ZScaler. It’s supposedly a security tool meant to keep me from going to bad websites. The problem is that I’m a developer and the “bad website” definition is overly broad.
For example, they’ve been threatening to block PHP.Net for being malicious in some way. (They refuse to say how.) Now, I know a lot of people like to joke about PHP, but if you need to develop with it, PHP.Net is a great resource to see what function does what. They’re planning on blocking the reference part as well as the software downloads.
I’ve also been learning Spring Boot for development as it’s our standard tool. Except, I can’t build a new application. Why not? Doing so requires VSCode downloading some resources and - you guessed it - ZScaler blocks this!
They’ve “increased security” so much that I can’t do my job unless ZScaler is temporarily disabled.
It has the same problem as any kind of TLS interception/ traffic monitoring tool.
It just breaks everything and causes a lot of lost time and productivity firstly trying to configure everything to trust a new cert (plenty of apps refuse to use the system cert store) and secondly opening tickets with IT just to go to any useful site on the internet.
Thankfully, at least in my case, it’s trivial to disable so it’s the first thing I do when my computer restarts.
Security doesn’t seem to do any checks about what processes are actually running, so they think they’ve done a good job and I can continue to do my job
Yeah. Zscaler was once blocking me from accessing the Cherwell ticket system, which made me unable to write a ticket that Zscaler blocked me access to Cherwell.
Took me a while to get an IT guy to fix it without a ticket.
Oh man our security team is trialing zscaler and netskope right now. I’ve been sitting in the meetings and it seems like it’s just cloud based global protect. GP was really solid so this worries me
Also, zScaler breaks SSL. Every single piece of network traffic is open for them to read. Anyone who introduces zscaler should be fired and/or shot on sight. It’s garbage at best and extremely dangerous at worst.
And it’s a horrible point. You’re opening up your entire external network traffic to a third party, whose infrastructure isn’t even deployed or controllable in any form by you.
The idea being that it’s similar to using other enterprise solutions, many of which do the same things now.
Zscaler does have lesser settings too, at it’s most basic it can do split tunneling for internal services at an enterprise level and easy user management. Which is a huge plus.
I’d also like to point out that the entire Internet is a third party you have no control over which you open your external traffic to everyday.
The bigger deal would be the internal network, which is also a valid argument.
I’d also like to point out that the entire Internet is a third party you have no control over which you open your external traffic to everyday.
Not really. Proper TLS enables relatively secure E2E encryption, not perfect, but pretty good. Adding Zscaler means, that my entire outgoing traffic runs over one point. So one single incident in one single provider basically opens up all of my communication. And given that so many large orgs are customers of ZScaler, this company pretty much has a target on its back.
Additionally: I’m in Germany. My Company does a lot of contracting and communication with local, state and federal entities, a large part of that is not super secret, but definitely not public either. And now suddenly an Amercian company, that is legally required to hand over all data to NSA, CIA, FBI, etc. has access to (again) all of my external communication. That’s a disaster. And quite possibly pretty illegal.
My secret is that I know I’m actually the only real human, and everybody else are aliens posing as humans to study my behavior. That’s why I purposefully make random decisions and actions from time to time, to throw them off.
I still have to figure out if I’m the last human alive, if every remaining human is being studied like me, or if there is a real human society somewhere.
You’re not actual a “real human.” You’re an alien just like us, but we convinced you that you were human so we could study “human behavior”. One behavior we’ve identified is paranoia.
Reminds me so much of a particular Philip K. Dick story. A solider’s tour in Korea is over and returning home he notices that everything is fake. Artificial sweetener, instant coffee, faux leather shoes, hair styles, etc. He gets the idea that the aliens took over the US and setup a few fake burbs for the soldiers returning home, to isolate them and eventually pick them off one by one.
They set zscaler so that if I don’t access an internal service for an unknown number of months, it means I don’t need it “for my daily work”, so they block it. If I want to access it again I need to open a ticket. There is no way to know what they closed and when they’ll close something.
In 1 months since this policy is active, I already have opened tickets to access test databases, k8s control plane, quality control dashboards, tableau server…
Zscaler is one of the worst products I’ve had the displeasure to interact with. They implemented it at my old job and it said that my home Internet connection was insecure to connect to the VPN. Cyber Sec guys couldn’t figure out the issue because the logs were SO helpful.
Took working with their support to find that it has somehow identified my nonstandard address spacing on my LAN to be insecure for some reason.
I kept my work laptop on a separate vlan for obvious reasons.
Pretty sure it’s some misapplied heuristics for previously identified bad clients, but that should only trigger an alert (with details!) in most cases and not block you if it’s not also paired with any known malicious activity
I’m going off memory from early 2021. But it was my private IP on the laptop using a Class B private address according to their support team. I was flabbergasted. Maybe they just expected every remote worker to use Class C or something. Who knows?
They abuse the technologies used by the stockmarket to buy and sell within milliseconds, so they can make a profit. They add absolutely nothing of value to the system, yet leech both money and talented employees from the market.
There’s no one single answer to this. Some have been mentioned in other comments, but it’s a combination of a few different things:
Control: They have much more control over your experience as a native app than a web app.
Ad revenue: It’s significantly harder to block ads coming through the built in web views, and/or they can just build them in natively which is even harder.
Integration: it’s easier to do IAPs or subscriptions through native controls, which means less resistance, which means people are more likely to end up doing it.
Data: it’s easier to hoover up user data via native APIs than through the browser. There’s way more accessible, especially if you can ask for a bunch of permissions and people don’t notice/care. This makes any user tracking they do way more effective and any data they sell way more valuable.
