Absolutely correct. So you can live my father's life, and spend 20 hours for (in his case) $200 (by the way, he's a high-power executive working for $10/hour to "get what he deserves") or you can live my life, and get what I deserve, eventually.
Remember too, it's all paid by credit card. So I don't actually pay it for yet another 30 days anyway.
All the time my friend. Thousands each and every day. I can't even begin to count the number of dumb ones to/phpmyadmin.
But being different means that there's simply nothing there to attack. All standard things just don't show up. So I get probed, and not attacked.
Sure, it costs me loads of bandwidth, and my logs are a disgusting mess. And sometimes the number of connections alone causes a problem -- which is a part of those six hours -- so I get to block one ip, or change a port, mid-attack. That happens once or twice a year, and it takes a few minutes to notice and block. We call that down-time, and it's totally acceptable to all of my clients.
Always remember, we're not trying to be invulnerable. We're trying to spend less money on security than we would lose from the attack.
Umm, wrong-o. I've been in business for twenty years. Over the course of two decades, my servers have been down due to security-related attacks for six hours spread out over the two decades. You'll find that to be a very successful result across the industry. I profit, my clients profit.
If it's fraud, then you actually have the right to sue them, and have it take two years just to get to a courtroom. That's your right.
Who the hell cares. Read your bill, each and every month. Tell them to correct it, each and every time that it's incorrect. Then enjoy your life. Don't waste it proving that everyone's out to get you.
Actually, then I'll brighten your day -- even though I hate humanity too, it's for a different reason.
Fours reasons.
First: it's a competitive industry. Why spend money to bulid and upgrade systems when your competitors don't? Unless your customers are willing to pay extra for better customer service, there's no profit in it. Being worse makes things cheaper, which can be passed on to the customers in the form of cheaper services.
Second: employees aren't the company. employees make mistakes, some are new, some are young, some don't care. Not only are you holding a 16 year old drama student responsible for immediately servicing your telephone service, you're demanding that they do everything perfectly, quickly, and without assistance.
Third: your carrier puts policies in place to ensure that those crummy employees don't make things worse -- their version of do-no-harm. Keeping things bad is better than making things worse. You probably never called to complain about over-billing only to be billed even more. So the employees can do only those things that they can do without authorization. Some things require authorization.
Fourth: I also run a business. You know that customers are really mean, and demanding, and won't stop asking for more. And then, when it's all fixed, and it's all retro-active, and nobody died, they'll ask for a discount for the trouble. What the hell?
So by asking for whatever you want, and providing the time for it to get done. The employee can get authorization, look up how to do things, the system can go down and be brought back up, the manager can take-over, they know that you won't ask for more -- because you aren't even there to ask for it -- and they can do it during non-peak-customer-calling hours when they really aren't pressured by a hundred customers per hour.
The big trick is for you, as the customer, to really not care about your problem with any degree of urgency.
And here's the advanced class.
Take $200. Right now. Out of your own personal bank account. Put it under your mattress. Call it the budget for the year's crappy frustrations.
Throughout the year, every time some stupid problem like this crops up, just remember that you've budgetted $200 for this sort of thing. At the end of the year, you'll find that you've got $75 left over, and zero stress. Do the same thing with $2'000 for your car every year. Another $1'500 for your house. Another $500 for restaurants. Another $1'000 for friends, $500 for travel emergencies, and $500 for bribes.
At the end of every year, you'll find left-over money, zero stress, no problems, and you won't have spent countless hours yelling at people just to spend the same money anyway. And while you're at it, throw in $1'000 for the love of your life.
Read harder. I said "different". You said "standard". Different is the opposite of standard. And that was my entire point, advice, recommendation, and successful strategy for the last twenty years of my business.
Actually, I was thinking the same thing, but the car door can be broken into without accessing the locking mechanism at all -- like when you call for help having locked your keys in your car. They don't pick the lock, they simply pry the door or window.
