Anyone Can Push Updates to the DOGE.gov Website
https://www.404media.co/anyone-can-push-updates-to-the-doge-gov-website-2/Open linkView original on sopuli.xyz980
Comments120https://www.404media.co/anyone-can-push-updates-to-the-doge-gov-website-2/Open linkView original on sopuli.xyz
This pretty much proves that the US government is experiencing its worst cybersecurity breach ever.
See also https://lemmy.world/post/25293137
This has also been the narrative on recent techdirt.com posts, e.g. https://www.techdirt.com/2025/02/13/at-last-doge-and-musk-are-finally-named-in-a-lawsuit-albeit-officially/ - I (not being American) do not know or care enough about the topic to have an opinion about it.
This is by design, weaken security and allow daddy Putin to take over
Is it really a breach if they'll just hand it over to anyone who pays and/or stroke's Mango Mussolini's ego?
The United States has been glory holed by anyone who paid admission.
Also a pretty brilliant feat of social engineering on Musk's part. (And I don't say that to be flattering, it just kind of is.)
This is so embarassing. It can't be the case that these idiots are actually in control of the united states.
It all seems to be rushed and it's all an attack on political opposition. Doing it well isn't important. Like a monkey throwing shit at another monkey, they don't care that they have some shit on their hands, they threw shit at another monkey and that's what counts. Unfortunately the shit throwing monkeys are the president of the USA and the wealthiest person in the world.
To be fair, healthcare.gov had a rocky rollout too. No gaping security holes AFAIK though, so this is a new low.
The agency they turned into DOGE was responsible for fixing healthcare.gov and preventing future bad roll outs. But they fired the actual talent to replace them with Musk's interns.
Do you have a source on that? Because that's just awesome.
What is "Things people have been saying for 10 years?" Alex?
10 years? More like 200 years!
As a Russian speaker, I don't understand this. Could you elaborate?
Ah. OK. Not immediately recognizable, but clear now.
Does "ужасшоу" sound kind of like "asshole"?
Nah they have people helping them. At any second you could stop and they would have no power. But you continually support their project
Hah?
If you stop allowing them to do it they can't, because they're OLD PEOPLE with severely impeded cognitive ability
Fucking CyberTruck like fucking pile of shit website. What kills me the most is that the fucking things they're screenshoting, those pages have literal "export to XML" buttons that they could fucking export, save the XML to some shared drive that gets swept, and the put it in some actually secure database.
This whole fucking thing reeks of some fucking weeb ass Roblox hackers whose last project consisted of Lua Script emulating some fucking redstone calculator they wrote in Minecraft. And the export fuction on the thing? It's just one dimension SUM function CSV exports. Literally no other dimenstions of values to add, shit I would be fucking surprised if a single one of the people writing the goddamn have ever heard of OLAP.
And to top it off, we already have a fucking website that does what this fucking place does, but 846 decillion times better. And it doesn't have a fucking Instagram esque reel of Tweets of people taking fucking screenshots of an open database.
I can't wait till the next dumbass gets into the White House and turns this pile of grabage off. Paying these idiots millions to power and run the hardware this pitiful excuse of a website runs on. And all we got for that money is some shit that is about on par as the shit you get from some O'Reilly book called "Building a Government Website Crash Course" with a Bald Eagle dying of bird flu on the cover.
This fucking idiot maybe wants to fucking learn what the hell SQL is.
But the government does not use SQL per ELMO.
I am waiting for this idiot to come up with something like EIQL (Elmo's idiotic query language).
Musk is wrong about literally everything. Must be nice to have enough money to make up for being a fucking moron.
I don't know if there's enough money in the world to make up for that horse's ass. All his purchased government position does, beyond destroying the US government, is broadcast how he's a feckless moron to anyone who isn't just as stupid.
Unfortunately, Musk isn't alone: many US citizens are that stupid.
And as high! haha
Wait . . what?
I'll need ketomine too to cope with this presidency.
Most.
30% voted for this, 40% couldn't be fucked to vote against this so we've got a base of 70% of this country being dumb as shit.
So you are telling me Musk has been touching techy things since about 1995 till now, and thinks there's an organization without any SQL at least someplace? I wouldn't dare suggest that about ISIS.
Any website - OK, web is inefficient and shouldn't be used. But their operations planning just wouldn't work so well without proper business analytics infrastructure.
Not enough 'X'
So, tell us how you really feel.
I'm here for it
Thanks, I needed that. Poetic.
Let's stop right here for a bit. With redstone in Minecraft you can make the same logical constructs that in real world lead from a bipolar transistor to a machine capable of decoding your porn in real time. And people, including kids, do design those.
Please show some respect.
Those who make calculators in Minecraft are not the dumb kind.
