Twitter didn't monitor employee computers at all, it was not uncommon for employees to install spyware on work devices
No fucking wonder there were security problems.
There wasn't any fucking security. Twitter must have been a god send to foreign intelligence agencies.
Twitter does not have separate development, test, staging, and production environments. At least 5,000 employees had privileged access to production systems.
Oh jesus, kill me now.
Jesus fucking Christ. Oh my fucking God.
No wonder he brought in all those fucking engineers and said they were gonna work 60 hour weeks. Twitter is about as professionally managed as fucking Tumblr.
It was at this point when he learned that it was impossible to protect the production environment. All engineers had access. There was no logging of who went into the environment or what they did. When Mudge asked what could be done to protect the integrity and stability of the service from a rouge or disgruntled engineer during this heightened period of risk he learned it ws basically nothing. There were no logs, nobody knew where data lived or whether it was critical, and all engineers had some form of critical access to the production environment.
No wonder Musk locked down the code multiple times. The only security he could have had was physically securing it, from the engineers themselves. I wouldn't be surprised if people had to literally clock-in with punch card to keep track after he locked it down.
He shared this fact with senior leadership, who instructed him not to put it in writing for the Board.
Ah yes, this is the solution: lie about the scale of the problem to senior leadership.
Black Swan event
Just reading this is giving me PTSD.
Twitter had no software development lifecycle
What even the fuck are you doing????
Twitter did not keep backups of employee computers. They used to, but then the system broke, was never fixed, and execs decided this was good because it meant they couldn't comply with regulators.
"We can't break the law if we can't comply with it!!!" taps forehead, pokes eye out.
Twitter must have been a god send to foreign intelligence agencies.
ππ¨βππ«π¨βπ
Twitter is about as professionally managed as fucking Tumblr.
Makes you wonder who was paying the bills...
Twitter had no software development lifecycle.
Makes you wonder: what was the longterm plan for Twitter? Who runs a company without a growth/sustainment plan?
execs decided this was good because it meant they couldn't comply with regulators.
Breaking federal law without prosecution...? I'm still waiting on my 2021 tax return because I was living off my savings and the (((IRS))) can't comprehend someone with a nordic name having that much money in USA. They were flagrantly violating federal regulations with zero repercussions...π€
So, the problem is, if it were just the American intelligence agencies, you'd think they'd at least try and protect something that's their own asset.
It's possible that that the it's just kind of the Fabians generally, and they were funding Twitter solely to craft perception and nothing else, being uninterested in security because it meant their own security agencies could control the environment better. Basically a Globalist cum dump for whomever needed to control the conversation, collectively passed around for everyone's amusement.
I would quit too. It's too fucking dangerous that if I'm a developer I'm going to get blamed because of an institutional failure.
At that point, you really have no choice but to downsize the company itself to get control over the problem, or just dump funds into repairing your IT bureaucratic infrastructure.
I'm never a huge fan of bureaucracy, but you need a competent and functional bureaucracy to do anything at scale.
Too much bureaucracy is also not good, agreed but Jesus, thousands of fingers in the pie is not healthy for the final product. Those tiktok hoes showing their "day in a life of an X intern" where x stands for twitter, facebook etc has shown me that it was probably 50% adult daycare and the rest actually useful people who work on stuff that keep the ball rolling.
I don't work as a developer but I would probably quit, too. It's not worth keeping something that's on lifesupport alive for that long just to keep festering. Twitter is just one, I don't want to know how bad it is @ facebook, google etc.
Lackadaisical opsec is very common at private companies. Corporations (in addition to those industries you mentioned) have a responsibility to shareholders to hold higher levels of security and follow standard practices. As we see here Parag was lying in the annual reports.
It's adorable how you think the government has good security controls. The stories I could tell you about the level of access I had to government systems would upset you.
That's the hallmark of a company that's constantly a few days from utter collapse. You let the productive people touch anything they want, because they'll scrape together just enough to keep the systems running, even if it's not 'their job'.
Agreed. Though, as a pedantic argument, I'd say it's evidence of a poorly organized company, but if a company is badly organized "a few days from utter collapse" can typically be the same thing, especially given it's size.
Downsizing is typically the best way to save a poorly organized company because a smaller company can better adapt to structural re-organization than a larger one can.
If you can bulldoze the structural failures out of the way of the productive people, you'll get a chance to recover.
You just have to at that point. Even without talking about trying to alter the political culture, you basically gotta fire everyone to alter the security culture.
There's probably a single IT guy working for a franchise of flower shops, who's recording customer data on petunias, looking through this shit and saying: "I would never be this reckless with our customer's data!"
Not only that, an organisation that is OVERSTAFFED to the brim. They had pencil pushers and the likes working for them who could just up and Touch production machines. Wtf.
The over-bureaucracy is also a sign of a bad culture. The reason you need that level of micro-management is because people are already not doing their jobs. Rather than taking corrective action on poor performers, you end up having to manage bad performers. But if you have bad managers, then you need to have managers manage the managers to manage the bad performers.
Worse, when bureaucracy gets bad, people start cheating the system to make it faster, which means you've *created corruption.
Suddenly, you've got a positive feed-back loop that's spiraling out of control. You're using managers to tackle corruption in other managers, who are corrupt to increase the speed of the system, so some people are just getting away with it, so the rules aren't being followed or enforced properly, and everyone's stepping on each others toes, and no one's getting anything done.
No wonder he tried getting out of buying the company. He must have taken one look at this shit and gone "holy fucking shit, this place is about to fucking implode".
He didn't just buy a crime scene, he bought a crime scene that was an actively burning building. The bot problem was not even 10% of the severity of problems Twitter had.
Guy seems to be a disgruntled employee who was fired. He also seems to be far-left (a pro-Trump insider sabotaging Twitter because of the J6 nothing-burger, really?). While I would not be surprised if this were true, I wouldn't be surprised if he made it up either.
You'll own nothing. Not even your own thoughts.
No fucking wonder there were security problems.
There wasn't any fucking security. Twitter must have been a god send to foreign intelligence agencies.
Oh jesus, kill me now.
Jesus fucking Christ. Oh my fucking God.
No wonder he brought in all those fucking engineers and said they were gonna work 60 hour weeks. Twitter is about as professionally managed as fucking Tumblr.
No wonder Musk locked down the code multiple times. The only security he could have had was physically securing it, from the engineers themselves. I wouldn't be surprised if people had to literally clock-in with punch card to keep track after he locked it down.
Ah yes, this is the solution: lie about the scale of the problem to senior leadership.
Just reading this is giving me PTSD.
What even the fuck are you doing????
"We can't break the law if we can't comply with it!!!" taps forehead, pokes eye out.
ππ¨βππ«π¨βπ
Makes you wonder who was paying the bills...
Makes you wonder: what was the longterm plan for Twitter? Who runs a company without a growth/sustainment plan?
Breaking federal law without prosecution...? I'm still waiting on my 2021 tax return because I was living off my savings and the (((IRS))) can't comprehend someone with a nordic name having that much money in USA. They were flagrantly violating federal regulations with zero repercussions...π€
Who could be behind such an operation...?
So, the problem is, if it were just the American intelligence agencies, you'd think they'd at least try and protect something that's their own asset.
It's possible that that the it's just kind of the Fabians generally, and they were funding Twitter solely to craft perception and nothing else, being uninterested in security because it meant their own security agencies could control the environment better. Basically a Globalist cum dump for whomever needed to control the conversation, collectively passed around for everyone's amusement.
So basically Twitter was run the same way every single other IT environment is? Anyone who is surprised by this is not familiar with the industry.
Apparently I'm in a lucky part of the industry, because this is fucking insanity to me.
That is correct, yes.
Same, I know multiple people who would just up and quit if this was the standard. We aren't too big but we have to take security very seriously.
I would quit too. It's too fucking dangerous that if I'm a developer I'm going to get blamed because of an institutional failure.
At that point, you really have no choice but to downsize the company itself to get control over the problem, or just dump funds into repairing your IT bureaucratic infrastructure.
I'm never a huge fan of bureaucracy, but you need a competent and functional bureaucracy to do anything at scale.
Too much bureaucracy is also not good, agreed but Jesus, thousands of fingers in the pie is not healthy for the final product. Those tiktok hoes showing their "day in a life of an X intern" where x stands for twitter, facebook etc has shown me that it was probably 50% adult daycare and the rest actually useful people who work on stuff that keep the ball rolling.
I don't work as a developer but I would probably quit, too. It's not worth keeping something that's on lifesupport alive for that long just to keep festering. Twitter is just one, I don't want to know how bad it is @ facebook, google etc.
I'm not trying to white-knight bureaucrats here, but I'm saying I do think it has a reason to exist.
And yeah, if I saw how Twitter was run, I wouldn't risk it. Golden handcuffs are cute for a moment, but not forever.
Yeah, I'm at a mismanaged small game studio, and we still have solid security barriers between testing and production environments.
Lackadaisical opsec is very common at private companies. Corporations (in addition to those industries you mentioned) have a responsibility to shareholders to hold higher levels of security and follow standard practices. As we see here Parag was lying in the annual reports.
"No one will ask you for your password"
so they send you their password anyway, without asking
SIGH...
It's adorable how you think the government has good security controls. The stories I could tell you about the level of access I had to government systems would upset you.
I had a former colleague go into government security.
When we heard that we all simultaneously went: "oh god!"
Oh, you don't just have unlimited access to everything all the time in the production environment?
That's the hallmark of a company that's constantly a few days from utter collapse. You let the productive people touch anything they want, because they'll scrape together just enough to keep the systems running, even if it's not 'their job'.
Agreed. Though, as a pedantic argument, I'd say it's evidence of a poorly organized company, but if a company is badly organized "a few days from utter collapse" can typically be the same thing, especially given it's size.
Downsizing is typically the best way to save a poorly organized company because a smaller company can better adapt to structural re-organization than a larger one can.
If you can bulldoze the structural failures out of the way of the productive people, you'll get a chance to recover.
Exactly this.
Work for a huge software company and doing something like this is a sure way to get fired faster than you can say security audit.
Musk made the correct decision in firing the majority of staff as it removed the majority of the spyware as well
You just have to at that point. Even without talking about trying to alter the political culture, you basically gotta fire everyone to alter the security culture.
Even tiny shops with 5 employees aren't that retarded.
There's probably a single IT guy working for a franchise of flower shops, who's recording customer data on petunias, looking through this shit and saying: "I would never be this reckless with our customer's data!"
It's far easier to get five men to not be retarded than to get an entire organization to. I dunno what to tell you.
Not only that, an organisation that is OVERSTAFFED to the brim. They had pencil pushers and the likes working for them who could just up and Touch production machines. Wtf.
The over-bureaucracy is also a sign of a bad culture. The reason you need that level of micro-management is because people are already not doing their jobs. Rather than taking corrective action on poor performers, you end up having to manage bad performers. But if you have bad managers, then you need to have managers manage the managers to manage the bad performers.
Worse, when bureaucracy gets bad, people start cheating the system to make it faster, which means you've *created corruption.
Suddenly, you've got a positive feed-back loop that's spiraling out of control. You're using managers to tackle corruption in other managers, who are corrupt to increase the speed of the system, so some people are just getting away with it, so the rules aren't being followed or enforced properly, and everyone's stepping on each others toes, and no one's getting anything done.
No wonder he tried getting out of buying the company. He must have taken one look at this shit and gone "holy fucking shit, this place is about to fucking implode".
He didn't just buy a crime scene, he bought a crime scene that was an actively burning building. The bot problem was not even 10% of the severity of problems Twitter had.
So Twitter is basically a silicone valley squatter's nest?
Silicone Valley is Hollywood. ;)
I'd argue that it's more the San Fernando Valley.
Ha
Guy seems to be a disgruntled employee who was fired. He also seems to be far-left (a pro-Trump insider sabotaging Twitter because of the J6 nothing-burger, really?). While I would not be surprised if this were true, I wouldn't be surprised if he made it up either.
Some of this isnβt particularly surprising. A lack of lower environments is a bit of a shock but the rest isnβt uncommon.