"THESE 'EXPERTS' LEFT THEIR DATABASE OPEN."
  • Fizz@lemmy.nzEnglish
    0·
    13 days ago

    This is so embarassing. It can’t be the case that these idiots are actually in control of the united states.

    • Optional@lemmy.worldEnglish
      0·
      12 days ago

      It can’t be the case that these idiots are actually in control of the united states.

    • eran_morad@lemmy.worldEnglish
      0·
      12 days ago

      You can thank your compatriots for this horror show. Huh. There’s a double entendre there if you’re familiar with the Russian language, or if you’ve read A Clockwork Orange.

      • rottingleaf@lemmy.worldEnglish
        0·
        12 days ago

        There’s a double entendre there if you’re familiar with the Russian language

        As a Russian speaker, I don’t understand this. Could you elaborate?

        • eran_morad@lemmy.worldEnglish
          0·
          12 days ago

          “Horrorshow” is the Nadsat word that Alex used in A Clockwork Orange to mean “good”. It’s a bastardized transliteration of хорошо.

    • Martijn@lemmy.mlEnglish
      0·
      13 days ago

      It all seems to be rushed and it’s all an attack on political opposition. Doing it well isn’t important. Like a monkey throwing shit at another monkey, they don’t care that they have some shit on their hands, they threw shit at another monkey and that’s what counts. Unfortunately the shit throwing monkeys are the president of the USA and the wealthiest person in the world.

    • KeenFlame@feddit.nuEnglish
      0·
      12 days ago

      Nah they have people helping them. At any second you could stop and they would have no power. But you continually support their project

  • fl42v@lemmy.mlEnglish
    0·
    13 days ago

    What did you expect from a department named after a memecoin anyways

    • Trainguyrom@reddthat.comEnglish
      0·
      12 days ago

      I still think it’s incredible he named his not yet an actual government department after a should-be-treated-as-a-security-by-the-SEC that he pumped and dumped

    • meyotch@slrpnk.netEnglish
      0·
      12 days ago

      I can’t believe people don’t get that. They are trying to delegitimize the parts of our government that help us.

        • vinnymac@lemmy.worldEnglish
          0·
          12 days ago

          It is far more sinister. They are trying to delegitimize them and then replace them with private corporations that they control. It is a long term plan.

          Two of the key ultra conservative goals of P25 are to consolidate power of the executive branch and benefit corporate interests by rolling back regulatory oversight. They are doing a great job of their goal.

          • Maeve@kbin.earth
            0·
            12 days ago

            3-5% of the population general striking and protesting wildly could turn the tide. People say they can’t afford time off work. They won’t have work, if they don’t. At least not paid work.

            • Trainguyrom@reddthat.comEnglish
              0·
              12 days ago

              Current economic indicators aren’t looking good. If the largest employer in the country performs mass layoffs there’ll be a loooot of people out of work and likely not enough jobs to go around

  • Optional@lemmy.worldEnglish
    0·
    12 days ago

    “Basically, doge.gov has its codebase, probably through GitHub or something,” the other developer who noticed the insecurity said. “They’re deploying the website on Cloudflare Pages from their codebase, and doge.gov is a custom domain that their pages.dev URL is set to. So rather than having a physical server or even something like Amazon Web Services, they’re deploying using Cloudflare Pages which supports custom domains.”

    Elmo’s a genius you know

      • Optional@lemmy.worldEnglish
        0·
        12 days ago

        Ohhhh . sssuuure. I mean, when he’s not ketted out to the gills.

        So. Regularly. Maybe even often?

      • Optional@lemmy.worldEnglish
        0·
        12 days ago

        Most websites run off of a server. They’re just using a “repeater” (CloudFlare Pages) to serve directly off of their Github or whatever which is sort of top-shelf slapdashery.

        Not serious. Not competent.

        • sugar_in_your_tea@sh.itjust.worksEnglish
          0·
          12 days ago

          What’s sloppy about it? Plenty of blogs and other static sites work that way. In fact, that’s largely how we do deployments at my company, we merge to a special branch and it triggers a deployment.