But yes, weird to expect almost college kids to have the experience needed. I can imagine some of them having the necessary education, but for a data analyst the mathematical basis is simple and the rest is experience.
Username checks out
You understand the assignment people.
And you gotta bounce it off satellites.
https://www.youtube.com/watch?v=2VY_xxL2jL0
They should have used a Wingate.
I do, but say I was.... Let's call it "clueless", what would a simpleton like me do to exploit such a thing?
It looks like it's been patched. I couldn't find solid instructions anyway. But if I do, I'm sure someone will post an easy to use shell script.
Elmo's a genius you know
I understand several of those words.
Most websites run off of a server. They're just using a "repeater" (CloudFlare Pages) to serve directly off of their Github or whatever which is sort of top-shelf slapdashery.
Not serious. Not competent.
What's sloppy about it? Plenty of blogs and other static sites work that way. In fact, that's largely how we do deployments at my company, we merge to a special branch and it triggers a deployment.
The database being open is completely sloppy, but deploying through a source control platform is fine.
Well, it's sloppy for a government website. This is not a private enterprise running out of someone's garage. There's many reasons why that should not be an acceptable paradigm for posting government information.
If you're running a sandwich shop or a metal working shop, posting your phone number and address through CloudFlare Pages is probably fine.
Neither is the company I work for. We're not Amazon, but we handle billions of revenue, our users have very high risk jobs, and they are using our software more and more to do these high risk jobs. We have a lot of controls about how things get released (QA team, and every change is tested before and after deployment), we just use our source control to handle the actual deployment.
Whether it's sloppy depends on their processes (i.e. who validates the change?), not the tools they use.
We don't use Cloudflare Pages, but we do use automatic deployments, and pretty much anyone on the team can submit a change for deployment. It'll get reviewed before going live, but that's a limitation we've placed on the tools and process.
No doubt your company has more invested in the domain name than a pointer to pages.dev, as well.
Do we think doge.gov has a QA group? Do we think there's more than two people who review changes? Or that they even review changes at all?
The setup your company has and what this appears to be (it's true, this is speculation) is probably vastly more than just "we both use git to manage production pushes". I'd bet you company has spent a fair number of years getting to this point, and doge.gov has not even secured a proper certificate while suggesting they're competent to handle the entire financial information of the United States Government.
Idk, I don't work there, nor have I looked into how they're structured. I'm not going to make assumptions though.
Yeah, we have a bunch of tooling to make all that magic "just work." It runs tests, check the health of deploys (and has a sane failover if it's unhealthy), etc. There's a lot to it, but at the end of the day, if I really want to, I can push and deploy straight to prod w/o anyone else being involved (I'd probably get fired, but I could do it).
The tech stack isn't nearly as interesting as the processes surrounding it.
I assume you're talking about the DB and not the website itself, which is protected by a proper certificate, at least as of Tuesday (that's when the certificate starts being valid). I don't know when the website was launched, so I can't comment on anything before that point, though the domain seems to have been registered since the day after inauguration.
That's largely public info, no? I don't know what exactly is exposed, but honestly, pretty much all financial information (aside maybe from the military and intelligence) should be public record. If it's not, I'd welcome a breach that exposes it so journalists can look it over and find out what they're trying to hide.
Yeah I think the static page thing was just there to illustrate how the coders reverse engineered the api and saw what was getting called.
I agree static content alone on CF isn't "bad". This perfectly illustrates why you have to have your API shit together when you go with this approach.
Still more than Elon himself
I understood almost none of that and that still makes me smarter than Musky.
Is he perfectly stable, too?
Ohhhh . sssuuure. I mean, when he's not ketted out to the gills.
So. Regularly. Maybe even often?
Firing the IT people because they cost too much is always a good thing to show you the incompetence.
Bosses when the IT dept is furiously responding to an outage: What do we pay you for?
Bosses when everything is running smoothly: What do we pay you for?
::: spoiler PEDANTRY PAST THIS POINT This joke would have worked even better (it already works well) if you put the lines in the other order :::
Edit: I know markdown, I should not struggle with formatting this much lmao
The markdown makes some pedantry points.
"Why do we have all these IT people? All the tech works fine!"
* Something breaks *
Why do we have all these IT people? Nothing works!
Our Database
Please......show this to The Onion. Let The Onion post some updates.......it's their ultimate wet fantasy.
They will fire most of their employees since they’ll get free daily content for the next 4 years.
Someone needs to turn that site into nothing but goatse stat
Make America Goatse Again
Doesn't seem avoidable.
bumping for the 1337 haxorz
1337 |-|4XX0®Z 71/\/\€
Probably because it "doesn't" use SQL
What did you expect from a department named after a memecoin anyways
The meme came first. Then the coin. Then Elon. It used to be innocent.