But yeah, it all comes down to making one link in the chain stronger than the others -- does you no good. The same is true on the web-sites. Unless you're going to secure each and every possible attack vector -- and keep on top of that as new ones appear -- then that type of security isn't going to be successful.
It's worth noting that biological immune systems work by being different across a species. It's also worth noting that the vast majority of animals create safetly by hiding. And the majority of those hide by obscuring themselves in a large group of comrades.
Obscurity doesn't work against targetted attacks. It does work against wide-spread attacks. And we all know that they only way to be secure against targeted attacks is to either be better at security than your attacker (which is incredibly expensive in every way, think military power) or to not be worth attacking (which is why we have laws, by the way.).
And come on. If you're going to discuss something with someone, put your name to your argument.
Hmm, trolling. I used my name; you didn't. My post was modded up, yours was modded down to zero -- as was the post to which you replied. Hmm, trolling.
I'm not a proponent of security by obscurity. I'm a proponent of not ignoring something that works. So as a result, obscurity is a useful tool, alongside other tools, when it comes to security.
So I start like so.
First, Ethan Hunt can break into anything. So no matter what I do, I won't be secure.
Second, there's an amount of security that costs more for me to implement than the money I'd lose from the attacks. So that's my upper bound.
Third, there's an amount of attack that costs me a significant amount of money -- clients leaving and data lost and all that. So that's my lower bound.
Somewhere in between the upper bound and the lower bound is a balanced target for my security efforts that keeps things profitable for me and for my clients.
Anything that brings me to that balanced target is the perfect solution. Doesn't matter what techniques those are. It's the result that matters.
I start with obscurity, because it's often the easiest to implement in my world -- I build on in-house proprietary platforms that I've built myself over the years.
Then I check the results. Sometimes, often in my world, the obscurity has already brought me to my balanced security target. Meaning that any more effort would be a waste of money for everyone. So I stop there.
I've been doing this for twenty years. I have about six hours of security-related down-time across those twenty years. That's wonderful. No one's got a significantly better record than that (outside of some life-safety infrastructure, and certainly not all of them).
So that's how I sleep at night. I look at the time and money that I spent, and I look at my very successful results.
My question to you is thusly: how do you sleep at night, as someone who secures something that just happens to never be attacked? Isn't that like locking the door on the only house for 100 miles? If no one's attacking you, why would you wear plate armour walking down the street?
It's exactly like wearing a helmet to school. Yeah it would protect you were to bang your head into the wall. But if you don't tend to bang your head into walls, it's kind of pointless.
Hey, it's worked for me. It's worked for me for two decades now. It works for my clients too -- also for two decades. We're all happy. We're all making money. We're all not worried. And over the course of the last twenty years, my servers have been what we'll all call non-responsive to client requests due to hackers for a total of six hours spread out over 15 separate occasions. That basically works out to once a year it takes thirty minutes to block the attack.
Thirty minutes of down-time, once per year, due to outside hacking (usually china attacking, by the way), may or may not be acceptable in your head. But to all of my clients, it's not worth spending more than $10 to avoid. So unless you can improve security in five minutes, no one cares. What's more, thirty minutes of down-time per year is well within the SLA of anything. Think about it. 99.999% uptime still works out to over 8 hours of down-time per year. How many nine's are you expecting?
Even mission-critical sites are down more than that. Even google's down more than that. The only things that aren't are real safety-related infrastructure, and most of those are also down more than that. Even electricity in government buildings is down more than that.
You're trying to 100% solve a problem on principle that simply isn't a problem for anyone in practice.
Like I said, it's worked for me for more than two decades now. Live your own life.
And, oh yeah, put your name alongside your arguments, are you aren't worth spit.
As I type this, my father is on his phone yelling at his carrier. He's now spent over 20 hours this month yelling at them over the same billing error. He's furious, and it all makes sense.
I have the same carrier. I'm very happy with my carrier. But I've done things very differently. And I continue to do things differently.
