RealAccountNameHereGoogle’s new security pilot program will ban employee Internet access
Bilb!This seems pretty normal honstly
ScrubblesHonestly yeah… makes sense. You tell me that Cheryl in customer service needs internet
NaoPbWhen you say it like that… it does make sense yeah.
Vodulas [they/them]Having worked in customer service, if you actually want to help customers, yes.
Honestly restricting access to those that require it and going the extra mile to make your whole building a faraday cage would still seem basically fine to me.
You'd need to have a good way for people to get emergency messages, but it's a genuine security hole that could genuinely (it's not super likely but it's also far from impossible) cost your business a boatload of money.
I’ve worked in “secure” environments for the US military and yeah, open access to the internet while you’re on the job is absurd to expect
133arc585One thing I didn’t see mentioned is how feasible this really is. For a developer, if you have access to the code base and good documentation, you can get really far. For stuff that you can’t get from documentation, and would traditionally turn to the internet for, I assume Google is going to solve with an AI product. If it’s private for internal use and trained on appropriate data, they can provide the functionality of searching for coding questions without needing the internet. They’re able to use internal web tools to presumably contact coworkers, so this combination of coworkers, documentation, and AI is entirely sufficient.
Counter point. I would wager people are more productive scrolling 5 minutes through a Facebook post then taking a 30 minute coffee break talking to various coworkers. I would hate this. Also if you’re a developer how would you research something? No stack overflow? No access to forums to solve particular problems? Not sure this is sustainable.
HarkMahlbergLosing access to language reference docs would be huge. What are they gonna do, save them all locally? Maintain copies of those sites on the company intranet, at the company's expense? What happens when the next version of Python is released?
This is a real cut the nose the spite the face move. Google would hemorrhage developers.
I mean, Google does index and cache most webpages internally already. So yeah, maybe. But after reading the article it doesn’t sound like they’re doing that.
I mean let's say they solve that part, sure. Let's go back to Google's original intent for this maneuver: they want to beef up "security."
Ars Technica's sub-title line says "You can't get hacked if you aren't on the Internet." That is utter nonsense. I'll take "What is E-Mail?" for 500 Alex. Surely they wouldn't block EMAIL right? How would they communicate with vendors, partners, governments, etc? Does Google think phishing emails, ransomware, etc don't work if you don't have internet access?
Actually, most email malware is staged now, so it wouldn’t work. PDFs with the malware embedded get flagged, so PDFs with a link to the malware replaced them. Even most ransomware is via an external link.
If I had access to a good LLM, that’d be enough for 99% of my research. And the other 1% I could probably do on a phone.
LLMs produce text. They don’t answer questions. If the probability of the keywords in the question being used in correlation with the answer often enough, it might (re)produce the actual answer. But you can never be sure.
LLMs are not a source for information.
Can’t Google your obscure package’s runtime error? Guess you aren’t gonna do anything of value for the rest of the day.
The DoctorAs long as the money’s green…
Why not? They already do for the vast majority of this stuff. It’s not that much and releases of these things are structured and indexed everywhere anyway.
Storing local copies of docs is a thing some companies do. I’ve worked at a couple of places that did that. And when the next version of $foo is released, and the devs get the go-ahead to use it,
wget gets executed to make a new copy. Sucks, but that’s the threat model in some places.
Jones on them, half of their developers coffee comes from stack overflow.
Rip productivity
Seems rather bizarre to me, though it could make sense for some non-technical roles. For developers, seems a bit impractical; much of language documentation is online and odd errors, common and esoteric, are frequently completely absent from docs. This seems likely to require devs to either use unauthorized devices or waste time digging through source (possibly for the programming language itself) to figure things out.
However, the remark about root access makes me hope that there are not people logging into systems at Google as root. A sudoer, sure, but root is a big no-no.
su root
rm -rf /SteveHuffmanData/SearchHistory/RealStuff
mv HorseNPigPorn.jpg LemonParty.html TubGirl.png SteveHuffmanData/SearchHistory
sudo cat bleach | /dev/eyes
Seems like they could have a machine with higher level access air gapped, and a less secure machine for browsing the internet but not internal tools. Would still suck for copy paste and things of the line, but would probably work in most cases.
I would think that this would be an approach that absolutely makes sense for corporate infra systems like domain servers, systems with access to network configs, etc.
Maybe adding an additional security tier? Something like “sandbox dev” where new third-party libraries and technologies can be tested and a “production dev” which is more restricted. That might be the “right” way.
The problem that I’d see is that productivity, development velocity, and release cadence would all take a nose-dive as software engineers have to continually repeat work, roughly doubling the real amount of work needed to release any piece of software. This would likely be seen as incompatible with modern business and customer expectations.
Prepare for productivity to tumble lol switching tabs and keeping working is much more efficient than switching between your phone and your computer screen if you’re at a desk job. I guess I can understand why they want to do this but they better get a lot more lax with people being on phones, which I’m not gonna hold my breath on. Just more ways to shit on employees for other companies to emulate, love this capitalist innovation!
I hope organisations invest in qubes os and other container/virtualization tools to make them more practical.
Taking radical steps like cutting off internet would hurt productivity as much as it improve security.
Social Credit Systems, here we come!
Can’t organize forming Unions if all you can use is corporate services.
Ars Technica just parroting a CNBC report third hand, when they could add some useful context by sharing traffic numbers to their site from Google-owned IP addresses and user agents.