Looks like Matrix just got educated on hiding administrative stuff behind a VPN, by the guy (or gal, but those don't exist on the internet) that hacked their production infrastructure. Coincidentally, it reminded me of that time when a dev wanted to educate me, a sysadmin, about VPN's 😄

What I've learned from this incident are 2 things.. well mainly 2 things.

1. Never *ever* entrust developers with production access. Let DevOps take care of the glue that sticks dev and prod together.
2. Trust nobody's competence but your own. Matrix was advertised as "highly secure", and then they do a fuckup like this. Only trust yourself, and ensure that you're in control.

  • 4
    You don't trust the matrix, it is lies, it is control, and the movies are bullshit
  • 6
    All respect but the security of the matrix protocol has about zero to do with this hack.

    That'd be like saying that the signal protocol wouldn't be secure because their server got hacked.
  • 2
    But... But I'm a developer. How can I let dev ops manage production if I can't trust them?
  • 2
    @linuxxx I'm not saying that the Matrix protocol is insecure - I'll leave determining that to the cryptographers. What I'm saying is that the management of their production infrastructure was sloppy to say the least, and that this hack was to be expected.
Your Job Suck?
Get a Better Job
Add Comment