Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off Entrust
 
  • Post
  • Reply
tracecomplete
Feb 26, 2017

SlowBloke posted:

Adversary in the middle.

I can't take people who try to use "adversary" in a security context seriously. It just makes me think of the IT guy at work who seems still mad that developers get sudo access, spends a ton of his time arbitrarily blocking specific commands from passing through sudo, while telling everyone who's trying to do work that it's to "protect from the adversary". Also that going around his nonsense because you actually need docker/k8s to do your job so yes you're going to do a little sudo bash as a treat (and developers are supposed to have sudo access in the first place! we have a process for getting it!) that it is a "resume producing event".

* # ¿ Nov 9, 2023 15:22
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 14, 2024 12:28
  • Quote
tracecomplete
Feb 26, 2017

Rescue Toaster posted:

Hopefully OSS at large does some reflection on this and what to do going forward.

More concretely, it's not "OSS at large" but rather all of the companies doing an extraction on it.

It's your employer (the general you, I don't know you specifically--it's definitely mine) who's either using Ubuntu Server off a FTP download or thinks paying for a RHEL contract absolves them of further duty--and while they contribute in some lanes as well this absolutely includes Red Hat and even moreso Canonical. The XKCD comic is right; distros aren't paying it forward to the random projects they package, and then oops!-all-vulns happens and everyone just looks shocked.

Being freely downloadable doesn't absolve one of pay-it-back and pay-it-forward moral obligations, but that's a foreign concept today I guess. I have a history of burning social capital to at least move the needle a tiny bit and put money in the hands of people whose stuff we rely on, but now that I'm at a megacorp I can't even do that. It sucks.

I talked to Tidelift early on in their existence when they were hiring founding engineers and they seemed to at least scope the problem, but they completely failed to do anything about it as they instead tried to capture a sub-RHEL market of OSS by contributing directly instead of enabling maintainers of critical infrastructure.

tracecomplete fucked around with this message at 20:01 on Mar 31, 2024

* # ¿ Mar 31, 2024 19:49
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Infosec Thread: Yes, time to move off Entrust