Ah sorry, I just meant that light-heartedly. I wasn't assuming ill intent of the parent at all - just FTX. I'll be more careful. Tone doesn't always carry well over the internet.
Ah thanks. I obviously misread you, but alas that probably means many others would as well - particularly when the comment doesn't contain enough information to convey intent.
Both are bad. Crime is bad, but this is an argument for making software engineering more like a medical doctor's guild. Some things simply should not be done. There is an expectation of competence for some things like finance and medicine.
Storing your keys in plain text is hardly software engineering. Plenty of people who don't know the first thing about coding do it all the time.
This is a failure of security and risk management. Making a guild or licensing requirements for software engineers may or may not be a good idea, but it wouldn't have addressed this problem.
But even if it would have in the abstract, FTX played fast and loose with so many other rules, I wouldn't expect them to abide by those either.
Hmm. That is a valid argument for me. You are right. In practical terms, the main issue lies with risk assessment ( and leadership basically running a scam ), but should a person implementing their ideas know better?
I know what the real answer is, but I am curious of the response.
Basically yeah. Medical doctors will not do some thing for fear of losing their license to practice. One could argue storing data like this in plain text is malpractice.
Er, that's the thing that pushed you over the line? Not all the fraud and crime?