Alright
So I'm fully expecting that companies like Visa and Mastercard to promptly exit US market, for the EU to stop issuing visas to US citizens and harsh sanctions on the US economy by the EU.
It's noncritical infrastructure by every definition and data was already stolen, waking up a PR guy to put something on their page is a waste of everyone's time
OK, so nothing to do with the massive data breach. But hey, you just really want to make a point about how upset you are that Europeans having decent work/life balance, so there's not point continuing to expose your little agenda.
Too much of a coordinated efforts between western countries, thus it cannot fail. The decisions have been made and your voice pretty much doesn't matter.
The confusion you are displaying is because you are not cognizant of whats going on throughout the world particularly in advanced economies that have opened their doors to all forms of migration legal and illegal.
The timing of this coincides with countries in particular have seen a major rise in anti-migration sentiments which have become very fashionable and popular among young men in particular as polls show a global trend of men under 30s are shifting towards right wing with women towards leftwing.
Suddenly, they decide NOW is the time to stop despite the fact that they've allowed young people to be exposed to all sorts of "dangerous content" and algorithms for decades, in the late 90s and early 2000s as teenagers we had uncensored access to the internet, warez, anarchy, shock as they have circumventions widely shared among each other today.
In short, these countries are so concerned about a civil unrest in particular between religious groups that are perceived to have "overstayed their welcome" that they are outright trying to shutdown online discourse both legitimate and exaggerated.
Europe, in particular UK, are on the brink of a major civil war as per intelligence reports and the ban for the young won't be the last but that the net would be cast even wider. It's a last ditched effort bandaid solution to keep the dam from bursting. With the backdrop of Keir Starmer's threats to extradite Americans and jail people for posting grievances against the demographic crisis, you can see where Europe and other advanced economies even in places like Korea mirror the trends, conflicts and draconian laws to buy time for the inevitable.
If we want to keep this debate going there has to be an understanding of the political context and direction that can only be realized through inference and intuition. They will never openly announce true motives as that would hinder the objective. The comments I am seeing are awfully similar to the confusion and fierce debate I see around wrestling control of TikTok, which have largely been blamed on China, but the concern around uncensored videos of atrocities committed in the middle east reaching hundreds of millions of young people that has shifted steadfast opinions of a certain country which for decades were positive, now show significant departure among age brackets within the same political camp which shocked a lot of old people from that same side.
Perception is everything and the question "asking for a source on if these bans popular" completely misses the mark and irrelevant, rather the more interesting question is,
"will these bans that limit freedom of information and speech escalate and proliferate in the near future and whether France, Australia, Korea is just the start?"
" will the countries reviewing ban like new zealand, greece, canada invite more countries to join the trend?"
" why are these bans being accelerated in countries that have seen a large wave of migrations that are causing major frictions?"
> similar to the confusion and fierce debate I see around wrestling control of TikTok, which have largely been blamed on China, but the concern around uncensored videos of atrocities committed in the middle east
I worked on the TikTok bill. Middle East stuff never came up.
It might have had a role in New York and Michigan. But most of the debate, drafting and lobbying was in respect of national security, trade policy and a touch of Taiwan policy.
When you have a pet issue you tend to see everything through it. My pet war was Ukraine. For a time I had to fight the impulse to classify everything as a derivative of it.
I've provided an answer which requires understanding because if you don't seek to connect the dots any response to whatever question is being asked will be immediately negated or denied making further debate impossible.
What an incredible take. It is both so wrong on so many levels and also technically correct, akin to saying "All of our future books will involve spellchecker."
> The constraint that ruined everything: It has to work on enterprise networks.
> You know what enterprise networks love? HTTP. HTTPS. Port 443. That’s it. That’s the list.
That's not enough.
Corporate networks also love to MITM their own workstations and reinterpret http traffic. So, no WebSockets and no Server-Side Events either, because their corporate firewall is a piece of software no one in the world wants and everyone in the world hates, including its own developers. Thus it only supports a subset of HTTP/1.1 and sometimes it likes to change the content while keeping Content-Length intact.
