238
Pentagon Warns Microsoft: Company’s Use of China-Based Engineers Was a “Breach of Trust”
(www.propublica.org)
this post was submitted on 30 Aug 2025
238 points (99.6% liked)
Technology
74692 readers
2867 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I’m agreeing with Pete Hegseth? WTF is happening right now?
The US has long since had a practice of outsourcing labor many times over in pursuit of the lowest labor costs and maximum profit.
Getting your girdle in a twist because you found out the guy on Fiverr debugging your middleware has non-White ancestors maybe misses the root of the problem.
??? This is about giving chinese nationals root access to US military IT systems to save money. It's actually terrible opsec and should be a way worse scandal.
Yes, but we wouldn’t want to fly in the face of our tradition of letting Microsoft off scott free for severe governmental security breaches, would we?
Not how software development works. I don't have root access to every production system because I can submit pull requests to a Dev instance of the code.
One of the principles of FOSS is that you shouldn't need security through obscurity. Knowing how a system works won't compromise its integrity if the security protocols are sound. Having third parties participate in a project shouldn't compromise the project if the lead developers are doing proper code review and QA. A system that is predicated on being a black box to a hostile government in order to maintain security is rigged for failure.
But, more importantly, the idea that a foreign government can only obtain information on the inner workings of a system when people of that national origin work on the project is severely shortsighted. Do you genuinely believe there aren't significant numbers of domestic American developers of European ancestry who wouldn't happily sell access to a foreign government for the right price? Do you genuinely believe there aren't numbers who could be gulled into exposing the inner workings of their software inadvertently?
Nothing about Hegseth's complaint improves operational security. He's hinging his whole worldview on the notion that every other white person at Microsoft is as much of a nationalist as he pretends to be.
I'm sorry but you just straight up don't know what incident is being discussed here. Go look it up instead of talking about unrelated bullshit.
Again, working on a codebase doesn't give you access to the production systems. Neither does being Chinese affect whether you are a reliable third party contractor.
If the workers were supervised and the supervisors were competent, there was no real security risk. Both of those are the big "Ifs" though. And that's why doing layers of outsourcing creates risks regardless of who you're outsourcing to.
The supervisors did not have the expertise to know what the foreign workers were doing, otherwise there would not have had to be 2 workers in the first place. And the foreign workers were not just writing code - they were doing sysadmin. On DoD systems.
I don't know how to make any more clear to you but it's completely obvious to anyone that actually understands these things that this was terrible opsec, and obviously not how any reasonable person would expect a DoD contract to be managed.
If that's the case, then the work should be in house
Google, Amazon and several other gov contractors have been loosening their hiring guidelines since the Obama era when it was required for anyone working on gov cloud or gov anything needed to be U.S. Citizen, then it was just on U.S. soil to finally has to be monitored or reviewed by someone in U.S. which very quickly devolved to get the work done even if no one in the U.S. is awake. As you can imagine it would be easy for anyone to slip and take advantage of such wide gaps in security.
I mean, listen to your gut instincts, which is that you're being foolish because he is a fool.
If your system demands trust, it's a bad system. If your system has a written set of rules that don't actually cover your requirements, it's a bad system. If the "tests" you imagine post-hoc aren't part of the system, you're just opportunistically trying to shift the blame.
You made a deal, set the parameters, and what... Expected the for profit company to ignore their fiduciary duty to shareholders to maximize profit? What is this, your first fucking day of capitalism, Pete?
His response to this is engineered to shift blame, and he's coming out swinging because ultimately he is to blame. It's barely more than a political catchphrase. He literally invoked "America First".