this post was submitted on 02 Feb 2025
142 points (96.1% liked)
Technology
62905 readers
4062 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There are valid questions, many of which revolve around how and why it's used.
Some systems have brain damaged approaches to diagnostics/logging, license enforcement, or remote service/update systems that create security holes but are not intentionally malicious.
Security is hard and we should remember Hanlon's Razor.
I get lots of mileage out of Hanlon's Razor, and I acknowledge the rampant incompetence that suggests its applicability, but digital security seems like about the least appropriate place to apply this rule of thumb.
As someone who has to deal with PCI compliance issues, there's plenty of noob mistakes, out-of-date thinking and outright "let's log this data for debugging purposes even though if any regulator found out they'd nuke us from orbit."
Fair enough, I can imagine that pretty easily.