Telegram says it has 'about 30 engineers'; security experts say that's a red flag - eviltoast
  • RubberDuck@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    So cool that you got to work with teams of devs that where able to do that. Was it for software used in a OT environment? Cause stuff like telegram seems a lot more like that imho.

    And the bredth… 30 people can cover it all, yes. Doing that in a 24/7 global environment means 3 of several competences, in shifts, covering timezones. It’s not as if you can just click out at 5 and come back tomorrow.

    • dandi8@fedia.io
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      edit-2
      4 months ago

      I have no idea why you’re even bringing up OT. We’re not talking about PLCs or scientific equipment here, we’re talking about glorified web apps.

      Web apps that need to be secure and highly available, for sure, but web apps all the same. It’s mainly just a messenger app, after all.

      So cool that you got to work with teams of devs that where able to do that.

      Just because, as I assume from this quote, you weren’t able to work with teams like that, does not mean that there are no teams like that, or that Telegram doesn’t operate that way. Following modern practices, complex projects can be successfully done by relatively small teams. Yes, a lot of projects are not run that way, but that just means that it’s all the more a valid point of pride for Telegram.

      • RubberDuck@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        A point of pride sure, also a risk. Responding to incidents requires coverage. And the OT comparison was just more on the uptime requirements and redundancies than anything else.

        • dandi8@fedia.io
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          4 months ago

          It’s no more a risk than throwing more developers at it when they’re not needed.

          “Too many devs“ can, and often is, a significant bottleneck in and of itself. The codebase may simply not be big enough to fit more.

          Besides, I still don’t see what all those additional engineers would actually be doing. “Responding to incidents” presupposes a large number of incidents. In other words, the assumption is that the application will be buggy, or insecure enough, that 30 engineers will not be enough to apply the duct tape. I stand by the claim that an application adhering to modern standards and practices will not have as many bugs or security breaches, and therefore 30 engineers sounds like a completely reasonable amount.

          • RubberDuck@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Fair enough, we can disagree there. It’s impressive telegram pulls it off. I’d be worried for burning out people and losing them to that. And there is a lot between working flawless and buggy mess. Fixing issues in the operational system usually takes time.

            Maintenance vs new functionality. Infra vs application. A lot to spread out across.