If capitalism insists on those higher up getting exorbitantly more money than those doing the work, then we have to hold them to the other thing they claim they believe in: that those higher up also deserve all the blame.
It’s a novel concept, I know. Leave the Nobels by the doormat, please.
I doesn’t seem unfair for executives to earn the vast rewards they take from their business by also taking on total responsibility for that business.
Was there a process in place to prevent the deployment that caused this?
No: blame the higher up
Yes: blame the dev that didn’t follow process
Of course there are other intricacies, like if they did follow a process and perform testing, and this still occurred, but in general…
How could one Dev commit to prod without other Devs reviewing the MR? IF you’re not protecting your prod branch that’s a cultural issue. I don’t know where you’ve worked in the past, or where you’re working now, but once it’s N+1 engineers in a code base there needs to be code reviews.
Git Blame exists for a reason, and that’s to find the engineer who pushed the bad commit so everyone can work together to fix it.
Blame the Project manager/Middle manager/C-Level exec/Unaware CEO/Greedy Shareholders who allowed for a CI/CD process that doesn’t allow ample time to test and validate changes.
Software needs a union. This shit is getting out of control.
Casual hard R slur in chat
Edit who the fuck is downvoting me and therefore defending using a slur?
Apparently a snowflake deleted my comment too lol
I’m going to guess it was a libertarian who took exception to my calling them out hahaha
Unions often create barriers to new people entering a field and driving wages down. This is an issue for many devs, like me, because I don’t have a degree, I’m self taught and freelance- I’m worried I’d be forced out of the field or into more formal employment by licensing or other requirements. Neither of which I want.
Yeah every time I’ve ever looked into it there’s always someone talking about “protecting the field from amateurs”. And usually that means protecting the field from people who don’t have a degree.
I actually do have a degree but it’s in forensics. I just let them fill the blank in for themselves and let them think it’s digital forensics.
Or it needs to be a profession.
Licensed professional engineers are expected to push back on requests that endanger the public and face legal liability if they don’t. Software has hit the point where failure is causing the economic damage of a bridge collapsing.
Sounds like the kind of oversight that tends to come with a union and the representation therein.
Software engineering is too wide and deep for licensing to be feasible without a degree program- which would be a massive slap in the face to the millions of skilled self taught devs.
Some states let some people get professional licensure through experience alone. It just ends up taking more than a decade of experience to meet the equivalent requirements of a four year degree.
"George Kurtz, the CEO of CrowdStrike, used to be a CTO at McAfee, back in 2010 when McAfee had a similar global outage. "
I do wonder how frequent it is that an individual developer will raise an important issue and be told by management it’s not an issue.
I know of at least one time when that’s happened to me. And other times where it’s just common knowledge that the central bureaucracy is so viscous that there’s no chance of getting such-and-such important thing addressed within the next 15 years is unlikely. And so no one even bothers to raise the issue.
Reminds me of Microsoft’s response when one of their employees kept trying to get them to fix the vulnerability that ultimately led to the Solar Winds hack.
https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
I’m imagining him going on to do the same thing there and just going “why am I the John McClain of cybersecurity? How can this happen AGAIN???”
If you don’t test an update before you push it out, you fucked up. Simple as that. The person or persons who decided to send that update out untested, absolutely fucked up. They not only pushed it out untested, they didn’t even roll it out in offset times from one region to the next or anything. They just went full ham. Absolutely an idiot move.
The bigger issue is the utterly deranged way in which they push definitions out. They’ve figured out a way to change kernel drivers without actually putting it through any kind of Microsoft testing process. Utterly absurd way of doing it. I understand why they’re doing it that way but the better solution would have been to come up with an actual proper solution with Microsoft, rather than this work around that seems rather like a hack.
This is the biggest issue. Devs will make mistakes while coding. It’s the job of the tester to catch them. I’m sure some mid-level manager said “let’s increase the deployment speed by self-signing our drivers” and forced a poor schmuck to do this. They skipped internal testing and bypassed Microsoft testing.
That mid-level manager also has the conflicting responsibility to ensure the necessary process is happening to reliably release, and that a release can’t happen unless that process happened. They goofed, as did their manager who prized cheapness and quickness over quality
Let them all from the CEO down suffer the consequences that a free market supposedly deals
We still don’t know exactly what happened, but we do know that some part of their process failed catastrophically and their customers should all be ready to dump them.
