Google, Amazon and several other gov contractors have been loosening their hiring guidelines since the Obama era when it was required for anyone working on gov cloud or gov anything needed to be U.S. Citizen, then it was just on U.S. soil to finally has to be monitored or reviewed by someone in U.S. which very quickly devolved to get the work done even if no one in the U.S. is awake. As you can imagine it would be easy for anyone to slip and take advantage of such wide gaps in security.
Comment on Pentagon Warns Microsoft: Company’s Use of China-Based Engineers Was a “Breach of Trust”
Reverendender@sh.itjust.works 3 weeks ago
“The program was designed to comply with contracting rules, but it exposed the department to unacceptable risk,” Hegseth said in a video announcement posted on X. “If you’re thinking America first and common sense, this doesn’t pass either of those tests.”
I’m agreeing with Pete Hegseth? WTF is happening right now?
tidderuuf@lemmy.world 3 weeks ago
Windex007@lemmy.world 3 weeks ago
I’m agreeing with Pete Hegseth? WTF is happening right now?
I mean, listen to your gut instincts, which is that you’re being foolish because he is a fool.
If your system demands trust, it’s a bad system. If your system has a written set of rules that don’t actually cover your requirements, it’s a bad system. If the “tests” you imagine post-hoc aren’t part of the system, you’re just opportunistically trying to shift the blame.
You made a deal, set the parameters, and what… Expected the for profit company to ignore their fiduciary duty to shareholders to maximize profit? What is this, your first fucking day of capitalism, Pete?
His response to this is engineered to shift blame, and he’s coming out swinging because ultimately he is to blame. It’s barely more than a political catchphrase. He literally invoked “America First”.
UnderpantsWeevil@lemmy.world 3 weeks ago
The US has long since had a practice of outsourcing labor many times over in pursuit of the lowest labor costs and maximum profit.
Getting your girdle in a twist because you found out the guy on Fiverr debugging your middleware has non-White ancestors maybe misses the root of the problem.
Feyd@programming.dev 3 weeks ago
??? This is about giving chinese nationals root access to US military IT systems to save money. It’s actually terrible opsec and should be a way worse scandal.
Reverendender@sh.itjust.works 3 weeks ago
Yes, but we wouldn’t want to fly in the face of our tradition of letting Microsoft off scott free for severe governmental security breaches, would we?
UnderpantsWeevil@lemmy.world 3 weeks ago
Not how software development works. I don’t have root access to every production system because I can submit pull requests to a Dev instance of the code.
One of the principles of FOSS is that you shouldn’t need security through obscurity. Knowing how a system works won’t compromise its integrity if the security protocols are sound. Having third parties participate in a project shouldn’t compromise the project if the lead developers are doing proper code review and QA. A system that is predicated on being a black box to a hostile government in order to maintain security is rigged for failure.
But, more importantly, the idea that a foreign government can only obtain information on the inner workings of a system when people of that national origin work on the project is severely shortsighted. Do you genuinely believe there aren’t significant numbers of domestic American developers of European ancestry who wouldn’t happily sell access to a foreign government for the right price? Do you genuinely believe there aren’t numbers who could be gulled into exposing the inner workings of their software inadvertently?
Nothing about Hegseth’s complaint improves operational security. He’s hinging his whole worldview on the notion that every other white person at Microsoft is as much of a nationalist as he pretends to be.
Feyd@programming.dev 3 weeks ago
I’m sorry but you just straight up don’t know what incident is being discussed here. Go look it up instead of talking about unrelated bullshit.