Our system wasn’t quite as critical, thankfully, but the app owners failing to respond to “Hey, by the way, your service account for your data base is gonna be closed” is just gross negligence. My condolences that you had to take the brunt of their scrambling to cover their asses.

For all the complaints I may have about certain processes and keeping certain stakeholders in the loop about changing the SQL Views they depend on, at least I acknowledge that plenty of people did heed the announcement and make the switch. It’s just that the “Oops, that mail must have drowned in my pile of IDGAF what our sysadmins are writing about again. Can’t you just give me the new password again, pretty please?” are far more visible.

We had that some time ago with a service account for a specific system where individual personal accounts weren’t (yet) feasible. The credentials were supposed to be treated with confidence and not shared without the admins’ approval. Yeah, you can guess how that went.

When the time came to migrate access to the system to a different solution using personal accounts, it was announced that the service account password would be changed and henceforth kept under strict control by the sysadmin, who would remotely enter it where it was needed but never hand it out in clear text. That announcement was sent to all the authorised credential holders with the instruction to pass it on if anyone else had been given access, and repeated shortly before the change.

The change was even delayed for some sensitive reasons, but eventually went through. Naturally, everyone was prepared, had gone through the steps to request the new access and all was well. Nobody called to complain about things breaking, no error tickets were submitted to entirely unrelated units that had to dig around to find out who was actually responsible, and all lived happily ever after. In particular, the writer of this post was blissfully left alone and not involuntarily crowned the main point of contact by any upset users passing their name on to other people the writer had never even seen the name of.

Maybe it will be enough to alert some of them to those issues? If the effects of corruption are felt more strongly, people may be more vocal about it and realise how many like-minded people there are. Then they may come to wonder how these bills keep getting passed if so many people oppose them.

Or they may keep their heads low for fear of sticking out and becoming the next target, or become dog-in-burning-house impersonators: “This is fine :)”

Reddit went from “I append site:reddit.com when querying google for well-founded and nuanced info” to the opposite.

That sounds like a blockchain with signature verification against a previously established and acknowledged set of keys as consensus mechanism. Pretty reasonable, as far as use cases go.

However, it doesn’t solve the issue of disagreements and community splitting. If one part of the mod team decides to add another mod, but the rest doesn’t, what’s to prevent that part from splitting off and continuing their own version of the moderation chain? How is abuse of power handled? And in case of a split, how are community members informed?

Don’t get me wrong, I’m not saying it’s a poor idea, I’m just saying that it won’t solve the issues of community splits, and I’m not sure anything ever can.

Disturbed - Legion of Monsters

You made sure the world will remember the name
But didn’t the thought even enter your mind?
You′d give a new legion of monsters
A reason to take your life

The song originally is about a school shooting, but the point is the same

I can’t comment on the general trend, but this specific one seems a bit too circumstantial to be of use for a serious spying effort. You’d have to have the spyware running parallel to the apps usong passwords you want to steal in a specific way.

The risk exists, which is bad enough for stochastic reasons (eventually, someone will get lucky and manage to grab something sensitive, and since the potential damage from that is incalculable, the impact axis alone drives this into firm "you need to get that fix out asap), but probably irrelevant in terms of consistency, which would be what you’d need to actually monitor anyone.

If you manage to grab enough info to crack some financial access data, you can steal money. If you can take over some legit online account or obtain some email-password combo, you can sell it. But if you want to monitor what people are doing in otherwise private systems, you need some way to either check on demand or log their actions and periodically send them to your server.

It would be far more reliable to have injection backdoors to allow you access by virtue of forcing a credential check to come up valid than to hope for the lucky grab of credentials the user might change at an arbitrary moment in time.

You mean the magazine would pay people to write a story people would want to read… only to make money for the magazine? Like, they’re doing it for profit, and not out of the goodness of their hearts? Next you’re going to tell me my grocer is only selling me food to generate revenue.

There’s a difference between “just marketing” and “buy this stuff, but also, turns out Lebanon has quite some distance to go in terms of human rights in general and gender equality in particular”. Companies can’t have morals, because they’re not a natural person, but the humans working for them can, and it’s not unthinkable for this story to be both: An expression of moral frustration on part of the journalist that also happens to be profitable for their employer.

If we divide, we’ll be conquered. That wisom is at least two thousand years old by now. Better to unite and defy.