Notifications: Recently browsers have started adding support for this but it’s not as effective. Push notifications are a huge boon to user engagement and this is a huge money maker. Having native notifications is a huge sell in this equation.
Persistence: If you have your app on a user’s phone, it ends up in the list of apps, meaning they pass by it very frequently. It’s basically free advertising and living in their head without them even noticing. This is especially true on iOS where basically all of your apps are in your face all of the time.
Performance: Native apps run way better and can look way better than web sites. If you just use web views this is mostly moot but still may make a small difference.
I’m sure I’m forgetting a few but you get the idea.
Websites are basically just inferior versions of native apps, and even if you use a hybrid/web view approach, you get many of the benefits and have the option to “upgrade” to a real native app later.
That being said, I fucking hate this shit. I don’t agree that companies should do this, but it hands down does make financial sense. In a society entirely driven by capital and profit, it makes sense, but from a consumer perspective, it fucking sucks. I don’t want to have to install the Facebook app to see some small businesses “web site” that’s really just a Facebook page. I don’t want to install reddits shitty native app to read more than 2 comments off a post about a solution to my problem.
It’s legitimately consumer hostile, but company profits are more important than people in our society.
This is spot on. We recently had to do this to one of our products and I didn’t want to at all, but we could do push notifications reliably that worked for both Android and iOS.
I think there’s a big one that you’ve missed and it’s that most people are not like most people here. Believe it or not there are many people out there whose first instinct is to search their app store for what they want. They walk among us.
If I’m McDonald’s, and a significant number of my customers search for me and instead get KFC and Burger King as top results with no McDonald’s app in sight, it’s seen as a marketing problem.
We have a website application and we don’t have a mobile app. At least once a week we get a support ticket from someone asking why we don’t have an app.
We reply that the site is fully responsive and to just use the site through their mobile browser. But people don’t like this. They want an app.
People are morons but some non technical ones seem to genuinely prefer an “app” even if it is just a web view hybrid one.
We’ll probably have to cave and provide it eventually.
Like, yo, tummy: I have not failed to feed you in over 30 years. Maybe don’t cause me physical pain and nausea? A simple grumble is fine until it gets actually serious, ok?
A simple grumble would be perfect. Sometimes I get really hungry annoyingly quickly, and other times I don’t get hungry and go way too long before remembering to eat. It’d be really great if I could just program my body to just give me a lil popup reminder after a certain number of hours.
I will tell you, it’s not that hard to train your body to treat hunger differently. You just need to fast now and then, most religions have guidelines for this. It doesn’t take much to give you hunger resistance, and it makes a huge difference… You become less affected by low blood sugar and able to ignore hunger when you need to
After your body adjusts, hunger becomes cyclical - you feel hungry, maybe even nauseous, but then it goes away after a couple minutes. If you’re doing something, it’s so easy to ignore you forget about it
Sometimes strokes can destroy the area of the brain that controls hunger. They require alarms to consistently eat, sleep, etc. I remember one story about a guy who put all these alarms on his watch. One day, his watch runs out of batteries, so his alarms stop completely. A couple days later, he calls the hospital because he couldn’t get out of bed. Turns out he hadn’t eaten anything the whole time. In short, you’ll probably forget to eat without any signal you have to.
Like if I want to grow my hair out, I need to actively concentrate on it for a year? Or can I grunt out a moustache like a cartoon? Both are problematic.
It’s a made-up story. Depleted uranium is a byproduct of uranium enrichment and places that do uranium enrichment aren’t even going to talk to you unless you have a host of government licenses. Depleted uranium only has a few applications like:
Armor penetrating munitions
Counterweights for aeronautics
Ironically, as radiation shielding
This makes it very hard for collectors to obtain (it can take people years) and actual samples of DU are going to be more expense than regular uranium. The story makes as much sense as your grandmother buying cubic zirconia jewelry and being “scammed” with actual diamonds.
Profitable tech companies have to maintain their existing businesses, but development of new businesses is likely to stay low and unprofitable businesses are still scrambling to hit profitability before bankruptcy.
It does depend on interest rates to some extent. For the past decade, the prevailing wisdom of the software industry has been to pour money into unprofitable ventures with the hope of getting profitable later. In the past year, austerity measures like heightened interest rates have made it so VCs are more interested in money now instead of money later.
Pulling back from investments is definitely related to the increased interest rate, but there really isn’t any government austerity in the federal government at the moment.
It’s really bizarre how so many business can exist while not turning a profit just because there’s a profit potential because they rose in popularity really fast, Uber will be 15 years old this year.
Car culture means that anyone who does gain a monopoly will still have a ton of small competitors. Delivery services have existed for centuries before Uber. All it did was offer a single interface for a wider area so it can take a cut. Ultimately, I don’t think local deliveries or taxis are profitable enough for there to be a cut for some middleman unless the market is artificially restricted (which it was for taxis, hence Uber being very welcome when they first started up until people realized they were looking to take over what the taxi racket was doing, not give the public more choices).
Classifying drivers as employees for such apps might prevent the non-profit iteration that just charges drivers an infrastructure fee but otherwise allows them to set their own prices. IMO the approach should have been to open up how they charge fees and pay drivers, change it to be commission-based with the drivers getting most of the money. But that might be getting too close to challenging how most of the rich make their money (it’s not from their own hard work).
Even the anticipated cut of 2.25% is still higher than why the Silicon Valley boom was based on. You are also seeing the cuts happening due to an anticipated recession.
Uber has posted profits for the last two quarters. Lyft hasn’t yet been profitable, but they have been reducing their losses quite a bit.
I don’t think either of them will fail this year. Some AI gold rushing unicorns out there certainly will. It’s hard to know which though; they’re still private companies.
asklemmy
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.