The carrier did mis-bill my father. Absolutely and without question. Whether or not it was intentional is optionally obvious. But it's irelevant. My father, like most people, calls them, expects them to work out the issue on the phone for him immediately. And while we all know they should, and they could, it takes twenty minutes and then they don't. Again, intentional or otherwise is up to you.
I've seen all of you guys get frustrated with this sort of thing. So I've solved the problem. Here's what I did, and what I do.
First, I have a "business account". The only difference between a business account and a consumer account is that I asked for a "business account" and they call it a "business account". Otherwise, it's the same. All plans are available to me the same way. If anything, it actually reduces the availabitily of customer support because I need to be transfered to a business account person. Again, true or not is up to your own belief system.
Second, I don't expect anything to ever get done immediately over the phone. About once a quarter, sometimes once a month, I have some sort of an issue to deal with. Maybe billing, maybe account change, maybe whatever. I call, I leave the phone on speaker-phone until I get the right person -- sometimes I'm on hold for twenty minutes, rarely but sometimes. Doesn't matter, I'm working to hold music instead of to my own music, big deal.
Then, I ask for whatever I want. If it doesn't get done and solved perfectly in five minutes by the first reasonable-correct agent, I simply say: "I need to go, please work this out and call me back tomorrow at this time." 90% of the time, that's exactly what happens, and it's perfect. The remaining 10% of the time, if they don't call me back and it doesn't get done, then I walk into the physical brick and mortar store, and say exactly the same thing -- to someone wearing a manager tag. I smile, I shake her hand, I flirt a little (it works between men too, by the way), and I ask them to do me the personal favour and call me back with the solution -- and I give them a full week.
I think a lot of you forget that, assuming your phone is functional, all of these billing- and plan-, and account-related issues can be worked out retro-actively. There really is no rush. It's not urgent.
So I live a very happy life. I get problems solved within a week, with minimal time and effort spent by me. Why does anyone need any more? You deserve to have your problem solved. You don't deserve to have your problem solved within an hour.
Different != worth exploiting compared to the myriad others
Secure != non-exploitable, ethan hunt can break into anything
Secure != free, cost-effective, profitable, nor worth doing most of the time.
I gave you that last one free of charge. Most people forget that secure has a cost, often greater than repairing the hack, or even just tolerating the hack. Ooh, someone changed my home page. Watch me change it back. For most businesses, that's not a problem worth avoiding. It's a $10/year problem, and you're suggesting a $100/year prevention.
You're putting security above actual profit and features and development and business and customers and time and recreation and family and friends and fun. That's a very big opportunity cost and monetary cost for a web-site that isn't mission-critical.
First of all, go back to grade six english and learn subject-verb agreement. "fewer defenses" or "less defence". Never "less defenses". The plural "defenses" is a declaration of quanta, not amount.
Second, and something I've said to others: Different != typical. Different means that a hacker would need to find you specifically, look at you specifically, and craft a hack specifically. It's very easy for them to do, and is not something that they will do.
No one's going to find this small unsecured server, and figure out how to hack some mystery unknown customer software. It's just not worth the trouble.
If yours isn't a mass-market, mass-profit, hugely-popular site, you don't need to secure it. You just need to be different enough that the standard chinese attack vectors looking for standard run-of-the-mill popular web-site building packages don't find any.
Trust me, no one's going to your tiny site and trying to find the holes -- no matter how big they are.
We secure bank vaults with big heavy locks. Your house with a tiny mediocre lock. Your car door with a tinnier very crappy lock. Your car trunk with a down-right shitty lock.
Just be different. It'll get you through the 99% that you care about.
I've hated it for decades now. Whether or not I can consciously discern a difference has always been irrelevant. Similarly, whether or not my speakers can produce a difference is equally unimportant.
To the latter, assuming that I've "purchased" the music, and intend to retain it (as opposed to one-time streaming), at some point in my life I'll be using better speakers. Music lasts a really long time.
