The aftermath to the recent Microsoft Azure hack by suspected PRC actors.

What is the solution to this? Make sure cloud services are open source so they can be independently vetted? If government and corporate entities chose to use open source solutions, most are presented “as is” with no warranty.

  • ookees@beehaw.org
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I forgot about the build bug. Ghost token I was unaware of. Ok so two? And ghost token required users to have had a allowed the malicious app in question.

    Meaningful customers is an opinion. I can list a bunch.

    • shagie@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      That was one tweet in a tweet thread from a… guy who is a bit of a character and does stuff with AWS. He pokes a fair bit of fun at Amazon and others in the cloud.

      The thread reader rollup of it is https://threadreaderapp.com/thread/1173367909369802752.html which is an amusing read by itself.

      My favorite is still:

      “Why use AWS instead of IBM Cloud?”
      “IBM has a cloud?!”
      “I’m as puzzled as you, I’m just reading off the notecard here.”

      The best part of that is when you find out that IBM’s on prem cloud is called “IBM Cloud Private”.

      https://www.ibm.com/docs/en/cloud-private/3.1.1?topic=started-cloud-private-overview

      And then, when the sales teams talk about it, IBM Cloud Private is too long to say again and again… so they start calling it by its abbreviations… not IBMCP but rather ICP… and you start picturing the sales team wearing clown makeup. And when they talk about Machine Learning you share Using AI to Find Where Clowns End and Juggalos Begin with the devops guy sitting next to you and get some muffled chuckles.

      Not that those events have ever happened… or would be admitted to.