Despite being sarcastically phrased, the GP is very warranted. Google is so renowned for making breaking changes, there's a site to track not just their dead code, but their dead products:
I think experienced engineers have learned not to depend on Google a long time ago, and the GP is stressing that lesson: this is not "news" in that it happens _very_ frequently.
Also, for the company that invented the protobuf IDL, you'd expect them to maybe use swagger to catch these things in an automated fashion, if they have admitted it's a bug by accepting a support ticket for it.
Is this a precedent that Google or any company wants to have, though? Engineers with access to company-wide tools or extensions can put political or divisive content into them?
This is more than just a "poster in the cafe" because of the reach and invasiveness of the approach.
Disclaimer: I work for Google, speaking for myself only.
> Is this a precedent that Google or any company wants to have, though?
Google is free to pull the tool or change the documented process. (I admit, the process seems lax.) Instead, they fired the employee. That’s an aggressive response.
> the reach and invasiveness of the approach
It’s a pop-up generated when one visits the site of the “firm that Google hired this year amid a groundswell of labor activism at the company”. That sounds like a reasonable scope.
Again, using a tool whose entire purpose is to serve site-specific pop-ups.
Where did I say there was social pressure? I was pretty sure I was explicit about it being a benefit. Phone and phone plans are possibly worth $1k/year
This person chose to have their free phone from the company as their personal phone too. This is completely optional at Google, a really nice perk, and it's made very clear that anything under your work profile will be wiped if you leave.
They will not wipe your personal phone or your personal profile on your phone. This is completely avoidable and shouldn't come as a surprise.
It's not a perk, it's a liability. This was an option at pretty much every company I worked at and I never understood what moron would choose to put their personal data/life on a corporate device (or connect their personal device to the corporate network and its management policy) with typical policies dictating that not only can the device be remotely wiped, it can also be remotely snooped.
The only brief moment of this being acceptable was Samsung phones being able to have completely split personal/corporate profiles across 2 sims in a single phone and have 2 copies of each app, but that seems to have died.
If your employer is managing the device you're choosing to also use for personal data, it's 100% your fault and 0% surprise when it backfires on you.
If you work in tech and don't have a separate work phone+laptop and personal phone+laptop, you're either a founder or an idiot.
Moron here. I work for Google and use my work phone as my personal phone, via Android work profile, so the work stuff is siloed. This means I have less than full access to company resources, but I don't really want to read code or respond to bugs on my phone anyway.
My understanding is that Google can't see the personal stuff. But it doesn't matter that much to me, personally, if they can (I'm not doing any exciting corporate activism, anything illegal, etc.). At least, it doesn't matter more than a couple grand a year plus the inconvenience of two phones. I'm not saying everyone should feel this way, and obviously some people value privacy more than I do, but that's the trade-off that makes sense for this idiot.
I hope it also doesn’t matter to any of your friends. I would be pretty annoyed if I had a conversation with you and it ended up as property of google.
if you're willing to assume that Google is willing to violate their presumably legally-enforceable policy that they will not view the items in the "personal profile", then one could assume that they would probably also be willing to read data from any Android device. so better tell all of your friends to never use Android or any other Google service.
Because the commenter I responded to said he couldn't understand why anyone would do what I do. There's an implicit question there that I was attempting to answer.
Good point about also owning the phone plan. But since I use Google Voice for everything (personal account) I'm not sure how much of that they can see (in their capacity as owners of my phone service), and like I said, I'm not doing anything interesting. If Google really wants to see my call logs of wife, wife, friend, mother in law, wife, wife, wife, dad, friend, etc. it's not worth thousands of dollars a year and an extra phone in my pocket to prevent it.
Over half of Google's workforce are contractors. Google does not provide a mobile device to contractors. The options for TVC's are to let Google control a personal device or take a significant productivity hit and opt-out of mobile email, chat, and docs.
That's a really crappy policy if I'm understanding it right - not provide a mobile device but insist on completely managing one if they choose to use it for company business? What a shitty way to treat people working for you.
They are contractors. They don't work for Google. They either work for themselves and have a contract directly with Google, are an employee of a company which has a contract with Google or are a sub-contractor to a company with a contract with Google.
