Hacker News new | ask | show | jobs
by lokar 1 day ago
Is it not:

https://knowledge.workspace.google.com/admin/security/create...

The Org admin can put all sorts of restrictions on who can do what based on the client device setup.
4 comments
whateverboat 1 day ago
Unrelated to this news, but this is so rudimentary, when the correct solution instead is:

1. Make it ridiculously easy to install hardware vendor keys and register it with OS of choice. (like a standardized dialog box in UEFI and a standardized/regulated IPMI-like interface)

2. Allow for only measured boot on those devices.

3. Provided facility to verify signatures.

Do this on consumer and enterprise laptops and desktops alike and all of these weird set of conditions just go out of play and replaced by something much much simpler.

link
saagarjha 1 day ago
Why is there a policy to require “Chrome” and not a policy to require another browser, hmm?
link
insanitybit 1 day ago
Google offers "Managed Chrome" as a service. What would you like them to do, offer "Managed Firefox"? Should AWS offer "Managed GCP"?
link
saagarjha 1 day ago
I don’t think Google should also offer a product that detects “managed Chrome”
link
eli 1 day ago
I don't think Google should also be allowed to remain in charge of Chrome at all but here we are.
link
insanitybit 1 day ago
Uh, why? Context Aware Access is a policy attestation service. Managed Chrome is exactly the sort of thing you'd have policies for.
link
makeitdouble 1 day ago
Google offering "Managed Chrome" is probably the root issue.

Call me old school, but wedging an already dominant browser to be the only full fledge option in GSuite using companies reeks anti-competition.

link
lokar 1 day ago
You don’t have to use managed chrome to use gsuite
link
aaomidi 1 day ago
I mean the issue here is Google using its dominant power to push for a specific browser within a security software they control.

This is a difference between America and Europe in mentality towards this.

link
lokar 1 day ago
I don’t think that’s true. They support OS verification for windows and Mac. If Firefox implemented verification (I doubt they would) and there was customer demand I think they would support it.
link
hobofan 1 day ago
Organization admins may roll out hardened Firefox settings via their MDM solution, and then based on that want to restrict usage to Firefox.
link
schuyler2d 1 day ago
Microsoft has a chrome and Firefox extension for similar management lockdown
link
Macha 1 day ago
Because Google is able to configure Chrome to the admin's liking.
link
lokar 1 day ago
Yep, there are a lot of high risk settings, especially extensions
link
realusername 1 day ago
> The Org admin can put all sorts of restrictions on who can do what based on the client device setup.

can you put a restriction to ban Chrome and force Firefox then?

link
bigfatkitten 1 day ago
If you wanted to, yes.
link
handoflixue 22 hours ago
Can you provide a link or screenshot of that feature? Because other people are saying no you cannot
link
Tostino 1 day ago
"wow look at all these options available...to limit users to only use software provided by the same corp" you are missing the point entirely.
link