And you have to work around that, because IT dept of the corporation will never lift restrictions.
Back when I had a job at a big old corporation, a significant part of my value to the company was that I knew how to bypass their shitty MITM thing that broke tons of stuff, including our own software that we wrote. So I could solve a lot of problems people had that otherwise seemed intractable because IT was not allowed to disable it, and they didn't even understand the myriad ways it was breaking things.
The corporate firewall debate came up when we considered websockets at a previous company. Everyone has parroted the same information for so long that it was just assumed that websockets and corporate firewalls were going to cause us huge problems.
We went with websockets anyway and it was fine. Almost no traffic to the no-websockets fallback path, and the traffic that did arrive appeared to be from users with intermittent internet connections (cellular providers, foreign countries with poor internet).
I'm 100% sure there are still corporate firewalls out there blocking or breaking websocket connections, but it's not nearly the same problem in 2025 as it was in 2015.
If your product absolute must, no exceptions, work perfectly in every possible corporate environment then a fallback is necessary if you use websockets. I don't think it's a hard rule that websockets must be avoided due to corporate firewalls any more, though.
I've had to switch from SSE to WebSockets to navigate a corporate network (the entire SSE would have to close before the user received any of the response).
Then we ran into a network where WebSockets were blocked, so we switched to streaming http.
No trouble with streaming http using a standard content-type yet.
> And you have to work around that, because IT dept of the corporation will never lift restrictions.
Unless the corporation is 100% in-office, I’d wager they do in fact make exceptions - otherwise they wouldn’t have a working videoconferencing system.
The challenge is getting corporate insiders to like your product enough to get it through the exception process (a total hassle) when the firewall’s restrictions mean you can’t deliver a decent demo.
Sometimes they have checkboxes to tick in some compliance document and they must run the software that let them tick those checkboxes, no exceptions, because those compliances allow the company to be on the market. Regulatory captures, etc.
Believe me, the average Fortune 500 CEO does not know or care what “SSL MITM” is, or whether passwords should contain symbols and be changed monthly, or what the difference is between ‘VPN’ and ‘Zero Trust’.
They delegate that stuff. To the corporate IT department.
This is where the problems come from. Auditors are definitely what ultimately causes IT departments to make dumb decisions.
For example, we got dinged on an audit because instead of using RSA4096, we used ed25519. I kid you not, their main complaint was there wasn't enough bits which meant it wasn't secure.
This is 100% it- the auditor is confirming the system is configured to a set of requirements, and those requirements are rarely in lockstep with actual best practices.
where else are you going to find customers that are so sticky it will take years for them to select another solution regardless of how crappy you are. that will staff teams to work around your failures. who, when faced with obvious evidence of the dysfunction of your product, will roundly blame themselves for not holding it properly. gaslight their own users. pay obscene amounts for support when all you provide is a voice mailbox that never gets emptied. will happily accept your estimate about the number of seats they need. when holding a retro about your failure will happily proclaim that there wasn't anything _they_ could have done, so case closed.
I think the general idea/flow of things is "numbers go up, until $bubble explodes, and we built up smaller things from the ground up, making numbers go up, bloating go up, until $bubble explodes..." and then repeat that forever. Seems to be the end result of capitalism.
If you wanna kill corporate IT, you have to kill capitalism first.
I’d say there’s nothing inherently capitalist about large and stupid bureaucracies (but I repeat myself) spending money in stupid ways. Military bureaucracies in capitalist countries do it. Military bureaucracies in socialist countries did it. Everything else in end-stage socialist countries did it too. I’m sorry, it’s not the capitalism—things’d be much easier if it were.
Not at all, no. I gave that example because, first, even in a profoundly capitalist country (whatever that means) the military itself is not particularly motivated by profit; and second, because it’s one of the few bureaucratic organizations that will not (be allowed to) collapse under the weight of its own inefficiencies and so easily grows much larger than is othetwise typical.
