This pretty much proves that the US government is experiencing its worst cybersecurity breach ever.
See also https://lemmy.world/post/25293137
this post was submitted on 14 Feb 2025
932 points (99.1% liked)
Technology
70498 readers
1889 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
This has also been the narrative on recent techdirt.com posts, e.g. https://www.techdirt.com/2025/02/13/at-last-doge-and-musk-are-finally-named-in-a-lawsuit-albeit-officially/ - I (not being American) do not know or care enough about the topic to have an opinion about it.
This is by design, weaken security and allow daddy Putin to take over
Is it really a breach if they'll just hand it over to anyone who pays and/or stroke's Mango Mussolini's ego?
The United States has been glory holed by anyone who paid admission.
load more comments
(1 replies)
This is so embarassing. It can't be the case that these idiots are actually in control of the united states.
load more comments
(9 replies)
Fucking CyberTruck like fucking pile of shit website. What kills me the most is that the fucking things they're screenshoting, those pages have literal "export to XML" buttons that they could fucking export, save the XML to some shared drive that gets swept, and the put it in some actually secure database.
This whole fucking thing reeks of some fucking weeb ass Roblox hackers whose last project consisted of Lua Script emulating some fucking redstone calculator they wrote in Minecraft. And the export fuction on the thing? It's just one dimension SUM function CSV exports. Literally no other dimenstions of values to add, shit I would be fucking surprised if a single one of the people writing the goddamn have ever heard of OLAP.
And to top it off, we already have a fucking website that does what this fucking place does, but 846 decillion times better. And it doesn't have a fucking Instagram esque reel of Tweets of people taking fucking screenshots of an open database.
I can't wait till the next dumbass gets into the White House and turns this pile of grabage off. Paying these idiots millions to power and run the hardware this pitiful excuse of a website runs on. And all we got for that money is some shit that is about on par as the shit you get from some O'Reilly book called "Building a Government Website Crash Course" with a Bald Eagle dying of bird flu on the cover.
This fucking idiot maybe wants to fucking learn what the hell SQL is.
But the government does not use SQL per ELMO.
I am waiting for this idiot to come up with something like EIQL (Elmo's idiotic query language).
Musk is wrong about literally everything. Must be nice to have enough money to make up for being a fucking moron.
I don't know if there's enough money in the world to make up for that horse's ass. All his purchased government position does, beyond destroying the US government, is broadcast how he's a feckless moron to anyone who isn't just as stupid.
Unfortunately, Musk isn't alone: many US citizens are that stupid.
load more comments
(3 replies)
load more comments
(2 replies)
load more comments
(3 replies)
You understand the assignment people.
- only if you're behind like 7 proxies
I do, but say I was.... Let's call it "clueless", what would a simpleton like me do to exploit such a thing?
It looks like it's been patched. I couldn't find solid instructions anyway. But if I do, I'm sure someone will post an easy to use shell script.
“Basically, doge.gov has its codebase, probably through GitHub or something,” the other developer who noticed the insecurity said. “They’re deploying the website on Cloudflare Pages from their codebase, and doge.gov is a custom domain that their pages.dev URL is set to. So rather than having a physical server or even something like Amazon Web Services, they’re deploying using Cloudflare Pages which supports custom domains.”
Elmo's a genius you know
I understand several of those words.
Most websites run off of a server. They're just using a "repeater" (CloudFlare Pages) to serve directly off of their Github or whatever which is sort of top-shelf slapdashery.
Not serious. Not competent.
What's sloppy about it? Plenty of blogs and other static sites work that way. In fact, that's largely how we do deployments at my company, we merge to a special branch and it triggers a deployment.
The database being open is completely sloppy, but deploying through a source control platform is fine.
Well, it's sloppy for a government website. This is not a private enterprise running out of someone's garage. There's many reasons why that should not be an acceptable paradigm for posting government information.
If you're running a sandwich shop or a metal working shop, posting your phone number and address through CloudFlare Pages is probably fine.
This is not a private enterprise running out of someone’s garage
Neither is the company I work for. We're not Amazon, but we handle billions of revenue, our users have very high risk jobs, and they are using our software more and more to do these high risk jobs. We have a lot of controls about how things get released (QA team, and every change is tested before and after deployment), we just use our source control to handle the actual deployment.
Whether it's sloppy depends on their processes (i.e. who validates the change?), not the tools they use.
We don't use Cloudflare Pages, but we do use automatic deployments, and pretty much anyone on the team can submit a change for deployment. It'll get reviewed before going live, but that's a limitation we've placed on the tools and process.
No doubt your company has more invested in the domain name than a pointer to pages.dev, as well.
Do we think doge.gov has a QA group? Do we think there's more than two people who review changes? Or that they even review changes at all?
The setup your company has and what this appears to be (it's true, this is speculation) is probably vastly more than just "we both use git to manage production pushes". I'd bet you company has spent a fair number of years getting to this point, and doge.gov has not even secured a proper certificate while suggesting they're competent to handle the entire financial information of the United States Government.
load more comments
(7 replies)
load more comments
(1 replies)
load more comments
(2 replies)
Firing the IT people because they cost too much is always a good thing to show you the incompetence.
Bosses when the IT dept is furiously responding to an outage: What do we pay you for?
Bosses when everything is running smoothly: What do we pay you for?
load more comments
(2 replies)
Our Database
Please......show this to The Onion. Let The Onion post some updates.......it's their ultimate wet fantasy.
They will fire most of their employees since they’ll get free daily content for the next 4 years.
Probably because it "doesn't" use SQL
Remember that if you can see something that obvious, imagine all the quiet changes people are making that aren't being immediately found. Not only the deliberate horseshit from musk and his facsy tots, but other attempts to distort data from traditional bad actors like China and Russia
load more comments
(1 replies)
I'm torn on this, on one hand I know there must be millions of dollars in contracts for pointless reports and a huge amount of government wasteful spending in general.
On the other hand, musk and trump are absolute morons. And they will cut shit just because they don't know what the words mean.
They're not cutting actual waste. Their goal is to cripple the parts of the government that stopped them from doing illegal shit.
load more comments
(4 replies)
If you are "torn" on whether it is a good thing to grant a wealthy campaign donor unfettered and unquestionably illegal access to government and bureaucratic infrastructure, with zero accountability or oversight, and who has displayed absolutely zero competence at managing any public institution (and in fact has a record of incompetence at managing private enterprises), then I honestly think you're one of the millions of Americans who just needs to fuck off and stop contributing to adult decision-making. You're simply not up to the task.
Waste is how you frame it.
Even literal poop has a benefit.
I do client work, sometimes it drives me mad how much time I "waste" making PPT slides that are just prettier BI dashboards, but then the client sees it, sends that one slide to his boss and everyone claps me on the back.
The wasteful spending is in defense and ain't nobody looking into that...
load more comments
(6 replies)
load more comments
(2 replies)
Someone needs to post jokes about the Swastika Car to President Xelon, that will piss them both off. Also remind President Felon that xelon is pwning him so hard!!!
Hahahahahahaha
view more: next ›