Anon witnesses excellent security

object@sh.itjust.works

This post did not contain any content.

over_clox@lemmy.world

Funny, if one shares a screenshot of a 4chan post that says the word 'retard', it gets upvoted, but if you post a comment that says Google AI is retarded, you get downvoted into oblivion.

I'll never fully understand the modern internet, seems like double standards to me.

napkin2020@sh.itjust.works

this is supposed to be more secure because it costs money

It makes blaming someone really easy though and that's all that matters in a corporate world.

napkin2020@sh.itjust.works

shadowedcross@sh.itjust.works

Because one is purposefully using the word while the other is just a consequence of sharing the post?

schnurrito@discuss.tchncs.de

The greentext reminds me of this FAQ entry: https://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-vendor

A.9.17 As one of our existing software vendors, can you just fill in this questionnaire for us?

We periodically receive requests like this, from organisations which have apparently sent out a form letter to everyone listed in their big spreadsheet of ‘software vendors’ requiring them all to answer some long list of questions […]

We don't make a habit of responding in full to these questionnaires, because we are not a software vendor.

A software vendor is a company to which you are paying lots of money in return for some software. They know who you are, and they know you're paying them money; so they have an incentive to fill in your forms and questionnaires [...] because they want to keep being paid.

[...]

If you work for an organisation which you think might be at risk of making this mistake, we urge you to reorganise your list of software suppliers so that it clearly distinguishes paid vendors who know about you from free software developers who don't have any idea who you are. Then, only send out these mass mailings to the former.

shadowram@fedia.io

Anon works for my company? Because they did exactly this with the same excuse.

object@sh.itjust.works

Would be really funny if they still get fucked over because of some fine print in the disclaimer

9point6@lemmy.world

This is legitimately it. The same reason corporations often pay for Linux (e.g. RHEL)—the people in charge want to be able to pick up a phone and harass someone until they fix their problem. They simply can't fathom any alternative approach to managing dependencies.

riwo@lemmy.blahaj.zone

how thoroughly was it followed through? how was ensured that no free beer software was used?

expr@programming.dev

Yeesh. I would find a new job immediately. Absolutely unhinged behavior.

ddplf@szmer.info

That's some cool kind of psychosis you got there champ

inputzero@lemmy.world

Not just pick up the phone and harass someone but to also have someone to press a lawsuit against if things go really wrong. With free software the liability typically ends at the user which means all they can do is fire the employee and eat the loss. Suppose now corporate paid for it, well now there is a contract and a party that can be sued.

neidu3@sh.itjust.works

My previous employer was bought by a huge company. I liked it in the small company, because I had freedom to do what was needed without much questions, and I was trusted to make the relevant decisions and purchases. Kind of a "Costs be damned, get it done in a reasonable amount of time" kind of arrangement.

When we came under the big corpo, we got an email instructing us to list all the software we used/needed, so that it could be added to the whitelist that big corpo worked with. Anything not in the whitelist simply couldn't run.

I gave them the list, but spoke to my on-shore It guy that out in the field we often needed to install something that we didn't need before on short notice, and waiting for a ticket to be resolved for an administrative matter had the potential to stop production.

They found it easier just to make an exception for my work PC. I just had to promise not to VPN in to the office while running "weird" stuff, otherwise the higher ups would get upset.

That's fine. I had my own VPN for only the stuff I needed anyway. I VPNed into offshore production systems on a daily basis. I needed to VPN I to the office once or twice. Plus in my book, the "main" VPN client is what I consider weird software. My shit was basically a wrapper around openvpn.

EDIT: To be fair, the huge corpo employer wasn't unreasonable. It was just so large with so many employees that strct security implementations were needed for IT to have some sort of control. I was technically also IT, but I only dealt with field equipment, so that IT could focus on "normal" stuff. They trusted me to handle my end, they handled theirs, and we usually cooperated fairly well when our systems "met".

saledovil@sh.itjust.works

Or maybe the vendor goes with "take the money and run".

radix@lemmy.world

“If you’re not paying for the product, then you are the product.”

The phrase has its uses, but shit like this is what happens when it's taken to the extreme.

southernbeaver@lemmy.world

Oh my god. My colleagues were making fun of postgres users. They didn't bother doing a Google search.

frezik@lemmy.blahaj.zone

It's "more secure" because there's a specific company to blame when it goes wrong.

darkdarkhouse@lemmy.sdf.org

Security through liability

drcobaltjedi@programming.dev

Yeah, i worked briefly at multinational japanese motor company and this was their logic. I was hired as a software developer contractor and HQ had rules stating, no open source software, no free software and the one that puzzled me the most no in house executables (WHY THE FUCK DID THEY HIRE ME?)