And on, and on, and on. She tweets so much it's kind of sad. Practically none of her tweets have anything to do with actual engineering. It's all identity politics and other leftist nonsense.
I didn't find any of those tweets unprofessional. I found them to be a genuinely interesting perspective on social issues that I am interested in. I am not sure how that's unprofessional of her.
If you think its "leftist nonsense", then that's just your opinion.
She is entitled to tweet whatever she wants to from her personal twitter account. Do you think its reasonable for her to follow your idea of how a Director of Engineering should tweet?
Kerberos (sssd-ad) backed authentication for SSH is really the best.
You no longer have to deal with SSH keys whatsoever and all the management that goes with them:
When users get their access revoked on AD, they get their SSH access revoked as well.
You can have group based authorization (only those in the SRE group can access this class of QA endpoints), so when dozens of people a month are being added and removed from the various groups, you don't have to worry about giving them keys/access.
They can SSO from their laptops, so all they have to do is open PuTTY and they can connect away without even typing their usernames and passwords.
etc.
Lots of these new generation "devops" and "full-stack developers" haven't had the experience of AD and Kerberos, so they spend all this time, blog posts, money, etc. to reinvent the wheel.
You can do it on Mac. I wouldn't recommend binding Macs anymore since Apple broke filevault for AD accounts in high Sierra (AD accounts don't get the secure token by default which is needed to unlock the drive)
But since Catalina there's now a great Kerberos SSO plugin that you can push through MDM. Previously this was known as enterprise connect but only available from Apple professional services.
I still don't understand how things like this can happen at companies of that size.
There are so many great tools (that MS can buy) and procedures (that they could have implemented decades ago) to prevent this garbage from happening in 2020, and it still happens every day.
Because at the end of the day, security is run by humans, who are imperfect and variant day to day. And also, the software used was likely programmed by one developer, and used by another. The user does not have the same depth as the developer, and did not assign specific byte-code definitions to the text option list. Thus the text interpretation is imperfect.
This is true and it's the unstoppable nature of complex systems and the myriad of people responsible for them.
That said, this line from the article is pretty damning, it took them 3 days to lock down that insecure server. For a company that size with all those security employees it looks both lazy and negligent.
> The infosec firm reported the problem to Microsoft on 13 September, and the database was vanished from public view by the Windows giant's security response centre on 16 September.
Top of hacker news is a pretty low bar. Do you really think that significant purchasing decisions are going to be influenced by this? That’s not a snarky rhetorical question, I’m actually asking.
I ask because I can tell you for a fact that at my large enterprise, they will not be. If anything, this incident will be used as an example by those looking for cover. “if an org like Microsoft can make this mistake, you really have no justification for being mad at our department for a similar leak.”
Not really, it means people do care, which is opposite of the original claim.
>Do you really think that significant purchasing decisions are going to be influenced by this? That’s not a snarky rhetorical question, I’m actually asking.
Not sure honestly. Even if it's a series of small, insignificant purchaso decisions, it can still amount to something significant.
>I ask because I can tell you for a fact that at my large enterprise, they will not be. If anything, this incident will be used as an example by those looking for cover. “if an org like Microsoft can make this mistake, you really have no justification for being mad at our department for a similar leak.”
That sounds like an insanely toxic environment. This is illogic that you can apply to everything: "well, if Microsoft can get by with cooking the books and violating customer's privacy, so can we."
I think more people would think: "if this is how they handle customer search data, imagine how terribly they handle data elsewhere."
>Not really, it means people do care, which is opposite of the original claim.
The original claim was a casual "people don't care". Not a mathematical formalism for "absolutely nobody cares at all about this not even enough to wanna vote in on HN".
So, yeah, a tiny number of people (the HN upvoters) "do care" in the sense of voting this up and wanting to read about this. Then again, they also care about all minds of trivial posts, so there's that.
That still doesn't mean people actually care, either the billions of customers, or the hundreds of thousands of execs making decisions about using MS or not.
Heck, I read it and I don't care. It's not like I'll stop using MS services, or as if like other companies haven't had the same.
>Not sure honestly. Even if it's a series of small, insignificant purchaso decisions, it can still amount to something significant.
How about it's a insignificant series of small, insignificant purchasing decisions? It's 2020, we have seen the same thing from 10+ other major companies who never had much of an issue after it (stocks, sales, etc) wise.
>That sounds like an insanely toxic environment. This is illogic that you can apply to everything: "well, if Microsoft can get by with cooking the books and violating customer's privacy, so can we."
>The original claim was a casual "people don't care". Not a mathematical formalism for "absolutely nobody cares at all about this not even enough to wanna vote in on HN".
Eh, I disagree. They stated "literally no one cares", but the fact that it's news and hit the front page literally means someone cares. No math involved. QED.
>So, yeah, a tiny number of people (the HN upvoters) "do care" in the sense of voting this up and wanting to read about this. Then again, they also care about all minds of trivial posts, so there's that.
It wasn't trivial if Microsoft cared enough to fix it in a few days, which is like light speed for Microsoft.