If they are directly contracted with Google or a sub-contractor through another company they should purchase an additional phone for this purpose. Both the phone and the service would be considered a business expense for tax purposes.
If they are a direct employee of another company then that company should be providing a phone for this purpose. If Google or their employer won't provide a phone for this purpose than neither considers it a requirement for the job and they should not worry about it.
A contractor can deduct work expenses from income, a phone is just one item on a long list of things that will be deducted.
If there is corporate information on a device, it would be a breach of their fiduciary responsibility not to manage that device and have the ability to remotely wipe that data.
> If there is corporate information on a device, it would be a breach of their fiduciary responsibility not to manage that device and have the ability to remotely wipe that data.
I don't think, in a legal sense, that's true. It feels like it comes from the same mindset that corporations have a "fiduciary responsibility" to their shareholders to always put profits above all else; in fact, there's nothing in corporate law or financial regulations that requires that at all.
The IT department has responsibility for network and systems policies and company-owned equipment, and it's perfectly reasonable for them to have the ability to wipe data on that equipment or set policies that disallow personal devices on company networks at all. But they have no requirement -- and I would argue no business -- to wipe a non-company device just because someone added a corporate email account to it.
Does that make it marginally more likely that someone could keep corporate email that they weren't supposed to? Sure. But there are other legal ways of handling that which aren't destructive to non-company property. No one would argue that a policy of "if you take physical work home, upon termination the company can set fire to your house to ensure all copies are destroyed" is enforceable.
I’m pretty sure GDPR protection of “personal data” applies to employees and not just customers.
If my personal calendar and work emails are being copied onto your device, you better believe the GDPR data protection regulations apply.
The house example is ridiculous. The point is if you commingle the data in ways such that the endpoint protection software no longer supports delineating the corporate data, then the user (employee/contractor) has opted into that situation with eyes wide open.
> Computing devices need to be protected from loss or theft through mobile device management capabilities, such as remote wipe and kill. A lost device could be the weak link in the data protection chain, leading to a data breach based on information stored on the device or accessible through still active user credentials. Enforcing certain settings in order for a device to connect to the network at all – such as local encryption, password complexity, the presence and currency of security software, and the removal of the local administrator account – will be an essential part of protecting the organization within the GDPR framework.
The house example is exaggerated, but as I wrote in another reply: just as my personal physical property does not become company property if I am on their physical property, my personal data should not become company data if I am on their network.
> If you commingle the data in ways such that the endpoint protection software no longer supports delineating the corporate data, then the user (employee/contractor) has opted into that situation with eyes wide open.
You're assuming the user has been given a clear understanding of the situation, and frankly, I think you're letting the IT department off the hook here. They need to either provide protection that can prevent "commingling" to their satisfaction, to grant a comparable level of trust to users with personal devices that they do in other aspects of conducting business (which was the real point of the example you didn't like), or just to ban personal devices.
> They need to either provide protection that can prevent "commingling" to their satisfaction, to grant a comparable level of trust to users with personal devices that they do in other aspects of conducting business (which was the real point of the example you didn't like), or just to ban personal devices.
DLP (data loss prevention) software should be present on any personal computing device that can store company data, which will be a requirement of their cyber-security insurance policy, a requirement of the various audits they surely undergo, and probably also a requirement of GDPR.
It's providing strictly more choice and flexibility to their employees and contractors to allow them to host company data on their personal device, the obvious trade-off being made when you install the DLP endpoint software on your phone and grant it permission to remote-wipe your device if necessary.
If the company required their employees/contractors to use their personal device for company business, this would be an entirely different discussion. In California, the employer is required to reimburse employees for using their personally owned device for company business - i.e. required to pay for the cost of a phone and the service plan.
Employees choose not to buy a second phone and get paid for their service plan on their personal phone for convenience, and to save themselves the cost of a personal plan. Some choices are not strictly good, but include pros and cons which are individual's responsibility to weigh.
I think it's a safe assumption that anyone choosing to install the DLP agent on their personal phone, particularly at a company like Google, does so fully informed of the responsibilities that come with that decision.
"But they have no requirement -- and I would argue no business -- to wipe a non-company device just because someone added a corporate email account to it."
Personal devices are excellent attack vectors if allowed on the internal network unmanaged. The alternative is not accessing internal resources, email, etc., unless the employee is given a company-owned device.
