• Scrubbles@poptalk.scrubbles.tech
    link
    fedilink
    English
    arrow-up
    41
    ·
    1 year ago

    Ah so another day of sales falsely advertising something as “end to end encrypted” when they have no effing clue how it works.

    However then for the devs… HTTP still? How did that happen? I’m usually very forgiving for engineers (I am one, why I’m salty about sales), but these are pretty jr level issues. Unless… the offshored it or only hired jrs then I completely see how it happened.

    • remotelove
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      However then for the devs… HTTP still? How did that happen?

      There is a specific mindset that comes with this decision: It’s called laziness.

      While I could talk for hours about this particular problem and how company culture and structure rewards bad behavior, I’ll spare you the details.

      • Scrubbles@poptalk.scrubbles.tech
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        It could be. It could also be a bunch of cheaper junior devs who have never done devops. I’ve had to teach a lot of fresh engineers about devops because while they can code, they’ve never had to deploy a service before.

        • remotelove
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          1 year ago

          While I don’t work specifically in dev, I have worked in security for way too long and totally understand what you mean. (I am too old and too salty to work in this field anymore, to be honest. Technology has changed, vulnerabilities are still wild and different but security as a whole? It has been mostly the same.)

          I personally wouldn’t expect a jr. developer to clearly articulate a possible security problem to their manager. It’s hard, to be honest. That could be part of the issue as well.

          The laziness I am referring to can happen at any level and in hundreds of different situations. To your point, some people “simply don’t know what they don’t know” and may be just an honest mistake.

          • Scrubbles@poptalk.scrubbles.tech
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            That’s really what I expect, to me I see this all as young engineers pushed to finish as fast as they could, didn’t know any better, and no one thought of granting any time for the devops pipeline to be shored up.

            Which of course then falls on leadership for thinking they could take the cheap way out and not listen to their engineers. Any senior or higher would be screaming about the vulnerabilities, so leadership either didn’t listen (ego and greedy) or they didn’t hire anyone with the expertise (cheaped out)

  • evo@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    I think I’m going to start calling them “Things I would buy from this company.”.

  • Teknikal@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Apparently worse than I originally thought from what I understand now they logged every message sent and kept all files accessible including documents, photos, videos etc.