• tate@lemmy.sdf.org
    link
    fedilink
    arrow-up
    24
    arrow-down
    2
    ·
    4 months ago

    This is a ProPublica story. Why not post that instead of the ArsTechnica reprint?

    The difference for folks in the EU is that ProPublica does not use tracking cookies, and therefore we don’t have to click through their GDPR notice.

      • UnderpantsWeevil@lemmy.world
        link
        fedilink
        English
        arrow-up
        20
        arrow-down
        1
        ·
        edit-2
        4 months ago

        https://www.propublica.org/article/cyber-safety-board-never-investigated-solarwinds-breach-microsoft

        A full, public accounting of what happened in the Solar Winds case would have been devastating to Microsoft. ProPublica recently revealed that Microsoft had long known about — but refused to address — a flaw used in the hack. The tech company’s failure to act reflected a corporate culture that prioritized profit over security and left the U.S. government vulnerable, a whistleblower said.

        So far, the Cyber Safety Review Board has charted a different path.

        The board is not independent — it’s housed in the Department of Homeland Security. Rob Silvers, the board chair, is a Homeland Security undersecretary. Its vice chair is a top security executive at Google. The board does not have full-time staff, subpoena power or dedicated funding.

        Incidentally, this is why people have zero faith in the modern Democratic Party. You get these big fanfare addresses by a President, which consistently resolve into these empty bureaucratic fixtures with neither the inclination nor the authority to perform their stated tasks.

        • AutistoMephisto@lemmy.world
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          4 months ago

          You’re not wrong. The main issue is that the Democratic Party is more like 15-16 different smaller parties in a big trenchcoat. Some are in there by choice, others had to get in because they weren’t strong enough to stand on their own, and didn’t want to have their ideas not be heard by somebody.

          So you’ve got all these different groups beset by a mountain of conflicting interests and decades of infighting, and you are a Democratic Party candidate for the House. Now, to win you need votes and funding. There’s a lot of things that you know your base cares passionately about that you know they have no hope of ever getting from Republicans, but unfortunately they are also things the big ticket donors despise. So, this begins the delicate dance of appealing to all the different groups AND to wealthy donors. Faced with that challenge, what should you do? Well, in practice what happens is your average Democrat tends to pivot away from policy and focus more on process. Y’know, uncontroversial things like bipartisanship, decorum, compromise. And while the lack of these things in DC is something everyone left of center is sick of, they’re not things Democrats can make happen all by themselves, and, moreover, none of them are results. They are means by which results are achieved. “A willingness to compromise” is not a position.

          But see, most Democrats see that the fragile coalition that makes up the DNC rests upon their backs. Should the coalition survive, or should we let it die?

          Personally, I think we should do away with it. Yes, we are the “Big Tent Party”, willing to welcome all who do not identify as “conservatives”, give them a home and a place for their ideas to grow and be heard. Once upon a time, I think the coalition served a genuine purpose. But now, we are a rudderless ship, at the mercy of the storm. One day, someone will take command and right the vessel. On that day, some of the crew may disagree with the captain, and either mutiny or jump ship, and that’s on them if they do.

  • kbin_space_program@kbin.run
    link
    fedilink
    arrow-up
    13
    arrow-down
    1
    ·
    4 months ago

    For a very long time, Salesforce sent login username and password through plain text in URL parameters.

    To the point you could bookmark that URL and skip the login screen. You’d still have to contend with other login security(2FA and/or IP restrictions) but it was a gaping security hole they fixed relatively recently.