I believe they tried blaming this on the creator of the C++ port of their server software without any proof and it sort of left a bad impression with me.
The post makes their mistakes pretty clear, I think. Public out-of-date Jenkins instance, SSH forwarding enabled by developers for all matrix.org servers, and not realizing they only rotated their personal Cloudflare API key and not their admin one.
It's very embarrassing for sure, but tons of huge private corporations have been breached through worse mistakes than this. Making their Jenkins public was probably the worst decision. They explain why they did it, and it's not unreasonable (radical openness and transparency, basically), but they should've thought it through more.
I think everyone should be free to post whatever they want; nonetheless, providing some kind of source to incriminating claims would be great--if only to make verifying them easier to other users.
In any case, this kind of posts is a reminder to stay alert and think critically; otherwise, we would believe many instances of misinformation without giving them a second thought. And we cannot expect others to downvote comments to oblivion or moderate them: it's something we ourselves have to be responsible for.
ta17711771|5 years ago
ta17711771|5 years ago
chromedev|5 years ago
meowface|5 years ago
It's very embarrassing for sure, but tons of huge private corporations have been breached through worse mistakes than this. Making their Jenkins public was probably the worst decision. They explain why they did it, and it's not unreasonable (radical openness and transparency, basically), but they should've thought it through more.
Funes-|5 years ago
In any case, this kind of posts is a reminder to stay alert and think critically; otherwise, we would believe many instances of misinformation without giving them a second thought. And we cannot expect others to downvote comments to oblivion or moderate them: it's something we ourselves have to be responsible for.
Arathorn|5 years ago