I'd genuinely argue that if the company's worried about that, they should either (a) to disallow personal devices on the internal network, period, or (b) find a management solution that does not involve putting data they do not manage at risk. Just as my personal physical property does not become company property if I am on their physical property, my personal data should not become company data if I am on their network. I understand that segregating data that way may be a hard IT problem, but if they can't do it, the solution should not be "welp, we control your data now."
>or take a significant productivity hit and opt-out of mobile email, chat, and docs.
I'd call that a quality of life improvement. Why are contractors required to be available 24/7? I've never experienced that as a contractor, nor would I agree to it.
And this is why I do not have any access to work accounts on my phone.
If it's so important that it must be done during my personal time then my manager can call me and request as much.
Remember pager duty and overtime pay? Doesn't that seem quaint now that many people seem to have accepted that they must make themselves available at all times?
>Remember pager duty and overtime pay? Doesn't that seem quaint now that many people seem to have accepted that they must make themselves available at all times?
I'm too young to remember, but I have a few years of working experience under my belt now. The amount of people that greenlight everything a supposed authority demands of them just baffles my mind. I'm not even mad if a company tries to maximize their gain on the expertise that I bring to the table. That's just the game: You work for what's in your best interest, I work for mine. But when you push back against a perceived worsening of workplace conditions and the people not supporting you are your colleagues, because they somehow see themselves as being on the same side as the boss... I'm kind of sad about the social achievements people are willfully throwing away in the hopes that they themselves will 'make it' one day
And by the way, this is coming from someone who loves his job and has a good relationship with his boss. Doesn't mean I have to be delusional about what's going to happen when push comes to shove
Incredibly insightful, thank you. We all know how hard it is to find a programming gig these days.
I'm not convinced you have any knowledge of how things actually work in Google, but my point is that you can give me a ring if something requires immediate attention. If you don't provide a company phone I'm not using mine instead.
Unless your job requires work email/calendar while at home I really don't see how having corp access on mobile can be a justification for productivity.
The moment my company announced a requirement for having to install a corp policy enforcement application on my personal phone if I wanted to have access to the corp account (a reasonable request, in terms of company policy/security) was the moment I stopped having corp account on my phone (or any phone for that matter). It's been working fine for years.
Seems like Google isn't leveraging their own tools properly then.
They can make a non-corporate device have a work profile with Google Apps Device Policy, and only that profile will be purged if the device is wiped by a Google Admin.
Even simpler for corps as large as Google is simply having a supply of contractor devices they completely wipe upon the termination of the contract. That's what my last company did.
They didn't require contractors to bring their own computers and phones to the office if they were needed for their work.
I'm sure Google could afford that as well as to manage it...
It is a net perk because phone calling or mobile messaging is inevitably part of work and you don't want to buy your own separate phone. It's only awkward for anyone who isn't used to having two phones.
Calling and messaging are paid for by my company, and I can also sign in to my email. They have a program where I can get full access to all work resources, but it’s optional, and I will never sign up for that program, because exactly what’s being discussed here. But I still only have one phone, and they still pay for it, so.
Is the contract in your name and you pay the bill yourself and then expense it? Or is the contract in company's name they get full itemized bill from the carrier? If it is the latter, it sucks.
They get the bill directly, but I'm not sure they can have access to the messaging or call data directly. I live in Europe, so I feel like the GDPR addresses this, but now that you mention it, I don't know this for sure.
It reads to me like she was using her personal phone to access corp, not a corp phone to access personal stuff. They absolutely will wipe your personal phone in that scenario
If the user had the phone configured as a corp phone and was taking photos and did not have Cloud backup enabled to automatically shunt those photos to their personal account, then when the phone is forcefully de-corped, it will try to purge local photo cache (because there's no way to know if photos in local cache were corp-sensitive or not, so the conservative solution is "Burn it all down").
Of course, if the user does have their Cloud backup enabled to automatically shunt photos, they're at risk of using the phone in a work environment and accidentally storing proprietary info in their personal account.
The fact the camera UI doesn't really allow you to choose what account you're snapping photos under makes the whole arrangement lose-lose, and this is a really easy failure mode for a user to find themselves in if they don't see it coming.
