Technology @beehaw.org RealAccountNameHere @beehaw.org 1 yr. ago

Google’s new security pilot program will ban employee Internet access

arstechnica.com Google’s new security pilot program will ban employee Internet access

You can't get hacked if you aren't on the Internet.

35 comments

Counter point. I would wager people are more productive scrolling 5 minutes through a Facebook post then taking a 30 minute coffee break talking to various coworkers. I would hate this. Also if you're a developer how would you research something? No stack overflow? No access to forums to solve particular problems? Not sure this is sustainable.
- Losing access to language reference docs would be huge. What are they gonna do, save them all locally? Maintain copies of those sites on the company intranet, at the company's expense? What happens when the next version of Python is released?
  
  This is a real cut the nose the spite the face move. Google would hemorrhage developers.
  
  I mean, Google does index and cache most webpages internally already. So yeah, maybe. But after reading the article it doesn't sound like they're doing that.
  
  Can't Google your obscure package's runtime error? Guess you aren't gonna do anything of value for the rest of the day.
  
  Why not? They already do for the vast majority of this stuff. It's not that much and releases of these things are structured and indexed everywhere anyway.
  
  Storing local copies of docs is a thing some companies do. I've worked at a couple of places that did that. And when the next version of $foo is released, and the devs get the go-ahead to use it, wget gets executed to make a new copy. Sucks, but that's the threat model in some places.
  
  If I had access to a good LLM, that'd be enough for 99% of my research. And the other 1% I could probably do on a phone.
- Jones on them, half of their developers coffee comes from stack overflow.
  
  Rip productivity
Prepare for productivity to tumble lol switching tabs and keeping working is much more efficient than switching between your phone and your computer screen if you're at a desk job. I guess I can understand why they want to do this but they better get a lot more lax with people being on phones, which I'm not gonna hold my breath on. Just more ways to shit on employees for other companies to emulate, love this capitalist innovation!
- I hope organisations invest in qubes os and other container/virtualization tools to make them more practical.
  
  Taking radical steps like cutting off internet would hurt productivity as much as it improve security.
This seems pretty normal honstly
- Honestly yeah... makes sense. You tell me that Cheryl in customer service needs internet
  
  Having worked in customer service, if you actually want to help customers, yes.
  
  implying Google has customer service
  
  When you say it like that... it does make sense yeah.
- Honestly restricting access to those that require it and going the extra mile to make your whole building a faraday cage would still seem basically fine to me.
  
  You'd need to have a good way for people to get emergency messages, but it's a genuine security hole that could genuinely (it's not super likely but it's also far from impossible) cost your business a boatload of money.
  
  I've worked in "secure" environments for the US military and yeah, open access to the internet while you're on the job is absurd to expect
Seems rather bizarre to me, though it could make sense for some non-technical roles. For developers, seems a bit impractical; much of language documentation is online and odd errors, common and esoteric, are frequently completely absent from docs. This seems likely to require devs to either use unauthorized devices or waste time digging through source (possibly for the programming language itself) to figure things out.

However, the remark about root access makes me hope that there are not people logging into systems at Google as root. A sudoer, sure, but root is a big no-no.
- su root
  
  rm -rf /SteveHuffmanData/SearchHistory/RealStuff
  
  mv HorseNPigPorn.jpg LemonParty.html TubGirl.png SteveHuffmanData/SearchHistory
  
  sudo cat bleach | /dev/eyes
- Seems like they could have a machine with higher level access air gapped, and a less secure machine for browsing the internet but not internal tools. Would still suck for copy paste and things of the line, but would probably work in most cases.
  
  I would think that this would be an approach that absolutely makes sense for corporate infra systems like domain servers, systems with access to network configs, etc.
  
  Maybe adding an additional security tier? Something like "sandbox dev" where new third-party libraries and technologies can be tested and a "production dev" which is more restricted. That might be the "right" way.
  
  The problem that I'd see is that productivity, development velocity, and release cadence would all take a nose-dive as software engineers have to continually repeat work, roughly doubling the real amount of work needed to release any piece of software. This would likely be seen as incompatible with modern business and customer expectations.
Social Credit Systems, here we come!
Can't organize forming Unions if all you can use is corporate services.
Ars Technica just parroting a CNBC report third hand, when they could add some useful context by sharing traffic numbers to their site from Google-owned IP addresses and user agents.

You've viewed 35 comments.