Tbf not that hard to increase waste by 25%. Just think of how a new staff takes a long time to do easy work, causes rework, and generally sucks up the time of the people around them until they get the experience and skills they need to do that job.

That’s the micro scale, but in a macro scale it’s the same. Cause more waste, and not only will the money matter less, the public interest will be deteriorated and the entire foundation compromised.

Actually just check out the history of CIA ops around in foreign countries. Consider how many of those countries end up with a high inflation rate and that currency becomes more worthless in a deathspiral.

I think it’s not a single factor like “it’s orchestrated by state nation x” but I fully believe if the US is going to make itself weak then those countries like potentially Russia or China will take full advantage of it and offer a helping push. They’ll do it subtly. So it’s hard to see. But it’s just standard politics, and it would be insane to think they won’t take full advantage of a situation.

Ah okay thanks now I know what you’re taking about.

Do you mean from steam?

Enterprise applications are often developed by the most “quick, ship this feature” form of developers on the world. Unless the client is paying for the development a quick look at the sql table shows often unsalted passwords in a table.

I’ve seen this in construction, medical, recruitment and other industries.

Until cyber security requires code auditing for handling and maintaining PII as law, mostly its a “you’re fine until you get breached” approach. Even things like ACSC Australia cyber security centre, has limited guidelines. Practically worthless. At most they suggest having MFA for Web facing services. Most cyber security insurers have something but it’s also practically self reported. No proof. So if someone gets breached because someone left everyone’s passwords in a table, largely unguarded, the world becomes a worse place and the list of user names and passwords on haveibeenpwned grows.

Edit: if a client pays and therefore has control to determine things like code auditing and security auditing etc as well as saml etc etc, then it’s something else. But say in the construction industry I’ve seen the same garbage tier software used at 12 different companies, warts and all. The developer is semi local to Australia ignoring the offshore developers…

My caption to this could have been “A self fulfilling prophecy”.