Join devRant
Do all the things like
				++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
				Sign Up
			Pipeless API
 
				From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
				Learn More
			Search - "symantec vip"
		- 
				    					
					
					@netikras since when does proprietary mean bad?
 
 Lemme tell you 3 stories.
 
 CISCO AnyConnect:
 - come in to the office
 - use internal resources (company newsletter, jira, etc.)
 - connect to client's VPN using Cisco AnyConnect
 - lose access to my company resources, because AnyConnect overwrites routing table (rather normal for VPN clients)
 - issue a route command updating routing table so you could reach confluence page in the intranet
 - route command executes successfully, `route -n` shows nothing has changed
 - google this whole WTF case
 - Cisco AnyConnect constantly overwrites OS routing table to ENFORCE you to use VPN settings and nothing else.
 
 Sooo basically if you want to check your company's email, you have to disconnect from client's VPN, check email and reconnect again. Neat!
 
 Can be easily resolved by using opensource VPN client -- openconnect
 
 CISCO AnyConnect:
 - get a server in your company
 - connect it to client's VPN and keep the VPN running for data sync. VPN has to be UP at all times
 - network glitch [uh-oh]
 - VPN is no longer working, AnyConnect still believes everything is peachy. No reconnect attempts.
 - service is unable to sync data w/ client's systems. Data gets outdated and eventually corrupted
 
 OpenConnect (OSS alternative to AnyConnect) detects all network glitches, reports them to the log and attempts reconnect immediatelly. Subsequent reconnect attempts getting triggered with longer delays to not to spam network.
 
 SYMANTEC VIP (alleged 2FA?):
 - client's portal requires Sym VIP otp code to log in
 - open up a browser in your laptop
 - navigate to the portal
 - enter your credentials
 - click on a Sym VIP icon in the systray
 - write down the shown otp number
 - log in
 
 umm... in what fucking way is that a secure 2FA? Everything is IN the same fucking device, a single click away.
 
 Can be easily solved by opensource alternatives to Sym VIP app: they make HTTP calls to Symantec to register a new token and return you the whole totp url. You can convert that url to a qr code and scan it w/ your phone (e.g. Google's Authenticator). Now you have a true 2FA.
 
 Proprietary is not always bad. There are good propr sw too. But the ones that are core to your BAU and are doing shit -- well these ARE bad. and w/o an oppurtunity to workaround/fix it yourself.13

