617
Why is everything these days so broken and unstable?(self.sysadmin)
Am I going crazy? Feels like these days every new software, update, hardware or website has some sor...
since 3 months ago
16 of 16
Tip Reveddit Real-Time can notify you when your content is removed.
your account history
Tip Check if your account has any removed comments.
view my removed comments you are viewing a single comment's thread.
view all comments
I thought of a few reasons:
Its like support staff are reading some or other vulnerability document and explaining to management why or why not to worry.
And everything is perceived as a Cyber Security threat, so everything is rushed.
Not only that, we have an industry full of "security professionals" with no tech knowledge whatsoever. They are paper pushers and just see CVEs from a scan and go "you must patch these immediately" without regard for whether the company is actually vulnerable to them or not.
"You have CVE blah blah, patch now." "That vulnerability requires physical access, and the machine affected is a secured facility. We have some time, let's patch during our next maintenance window." Security: "???? Patch now."
There's no actual analysis of risk going on.
"You have CVE foo-bar-baz on all your systems, patch immediately."
You didn't bother to look at the package inventory document for those systems that shows that we don't even have it installed. Aargh.
heh, the fire drill over log4j was a prime example: remote code execution, but on a config nobody in my company was using at all.
It's not even that necessarily. It's the siloed structure of organizations combined with the rush to push updates.
We had an outage in our VDI environment and were trying to make inroads with stability, and then management steps in and tells us we have to add like, seven things all at once, each with a backend component that has to be updated live because no dev environment set up yet.
The best way to describe a cyber security analyst/engineer is a Hammer.
If you are a hammer then everything will look like a nail.
You wish that this were the actual reason that these things were happening.
It's features that get rushed, and in rushing them, security issues are generated -- often egregious ones. Some of those fixes are egregious enough to fix quickly, but most are dragged out.
No, it's new features and the speed they are pushed out that are primary factors. Cybersecurity is anywhere from 5-10 in that list of probable causes.
Yep. And the blame ultimately falls on the business side and leadership for not allowing the project deadline to be pushed back. Bonuses depend on completing on time.
The shift from large software suites that were shipped once and then updated once every few years (minus security updates) versus the "ship it now, fix it next month" software as a service model is driving a lot of this. I've been on any number of teams where the bug bar means very little, because the next ship window is only a month or a few months away so there's an inability to have a cohesive story around what needs to be fixed, why, whether or not the bug bar is appropriate, what are the actual customer pain points, how much actual user acceptance testing can be done vs. unit testing or functional testing, etc. There are too few people doing the program management side of the job, too few people doing dev work, too few people doing test/QA, and a lack of ability to change the direction of the ship because "all of our competitors are doing this too, and they'll ship <X> faster than us and gain marketshare so we must continue" as a mantra from higher up - this may or may not be real, but it's perceived to be real so it ends up being real regardless.
I crashed the production db's today during implementing AV-policies due to bad naming convention where production,testing and acceptance env. are difficult to distinguish.
Welcome to the club. We've all taken down production at some point.
#4 Vendors develop features faster than they can support them because non-technical people are making technical decisions based on what vendors can throw on a marketing slide. They would rather have a bunch of customers who are complaining about bugs than no customers at all.
Product A has 100% uptime and 100 features, product B has 99.9% uptime and 200 features. Guess which one most organizations will go for?
Also price discovery. A product that's good value is wasting profit.
Just good enough that people tolerate it for the price means there's room to upsell.
Add AI into this with less and less QA checking the code it’s writing that has replaced some 30% of staff
Adding to this monopoly companies or companies that get to big to quick end up losing good tech support and cannot keep up to all the tools/apps they provide. Microsoft and Palo Alto are good examples of this