28

@netikras since when does proprietary mean bad?

Lemme tell you 3 stories.

CISCO AnyConnect:
- come in to the office
- use internal resources (company newsletter, jira, etc.)
- connect to client's VPN using Cisco AnyConnect
- lose access to my company resources, because AnyConnect overwrites routing table (rather normal for VPN clients)
- issue a route command updating routing table so you could reach confluence page in the intranet
- route command executes successfully, `route -n` shows nothing has changed
- google this whole WTF case
- Cisco AnyConnect constantly overwrites OS routing table to ENFORCE you to use VPN settings and nothing else.

Sooo basically if you want to check your company's email, you have to disconnect from client's VPN, check email and reconnect again. Neat!

Can be easily resolved by using opensource VPN client -- openconnect

CISCO AnyConnect:
- get a server in your company
- connect it to client's VPN and keep the VPN running for data sync. VPN has to be UP at all times
- network glitch [uh-oh]
- VPN is no longer working, AnyConnect still believes everything is peachy. No reconnect attempts.
- service is unable to sync data w/ client's systems. Data gets outdated and eventually corrupted

OpenConnect (OSS alternative to AnyConnect) detects all network glitches, reports them to the log and attempts reconnect immediatelly. Subsequent reconnect attempts getting triggered with longer delays to not to spam network.

SYMANTEC VIP (alleged 2FA?):
- client's portal requires Sym VIP otp code to log in
- open up a browser in your laptop
- navigate to the portal
- enter your credentials
- click on a Sym VIP icon in the systray
- write down the shown otp number
- log in

umm... in what fucking way is that a secure 2FA? Everything is IN the same fucking device, a single click away.

Can be easily solved by opensource alternatives to Sym VIP app: they make HTTP calls to Symantec to register a new token and return you the whole totp url. You can convert that url to a qr code and scan it w/ your phone (e.g. Google's Authenticator). Now you have a true 2FA.

Proprietary is not always bad. There are good propr sw too. But the ones that are core to your BAU and are doing shit -- well these ARE bad. and w/o an oppurtunity to workaround/fix it yourself.

Comments
  • 4
  • 2
    @netikras good rundown.

    Those anyconnect issues with routing actually to remind me of some issues I've had with using local VMs while in VPN or after using it. Best solution so far has been to reboot the machine 😀
  • 2
    @irene it does. There is no point in time from which on proprietary sw can be simply called bad. Some soft is good, some is bad. It is not a matter of 'since when'.
  • 1
    @Froot yeah, that's annoying. And rebooting is just a nasty workaround. It works, but it is hugging annoying.
  • 2
    @netikras indeed 😀
  • 3
    It's a silly question. Are cars bad? Well, the 1977 AMC Pacer sucked, and the 1975 Gremlin would catch in fire if hit from behind. Therefore, cars are bad. Yeah, the question is that magnitude of silly.
  • 1
    @theKarlisK thought the same XD
  • 1
    Proprietary isn’t necessarily bad, but it’s far less scrutinised than open source software. You can’t just clone their repo and fix their shit.
  • 1
    That's why I have a Win7 VM. To connect to customers which use Cisco VPN.
    Solves all of your issues. 😁

    (and is fucking crazy! A full VM for ssh and scp through one shitty VPN gate!)
  • 1
    @620hun A trope that is off repeated, but not true. OSS is neither more or less scrutinized just because it can be. Even if it is, a piece of software is not necessarily better because more people look at it. It matters who those people are and what their motivations are. The only yardstick means anything is if the tool works for you. It doesn't matter who wrote it, how, or what flavor ice cream the developers preferred. It doesn't matter if they used waterfall or scrum or something that made sense. It doesn't matter if it was written in C# or JavaScript or pig Latin. You may revel in your edginess as you plug away on your Arch Linux distro, but you also certainly put your life into the hands of trillions of lines of proprietary code riding a train our self driving Tesla to the Starbucks where you used Apple pay to buy a drink whose name nobody knows how to pronounce.
  • 0
    Pulse Secure VPN fixed all of these issues a long time ago...
  • 0
    Couldn't open source software have the same issues?

    I think the issues with proprietary software are the ones we don't know about. For example, how they store and use our data.

    Otherwise, proprietary programs operate exactly as any other.
  • 0
    @AlgoRythm it could. But it doesn't. Wasn't I clear enough with my obvious hints about openconnect?
Add Comment