          The database being open is completely sloppy, but deploying through a source control platform is fine.

          • Optional@lemmy.worldEnglish
            0·
            12 days ago

            Well, it’s sloppy for a government website. This is not a private enterprise running out of someone’s garage. There’s many reasons why that should not be an acceptable paradigm for posting government information.

            If you’re running a sandwich shop or a metal working shop, posting your phone number and address through CloudFlare Pages is probably fine.

            • sugar_in_your_tea@sh.itjust.worksEnglish
              0·
              12 days ago

              This is not a private enterprise running out of someone’s garage

              Neither is the company I work for. We’re not Amazon, but we handle billions of revenue, our users have very high risk jobs, and they are using our software more and more to do these high risk jobs. We have a lot of controls about how things get released (QA team, and every change is tested before and after deployment), we just use our source control to handle the actual deployment.

              Whether it’s sloppy depends on their processes (i.e. who validates the change?), not the tools they use.

              We don’t use Cloudflare Pages, but we do use automatic deployments, and pretty much anyone on the team can submit a change for deployment. It’ll get reviewed before going live, but that’s a limitation we’ve placed on the tools and process.

              • Optional@lemmy.worldEnglish
                0·
                12 days ago

                No doubt your company has more invested in the domain name than a pointer to pages.dev, as well.

                Do we think doge.gov has a QA group? Do we think there’s more than two people who review changes? Or that they even review changes at all?

                The setup your company has and what this appears to be (it’s true, this is speculation) is probably vastly more than just “we both use git to manage production pushes”. I’d bet you company has spent a fair number of years getting to this point, and doge.gov has not even secured a proper certificate while suggesting they’re competent to handle the entire financial information of the United States Government.

                • sugar_in_your_tea@sh.itjust.worksEnglish
                  0·
                  12 days ago

                  Do we think doge.gov has a QA group? Do we think there’s more than two people who review changes?

                  Idk, I don’t work there, nor have I looked into how they’re structured. I’m not going to make assumptions though.

                  I’d bet you company has spent a fair number of years getting to this point

                  Yeah, we have a bunch of tooling to make all that magic “just work.” It runs tests, check the health of deploys (and has a sane failover if it’s unhealthy), etc. There’s a lot to it, but at the end of the day, if I really want to, I can push and deploy straight to prod w/o anyone else being involved (I’d probably get fired, but I could do it).

                  The tech stack isn’t nearly as interesting as the processes surrounding it.

                  proper certificate

                  I assume you’re talking about the DB and not the website itself, which is protected by a proper certificate, at least as of Tuesday (that’s when the certificate starts being valid). I don’t know when the website was launched, so I can’t comment on anything before that point, though the domain seems to have been registered since the day after inauguration.

                  the entire financial information of the United States Government

                  That’s largely public info, no? I don’t know what exactly is exposed, but honestly, pretty much all financial information (aside maybe from the military and intelligence) should be public record. If it’s not, I’d welcome a breach that exposes it so journalists can look it over and find out what they’re trying to hide.

          • criss_cross@lemmy.worldEnglish
            0·
            12 days ago

            Yeah I think the static page thing was just there to illustrate how the coders reverse engineered the api and saw what was getting called.

            I agree static content alone on CF isn’t “bad”. This perfectly illustrates why you have to have your API shit together when you go with this approach.

  • Snapz@lemmy.worldEnglish
    0·
    12 days ago

    Remember that if you can see something that obvious, imagine all the quiet changes people are making that aren’t being immediately found. Not only the deliberate horseshit from musk and his facsy tots, but other attempts to distort data from traditional bad actors like China and Russia

  • MehBlah@lemmy.worldEnglish
    0·
    12 days ago

    If the trouble shooters are all artless students then what do expect from whoever is running that website?

  • Zier@fedia.io
    0·
    12 days ago

    Someone needs to post jokes about the Swastika Car to President Xelon, that will piss them both off. Also remind President Felon that xelon is pwning him so hard!!!