Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was wondering why they did it... Now I think I'd prefer not knowing. Not only was it a terrible idea, apparently there was nobody to tell the programmer it's a terrible idea, and even QA (if they have it) didn't do their job.

Basically all the way from the idea to release, they had no person who knows what root certificates are.



Sometimes I wonder if this stuff gets added initially because of the need for manufacturing testing. And then some nitwit VP of engineering, decides having it installed in production would be super for some deranged reason. And no one can tell him no because the management culture prevents pens from throwing sh*t back upwards.


I had my fair share of being forced by higher management to commit insecure code, obfuscations and encryption security theater despite vehemently protesting. They seriously don't give a single shit. For them it's acceptable risk.


Acceptable because if it blows up they'll just toss you or one of your coworkers under the bus. Watch what happens at Volkswagen, you'll see.


"Never attribute to malice that which can be adequately explained by stupidity."


When you've got the NSA dragnetting the whole world, stupidity becomes equivalent with malice.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: