this post was submitted on 21 Apr 2024
471 points (95.6% liked)

Technology

59731 readers
2387 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 191 points 7 months ago* (last edited 7 months ago) (4 children)

This is what the government gets to farming literally fucking everything out to third parties whose goal is profit instead of making government agencies that exist to do the same job whose goal is to serve the people.

Like, no shit, Sherlock.

[–] [email protected] 57 points 7 months ago (3 children)

Right. This isn’t an issue with Microsoft, it’s an issue of getting a third party to do work when you have very different priorities. Microsoft’s priority is to make money, as all companies do. The governments priority is to have a safe and secure service. The two don’t match, so the government should have created and maintained a safe and secure service.

The biggest issue is that people don’t want the government to over-spend on anything, so they don’t want the government to pay tech people tech salaries. So even if they did just do it themselves, you can’t trust it’s done by the best people because it’s only done by those who are willing to work at 30% of the pay.

So the issue isn’t really with Microsoft, it’s with the government for not being aware of priorities, and not being willing to pay for what’s important.

[–] CheeseNoodle 42 points 7 months ago (2 children)

Government spending 101:
Paying private sector rates? unnafordable!
Paying a private company who pays their employees those same private sector rates plus a huge margin on top? totally reasonable!

load more comments (2 replies)
[–] [email protected] 8 points 7 months ago* (last edited 7 months ago) (2 children)

you can’t trust it’s done by the best people because it’s only done by those who are willing to work at 30% of the pay.

I dunno, I think I'd consider having enough scruples to care more about what you produce than how much you get paid to be "The Best." Some of "The Best" programmers I have seen are fully on the Free Open Source Software bandwagon.

Because I can't trust that those who are profit-oriented are willing to bring "the best" without doing things exactly like in the article. "The Best" are busy nickel and diming you to death while hiding their best work from you. That's not the best, that's a selfish asshole who doesn't give a flying fuck about the future of humanity, only themselves. That's far from "The Best." That's just "Fuck you, got mine."

load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 33 points 7 months ago (3 children)

The Pentagon needs to have Elon Musk sit in on their Russia-Ukraine meetings because he owns 50% of all satellites in orbit and if he wanted to he could single handedly sway the war effort. Some guy with money literally bought his way into top level Pentagon meetings.

load more comments (3 replies)
load more comments (2 replies)
[–] Fedizen 69 points 7 months ago* (last edited 7 months ago)

Its kind of funny to me that by pushing data harvesting of OS's and office data then selling it to 3rd parties Microsoft has probably become the biggest security threat to the US government, maybe ever. And its all because the US refuses to pass basic consumer privacy protections.

[–] [email protected] 58 points 7 months ago (1 children)

Microsoft knows the government needs something, and is insistent on squeezing as many of your tax dollars from them as possible, or leaving us all vulnerable.

Capitalism is terrorism.

[–] Fedizen 18 points 7 months ago (1 children)

Literally the plot of the new fallout show

[–] [email protected] 6 points 7 months ago (1 children)

oh do I need to watch that?

[–] Fedizen 12 points 7 months ago

I would recommend.

[–] pelya 56 points 7 months ago (17 children)

Once the government switched to Linux en-masse, Microsoft will have no leverage whatsoever, no solution they can possibly propose will beat free software.

LibreOffice is totally adequate for most government jobs.

It's not like there's no precedent, Germany's government already switched to Linux

The only possible way to generate money is through the use of online document editing services, but Google Docs pretty much cornered the market here.

[–] ObviouslyNotBanana 80 points 7 months ago (1 children)

I just want to clarify that a german state switched. Not Germany.

[–] irreticent 11 points 7 months ago* (last edited 7 months ago)

And, IIRC, it's just a trial to see if it will work.

Edit: I should have read the article linked in a comment above...

"As spotted by The Document Foundation, the government has apparently finished its pilot run of LibreOffice and is now announcing plans to expand to more open source offerings."

"In 2021, the state government announced plans to move 25,000 computers to LibreOffice by 2026. At the time, Schleswig-Holstein said it had already been testing LibreOffice for two years."

So, it seems the trial may be over and they are migrating for good.

[–] [email protected] 18 points 7 months ago (4 children)

I'm honestly surprised the us govt hasn't developed their own pos locked downed Linux os.

[–] [email protected] 12 points 7 months ago (2 children)
load more comments (2 replies)
[–] Hildegarde 5 points 7 months ago (1 children)
load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 17 points 7 months ago (1 children)

Even if libre office didn't offer those features, I'd be willing to bet the gov could donate 1/100 what they pay Microsoft in a year to have them implemented.

load more comments (1 replies)
[–] [email protected] 10 points 7 months ago

Just for the record : Schleswig-Holstein is only one of Germany’s 16 states. Let's hope the rest of Germany will follow.

