> Russia publishes German army meeting on Ukraine
https://www.bbc.com/news/world-europe-68457087
> Germany has admitted the apparent [compromise] by Russia of a military meeting where officers discussed giving Ukraine long-range missiles - and possible targets.
> According to Der Spiegel magazine, the videoconference was not held on a secret internal army network but on the WebEx platform.
🤡
There's an infosec person somewhere who is really trying hard not to go: "I fucking told you this would happen". 👀
If you ever find yourself in such a position as that hypothetical infosec person from the above toot — a position where, say, higher-ups are demanding of you something that you know is a Bad Idea, dangerous, harmful, and potentially illegal…
…a word of advice that served me extremely well a few times:
Be clear about your concerns, in writing.
And if they still want to go with it, request that decision in writing (e-mail is fine) as well. Ideally mentioning your concerns.
Once you get it, print it and file it somewhere safe.
Chances are, the whole thing will go away the moment you request it in writing. Nobody wants the responsibility…
Otherwise, at least your higher-ups now know they can't make a scapegoat out of you.
And if they *insist* that you go through with it, but *refuse* to issue that request in writing, run. Seriously. As soon as you can.
Because it means they are in fact trying to make a scapegoat out of you.
Actual thing that happened to me years ago:
Manager: I want you to send this <unrelated marketing tripe> to <a large-ish, active mailing list about a very specific technical subject>
Me: I don't think we should do that, it would breach the trust between us and the people on the mailing list.
Manager: I don't care, I am telling you to do it.
Me: Okay, I will, but please send me this request via e-mail first.
[crickets, never heard of the request again]
🤷♀️
Wouldn't the advice to get away asap also apply to the case where they desist only when asked to put it in writing? ISTM that in that case they don't care about consequences of their requests (both on ostensible goals of the organisation, as well as on their employees) unless those consequences would befall them personally.
(This is a genuine question with no intended subtext: my interpretations of social situations have low SNR.)
@robryk depends on many things, including how easy it is to find a new job etc. Of course it's better to work at a place that doesn't involve such people at all, but if they do back off, that's at least a sign one *can* manage the situation.