How do users authenticate through the application?
2. What are all of the ways users may access the application (local only, remote desktop, LAN only, full server/client model)?
3. Does the vendor have any prescribed solutions for defining who has access to the application, at what privilege level, with access to what features?

i.e. What parts of the user access, authenticate, authorize pipeline do application admins or system admins have control over and how can we exercise that control?

Based on some context I assume that the app is reading from Active Directory using RADIUS or LDAP for user auth and that people are physically logging into the machine.

If this is the only method of authentication then I would gate the application with a second account for each employee who requires access for business reasons defined in their job description (or as close as you can get to that level of justification - some orgs never get there). You can then control who has access to the machine via group policy. Once logged in the user can launch the application with their second account (which would have the required admin access) via “Run as…” or whatever other methods you’d prefer. No local admins logging in directly and yet an application which users can launch as admin. Goal achieved.

This paradigm lets us attempt balancing security concerns with user pain. The technically literate and daringly curious will either already know or soon discover they can leverage this privilege to install software and make some changes to the system. The additional friction, logging, and 1:1 nature of the account structure makes abusing this privilege less attractive and more easily auditable if someone does choose the fool’s path.

I can imagine more complex set ups within these constraints but they require more work for the same or worse result.

Ideally you run the app with a service account and user permissions are defined via Security Groups whose level of access is tied to application features instead of system privs. There are other reasonable schemes. This one is box standard and a decent default sans other pressures.

If other methods of auth are available (like local, social, cloud, etc) then you’ll have more decent options. I would define the security objectives for application access, define the user access objectives from the Organization’s perspective, and then plot each solution against those two axes (napkin graphs - nothing serious). Whichever of the top three is the least administratively burdensome is then selected as my first choice for implementation with the other two as alternatives.

An aside: unless there is only one reasonable choice most folks find one option insufficient, two options difficult to decide between, and four options as having one option too many - whenever possible, if another party’s buy-in is desired, present either three options or three variations on one option. This succeeds even when the differences are superficial, especially when the subject is technical, and 2x if the project lead is ignorant of the particulars. People like participating.

I’d then propose these options to my team/direct report/client, decide on a path forward together, and plan the rest from there. There’s more to consider (again dependent on org maturity) but this is enough to get the project oriented and off the ground.

Regarding FOSS alternatives: you’re likely locked in with the vendor’s proprietary software for monitoring the cameras. There are exceptions but most commercial security system companies don’t consider interoperability when designing their service offerings. It might be worth investigating but I’d be surprised if you find any third party solutions for monitoring the vendor’s cameras which doesn’t require either a forklift replacement of hardware, flashing all of the existing hardware, or getting hacky with the gear/software.

I hope this helps! <3

Your closing sentence hints at the root of the misunderstanding here. It also fails to strengthen your initial claim at all. This study’s Lay summary sets it out perfectly.

Many autistic individuals report feelings of excessive empathy, yet their experience is not reflected by most of the current literature, typically suggesting that autism is characterized by intact emotional and reduced cognitive empathy. To fill this gap, we looked at both ends of the imbalance between these components, termed empathic disequilibrium. We show that, like empathy, empathic disequilibrium is related to autism diagnosis and traits, and thus may provide a more nuanced understanding of empathy and its link with autism.

Autistic folks don’t always exhibit the socially defined traits of autism. Absence of evidence isn’t evidence of absence, right? So while your [claim] [double-down] [pre-emptive concession] [claim] ends with a claim that’s reasonable it is also fundamentally disconnected from the initial claim (which is, at best, half-true). Social and non-social traits are additional dimensions on a complex spectrum. Defining autism only by its more visible / stigmatized traits perpetuates the false equivocations of abnormal with disordered and disordered with diseased.

Sent with love ❤️