Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Zscaler is pure crap, we use it at work too. It's especially hard to configure docker containers for its proxy settings and ssl certificate.

When I test something new in our lab I spend 10 minutes installing it and half a day configuring the proxy.



Man, here I am reading this while fighting zScaler when connecting to our new package repository (it breaks because the inspection of the downloads takes too long). No one feels responsible for helping developers. Same with setting up containers, git, Python, and everything else that comes with its own trust store, you have to figure out everything by yourself.

It also breaks a lot of web pages by redirecting HTTP requests in order to authenticate you (CSP broken). Teams GIFs and GitHub images have been broken for months now and no one cares.


Ahhhh so that's why my teams gifs don't work. Thanks.

We use an external auth provider which makes even more complex config yeah.


At least for me that’s the problem. When I open the redirect url manually it also fixes the problem for some time.

You can open the Teams developer tools to check this. Click the taskbar icon 7 times, then right click it. Use dev tools for select web contents, choose experience renderer AAD. Search for GIFs in Teams and monitor the network tab


amen, brother!


It is the single most annoying impediment in corporate IT. And you are on your own when you need to work around the issues it causes. Is it really providing value, or is it just to feel better about security?


It's not just an impediment. It's corporate spyware and possibly a prototype for Great Firewall 2.0.


It causes minor annoyances with ssl + maven as well, which can be fixed by -Dmaven.wagon.http.ssl.insecure=true.

Well, at least they tried I guess.


No, setting any variable including the line

"http.ssl.insecure=true"

Is not a fix under any circumstance.


Sure it is. The org insists on making your life difficult, and you just want to get your work done. If they really cared about security they would prioritise fixing stuff like this, but they don't, so you know they don't really care, it's just for show and a need for control.

And if they don't really care about security, why should you?


Which zscaler products does your company use? Do you have an idea of what better solutions are out there?


The cloud service. I don't know what it's called exactly. It just says "Zscaler".

In terms of better solutions, I would prefer a completely different approach. Securing the endpoint instead of the network. Basically the idea of Google's "BeyondCorp".

What happens now is that people just turn off their VPN and Zscaler client to avoid issues, when they're working from a public hotspot or at home. In the office (our lab environment) we unfortunately don't have that option.

But by doing so they leave themselves much more exposed than when we didn't have Zscaler at all.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: