And this is government software handling sensitive information.
I thought people were required to have higher qualifications and good security knowledge to develop software there, we are cooked if this is the norm.
Yeah so it turns out that basically the entire field of cyber security is 95% a complete joke.
As evidenced by everything gets hacked all the fucking time and massive data breaches are so commonplace they’re usually barely newsworthy.
There of course are a small number of people who can actually oversee/implement reasonably secure code development, but, well, that costs money and takes time, but it does not cost anywhere near as much money or time to just confidently lie to people and pretend you know what you’re doing.
Governments tend to just defer to “industry experts”, which basically means ‘big dumb idiot corporation that verifies their robustness via a human centipede of paid consultants’.
Governments tend to just defer to “industry experts”, which basically means 'big dumb idiot corporation that verifies their robustness via a human centipede of paid consultants
“Industry experts” that are trying to stay on the money train of government contracts, because they know that they’re not going to be held accountable when the shit hits the fan.
Best thing we could do to kerb government spending would be removing contractors from previous failed projects from the bidding process.
Yeah, its all an incenstuous club of a class of C Suite people that know all the people on the boards of the regulatory committees, the astroturfed ‘consumer rights’ groups, the industry advocate groups, etc.
They like to play musical chairs, hop around from seat to seat on different boards.
But uh yeah, corruption is the name of the game with regulatory capture, so, any kind of proposal to have an actually transparent, legit, accountable bidding process will of course be decried by basically everyone connected to it.
Remember when software companies used to like, train people, bring them up to speed, kinda like an apprenticeship, develop them as an asset, and then have a stable team?
Yeah, that… worked better.
But then managent essentially was insulted by the existence of people who knew more about how their own companies actually worked than they did, so they turned them all into contractors, and chaos has reigned ever since!
Highly qualified people are probably not interested in working for the government. Or maybe this was outsourced to some cheap private company, who knows.
No cyber security professional worth anything will stand there and say this is a good solution “for the children”. They all know it’s a bullshit solution to a problem of education. Therefore the only people that will bid for the work will be grifters.
You would think right. I recently had a transit pass loading application update and demand that I turn off developer mode to continue use. This app is also run by a government agency across the pond(canada). Went over to the play store reviews and were all complaining about it.
They allege it was to help protect accounts and personal data. Ok, then why doesn’t my bank account get compromised regularly? Or any other account I’ve logged into on my phone literally ever because I had turned on dev mode weeks after getting my first android 10 years ago. This application has been janky for years and only in the past month have they made positive changes to its functionality. I am biased and maybe more irked then necessary but I do expect better/the minimum from these kinds of institutions.
They allege it was to help protect accounts and personal data.
TBH it scares me that more and more things may go this way. You want online banking, or w/e? Well! You better use “trusted device”! What does “trusted device” mean? It means the device is locked down against its “owner”.
It’s like a relentless march where personal computing dies and corporate computing takes over. Ever more, our technology answers to big tech, not us.
Also doesn’t help that these companies pass around money with eachother and government entities all the time so they don’t tecnically need any of our business to function. Which enables them to pull this kinda shit and wait for us to get mad enough or to put up with it.
My concern in the long run is that over time the newer generations arent going to ever learn/know how freeing personal computing used to be. They’ll gradually put up with worser and worser and this intrusive encroach on our technological freedom is going to look terribly different in the coming decades.
My concern in the long run is that over time the newer generations arent going to ever learn/know how freeing personal computing used to be.
Oh absolutely! It becomes normalized for those who never knew any other way.
I lucked out, my pa was a techie and got me steered towards the importance of tech freedom. Not everyone is so fortunate. Tech is almost an extension of our minds now. How we remember. How we learn. How we communicate. When we give away control of our devices to big tech, it’s like giving away control of our thoughts and emotions. Even our culture.
Often what they want is just plain old automation of basic tasks, but they’ve been told by “Big Government Contractors Corporation” that AI will do that for them. Of course, BGCC has an AI division happy to help them.
