Comment by throw-nodox-23

6 days ago

I.. I cannot restart my computer. Why? I work at a smallish agency as a developer. A few years ago we were acquired by a massive global corporation as part of the typical vertical integration strategy these big boys usually run with. Anyway, that’s all dandy as we otherwise would have perished during Covid. But this parent company, as many others, have some rather stringent security policies when it comes to IT. They use ZScaler for ”securing” traffic to- and from its employees’ computers. And wow has this been a boiled frog. At first it was fine, not that big of a deal as not much of our day-to-day tooling was blocked. But slowly and steadily the frog got cooked. Now the frog is basically dead. Like.. dead dead. For example their current configuration of the ZScaler proxy strips ALPN causing all traffic to fallback to HTTP/1.1 which has - well, quite some consequences for web development. There are a gazillion more things - but to really get to the point, no I haven’t restarted my computer in the last euhmm weeks. We found a way to disable ZScaler temporarily to access the ”real” internet, but this loophole has been plugged in their latest rollout. And if I restart my computer the new version will take effect - which will literally make it impossible for me to work. And yes, we have for a long time been trying to explain/escalate this but the red tape and bureaucracy of a massive org like this (where a vast majority doesn’t even know we exist) makes it feel very Sisyphus-esque.

This is your bosses problem. Apply security patches and reboot. Find a book to read.

  • Put like this, could sound like malicious compliance. But, if you disable whatever security product your company mandates on your company laptop and then you somehow get a malware, they will point the finger at you. Saying "I wouldn't have been able to work otherwise" will probably not work. Reboot your company laptop, let it install any patches it likes to, then complain to your manager. It is their resposibility to figure this out. If you work around this, you risk getting in trouble.

    • > It is their resposibility to figure this out.

      You're responsible for your own career.

      During the next calibration call, your manager can't be like, "well he spent 8 hours each week resetting up his machine after a reboot, so we need to give him credit for that too."

      Your job is to deliver impact, not fight system configurations.

      10 replies →

  • yup, that's exactly what i do.

    if anything is making me less productive or just plain stopping my job, i raise an IT ticket, tell my manager and go for a walk.

    • This is the right attitude, but others often refuse to press the issue. The only way this crap gets fixed is for it to cost the company enough lost productivity (and money) to make it worth fixing. If the intent is to "be secure", fix it. And fix it correctly. Don't have every developer on the same project asking for access to AWS and opening their own tickets... It's insane.

  • Wish it was that easy. Unfortunately for many of us, our job is more about navigating roadblocks like ZScaler, negotiating with security people, and figuring out work-arounds, rather than focusing on developing software. Our bosses tell us to figure it out.

  • Yeah.. that’s a bit where the shoe pinches.

    We could just grab a book and lean back - but being 0.017% (!) of the total global workforce (we’re ~70) we’d easily be seen as insignificant if we continuously don’t meet our targets. So we’re a bit stuck between a rock and a hard place. Do we keep rolling our rock up the hill and keep going, or risk it rolling over us and squooshing us into oblivion? At this point, I’m really quite ’meh’ about it all. I guess my learning is to be very careful during acquisitions. But heck, the founders got rich and that’s their prerogative no matter my own personal views. And don’t get me wrong, I enjoy my job a lot and I still get paid - and fighting Big Brother and rolling this rock up the hill has almost become a sport (and running joke) here. Yesterday we noticed we were blocked from browsing an independent photographers portfolio while being prompted to use ’internal photography tooling’.

    • I think you have Stockholm syndrome. It's not worth having any loyalty to such an organization. Since they don't want you to work, just spend your working hours looking for a new job.

    • > I enjoy my job a lot

      I'll be real with you, I wouldn't make a throwaway account to talk about a bad company policy if I enjoyed my job.

      I'd recommend looking for another, the job market is nowhere near as bad as people claim (at least for non-junior positions).

      2 replies →

I have the opposite problem; while zscaler isn't yet forced on us, updates and reboots are. At least system restarts for major updates are announced like a week in advance so there is still some leeway. But it's annoying that my React Native development environment needs to basically be reinstalled every two weeks. (this is all on MacOS btw)

  • > At least system restarts for major updates are announced like a week in advance so there is still some leeway.

    Luxury.

    My work machine used to do this, but I've had the current laptop reboot without warning while I'm actively using it (not actively giving input, but reading what is on-screen at the time).

Your problem is not to circumvent security policies. Doing that places you at fault for whatever may happen. Reboot and comply fully with all security mandates. When productivity fails to meet expectations, that is a problem for your superiors to resolve, not you. Know your place and accept it.

I know several developers that have been plagued by ZScaler and similar security tools. It takes weeks to get these issues resolved. Absolutely insane. Inevitably they wind up doing work from their personal laptops...

One guy I was working with was working on an AWS project. He couldn't access part of the AWS console because it was prohibited by ZScaler... Open a ticket, wait...

  • Please do not do work from your personal laptop. If the company doesn't want to troubleshoot their own tool which is preventing you from working, you shouldn't continue adding value until you're enabled again.

    • I agree with you, but other developers will tell me they can't meet a deadline if they do that, and have no choice. In today's shaky job market, they don't want to rock the boat too much, which I can understand.

but don't you have a separate personal computer that you own, and this cursed computer would be property of the company?

Otherwise if they are asking you to install this in your personal computer, I just wouldn't and I would submit a request to procurement for a corporate laptop.

  • Yeah totally - but the issue is doing work (which is a ’rare’ type of work in this massive org, so security policies are not catered for it) on my work laptop (: