I would quit too. It's too fucking dangerous that if I'm a developer I'm going to get blamed because of an institutional failure.
At that point, you really have no choice but to downsize the company itself to get control over the problem, or just dump funds into repairing your IT bureaucratic infrastructure.
I'm never a huge fan of bureaucracy, but you need a competent and functional bureaucracy to do anything at scale.
Too much bureaucracy is also not good, agreed but Jesus, thousands of fingers in the pie is not healthy for the final product. Those tiktok hoes showing their "day in a life of an X intern" where x stands for twitter, facebook etc has shown me that it was probably 50% adult daycare and the rest actually useful people who work on stuff that keep the ball rolling.
I don't work as a developer but I would probably quit, too. It's not worth keeping something that's on lifesupport alive for that long just to keep festering. Twitter is just one, I don't want to know how bad it is @ facebook, google etc.
Lackadaisical opsec is very common at private companies. Corporations (in addition to those industries you mentioned) have a responsibility to shareholders to hold higher levels of security and follow standard practices. As we see here Parag was lying in the annual reports.
It's adorable how you think the government has good security controls. The stories I could tell you about the level of access I had to government systems would upset you.
That's the hallmark of a company that's constantly a few days from utter collapse. You let the productive people touch anything they want, because they'll scrape together just enough to keep the systems running, even if it's not 'their job'.
Agreed. Though, as a pedantic argument, I'd say it's evidence of a poorly organized company, but if a company is badly organized "a few days from utter collapse" can typically be the same thing, especially given it's size.
Downsizing is typically the best way to save a poorly organized company because a smaller company can better adapt to structural re-organization than a larger one can.
If you can bulldoze the structural failures out of the way of the productive people, you'll get a chance to recover.
You just have to at that point. Even without talking about trying to alter the political culture, you basically gotta fire everyone to alter the security culture.
There's probably a single IT guy working for a franchise of flower shops, who's recording customer data on petunias, looking through this shit and saying: "I would never be this reckless with our customer's data!"
Not only that, an organisation that is OVERSTAFFED to the brim. They had pencil pushers and the likes working for them who could just up and Touch production machines. Wtf.
The over-bureaucracy is also a sign of a bad culture. The reason you need that level of micro-management is because people are already not doing their jobs. Rather than taking corrective action on poor performers, you end up having to manage bad performers. But if you have bad managers, then you need to have managers manage the managers to manage the bad performers.
Worse, when bureaucracy gets bad, people start cheating the system to make it faster, which means you've *created corruption.
Suddenly, you've got a positive feed-back loop that's spiraling out of control. You're using managers to tackle corruption in other managers, who are corrupt to increase the speed of the system, so some people are just getting away with it, so the rules aren't being followed or enforced properly, and everyone's stepping on each others toes, and no one's getting anything done.
No wonder he tried getting out of buying the company. He must have taken one look at this shit and gone "holy fucking shit, this place is about to fucking implode".
He didn't just buy a crime scene, he bought a crime scene that was an actively burning building. The bot problem was not even 10% of the severity of problems Twitter had.
So basically Twitter was run the same way every single other IT environment is? Anyone who is surprised by this is not familiar with the industry.
Apparently I'm in a lucky part of the industry, because this is fucking insanity to me.
That is correct, yes.
Same, I know multiple people who would just up and quit if this was the standard. We aren't too big but we have to take security very seriously.
I would quit too. It's too fucking dangerous that if I'm a developer I'm going to get blamed because of an institutional failure.
At that point, you really have no choice but to downsize the company itself to get control over the problem, or just dump funds into repairing your IT bureaucratic infrastructure.
I'm never a huge fan of bureaucracy, but you need a competent and functional bureaucracy to do anything at scale.
Too much bureaucracy is also not good, agreed but Jesus, thousands of fingers in the pie is not healthy for the final product. Those tiktok hoes showing their "day in a life of an X intern" where x stands for twitter, facebook etc has shown me that it was probably 50% adult daycare and the rest actually useful people who work on stuff that keep the ball rolling.
I don't work as a developer but I would probably quit, too. It's not worth keeping something that's on lifesupport alive for that long just to keep festering. Twitter is just one, I don't want to know how bad it is @ facebook, google etc.
Yeah, I'm at a mismanaged small game studio, and we still have solid security barriers between testing and production environments.
Lackadaisical opsec is very common at private companies. Corporations (in addition to those industries you mentioned) have a responsibility to shareholders to hold higher levels of security and follow standard practices. As we see here Parag was lying in the annual reports.
"No one will ask you for your password"
so they send you their password anyway, without asking
SIGH...
It's adorable how you think the government has good security controls. The stories I could tell you about the level of access I had to government systems would upset you.
I had a former colleague go into government security.
When we heard that we all simultaneously went: "oh god!"
Oh, you don't just have unlimited access to everything all the time in the production environment?
That's the hallmark of a company that's constantly a few days from utter collapse. You let the productive people touch anything they want, because they'll scrape together just enough to keep the systems running, even if it's not 'their job'.
Agreed. Though, as a pedantic argument, I'd say it's evidence of a poorly organized company, but if a company is badly organized "a few days from utter collapse" can typically be the same thing, especially given it's size.
Downsizing is typically the best way to save a poorly organized company because a smaller company can better adapt to structural re-organization than a larger one can.
If you can bulldoze the structural failures out of the way of the productive people, you'll get a chance to recover.
Exactly this.
Work for a huge software company and doing something like this is a sure way to get fired faster than you can say security audit.
Musk made the correct decision in firing the majority of staff as it removed the majority of the spyware as well
You just have to at that point. Even without talking about trying to alter the political culture, you basically gotta fire everyone to alter the security culture.
Even tiny shops with 5 employees aren't that retarded.
There's probably a single IT guy working for a franchise of flower shops, who's recording customer data on petunias, looking through this shit and saying: "I would never be this reckless with our customer's data!"
It's far easier to get five men to not be retarded than to get an entire organization to. I dunno what to tell you.
Not only that, an organisation that is OVERSTAFFED to the brim. They had pencil pushers and the likes working for them who could just up and Touch production machines. Wtf.
The over-bureaucracy is also a sign of a bad culture. The reason you need that level of micro-management is because people are already not doing their jobs. Rather than taking corrective action on poor performers, you end up having to manage bad performers. But if you have bad managers, then you need to have managers manage the managers to manage the bad performers.
Worse, when bureaucracy gets bad, people start cheating the system to make it faster, which means you've *created corruption.
Suddenly, you've got a positive feed-back loop that's spiraling out of control. You're using managers to tackle corruption in other managers, who are corrupt to increase the speed of the system, so some people are just getting away with it, so the rules aren't being followed or enforced properly, and everyone's stepping on each others toes, and no one's getting anything done.
No wonder he tried getting out of buying the company. He must have taken one look at this shit and gone "holy fucking shit, this place is about to fucking implode".
He didn't just buy a crime scene, he bought a crime scene that was an actively burning building. The bot problem was not even 10% of the severity of problems Twitter had.