And if they did have their cloud backup enabled and it copied over some photos taken for work then wouldn't they immediately be likely in breach of whatever NDA they signed?
Sounds like a lose-lose and I'm a strong believer in that if a company the size and as wealthy as big G wants a contractor to make use of a device to accomplish a task for them, they can provide the device and do what they will to it afterward and then re-purpose it for the next round of business. This isn't a new operational pattern, and I've never experienced otherwise. They don't need to buy new, just keep a supply of devices for contractors.
The device policy is simple. If you add a Corp account to any phone it's subject to device policy, including wipeout after you get fired. It's very obvious when you enroll.
Not so simple, it depends how the MDM/EMM is set-up.
If it's set up to entirely manage the device, then yes it will get fully wiped (we do this for corporate-owned device).
A personal device can access our environment if requested (they have to sign an agreement form, explaining what we can or cannot do) and a work sandbox will be created, in which only the apps installed in this sandbox will have access to corporate data (ex: you'll have a copy of Gmail, Hangouts, Drive, etc in the sandbox).
In the situation of a personal device, a wipe will only remove that sandbox, leaving the personal data untouched.
A girl I used to date had a company phone. She was getting these racy random messages that, what appeared to be, were lewd conversations between two other employees, or two random someones, presumably on the same system. I found that hilarious.
She likely wasn't using separate work and personal profiles. That's a fairly new innovation. I've been using Android since the first public device was sold and only started doing it with the Samsung S10 5G. Most people just accept company MDM on their personal profiles and install everything in the same place.
This isn't that hard to understand. In order to access corporate email systems, you have two choices generally. Either you use a Corporate Owned device or you use a Personal Device but allow Corporate to do what they want to it.
In either situation, the corp has the ability to remotely wipe the device and enforce other policies on said device.
This should be abundantly clear to anyone who works in Tech.
And to anyone who believes that corporations have a responsibility to protect the data they collect (and should be held civilly, if not even criminally liable for breaches), anything less than having complete control over devices holding corporate data is corporate malfeasance.
Then I wouldn't call it personal phone, strange description from OP/quote. That term indicates to me a phone I own completely, hardware, software and all data like photos.
Same with laptops - if one decides to use work laptop for personal use its their choice at their own risk, but it doesn't become their personal laptop in any meaningful way. Even if hardware would stay after employment ends, every reasonable company would wipe it clean with some deep format & clean image of OS.
Your weirdly aggressive tone aside, I'll just say that I don't work with the smartest of people, but even still, almost everyone here with a company phone does choose to keep a separate private phone, namely due to perfectly valid policies like the one being discussed. She chose not to, and while she is a victim, it's only by her own choosing, so she is definitely solely to blame.
Yes, they did choose. It's a very voluntary and conscious decision to say "I am going to use my corporate device for personal needs, too."
Google provides a number of things. Food, showers, vehicles, lockers. You may CHOOSE to use these things or you may CHOOSE not to.
If you CHOOSE to store all your personal docs on your work laptop, and the laptop goes up in flames, who do you blame then?
Victim shaming is one thing, but being a naive child is another. A wise, rational, level-headed adult understands that company-owned assets are not suitable for personal use. Period.
Who says you have to spend so much when affordable $15 a month prepaid plans exist? (and thats unlimited talk/text and 3GB of data) Cheap personal phone and plan. Problem solved.
It's 1950 and you get a company issued wallet. They expect it back, and all it's contents, if you leave for any reason. You work for a few years, and to make life a little more pleasant you put a picture of your mom in the wallet. And then one day, unexpectedly, you're fired. And your boss says, "Give me the wallet, now." You hand it over, and then remember the photo. You ask for it. Then your boss says, "No. We keep the wallet and it's contents. You agreed to that. Now get out."
Because even back then, in simpler times, only a simpleton would discard the personal wallet they had prior to taking the job and exclusively use the company-issued wallet.
It’s made very clear when you enroll in MDM what the implications are. If we can’t trust tech people to own decisions like this than how do we expect tech illiterate to understand. These are software engineers at Google, not someone’s grandma who did what the cell phone guy at the mall said to do. Come on.
I have no idea why this is on the front page of Hacker News but I'm not hating it.
I moved from Omaha to the Denver/Boulder area two years ago and besides the Henry Doorly Zoo, I miss Nebraska Furniture Mart the most.
