72
Google’s new security pilot program will ban employee Internet access (arstechnica.com)
submitted 11 months ago by RealAccountNameHere@beehaw.org to c/technology@beehaw.org
35 comments fedilink hide all child comments
top 32 comments
sorted by: hot top controversial new old
[-] Jaamulberry@beehaw.org 37 points 11 months ago

Counter point. I would wager people are more productive scrolling 5 minutes through a Facebook post then taking a 30 minute coffee break talking to various coworkers. I would hate this. Also if you're a developer how would you research something? No stack overflow? No access to forums to solve particular problems? Not sure this is sustainable.

[-] HarkMahlberg@kbin.social 19 points 11 months ago

Losing access to language reference docs would be huge. What are they gonna do, save them all locally? Maintain copies of those sites on the company intranet, at the company's expense? What happens when the next version of Python is released?

This is a real cut the nose the spite the face move. Google would hemorrhage developers.

[-] phoenixes@beehaw.org 13 points 11 months ago

I mean, Google does index and cache most webpages internally already. So yeah, maybe. But after reading the article it doesn't sound like they're doing that.

[-] HarkMahlberg@kbin.social 6 points 11 months ago

I mean let's say they solve that part, sure. Let's go back to Google's original intent for this maneuver: they want to beef up "security."

Ars Technica's sub-title line says "You can't get hacked if you aren't on the Internet." That is utter nonsense. I'll take "What is E-Mail?" for 500 Alex. Surely they wouldn't block EMAIL right? How would they communicate with vendors, partners, governments, etc? Does Google think phishing emails, ransomware, etc don't work if you don't have internet access?

[-] t3rmit3@beehaw.org 1 points 11 months ago

Actually, most email malware is staged now, so it wouldn't work. PDFs with the malware embedded get flagged, so PDFs with a link to the malware replaced them. Even most ransomware is via an external link.

[-] Mischala@lemmy.nz 6 points 11 months ago

Can't Google your obscure package's runtime error? Guess you aren't gonna do anything of value for the rest of the day.

[-] drwho@beehaw.org 1 points 11 months ago

As long as the money's green...

[-] wim@lemmy.sdf.org 4 points 11 months ago

Why not? They already do for the vast majority of this stuff. It's not that much and releases of these things are structured and indexed everywhere anyway.

[-] drwho@beehaw.org 2 points 11 months ago

Storing local copies of docs is a thing some companies do. I've worked at a couple of places that did that. And when the next version of $foo is released, and the devs get the go-ahead to use it, wget gets executed to make a new copy. Sucks, but that's the threat model in some places.

[-] abhibeckert@beehaw.org 1 points 11 months ago

If I had access to a good LLM, that'd be enough for 99% of my research. And the other 1% I could probably do on a phone.

[-] aksdb@feddit.de 14 points 11 months ago* (last edited 11 months ago)

LLMs produce text. They don't answer questions. If the probability of the keywords in the question are being used in correlation with the answer often enough, it might (re)produce the actual answer. But you can never be sure.

LLMs are not a source for information.

[-] Mischala@lemmy.nz 7 points 11 months ago

Jones on them, half of their developers coffee comes from stack overflow.

Rip productivity

[-] Whirling_Ashandarei@beehaw.org 20 points 11 months ago

Prepare for productivity to tumble lol switching tabs and keeping working is much more efficient than switching between your phone and your computer screen if you're at a desk job. I guess I can understand why they want to do this but they better get a lot more lax with people being on phones, which I'm not gonna hold my breath on. Just more ways to shit on employees for other companies to emulate, love this capitalist innovation!

[-] Hirom@beehaw.org 1 points 11 months ago* (last edited 11 months ago)

I hope organisations invest in qubes os and other container/virtualization tools to make them more practical.

Taking radical steps like cutting off internet would hurt productivity as much as it improve security.

[-] bilb@lem.monster 16 points 11 months ago

This seems pretty normal honstly

[-] scrubbles@poptalk.scrubbles.tech 13 points 11 months ago

Honestly yeah... makes sense. You tell me that Cheryl in customer service needs internet

[-] Vodulas@beehaw.org 30 points 11 months ago

Having worked in customer service, if you actually want to help customers, yes.