To the former, 3-minute listening tests are meaningless. Listen to the same song/album/artist/format for ten hours straight -- something I do recreationally, professionally, as background to work, and for inspirational moments. Some formats produce headaches. Some produce zero inspiration. Some have me "tired of listening to music". Others produce no headaches, tonnes of inspiration, and have me enjoy ten hours of music.
There is a difference. And not all differences are at the top of cognition.
I've never been able to mix exercise with work. I'm not fit, I'm not unfit. But any sort of workout significantly sends my blood far far away from my brain. The result is that I simply become too stupid to program anything. I become so stupid that I make unsafe driving decisions too -- which is a real problem in a tiny sportscar.
So for me, exercise comes on days off of work, or days of brainless work. I simply cannot mix the two.
I try to protect my friends, my family, and even my clients from the burden of undue stress and tedious work.
As much as I enjoy the work that I do, the requirement of doing it in order to survive is a burden.
I'm quite certain that one day the world will discover that working for a living results in a lesser life -- for some real value of lesser.
So, in short, I'm all for women working. But I'm not at all interested in equality. I want to stay home barefoot in the kitchen with life's great rewards -- i.e. food, shelter, and children. So if women want to take-over the burden of daily labour, let's help them to organize a plan to take it all.
I just can't believe anyone would fight so hard to work every day for their entire lives.
While we're at it, let's stop holding doors, paying for dinner, being polite, censoring verbal vulgarities, treating them kindly, smiling, and buying them gifts too. Clearly if they don't appreciate thousands of hours of annual work, let them take it all.
all correct. the test works. nothing wrong with advocating against freedoms either. you don't have the freedom to do a lot of things. and that's good.
advocating is perfectly fine. having people advocate against inter-racial marriage is perfectly fine. marriage is a legal construct, nothing more. just because someone advocates against it, clearly doesn't mean they'll win. but you're actually judging them negatively, and convicting them, concluding that they are somehow incorrect, when all they are doing is advocating for their own wishes against yours.
again, welcome to democracy. it's a very stupid concept, but it's the one that you're using. and for some reason, no matter how many people vote against it, you won't choose another path. so democracy it is. and then you criticize those who vote however they choose. good job.
I couldn't care less what some guy says. Why do you? He can say it, he can believe it, he can actively advertize it, he can promote it, he can form a group of people who all agree. All of that is fine. The subject matter doesn't enter into things. As long as he doesn't stop anyone from doing anything that they are legally permitted to do, you shouldn't care what he says. Quite frankly, you shouldn't even be allowed to care -- eat that crow and like it.
I think you're forgetting -- he's not proposing changing the law. He's actually supporting the current, long-standing law. The fact that the current long-standing law may be stupid means that you should be upset with your government, not with him.
And he's right that in a democracy, if you want to change the law, you get to have people vote for it and against it (for and against the change). And he's correct that odds are, in some unnamed countries, more will vote against it than for it.
So, in summary: gay marriage is currently illegal (somewhere), that somewhere is a democracy, the majority of its voters don't want it. Seems like democracy has won. So what's your problem?
Oh, right, democracy is retarded -- because it allows retarded people to influence policy over intelligent people. Yeah, I guess so.
So what would you like to happen with 65% vote against gay marriage in your community?
Slashdot Mirror
Absolutely correct. So you can live my father's life, and spend 20 hours for (in his case) $200 (by the way, he's a high-power executive working for $10/hour to "get what he deserves") or you can live my life, and get what I deserve, eventually.
Remember too, it's all paid by credit card. So I don't actually pay it for yet another 30 days anyway.
All the time my friend. Thousands each and every day. I can't even begin to count the number of dumb ones to /phpmyadmin.
But being different means that there's simply nothing there to attack. All standard things just don't show up. So I get probed, and not attacked.
Sure, it costs me loads of bandwidth, and my logs are a disgusting mess. And sometimes the number of connections alone causes a problem -- which is a part of those six hours -- so I get to block one ip, or change a port, mid-attack. That happens once or twice a year, and it takes a few minutes to notice and block. We call that down-time, and it's totally acceptable to all of my clients.
