Conversation

Notices

1. Embed this notice
   arcanicanis (arcanicanis@were.social)'s status on Monday, 12-Feb-2024 14:07:47 JST arcanicanis

   https://spectrum.ieee.org/lean-software-development

   • Embed this notice
     Alex Gleason (alex@gleasonator.com)'s status on Monday, 12-Feb-2024 14:07:45 JST Alex Gleason

     in reply to
     @arcanicanis >I want to touch on incentives. The situation today is clearly working well for commercial operators. Making more secure software takes time and is a lot of work, and the current security incidents don’t appear to be impacting the bottom line or stock prices. You can speed up time to market by cutting corners. So from an economic standpoint, what we see is entirely predictable.
     
     Ain't dat the truth.
   • Embed this notice
     arcanicanis (arcanicanis@were.social)'s status on Monday, 12-Feb-2024 21:51:02 JST arcanicanis

     in reply to

     • Alex Gleason

     The reality that disgusts me the most, is with the cargo culted mentality of:

     Software is now (rightfully) considered so dangerous that we tell everyone not to run it themselves. Instead, you are supposed to leave that to an “X as a service” provider, or perhaps just to “the cloud.” (…)

     The assumption is then that the cloud is somehow able to make insecure software trustworthy. (…)

     Specifically where you have retards that made the mistake of running their company IT almost exclusively on Microsoft products, especially with Exchange, SharePoint, and such; that they figure it’s “safer” if you just have Microsoft host all of it instead. Instead of: just using something else, with a better security history.

     It even blows my mind further with teleconferencing software; like paying an O365 subscription for Teams, as if WebRTC is a finite resource you can only get from Microsoft and can’t run yourself.

     So now a lot of it’s just a capture of so much internal company data and infra all onto Azure/O365, making all these customers as Microsoft’s most favorite little captive victims.

     Hell, even the f’ing military (when I was in my last few months of doing ActiveDirectory/Exchange admin stuff in the Marine Corps, to the end of my contract) was in the transition of dumping all their internal servers for Exchange Online and O365, whereas all of that’s outside of the intranet perimeter now.

     Alex Gleason likes this.