Considering elon is also a joke, the history repeats itself
I still think it's incredible he named his not yet an actual government department after a should-be-treated-as-a-security-by-the-SEC that he pumped and dumped
Remember that if you can see something that obvious, imagine all the quiet changes people are making that aren't being immediately found. Not only the deliberate horseshit from musk and his facsy tots, but other attempts to distort data from traditional bad actors like China and Russia
Literally every country should do this. Any single country with internet access and even the start of a cyber security org should be extracting what they can, getting whatever access they can.
I'm torn on this, on one hand I know there must be millions of dollars in contracts for pointless reports and a huge amount of government wasteful spending in general.
On the other hand, musk and trump are absolute morons. And they will cut shit just because they don't know what the words mean.
They're not cutting actual waste. Their goal is to cripple the parts of the government that stopped them from doing illegal shit.
Unwitting? No. They are knowingly and intentionally doing this.
Sure sure, it's most likely a cover.
Not most likely, is.
Blatantly and obviously is, why the fuck does anyone believe their bullshit?
Stupidity. It's because stupidity.
If you are "torn" on whether it is a good thing to grant a wealthy campaign donor unfettered and unquestionably illegal access to government and bureaucratic infrastructure, with zero accountability or oversight, and who has displayed absolutely zero competence at managing any public institution (and in fact has a record of incompetence at managing private enterprises), then I honestly think you're one of the millions of Americans who just needs to fuck off and stop contributing to adult decision-making. You're simply not up to the task.
The wasteful spending is in defense and ain't nobody looking into that...
Look at the bright side, the Evil Empire is over! America is done. Cooked. The next few years are gonna suck a lot but the deteriorating conditions will finally push Americans into a second revolution.
Sadly, the deteriorating conditions are exactly what some groups want. Those are also the ones who can affect change, either with guns or money.
0.001 ElonCoin says that absolutely nobody will revolt against anything.
70% of the country either wants this or was too lazy to do a single thing to stop it, and the other 30% is too busy yelling at each other about how they're the most pure.
Ain't shit gonna happen.
Your figures are reversed.
Not voting was a vote for Nazis, so yeah, the ~40% that did not vote are being clumped in with them.
That's what I said...
Waste is how you frame it.
Even literal poop has a benefit.
I do client work, sometimes it drives me mad how much time I "waste" making PPT slides that are just prettier BI dashboards, but then the client sees it, sends that one slide to his boss and everyone claps me on the back.
Whoever dismantles the pre-existing structure will be the one who will have the chance to rebuild it. This is the entire reason they are doing it. Great if you share their vision. Not so much if you don't.
Assuming they have any intention of rebuilding it.
Assumingbthey have any intention of rebuilding it.
At least someone is doing it.
What a shit take. Not all change is good change, and if you think this will be a good change, boy do I have some great ocean front property in Colorado to sell you.
Yeah, my preference for government is to not change. Enforce the laws we have efficiently, and don't bother me too much. Big changes carry a lot of (usually) subtle carveouts for special interests.
"Im torn on this, on one hand I know I have an untreated open wound on my leg, on the other hand here's a 6 year old kid in a "doctor is in" t shirt who wants to smear whipped cream on it as a treatment".
What's to be torn by? False dichotomy.
No you don’t know that. You are repeating a trope without substance. Sure there’s probably huge waste at the pentagon but that’s not on the chopping block here.
Someone needs to post jokes about the Swastika Car to President Xelon, that will piss them both off. Also remind President Felon that xelon is pwning him so hard!!!
Ah, I see. That's the efficiency they're looking for.
Crowd source your database, what could go wrong?
Hahahahahahaha
https://archive.is/pvmpd
Maybe it's intentional
I can’t believe people don’t get that. They are trying to delegitimize the parts of our government that help us.
Maybe it's more sinister than that.
It is far more sinister. They are trying to delegitimize them and then replace them with private corporations that they control. It is a long term plan.
Two of the key ultra conservative goals of P25 are to consolidate power of the executive branch and benefit corporate interests by rolling back regulatory oversight. They are doing a great job of their goal.
3-5% of the population general striking and protesting wildly could turn the tide. People say they can't afford time off work. They won't have work, if they don't. At least not paid work.
Current economic indicators aren't looking good. If the largest employer in the country performs mass layoffs there'll be a loooot of people out of work and likely not enough jobs to go around
Expert at dumbassery
Someone make it show
Doge ⬇️ Trump ⬇️ Congress
I want to see trump get asked about it in the next presser.
No, penis.
If the trouble shooters are all artless students then what do expect from whoever is running that website?