And this is government software handling sensitive information. I thought people were required to have higher qualifications and good security knowledge to develop software there, we are cooked if this is the norm.
Yeah so it turns out that basically the entire field of cyber security is 95% a complete joke.
As evidenced by everything gets hacked all the fucking time and massive data breaches are so commonplace they’re usually barely newsworthy.
There of course are a small number of people who can actually oversee/implement reasonably secure code development, but, well, that costs money and takes time, but it does not cost anywhere near as much money or time to just confidently lie to people and pretend you know what you’re doing.
Governments tend to just defer to “industry experts”, which basically means ‘big dumb idiot corporation that verifies their robustness via a human centipede of paid consultants’.
“Industry experts” that are trying to stay on the money train of government contracts, because they know that they’re not going to be held accountable when the shit hits the fan.
Best thing we could do to kerb government spending would be removing contractors from previous failed projects from the bidding process.
Yeah, its all an incenstuous club of a class of C Suite people that know all the people on the boards of the regulatory committees, the astroturfed ‘consumer rights’ groups, the industry advocate groups, etc.
They like to play musical chairs, hop around from seat to seat on different boards.
But uh yeah, corruption is the name of the game with regulatory capture, so, any kind of proposal to have an actually transparent, legit, accountable bidding process will of course be decried by basically everyone connected to it.
Remember when software companies used to like, train people, bring them up to speed, kinda like an apprenticeship, develop them as an asset, and then have a stable team?
Yeah, that… worked better.
But then managent essentially was insulted by the existence of people who knew more about how their own companies actually worked than they did, so they turned them all into contractors, and chaos has reigned ever since!
Highly qualified people are probably not interested in working for the government. Or maybe this was outsourced to some cheap private company, who knows.
No cyber security professional worth anything will stand there and say this is a good solution “for the children”. They all know it’s a bullshit solution to a problem of education. Therefore the only people that will bid for the work will be grifters.
You would think right. I recently had a transit pass loading application update and demand that I turn off developer mode to continue use. This app is also run by a government agency across the pond(canada). Went over to the play store reviews and were all complaining about it.
They allege it was to help protect accounts and personal data. Ok, then why doesn’t my bank account get compromised regularly? Or any other account I’ve logged into on my phone literally ever because I had turned on dev mode weeks after getting my first android 10 years ago. This application has been janky for years and only in the past month have they made positive changes to its functionality. I am biased and maybe more irked then necessary but I do expect better/the minimum from these kinds of institutions.
TBH it scares me that more and more things may go this way. You want online banking, or w/e? Well! You better use “trusted device”! What does “trusted device” mean? It means the device is locked down against its “owner”.
It’s like a relentless march where personal computing dies and corporate computing takes over. Ever more, our technology answers to big tech, not us.
Also doesn’t help that these companies pass around money with eachother and government entities all the time so they don’t tecnically need any of our business to function. Which enables them to pull this kinda shit and wait for us to get mad enough or to put up with it.
My concern in the long run is that over time the newer generations arent going to ever learn/know how freeing personal computing used to be. They’ll gradually put up with worser and worser and this intrusive encroach on our technological freedom is going to look terribly different in the coming decades.
Oh absolutely! It becomes normalized for those who never knew any other way.
I lucked out, my pa was a techie and got me steered towards the importance of tech freedom. Not everyone is so fortunate. Tech is almost an extension of our minds now. How we remember. How we learn. How we communicate. When we give away control of our devices to big tech, it’s like giving away control of our thoughts and emotions. Even our culture.
Governments are the biggest pushes of AI, this was probably vibe coded.
Often what they want is just plain old automation of basic tasks, but they’ve been told by “Big Government Contractors Corporation” that AI will do that for them. Of course, BGCC has an AI division happy to help them.
I’ve seen worse examples of government software handling sensitive information.
True.
Same here.
It in fact can always be worse.