[-] buckykat@lemmy.fmhy.ml 22 points 11 months ago

implying Google has customer service

[-] Gormadt@lemmy.blahaj.zone 3 points 11 months ago

They sell products and ad space, I'd be surprised if they didn't have customer service

[-] chahk@beehaw.org 5 points 11 months ago

Have you tried to reach their customer service for any type of product? I don't mean free things like Gmail where you are the product, I mean things you buy with actual money, like phones or cell plans.

Gods help you if the problem you're experiencing is not resolved with a scripted response. Good luck if your Pixel phone needs repairs, or if your data plan is suddenly suspended for some weird reason. Enjoy playing "email ping-pong" where you wait a day between messages that ask you to do the same troubleshooting steps over and over.

[-] Gormadt@lemmy.blahaj.zone 1 points 11 months ago

Having bad customer service is different than having no customer service

If having bad customer service meant they had no customer service than almost no large corporations would have customer service

[-] NaoPb@beehaw.org 4 points 11 months ago

When you say it like that... it does make sense yeah.

[-] conciselyverbose@kbin.social 4 points 11 months ago

Honestly restricting access to those that require it and going the extra mile to make your whole building a faraday cage would still seem basically fine to me.

You'd need to have a good way for people to get emergency messages, but it's a genuine security hole that could genuinely (it's not super likely but it's also far from impossible) cost your business a boatload of money.

[-] bilb@lem.monster 11 points 11 months ago

I've worked in "secure" environments for the US military and yeah, open access to the internet while you're on the job is absurd to expect

[-] nickwitha_k@lemmy.sdf.org 10 points 11 months ago

Seems rather bizarre to me, though it could make sense for some non-technical roles. For developers, seems a bit impractical; much of language documentation is online and odd errors, common and esoteric, are frequently completely absent from docs. This seems likely to require devs to either use unauthorized devices or waste time digging through source (possibly for the programming language itself) to figure things out.

However, the remark about root access makes me hope that there are not people logging into systems at Google as root. A sudoer, sure, but root is a big no-no.

[-] RealAccountNameHere@beehaw.org 7 points 11 months ago

su root

rm -rf /SteveHuffmanData/SearchHistory/RealStuff

mv HorseNPigPorn.jpg LemonParty.html TubGirl.png SteveHuffmanData/SearchHistory

[-] nickwitha_k@lemmy.sdf.org 2 points 11 months ago

sudo cat bleach | /dev/eyes

[-] skwerls@waveform.social 1 points 11 months ago

Seems like they could have a machine with higher level access air gapped, and a less secure machine for browsing the internet but not internal tools. Would still suck for copy paste and things of the line, but would probably work in most cases.

[-] nickwitha_k@lemmy.sdf.org 2 points 11 months ago

I would think that this would be an approach that absolutely makes sense for corporate infra systems like domain servers, systems with access to network configs, etc.

Maybe adding an additional security tier? Something like "sandbox dev" where new third-party libraries and technologies can be tested and a "production dev" which is more restricted. That might be the "right" way.

The problem that I'd see is that productivity, development velocity, and release cadence would all take a nose-dive as software engineers have to continually repeat work, roughly doubling the real amount of work needed to release any piece of software. This would likely be seen as incompatible with modern business and customer expectations.

[-] Nuuskis9@feddit.nl 5 points 11 months ago

Social Credit Systems, here we come!

[-] zephyrvs@lemmy.ml 4 points 11 months ago

Can't organize forming Unions if all you can use is corporate services.

[-] chunktoplane@beehaw.org 3 points 11 months ago

Ars Technica just parroting a CNBC report third hand, when they could add some useful context by sharing traffic numbers to their site from Google-owned IP addresses and user agents.

load more comments
view more: next ›
this post was submitted on 20 Jul 2023
72 points (100.0% liked)

Technology

37208 readers
108 users here now

Rumors, happenings, and innovations in the technology sphere. If it's technological news or discussion of technology, it probably belongs here.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
alyaza@beehaw.org
TheRtRevKaiser@beehaw.org
gyrfalcon@beehaw.org
rs5th@beehaw.org
coldredlight@beehaw.org
Los@beehaw.org
SemioticStandard@beehaw.org
TheRtRevKaiser@kbin.social
remington@beehaw.org