Let's also not forget about the systemic issues that lead to the symptoms as described in the article. The problem is not the symptoms, the problem is why those symptoms are there in the first place...
I don't remember where I found this, but this is very apt (and while I do not condone all viewpoints in this blurb, the gist of it, I think is accurate): ---BEGIN--- And that is the direction programming has taken since Day 1. As the old saying goes, there's never enough money to do it right, but there's always money to do it over. Once upon a time programmers were engineers. With a degree. From a proper university. Nowadays, programmers are anyone with a keyboard. That might be good from a diversity point of view, but the downside is that those who can properly analyze a project and write good code are drowned in the masses of rent-a-suit shops and shipped-in-from-overseas keyboard mashers who may or may not have the chops but whose main quality is being cheap. Let me put this another way : my wife is fanatical about shoes. She has upwards of sixty pairs and, every time we stroll the streets of a new town or city we've never been to before, she can't help but be magnetically attracted to any store front that has pairs on display. After 15 years of marriage (that was already a good while back), she surprised me one day when, out of the blue, she declared that she was fed up with buying cheap shoes. She stated, and I quote : "I'd rather have one or two good pairs a year than buy a pair every month that won't last more than 8 months". I lit a candle that day. There is a market for cheap shoes, throwaway items that won't last, and that's fine. There is also a market for quality items that people need, items that will endure and give pride and pleasure to their owners for a long time. DevOps is the cheap throwaway market. Everything is described to make everyone believe that whatever issues exist will be solved by the next iteration, so they are not important. Sorry, but programming is not cheap. Programming is the very lifeblood of companies today, and there are some unavoidable medical practices and costs when it comes to dealing with lifeblood. The slew of hacking issues of last year (2017) demonstrate clearly that security is not something you just pay lip service to. I would like the industry to take a step back and realize that nothing that has ever been made in a rush has ever lasted or performed as expected. I would also like to win the lottery. I know which has a better chance of happening. ----END---- On 2/8/20 11:10, Yosem Companys wrote: > Excerpts: > > Rahjerdi said that the app contains default React Native metadata > and that it comes off as a "very very off the shelf skeleton project > plus add your own code kind of thing. Honestly, the biggest thing > is—I don’t want to throw it under the bus—but the app was clearly > done by someone following a tutorial. It’s similar to projects I do > with my mentees who are learning how to code," Rahjerdi said. "They > started with a starter package and they just added things on top of > it. I get deja vu from my classes because the code looks like > someone Googled things like 'how to add authentication to React > Native App' and followed the instructions," Rahjerdi said. > > > > A team of researchers at Stanford University, including former > Facebook chief security officer Alex Stamos and students Jack Cable, > Pierce Lowary, and Alex Zaheer, said that while analyzing the app, > they found potentially concerning code within it, including > hard-coded API keys. Motherboard decompiled the app and verified the > presence of an API key. Stamos' concern was that a hacker could > potentially change or reset data on the servers. Stamos added that > he was not comfortable probing the company's backend without its > permission. Shadow insisted that the app was configured correctly. > > > Preview image > <https://links99.mixmaxusercontent.com/5e196044087550002eab97f3/l/RKeHi70KtyeN2JRYg?messageId=CNZQ5xKAuEa09tJPI&rn=gIUxkI&re=IyZy9mLoNWZ052bpRXYyVmYpxmLzR3cpxGQ0xmI&sc=false> > > > > An ‘Off-the-Shelf, Skeleton Project’: Experts Analyze the App That Broke > Iowa > <https://links910.mixmaxusercontent.com/5e196044087550002eab97f3/l/oKWlT4vnNWCzNPuoL?messageId=CNZQ5xKAuEa09tJPI&rn=gIUxkI&re=IyZy9mLoNWZ052bpRXYyVmYpxmLzR3cpxGQ0xmI&sc=false> > > Multiple experts analyzed Shadow Inc.’s Iowa caucus app. They found all > kinds of problems. > <https://links910.mixmaxusercontent.com/5e196044087550002eab97f3/l/dRVqGp2tefPuworV3?messageId=CNZQ5xKAuEa09tJPI&rn=gIUxkI&re=IyZy9mLoNWZ052bpRXYyVmYpxmLzR3cpxGQ0xmI&sc=false> > > > vice.com > <https://links910.mixmaxusercontent.com/5e196044087550002eab97f3/l/orOjZspFb3y4DYPOF?messageId=CNZQ5xKAuEa09tJPI&rn=gIUxkI&re=IyZy9mLoNWZ052bpRXYyVmYpxmLzR3cpxGQ0xmI&sc=false> > Mixmax <https://mixmax.com/r/5e196044087550002eab97f3?ref=Website > preview> > > > >
signature.asc
Description: OpenPGP digital signature
-- Liberationtech is public & archives are searchable from any major commercial search engine. Violations of list guidelines will get you moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, change to digest mode, or change password by emailing [email protected].
