- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- [email protected]
You must log in or register to comment.
This pretty much proves that the US government is experiencing its worst cybersecurity breach ever.
See also https://lemmy.world/post/25293137
Fucking CyberTruck like fucking pile of shit website. What kills me the most is that the fucking things they’re screenshoting, those pages have literal “export to XML” buttons that they could fucking export, save the XML to some shared drive that gets swept, and the put it in some actually secure database.
This whole fucking thing reeks of some fucking weeb ass Roblox hackers whose last project consisted of Lua Script emulating some fucking redstone calculator they wrote in Minecraft. And the export fuction on the thing? It’s just one dimension SUM function CSV exports. Literally no other dimenstions of values to add, shit I would be fucking surprised if a single one of the people writing the goddamn have ever heard of OLAP.
And to top it off, we already have a fucking website that does what this fucking place does, but 846 decillion times better. And it doesn’t have a fucking Instagram esque reel of Tweets of people taking fucking screenshots of an open database.
I can’t wait till the next dumbass gets into the White House and turns this pile of grabage off. Paying these idiots millions to power and run the hardware this pitiful excuse of a website runs on. And all we got for that money is some shit that is about on par as the shit you get from some O’Reilly book called “Building a Government Website Crash Course” with a Bald Eagle dying of bird flu on the cover.
This fucking idiot maybe wants to fucking learn what the hell SQL is.
Firing the IT people because they cost too much is always a good thing to show you the incompetence.
“Why do we have all these IT people? All the tech works fine!”
“Basically, doge.gov has its codebase, probably through GitHub or something,” the other developer who noticed the insecurity said. “They’re deploying the website on Cloudflare Pages from their codebase, and doge.gov is a custom domain that their pages.dev URL is set to. So rather than having a physical server or even something like Amazon Web Services, they’re deploying using Cloudflare Pages which supports custom domains.”
Elmo’s a genius you know
I understand several of those words.
Most websites run off of a server. They’re just using a “repeater” (CloudFlare Pages) to serve directly off of their Github or whatever which is sort of top-shelf slapdashery.
Not serious. Not competent.
What’s sloppy about it? Plenty of blogs and other static sites work that way. In fact, that’s largely how we do deployments at my company, we merge to a special branch and it triggers a deployment.
The database being open is completely sloppy, but deploying through a source control platform is fine.
Well, it’s sloppy for a government website. This is not a private enterprise running out of someone’s garage. There’s many reasons why that should not be an acceptable paradigm for posting government information.
If you’re running a sandwich shop or a metal working shop, posting your phone number and address through CloudFlare Pages is probably fine.
This is not a private enterprise running out of someone’s garage
Neither is the company I work for. We’re not Amazon, but we handle billions of revenue, our users have very high risk jobs, and they are using our software more and more to do these high risk jobs. We have a lot of controls about how things get released (QA team, and every change is tested before and after deployment), we just use our source control to handle the actual deployment.
Whether it’s sloppy depends on their processes (i.e. who validates the change?), not the tools they use.
We don’t use Cloudflare Pages, but we do use automatic deployments, and pretty much anyone on the team can submit a change for deployment. It’ll get reviewed before going live, but that’s a limitation we’ve placed on the tools and process.
No doubt your company has more invested in the domain name than a pointer to pages.dev, as well.
Do we think doge.gov has a QA group? Do we think there’s more than two people who review changes? Or that they even review changes at all?
The setup your company has and what this appears to be (it’s true, this is speculation) is probably vastly more than just “we both use git to manage production pushes”. I’d bet you company has spent a fair number of years getting to this point, and doge.gov has not even secured a proper certificate while suggesting they’re competent to handle the entire financial information of the United States Government.
Do we think doge.gov has a QA group? Do we think there’s more than two people who review changes?
Idk, I don’t work there, nor have I looked into how they’re structured. I’m not going to make assumptions though.
I’d bet you company has spent a fair number of years getting to this point
Yeah, we have a bunch of tooling to make all that magic “just work.” It runs tests, check the health of deploys (and has a sane failover if it’s unhealthy), etc. There’s a lot to it, but at the end of the day, if I really want to, I can push and deploy straight to prod w/o anyone else being involved (I’d probably get fired, but I could do it).
The tech stack isn’t nearly as interesting as the processes surrounding it.
proper certificate
I assume you’re talking about the DB and not the website itself, which is protected by a proper certificate, at least as of Tuesday (that’s when the certificate starts being valid). I don’t know when the website was launched, so I can’t comment on anything before that point, though the domain seems to have been registered since the day after inauguration.
the entire financial information of the United States Government
That’s largely public info, no? I don’t know what exactly is exposed, but honestly, pretty much all financial information (aside maybe from the military and intelligence) should be public record. If it’s not, I’d welcome a breach that exposes it so journalists can look it over and find out what they’re trying to hide.
This is so embarassing. It can’t be the case that these idiots are actually in control of the united states.
Nah they have people helping them. At any second you could stop and they would have no power. But you continually support their project
Hah?
If you stop allowing them to do it they can’t, because they’re OLD PEOPLE with severely impeded cognitive ability
