Submitted by ravik_reddit_007 t3_11az9xi in technology
Western-Image7125 t1_j9xtwx6 wrote
Reply to comment by Smith6612 in Google asks workers to share desks amid mass layoffs by ravik_reddit_007
What rubbish. The work is done on laptops which ssh to a secure desktop which is housed inside the office. So what’s the difference between working from a conference room and working from home, when you’re on a laptop and sshing into a desktop to work either way? I don’t know much about networking but if this was an issue then they would have forced all of us to come back to office a long long time ago and not given us a laptop to bring home ever.
Smith6612 t1_j9yigfe wrote
The issue is with the way the program is handled on the computer side. For example if you have tattleware installed for malicious purposes, a keylogger, or something else of the sort, your SSH session may be secure going over the pipe, but information is being lifted from the computer through screen reading or keylogging, or clipboard reading. Just to give an example. SSH is also capable of a lot more than command line access - it allows networked file system access at a host to host level. Socket tunneling (you can use it as a TCP/IP proxy). It allows for remote execution of GUI programs through techniques like X11 forwarding. It also allows SSH proxying and bastion hopping as part of a connection sequence. All of this can allow for information to be copied and sent off to places it shouldn't be, and provide a hidden conduit to the corporate network. I've also seen malware on home systems used for ad injection which configures a SOCKS proxy on the system, installs a root certificate and other high trust files, and perform man in the middle interception of all traffic, including SSH. Unless the computer has a host fingerprint bundle being seeded and managed (which a corporate MDM could do), most people will blindly accept the malicious connection set by the malware's proxy, and now your SSH session is being intercepted.
What companies do to protect against both is use a program like Citrix, where you can see and use applications running on a remote system from any computer, but the software employs protections like the same DRM used to protect streaming video from screen recording and snooping by software. The software can be configured to prevent copy and paste clipboard data from crossing beyond Citrix. It can be configured to allow or deny access to certain file system resources or to prevent interactions with the program from devices which aren't directly attached. Lots of things, but companies find Citrix to be slow or rather high maintenance compared to issuing a laptop. For example, video meetings through Citrix would be a painful experience, and the video calling system might be guarded as a corporate secured resource, so the laptop ends up being a better solution. Software development, you can probably forget about that on Citrix because of how locked down the environment tends to be.
Western-Image7125 t1_j9yqiou wrote
Ookay that’s a very long answer which I mostly don’t understand, you’re probably correct in what you’re saying, but my general point is that it’s pretty unlikely that cybersecurity is the primary reason to bring everyone back to the office. If that was the case we would have received much much more stern commands to return to office or leave the company
Smith6612 t1_j9yxneh wrote
Yeah, the return to office part is a bit different from the situation of using a computer. Office space usage has to do more with companies looking at the finances, and asking why they're paying a lot of money for corporate real estate that isn't being used. Companies sometimes are bound by very long leases, legal agreements between a government and a company in exchange for tax breaks, and so on, and they would want to make sure those buildings are being used to the fullest extent possible. They have to maintain the buildings whether or not people use them, so that's a loss center. I'm certainly no expert in corporate real estate, so there may be a lot more tied into that.
At least from an IT perspective, it's easier to support someone in person if they have a hardware problem. Especially with the way modern premium laptops like Macs are built, where simplicity in design clashes with troubleshooting, and where tool requirements reach into the "probably not available at home" set. From an information security perspective, one can be more sure that information isn't being looked at by others when they're working at a secured office versus, say, a coffee shop across town.
Companies have their reasons at least. Some are dumb. Some are valid. Mandating work at an office and not providing a fixed desk to go to, pretty dumb in my opinion.
Western-Image7125 t1_j9yyyd7 wrote
The main reason I can think of is the companies want to justify the multibillion dollar office investments. And also the head honchos who have houses in Palo Alto and Los Altos don’t want their property values to decline
Smith6612 t1_j9z7rfy wrote
Haha, yeah I completely forgot about the housing values. I was looking at real estate in the Bay Area a few years ago when colleagues were trying to get me to move out there. I immediately noped out, and said those prices need to have a massive crash and come back to Earth before I consider something like that.
Revolutionary_Lie539 t1_j9yrk8e wrote
Im not sure why some Redditors do not want to use firm provided computers. Its insane. I have a firm laptop. Its awesome. I do WFH once per week. I guess some Redditors are shady.
Smith6612 t1_j9yyrz1 wrote
Beats me. The reasons I hear are because their home environment is set up the way they like and they don't want to recreate it. Or the work hardware is loaded with too much "spyware" / software which bloats it. Or they don't like the forced software updates. Or the hardware is too slow (when I usually argue within me that the software being written is inefficient), and so on, and so forth. Or they don't want to deal with two computers. I see it whether the work computer is some high end workstation or MacBook Pro, or some craptop.
Viewing a single comment thread. View all comments