Think of all the hard coded auth credentials!
this post was submitted on 17 Oct 2024
170 points (99.4% liked)
Europe
1369 readers
610 users here now
News and information from Europe 🇪🇺
(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)
Rules (2024-08-30)
- This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
- No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
- Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
- No bigotry, sexism, racism, antisemitism, dehumanization of minorities, or glorification of National Socialism.
- Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
- If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
- Light-hearted content, memes, and posts about your European everyday belong in !yurop@lemm.ee. (They're cool, you should subscribe there too!)
- Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
- No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)
(This list may get expanded when necessary.)
We will use some leeway to decide whether to remove a comment.
If need be, there are also bans: 3 days for lighter offenses, 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.
If you want to protest a removal or ban, feel free to write privately to the mods: @federalreverse@feddit.org, @poVoq@slrpnk.net, or @anzo@programming.dev.
founded 3 months ago
MODERATORS
Similar applications don't have to be programmed from scratch every time.
This sounds exactly like a COBOL programmer turned manager I met early in my career.
Major projects can share expertise and costs.
As opposed to tossing a dead raccoon over each other's yard until somebody has to clean it up. Because I cannot imagine such office politics in the government.
Applications paid by the public should be available for everyone.
I demand my right to access military supplies management software code. And a nice Makefile to build that thing at home. Yeah, I have the right to that shit too. For recreational purposes.
With transparent processes, others don't have to reinvent the wheel.
Now this is some fancy gourmet quality Dilbert's pointy haired boss shit right there, oh yeah.
Dunno folks, I'm not convinced.
I wish America had this mindset
There is some movement, but it isn't nearly enough.
We believe that software created by the government should be shared with the public, and we want to collaborate with civic-minded peers to make this happen.
Thanks for sharing I didn't even know this existed.
There's also the NSA's Ghidra which is a competitor for the best open source application IMO. Previously the only tool for heavy-duty reverse engineering was IDA Pro, which is very expensive (and not open source, of course). The NSA has selfish incentives to have tools like this be open source - free training especially - but it's still a very good thing.
I don't know anything about reverse engineering but this seems like fills a void as you mentioned. Thanks for sharing. Is there a fork for Linux?
Ghidra is written in Java which is cross-platform.
Thanks I just read that after editing the post 🤦♂️
Don't feel too bad. A lot of more complicated Java programs utilize JNI with platform-specfic code, so even if you knew it was Java, it's not a given that it works on Linux - especially given the incredibly complicated nature of decompilation, and that Ghidra has a DSL to define processors/"languages".
https://github.com/orgs/GSA/repositories?type=all
Not just open source, public domain. I also see that any pull request submitters must automatically agree to dedicate their work to the public domain for some of the repos I looked at.
Wow I feel kinda dumb I never even heard of U.S. General Services Administration let alone all the public domain software they've created. My only question is, is any of it useful for a pleb like me or is it public domain for transparencies sake?
Honestly I have no idea, some of it looks like good examples of what bureaucratic software development produces. I personally guarantee that almost all of that software is probably written by contractors 😹
The results of publicly-funded pharmaceutical research also rightfully belong to the nation.
While I’m all for opening up codebases after release and seeking contributions from constituents, the landing page has some terrible ideas.
Similar applications don't have to be programmed from scratch every time.
Unless there are very solid guidelines that offer a lot of flexibility to do the opposite and code things from scratch every now and then, you get very pervasive legacy antipatterns. I have struggled to effect positive software change as an SRE at massive enterprises because of this idea. Conway’s Law does a good job describing how this stratifies code. I have also spent more than year trying to get disparate acquisitions on the same tech stack with ballooning requirements as everyone tries to get their interests in. I left that one without any real movement.
Major projects can share expertise and costs.
This goes against lean principles that see the best outcomes and exponentially increases the waterfall slog most government projects are. The more stakeholders the more scope creep. Your platform team can be shared; you don’t want your stream-aligned teams to get stuck in this mire. They need to be delivering the minimum viable solution for their project.
Assuming the software is just released with an open license and the public can contribute, hell yeah. I have contributed to so many projects that I actively use in my day job and there’s plenty of shitty government software I'd love to poke at. The two things I called out require a serious amount of executive buy-in for developer tools and experience which turns into a project itself. In the private world most companies chicken out when they realize they’ve got serious cost centers just making development easier, even if their product is serious software development. I worked for a major US consultancy that talked this big game and dropped everyone the second they were on the bench. In the public sector? Fuck. It’s hard enough to get people to understand attack surfaces much less the improvements a smooth DevX with a great pipeline can provide.