NFM is a great place to buy pretty much anything you want to put in your house. Mrs. B really knew how to make a business work. The only weird thing is how antiquated their computer systems are, it's amazing they are so profitable with 70's era technology running the business.
> It's amazing they are so profitable with 70's era technology running the business.
Without knowing any details, I would say that there are people who would argue that this attitude may be one of the reasons they are profitable. Why change a perfectly working system your customer does have no direct interaction with?
Why use old fashioned machines with buttons (which will become muscle memory in a few months) when you can have a buggy, unresponsive and ever changing touchscreen with poor UX?
It's obviously impossible to be profitable without using serverless javascript lambadas hosted on aws running node on docker with cassandra in a completely polyglot environment. I mean that stack pretty much prints money, unlike the 1970s technology.
I'm proposing a reason, that's all. I imagine whatever antiquated electronics they use are readily available at their scale on eBay. Like if I want a Commodore 64 for some reason, I can probably have one tomorrow. But if I need a thousand of them, that will be more difficult. Compare that to AWS, where if I need a thousand of their computers I can have them in 20 minutes.
I guess tech can be overrated. Mrs B couldn't read of write but knew all the carpet prices and could give you a quote on a say 10x7 piece off the top of her head. Buffett who bought the store never used a computer at work to trade stocks or otherwise but would be the worlds richest man, more than Bezos if he hadn't given about half to charity. He can also quote most financials from memory.
> The only weird thing is how antiquated their computer systems are, it's amazing they are so profitable with 70's era technology running the business.
I live near and have shopped at the largest of their locations many times and all of their associates carry tablets to close sales right there on the floor. Hardly 70s technology (though the UI they use isn't modern necessarily). Their online presence isn't anything scoff at either.
I doubt they are doing it with 70s technology. The point of my comment was to demonstrate the improvements since the 70s have added a lot of value to customers, especially the fact that I can compare prices around the nation and even world within minutes.
I grew up in Omaha and there was a time when most of my parents' furniture came from NFM. I remember walking through as a kid, testing out bunk beds and dining room sets. When my dad told me about the other Omaha legend, Warren Buffett, he made it relatable by explaining he had so much money he could afford to buy NFM. That was my introduction to Warren Buffett.
The only weird thing is how antiquated their computer systems are, it's amazing they are so profitable with 70's era technology running the business.
That's what I always think whenever I'm in a Starbucks and see the drive-through orders appearing on an IBM PC-era 80x25 text display. But hey, if it works, and if it's reliable, and if it doesn't have to talk to too many other systems, why not?
If I were to build a POS system from scratch in 2019, ncurses for the interface would be my top choice, and I can't think of many reasons to pick a GUI toolkit, except if there was a need to show pictures.
I'm guessing that Mrs. B. was smart to stay out of the Denver/Boulder area. The Furniture Wars were fought in those foothills. You can still see the corpses of Weberg and Levits stores all down the interstate. Jake Jabbs took no prisoners.
Now, in addition to Jake's American Furniture Warehouse, there's the whole Furniture Row business holding the territory. Now IKEA is trying to find a way in.
Whole books have been written about the Furniture Wars! It's kind of crazy.
I've decided to never quit those "bells and whistles", other frameworks just aren't good enought in competing with those...
That is why I am optimizing my rails stuff with a few trick made in crystal lang (like the websocket server and a bunch of MTTQ like jobs ;) . For me, until ruby 3x3 gets out, crystal is a good help with scaling up processing.
I do a bit of Node.js stuff at work (not a programmer by trade, just lightweight stuff) but on my side project it's Rails first and foremost. As the sole developer, I need to just get stuff done. Performance isn't a concern at the small scale I work on. I've experimented with other frameworks and besides Django I've never found anything that's end-to-end the way Rails is. I don't have to think about the framework or the technologies, I just write some code and I'm done with it. I don't have to interact with the database directly, ActiveRecord handles it for me. It's pure productivity, which as a solo developer is the most important thing for me.
For some front-end pieces where I need more flexibility, Vue nests in nicely with Rails where it's needed and gets out of the way where it's not needed. There's nothing in the JS world that even begins to compete with Rails as an end-to-end solution.
