this post was submitted on 02 Dec 2025

1880 points (98.5% liked)

Programmer Humor

27673 readers

1044 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

anzo@programming.dev

Feyter@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

1880

Zero Trust Architecture (lemmy.ml)

submitted 3 days ago by cm0002@mander.xyz to c/programmer_humor@programming.dev

229 comments fedilink hide all child comments

(page 2) 50 comments

sorted by: hot top controversial new old

[–] UnRelatedBurner@sh.itjust.works 45 points 3 days ago (7 children)

Wouldn't it be enough to just create a seperate subnet?

[–] scrubbles@poptalk.scrubbles.tech 38 points 3 days ago (1 children)

Yeah that's where it turned from story to joke for me

[–] scytale@piefed.zip 18 points 3 days ago

They’re specifically talking about Zero Trust though and treating it like a corporate device as the joke. This means authenticate at every layer, RBAC, and endpoint security compliance before allowing access to a service. Putting the device into an isolated guest VLAN works too of course.

load more comments (6 replies)

[–] Korne127@lemmy.world 31 points 3 days ago (5 children)

Which actual IT guy supports antivirus?

[–] cm0002@mander.xyz 14 points 3 days ago (4 children)

Lol generally I'll refer to the OS builtin tooling (XProtect/MS Defender) and EDRs as "Antivirus" otherwise the non-techies will freak OmG wE hAVe NO aV! And then the "anti"-viruses like mcafee and Kaspersky mysteriously spawns

And also on-demand AV software can be good for spot checks or if you're sus of something.

It's the "Real-time" shit that hooks into the kernel that needs to be avoided like the plague

load more comments (4 replies)

[–] blinfabian@feddit.nl 10 points 3 days ago (1 children)

what a dick move tbh. i get ya wanna be secure, but why not just let him do his thing on that alternate network?

load more comments (1 replies)

[–] nonentity@sh.itjust.works 9 points 3 days ago

This is just Uncle BOFH.

[–] mlg@lemmy.world 16 points 3 days ago (1 children)

wth is the point of a guest network if you have 443 blocked lmao.

Even my VPN port is 443 so it gets past basic port filtering because HTTPS is usually the only one allowed compared to other protocols.

load more comments (1 replies)

[–] jj4211@lemmy.world 5 points 2 days ago (1 children)

I feel like when 'Zero Trust' first became a thing, the theme was 'you should have every endpoint under your control hardened so it need not feer untrusted peers being able to connect'. E.g. if you think you absolutely need VPN to a 'private network' for security, then you are failing to be hardened in a 'zero trust' way, because you implicitly fear that your systems would fall to untrusted peers.

I feel like it's evolved to 'don't let anything be able to connect to anything under your control unless you have admin privilege over it as well'. Which is particularly a nightmare when you try to collaborate between two companies, each balking at the other's hard requirement to have admin access to all network peers of interest.

load more comments (1 replies)

[–] bitjunkie@lemmy.world 14 points 3 days ago (1 children)

This reads like a parody greentext except you know OP is a sysad so there's no fucking way he's that self-aware

load more comments (1 replies)

[–] HalfSalesman@lemmy.world 16 points 3 days ago (2 children)

He is doing the right thing if only because he is preventing a child from playing Roblox.

He'd be a hero if he gave him a copy of Minecraft (or really almost any non-F2P game) to play instead.

load more comments (2 replies)

load more comments