238
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 01 Aug 2025
238 points (100.0% liked)
Technology
73698 readers
3230 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Oh wonderful. Replacing all IT because they were hacked? Let me guess, they will use Windows, Exchange, and MS Office again on the new system. The software triumvirate screaming "please hack me".
Project manager: at least I can blame the vendor
Entirely seriously, yes.
Most project managers I've ever met or known or worked with are basically incompetent technically, and very insecure / in denial about that, and thus vastly prefer the 'safe' option of someone else being responsible over the 'risk' of... hiring actual quality people that can make/support their own quality product.
Did you consider that project managers often have to follow all sorts of company standards, have to figure out a way to get a dozen departments with conflicting standards together, on top of that have to catch the stupid ideas from the upper-management and marketing without telling the upper-management that they have no idea what they are talking about, on top of getting something actually done in the project?
Because often the level of tech competency has very little to do with the decision corridor that the project manager has, given everything else.
Yep.
I've been one.
Thats how I know what I am saying.
Like you're not even challenging what I'm saying really, you admit that most PMs are technically incompetent, because their job is mainly playing office politics.
It didn't used to be this way.
And it still doesn't have to be.
A good PM is someone who actually knows their relevant field, and can also do some office politics, but much more importantly, is a responsible and helpful team leader.
A person with only an MBA just has a degree in how to play office politics and gaslight people.
It's always been that way, and always will be. Most people are mediocre at most things.
🤣 should we get a list of foss projects that have had security issues? Or how about how someone slips some shit in upstream every few weeks it seems?
Stop this nonsense. You can hate Microsoft for legitimate reasons.
I mean... For real, I've never heard of Linux systems being hacked this way. I'm sure it's possible, but it certainly seems rarer.
Slipping shit in upstream also certainly doesn't happen "that* often. It takes effort to become recognised enough as a developer to be allowed access to the upstream code, meaning you can't automate those kinds of attacks. (I imagine. Correct me if I'm wrong.)
Absolute opposite. The majority of successful attacks you see today are identity management and supply chain attacks. If you walk into any OCIO office supply chain will be a top 3 concern.
I know of one successful supply chain attack in FOSS.
So still points for using it.
AUR has had multiple Trojans just this week
I'm sorry, Dave, but AUR does not count.
Precisely. The AUR is just a somewhat organized script dump. There's no release process, and any user can upload any script they want. If you're not capable of auditing scripts yourself, don't use the AUR, there's no expectation of quality or safety at all.
I... Don't understand what you said here 🫤
It does happen occasionally, from time to time, but, because everything is gasp open source, it tends to get caught, identified, blocked/quarantined and then fixed considerably more rapidly, with decent fallback instructions/procedures in that interim period.
Like apparently it actually just recently happened with some asshole uploading bs malware libs/sources to the AUR... even still, got caught pretty quickly.
Also, you can basically describe the entire CrowdStrike fiasco as exactly this kind of upstream oopsie doopsie.
Doesn't really matter in the big picture if it was intentionally malicious or not, when you Y2K 1/4 of the world's computer systems.
Exactly.
When there's a high profile bug in an important FOSS project, everyone and their dog is looking for a fix. Usually it'll be patched within days, if not hours, of being reported.
When there's a high profile bug in a closed size source project, the company backing it will deflect and delay until they're forced to fix it, and they can sometimes get away with it for years or even decades.
All software has bugs, which remain strategy do you prefer?
I mean, myself personally, I prefer to simp and fanboy for my favorite exploitative corperate overlord, because I'm sure there are good reasons everyone uses them, despite their well documented history of massive fuckups and fuckovers of all possible kinds!
/s
Microsoft is getting hacked every other week.
As well as FoSS projects.
Mate have a look at the SharePoint vulnerability. It's embarrassingly bad. Like really really bad, and btw so bad that it's very easy to understand and exploit. And prevent too, if a jr in my team did this I'd get them in trouble.
No no, you don't get it.
Random Windows 'Powerusers' obviously know more about programming and cybersecurity than people who actually do that for a living, as a professional line of work, duh!
See, I wrote a bash file once, so I basically know everything about software dev, especially on linux as well, which is basically just the whole OS is powershell, right?
/s/s/s