>Heck, I read it and I don't care.
Anecdote, immaterial here.
>How about it's a insignificant series of small, insignificant purchasing decisions?
Possible, all conjecture at this point.
>Companies do apply it to everything. E.g.
You're just agreeing with what I said. It's illogic though because those companies didn't get away with it. Your links prove my point.
>Eh, I disagree. They stated "literally no one cares", but the fact that it's news and hit the front page literally means someone cares. No math involved. QED.
Literally doesn't mean what you think it means. It's also a figure of speach. From the dictionary:
literally (2): "used for emphasis while not being literally true"
>It wasn't trivial if Microsoft cared enough to fix it in a few days, which is like light speed for Microsoft.
Issues/holes/leaks on public servers almost always get fixed on a few days, whether it's Microsoft or whatever. You maybe compare it to OS/app patches, with is not the same case.
>It's illogic though because those companies didn't get away with it.
They just got a slap on the wrist for billions in profit.
1) "They were saying "in effect, virtually no one cares"
So, the same thing I referenced from my dictionary lookup: that literally was used for emphasis while not being literally true.
What exactly do you think your "correction" above added to the table?
2) You made an argument that this issue "wasn't trivial if Microsoft cared enough to fix it in a few days, which is like light speed for Microsoft."
And I argued that this issue is something generally fixed fast (within days by most companies), and thus the speed MS fixed it doesn't prove that it's not a small (trivial) issue.
I wrote "days" precisely to argue these issues are fixed fast. Replying that such issues are fixed in hours, not days, doesn't counter my point, it's just a pendantic correction that re-inforces it.
>Many people indicted and jailed and billions upon billions of fines. Absolutely not a slap on the wrist.
You'd be surprised. Don't believe the hype:
"In January 2020 it was reported that the German judge in the case stated that Winterkorn might be allowed to keep 12 million dollars in bonuses, and possibly walk free from the charges."
https://en.wikipedia.org/wiki/Martin_Winterkorn#Germany
"In January 2017 while attempting to return to Germany after a vacation, Schmidt was arrested in a men's room at a Florida airport, charged with conspiracy to defraud the United States in the Volkswagen emissions scandal.[3] Had Schmidt been able to board a plane and return to Germany, the chances of him being prosecuted would have been slim as it is unlikely that Germany would have extradicted one of its own citizens to stand trial in the United States.[4] In December 2017, having earlier pleaded guilty, a Federal judge in Detroit sentenced him to seven years in prison and fined him $400,000.[2] Schmidt is inmate number 09786-104 and is incarcerated at U.S. Federal prison FCI Milan in York Township, Michigan. His release date is set for 25 December 2022."
He was in the US, so Germany couldn't bail him out easy - and he still just got less than a year's pay as a fine, got to keep his bonuses, and will walk out in 5 years. And of course he is in a Federal Prison, aka "Club Fed".
Poor people have gotten worse sentences for stealing a TV...
>So, the same thing I referenced from my dictionary lookup: that literally was used for emphasis while not being literally true.
You still don't get it, and you're wrong as you didn't reference a dictionary.
Both literally true, and used for emphasis are both false statements. There are people who care (literally), and there are enough people who care that "literally no one cares" (figuratively) is incorrect. QED.
>And I argued that this issue is something generally fixed fast (within days by most companies), and thus the speed MS fixed it doesn't prove that it's not a small (trivial) issue.
That is not fast for a critical customer data leak by any stretch of the imagination.
>I wrote "days" precisely to argue these issues are fixed fast. Replying that such issues are fixed in hours, not days, doesn't counter my point, it's just a pendantic correction that re-inforces it.
You wrote "days" because you appear to be clueless. It does counter your point because there is a large difference between a couple of hours and a couple of days. It's a pedantic correction that re-inforces that you're wrong.
>You'd be surprised. Don't believe the hype:
I can hear the goalposts being scraped across the ground.
All of what you listed only proves my point that this was by no means a "slap on the wrist". Multiple indictments and the largest fines ever levied to an auto maker by definition makes this not a wrist slap. QED.
The sentencing and fines were at the top of the sentencing guidelines for the crimes.
>Poor people have gotten worse sentences for stealing a TV...
>People whose existences are deeply politicized (and they do indeed exist) are not often excited to have political conversations with people who say things like "'existence is political' thing is just a bullshit phrase."
It is a bullshit phrase though. They don't want to bring it up because any skepticism is viewed as a direct attack on their ideology, and their ideology is the core of their existence/identity, so, calling out the illogic of their ideology is a political attack on their existence.
They want to TELL you, they don't want a discussion.
https://twitter.com/EricaJoy/status/1307109690917224449
https://twitter.com/EricaJoy/status/1306403761603051521
https://twitter.com/EricaJoy/status/1306280514035179521
https://twitter.com/EricaJoy/status/1303264312354512896
And on, and on, and on. She tweets so much it's kind of sad. Practically none of her tweets have anything to do with actual engineering. It's all identity politics and other leftist nonsense.