(no title)

Used to work at Ubisoft and they had this same policy, they used an authenticated http proxy, so you either expose your entire SSO credentials to your environment (HTTP_PROXY=http://user:password@proxy:3128) or you don't get access to the internet for all your console applications.

Even then, if you were using certificate pinning, it wouldn't work as the HTTP proxy would serve a "are you sure you want to continue" HTML page, which is of course not expected.

SSH is out of the question.

it's amazing what "simple" things break; like kubectl, gcloud, go get.

So frustrating. Countless development hours lost to bypasses.

> I have a government client that has locked down all outgoing access for a web server except though a socks proxy.

If you're running Linux, there's a utility called "tsocks" which wraps any other command and redirects all network servers through a SOCKS proxy defined in /etc/tsocks.conf, e.g.:

    tsocks pip install somepackage

One downside is that since it relies on some linker magic, it doesn't work for static binaries. But for most common usage, it served me just fine.

Hopefully you can bill them for all of this, but yeah, totally ridiculous and costing the taxpayer a ton of money.

Reminds me of a friend who started a government job, and they went 6m before they were fully onboarded and able to work. ????