[–] [email protected] 7 points 7 months ago* (last edited 7 months ago)

France is here a better example. The Gendarmerie has its own distribution based on Ubuntu called GendBuntu. The state developed Tchap, a messaging system based on matrix. And many are looking to Linux to simply cut the cost like the french army.

Side note: The app Fedilab has its package name based on the french government open source projects (fr.gouv.etalab.mastodon).

load more comments (11 replies)
[–] [email protected] 51 points 7 months ago* (last edited 7 months ago)

Microsoft, an early example of enshittification. I read about the pay-to-play nickel and diming of security logs to cloud providers. Logs which would help identify intrusions. Theres just been so many examples of security failuers that highlight the company knows its embedded status within the US govt, and knows it can do less for more.

[–] [email protected] 43 points 7 months ago (3 children)

sure its fun to shit on public servants being old and not wanting to change from microsoft office. there is more then a little truth in that.

but IT departments are often staffed with techs that cant and dont want to do anything but microsoft, it really doesnt matter how much better linux is.

[–] [email protected] 28 points 7 months ago (1 children)

As an IT sys-admin, you're largely correct. We are losing the essence more and more of proper sys-admin work.

IT staff are becoming more ecosystem maintainers than actual integrators and solutions experts. Instead of doing deep research on the problem and architecting actual solutions, many sys-admins just send off a quote request to a single external vendor and then call it good.

The research, quoting, planning, implementation, configuration, testing, monitoring, and maintenance are all outsourced. The sys-admins are just left with a simple web dashboard or desktop app that they often don't even understand well, and a support line for when things need to get fixed/upgraded.

It's a glorified help desk position in many cases. I've worked with several 10-15+ year admins that don't even know how to spec out a server, how to architect a basic network topology, how to optimize a SAN or NAS solution, etc.

They go with the default without a second thought. Email = O365 Office apps = MS Office suite Virtualization = VMware/Azure/HyperV Servers = HP/Dell

And because they are used to it, it propagates onward. If you want to break out of that, you have to be intentional every step of the way.

[–] [email protected] 11 points 7 months ago

On the other side of this, you have company's that are in tangential fields looking to grab up a piece of that pie. Electricians, low voltage companies, fucking furniture companies (oh, we totally do audiovisual, that's similar enough), the C-suite is trying to force their way into this new golden goose and expecting their staff to be able to handle this without training, time, or real hands on experience. And, no, a 2 day workshop from a manufacturer isn't really "training", at least not the only training needed...

[–] SupraMario 17 points 7 months ago (4 children)

It's no IT.... it's what everyone knows and what developers make their software for. Most enterprise software is windows designed, it's an ecosystem that's very hard to break away from.

[–] Kyouki 10 points 7 months ago

This hits the nail perfectly, as well as users just only knowing Windows because it's the first type of device you learn most likely through the schooling system.

  • IT I do run Linux myself and plan on deploying more Microservices through it.
load more comments (3 replies)
[–] [email protected] 17 points 7 months ago

but IT departments are often staffed with techs that cant and dont want to do anything but microsoft, it really doesnt matter how much better linux is.

Yeah, I've met such. When they encounter the need to use Linux, their critique of it is connected to the first link in Google not working by copy-paste.

[–] ThePyroPython 39 points 7 months ago

Well y'all decided that finding and keeping zero-day exploits were more important than contacting the companies to fix them because you looked at both approaches and decided that intelligence gathering scale > cyber security robustness.

[–] [email protected] 24 points 7 months ago (1 children)

I cannot disclose any details but this article vastly undersells the risk and how exposed the US is. It is definitely goes well beyond government exposure.

[–] [email protected] 21 points 7 months ago (2 children)

It's not like theres's an NSA backdoor key called NSAkey in windows or something...

[–] [email protected] 24 points 7 months ago (2 children)

Windows is not the problematic Microsoft product. Not even close. If you understood how much of the US infrastructure and controls are consolidated under Microsoft cloud services, you'd never sleep again. Cloud was fine back when it was a product catering small and medium companies but when large corporations started migrating their critical infrastructures to cloud services to offload responsibilities, we really went off into the weeds.

[–] [email protected] 11 points 7 months ago

Not only cloud infrastructure, tons of industrial automation devices are more or less open on the Internet. Best case that's just a few minutes downtime in a factory, worst case someone fries the grid and destroys water treatment plants.

And even the actual applications being written for the government aren't that great. The lowest bidder gets the contract, and security is really easy to cheap out on, if you're doing just enough to not be legally liable - which isn't hard.

The older I get and the more insights in the inner workings of the technical infrastructure I get, the more I'm surprised we're not actively collapsing right now. It's scary how abysmal security is and it's scary how unprepared society is. Just as a hint: the European power grid spans the entire EU, Balkans, Turkey, Ukraine. There's no plan how to restart the grid, if it shuts down entirely. None. Complete terra incognita.

[–] doublejay1999 6 points 7 months ago (2 children)

No need to be quite so cloak and dagger mate, it fairly obviously to any one who pauses to think.

People have been calling out the problems of corporate oligarchy for more than a decade. This is merely part of that .

It’s systemic risk, not merely technical

[–] [email protected] 5 points 7 months ago (1 children)

He's not being cloak and dagger. He's an old guy (double spacer spotted) who works in the military or private sector under NDA and can't talk about it.

Or he's LARPing. But the double spaces make me believe him.

[–] [email protected] 6 points 7 months ago (1 children)

Spot on. 51yo. Corporate. NDA'd to hell and back.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 5 points 7 months ago

Forgot about that one. Let's share what Wikipedia has on it : https://en.wikipedia.org/wiki/NSAKEY

[–] [email protected] 21 points 7 months ago

Now for all governments in the world: install Linux already and get it over with. Cut your dependence on an abusive and crappy software vendor

[–] menemen 20 points 7 months ago (2 children)

The US at least has some degree of control over Microsoft. How much worse is that the EU is still not developing an own OS/distro?

[–] [email protected] 20 points 7 months ago* (last edited 7 months ago) (2 children)
  1. SUSE is an in germany founded company (now in Luxembourg)
  2. https://www.sovereigntechfund.de/
  3. Not having a government directly develop a "blessed OS" is probably for the better
load more comments (2 replies)
[–] [email protected] 13 points 7 months ago (1 children)

There were grassroots movements like the Limux project (Munich using a custom Linux distribution). But that got shut down by Microsoft bribery (not confirmed, but MS did build a new headquarters in Munich...).

load more comments (1 replies)
[–] [email protected] 18 points 7 months ago (1 children)
load more comments (1 replies)
[–] Treczoks 18 points 7 months ago* (last edited 7 months ago)

Whoever uses Microsoft products should be aware from the start that security is a low priority for them. If you can accept the risk, fine. If you can't, think about the consequences.

[–] doublejay1999 15 points 7 months ago (1 children)

I feel like they are so close to an epiphany……

load more comments (1 replies)
[–] [email protected] 13 points 7 months ago (5 children)

Which then raises the question: why isn't the US using open source software everywhere, paying the same -or very likely - much less to maintain and expand said software? Can you imagine the money stream towards thousands of devs fixing any (but, feature or security) issue, which they would already do for free? Finally some recognition and so on.

Finally they'd have software that they can trust and rely upon, it'll kill one huge company and spawn hundreds of smaller companies. Win-win all around

[–] [email protected] 10 points 7 months ago (3 children)

Because there is seldom a good replacement for the majority of software that enterprises use.

load more comments (3 replies)
load more comments (4 replies)
[–] [email protected] 11 points 7 months ago (2 children)

I'd focus on enforcing standards and interoperability first, in a serious an highly punitive fashion for offenders.

If you can read/write your spreadsheet using any spreadsheet tool or OS you're half-way there and will've severely hampered the old embrace-extend-extinguish (it's still a thing).

load more comments (2 replies)
[–] [email protected] 9 points 7 months ago

This is the best summary I could come up with:


Interview Microsoft has a shocking level of control over IT within the US federal government – so much so that former senior White House cyber policy director AJ Grotto thinks it's fair to call Redmond's recent security failures a national security issue.

Grotto this week spoke with The Register in an interview you can watch below, in which he told us that exacting even slight concessions from Microsoft has been a major fight for the Feds.

"If you go back to the SolarWinds episode from a few years ago … [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said.

Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern.

But what can be done to solve the problem when 85 percent of US government productivity software, by Grotto's reckoning, and even more operating system share, belongs to Redmond?


The original article contains 352 words, the summary contains 228 words. Saved 35%. I'm a bot and I'm open source!

[–] [email protected] 9 points 7 months ago* (last edited 7 months ago)

Time for a change!

[–] werefreeatlast 7 points 7 months ago

Let me explain...the same people that brought you windows 3, 95, 98, 2000, nt, XP, etc now want to obtain everything you type via an AI tool they created.

They would know all your health history, everything you scan, your photos relating to family and work secrets, etc. for the corporate, they would know who from LinkedIn will get the job and who will be fired. They will know about layoffs and about business secrets and success. Etc.

It's pretty simple. Rather than just a keylogger, Microsoft wants you to use a smart keylogger that they control. How is that not the dumbest thing to ever use at work? It's gotta be the biggest IT security failure ever.

load more comments
view more: next ›