I don't believe that. I don't necessarily love capitalism (though I can't say I see very many realistic better alternatives either), but if HN is full of people who could do corporate IT better (read: sanely), then the conclusion is just that corporate IT is run by morons. Maybe that's because the corporate owners like morons, but nothing about capitalism inherently makes it so.
playing devil's advocate for a second, but corpIT is also working with morons as employees. most draconian rules used by corpIT have a basis in at least one real world example. whether that example happened directly by one of the morons they manage or passed along from corpIT lore, people have done some dumb ass things on corp networks.
Yes, and the problem in that picture is the belief (whichever level of the management hierarchy it comes from) that you can introduce technical impediments against every instance of stupidity one by one until morons are no longer able to stupid. Morons will always find a way to stupid, and most organizations push the impediments well past the point of diminishing returns.
> the problem in that picture is the belief (whichever level of the management hierarchy it comes from) that you can introduce technical impediments against every instance of stupidity one by one until morons are no longer able to stupid
I would say the problem in the picture is your belief that corporate IT is introducing technical impediments against every instance of stupidity. I bet there's loads of stupidity they don't introduce technical impediments against. It would just not meet the cost-benefit analysis to spend thousands of tech man-hours introducing a new impediment that didn't cost the company much if any money.
It's because corporate IT has to service non-tech people, and non-tech people get pwned by tech savvy nogoodniks. So the only sane behavior of corporate IT is to lock everything down and then whitelist things rarely.
Oh, they'll do that anyway, once they find the workaround (Oh... you can paste a credit card if you put periods instead of dashes! Oh... I have to save the file and do it from my phone! Oh... I'll upload it as a .txt file and change the extension on the server!)
It's purely illusory security, that doesn't protect anything but does levy a constant performance tax on nearly every task.
>Oh, they'll do that anyway, once they find the workaround ...
This is assuming the DLP service blocks the request, rather than doing something like logging it and reported to your manager and/or CIO.
>It's purely illusory security, that doesn't protect anything but does levy a constant performance tax on nearly every task.
Because you can't ask deepseek to extract some unstructured data for you? I'm not sure what the alternative is, just let everyone paste info into deepseek? If you found out that your data got leaked because some employee pasted some data into some random third party service, and that the company didn't have any policies/technological measures against it, would your response still be "yeah it's fine, it's purely illusory security"?
Posting stuff into Deepseek is banned. The corporate firewall is like putting a camera in your home because you may break the law. But, yeah, arguing against cameras in homes because people find dead angles where they can hide may not be the strongest argument.
I know that some guardrails and restrictions in a corporate setting can backfire. I know that onerous processes to get approval for needed software access can drive people to break the rules or engage in shadow IT. As a member of a firewall team, I did it myself! We couldn't get access to Python packages or PHP for a local webserver we had available to us from a grandfather clause. My team hated our "approved" Sharepoint service request system. So a few of us built a small web app with Bottle (single file web server microframework, no dependencies) and Bootstrap CSS and SQLite backend. Everyone who interacted with our team loved it. Had we more support from corporate it might have been a lot easier.
Good cybersecurity needs to work with IT to facilitate peoples' legitimate use cases, not stand in the way all the time just because it's easier that way.
But saying "corporate IT controls are all useless" is just as foolish to me. It is reasonable and moral for a business to put controls and visibility on what data is moving between endpoints, and to block unsanctioned behavior.
I don't think that's a good read if the post you're implying this at. I think a more charitable read would be something like "people break rules for convenience so if your security relies on nobody breaking rules then you don't have thorough security".
You and op can be right at the same time. You imply the rules probably help a lot even while imperfect. They imply that pretending rules alone are enough to be perfect is incomplete.
Don't you personally feel disgust mentioning AI stuff?
Yeah, I realize it is mandatory to mention AI today in every piece of communication of any company; but on a personal level, isn't that something that requires a bit of dying every time?
I don't think of it much as fighting, but rather as just using devuan. Half of the defenses against any criticism in open source is "you can just fork it/not use it", so here we are.
It's fine, literally nothing happens if you just don't use systemd.
Right? Right?
reply