|
· Föderation EN Fr 19.07.2024 15:47:05 @gmassen i think you're assuming a level of transparency that isn't there, and is in fact constrained by licensing. (if i'm understanding your argument here) |
|
Föderation EN Fr 19.07.2024 16:14:29 @quinn Not entirely sure if we get each other. My point was that infrastructures (~services with broad impact) that allow an external provider to break their services are as negligent as that provider could be. Not knowing that it can happen is not an excuse - as infrastructure you have to understand your dependencies (to a certain depth). |
|
Föderation EN Fr 19.07.2024 17:53:35 @gmassen @quinn we know that power can go out, so we have fallback to UPS. |
|
Föderation EN Fr 19.07.2024 17:59:30 @gmassen the current legal regime in most countries simply does not allow for this. you can't dig into what your providers are doing without breaking contracts or laws. |
|
Föderation EN Fr 19.07.2024 20:06:21 @quinn Understood. I’d argue that infrastructure should not depend on external systems or unchecked updates that can break them. Of course that disqualifies a lot of shiny products from glossy brochures, and that might be a hard choice. The further away you get from core infra, the more tolerable such failure modes become. |
|
Föderation EN Fr 19.07.2024 21:08:33 @gmassen @quinn Where I work, we endure an audit every year, for some certification I don't remember the name/number of. But basically, we have to prove that we have documented procedures in place, & that we have safeguards in place to force us to follow said procedures. What steps need to be followed to get code from Dev to QA to Prod. Our customers don't see our audits, but they know what our certification means. |
|
Föderation EN Sa 20.07.2024 16:10:15 @gmassen the thing is those disqualified shiny projects are legally and contractually required for compliance regulations, while not being legally open to customers. |
|
Föderation EN Sa 20.07.2024 06:08:31 |
|
Föderation EN Sa 20.07.2024 16:12:10 @ocdtrekkie @gmassen this is a tough call, because on the whole, outsourcing compliance has probably helped make many industries without access to adequate tech staff safer than they would have been. it's truly a mess out here and there's no fixes. like, not no easy fixes, but for a lot of industries, no fixes. just ask school districts, for an example. |
|
Föderation EN Sa 20.07.2024 18:53:42 @quinn @gmassen I definitely understand why it happened, IT staff have been minimized, disrespected, and ignored for years, prevented from budgeting critical needs, etc. Turning it all into a subscription means someone else raises the prices, someone else staffs the problems, etc. But centralizing it on a bunch of companies heavily motivated to raise their own profits instead of protecting yours is going to lead to a lot of ruin. |
|
Föderation EN So 21.07.2024 08:07:25 @quinn @ocdtrekkie In quite a few cases I’d suspect the outsourcing has become way more expensive than decent IT staff. The way back has become near impossible. And compliance is part of it. But I still hold infrastructure to a different standard than a school district, in terms of understanding and being in control of the core systems. It is also the only way I can see to prevent large-scale failures: limiting impact of concentration. |