Always remember, we're not trying to be invulnerable. We're trying to spend less money on security than we would lose from the attack.
Umm, wrong-o. I've been in business for twenty years. Over the course of two decades, my servers have been down due to security-related attacks for six hours spread out over the two decades. You'll find that to be a very successful result across the industry. I profit, my clients profit.
It's worked and is working for me.
How's your business doing?
If it's fraud, then you actually have the right to sue them, and have it take two years just to get to a courtroom. That's your right.
Who the hell cares. Read your bill, each and every month. Tell them to correct it, each and every time that it's incorrect. Then enjoy your life. Don't waste it proving that everyone's out to get you.
Actually, then I'll brighten your day -- even though I hate humanity too, it's for a different reason.
Fours reasons.
First: it's a competitive industry. Why spend money to bulid and upgrade systems when your competitors don't? Unless your customers are willing to pay extra for better customer service, there's no profit in it. Being worse makes things cheaper, which can be passed on to the customers in the form of cheaper services.
Second: employees aren't the company. employees make mistakes, some are new, some are young, some don't care. Not only are you holding a 16 year old drama student responsible for immediately servicing your telephone service, you're demanding that they do everything perfectly, quickly, and without assistance.
Third: your carrier puts policies in place to ensure that those crummy employees don't make things worse -- their version of do-no-harm. Keeping things bad is better than making things worse. You probably never called to complain about over-billing only to be billed even more. So the employees can do only those things that they can do without authorization. Some things require authorization.
Fourth: I also run a business. You know that customers are really mean, and demanding, and won't stop asking for more. And then, when it's all fixed, and it's all retro-active, and nobody died, they'll ask for a discount for the trouble. What the hell?
So by asking for whatever you want, and providing the time for it to get done. The employee can get authorization, look up how to do things, the system can go down and be brought back up, the manager can take-over, they know that you won't ask for more -- because you aren't even there to ask for it -- and they can do it during non-peak-customer-calling hours when they really aren't pressured by a hundred customers per hour.
The big trick is for you, as the customer, to really not care about your problem with any degree of urgency.
And here's the advanced class.
Take $200. Right now. Out of your own personal bank account. Put it under your mattress. Call it the budget for the year's crappy frustrations.
Throughout the year, every time some stupid problem like this crops up, just remember that you've budgetted $200 for this sort of thing. At the end of the year, you'll find that you've got $75 left over, and zero stress. Do the same thing with $2'000 for your car every year. Another $1'500 for your house. Another $500 for restaurants. Another $1'000 for friends, $500 for travel emergencies, and $500 for bribes.
At the end of every year, you'll find left-over money, zero stress, no problems, and you won't have spent countless hours yelling at people just to spend the same money anyway. And while you're at it, throw in $1'000 for the love of your life.
You certainly are. It shines through. Quite obviously I might add. Your friends must be envious.
Read harder. I said "different". You said "standard". Different is the opposite of standard. And that was my entire point, advice, recommendation, and successful strategy for the last twenty years of my business.
Actually, I was thinking the same thing, but the car door can be broken into without accessing the locking mechanism at all -- like when you call for help having locked your keys in your car. They don't pick the lock, they simply pry the door or window.
But yeah, it all comes down to making one link in the chain stronger than the others -- does you no good. The same is true on the web-sites. Unless you're going to secure each and every possible attack vector -- and keep on top of that as new ones appear -- then that type of security isn't going to be successful.
It's worth noting that biological immune systems work by being different across a species. It's also worth noting that the vast majority of animals create safetly by hiding. And the majority of those hide by obscuring themselves in a large group of comrades.
Obscurity doesn't work against targetted attacks. It does work against wide-spread attacks. And we all know that they only way to be secure against targeted attacks is to either be better at security than your attacker (which is incredibly expensive in every way, think military power) or to not be worth attacking (which is why we have laws, by the way.).
And come on. If you're going to discuss something with someone, put your name to your argument.
Hmm, trolling. I used my name; you didn't. My post was modded up, yours was modded down to zero -- as was the post to which you replied. Hmm, trolling.
And you might want to put your name next to your argument. Otherwise, you aren't exactly showing much confidence in your statement.
I'm not a proponent of security by obscurity. I'm a proponent of not ignoring something that works. So as a result, obscurity is a useful tool, alongside other tools, when it comes to security.
So I start like so.
First, Ethan Hunt can break into anything. So no matter what I do, I won't be secure.
Second, there's an amount of security that costs more for me to implement than the money I'd lose from the attacks. So that's my upper bound.
Third, there's an amount of attack that costs me a significant amount of money -- clients leaving and data lost and all that. So that's my lower bound.
Somewhere in between the upper bound and the lower bound is a balanced target for my security efforts that keeps things profitable for me and for my clients.
Anything that brings me to that balanced target is the perfect solution. Doesn't matter what techniques those are. It's the result that matters.
I start with obscurity, because it's often the easiest to implement in my world -- I build on in-house proprietary platforms that I've built myself over the years.
Then I check the results. Sometimes, often in my world, the obscurity has already brought me to my balanced security target. Meaning that any more effort would be a waste of money for everyone. So I stop there.
I've been doing this for twenty years. I have about six hours of security-related down-time across those twenty years. That's wonderful. No one's got a significantly better record than that (outside of some life-safety infrastructure, and certainly not all of them).
So that's how I sleep at night. I look at the time and money that I spent, and I look at my very successful results.
My question to you is thusly: how do you sleep at night, as someone who secures something that just happens to never be attacked? Isn't that like locking the door on the only house for 100 miles? If no one's attacking you, why would you wear plate armour walking down the street?
It's exactly like wearing a helmet to school. Yeah it would protect you were to bang your head into the wall. But if you don't tend to bang your head into walls, it's kind of pointless.
Hey, it's worked for me. It's worked for me for two decades now. It works for my clients too -- also for two decades. We're all happy. We're all making money. We're all not worried. And over the course of the last twenty years, my servers have been what we'll all call non-responsive to client requests due to hackers for a total of six hours spread out over 15 separate occasions. That basically works out to once a year it takes thirty minutes to block the attack.
Thirty minutes of down-time, once per year, due to outside hacking (usually china attacking, by the way), may or may not be acceptable in your head. But to all of my clients, it's not worth spending more than $10 to avoid. So unless you can improve security in five minutes, no one cares. What's more, thirty minutes of down-time per year is well within the SLA of anything. Think about it. 99.999% uptime still works out to over 8 hours of down-time per year. How many nine's are you expecting?
Even mission-critical sites are down more than that. Even google's down more than that. The only things that aren't are real safety-related infrastructure, and most of those are also down more than that. Even electricity in government buildings is down more than that.
You're trying to 100% solve a problem on principle that simply isn't a problem for anyone in practice.
Like I said, it's worked for me for more than two decades now. Live your own life.
And, oh yeah, put your name alongside your arguments, are you aren't worth spit.
As I type this, my father is on his phone yelling at his carrier. He's now spent over 20 hours this month yelling at them over the same billing error. He's furious, and it all makes sense.
I have the same carrier. I'm very happy with my carrier. But I've done things very differently. And I continue to do things differently.
The carrier did mis-bill my father. Absolutely and without question. Whether or not it was intentional is optionally obvious. But it's irelevant. My father, like most people, calls them, expects them to work out the issue on the phone for him immediately. And while we all know they should, and they could, it takes twenty minutes and then they don't. Again, intentional or otherwise is up to you.
I've seen all of you guys get frustrated with this sort of thing. So I've solved the problem. Here's what I did, and what I do.
First, I have a "business account". The only difference between a business account and a consumer account is that I asked for a "business account" and they call it a "business account". Otherwise, it's the same. All plans are available to me the same way. If anything, it actually reduces the availabitily of customer support because I need to be transfered to a business account person. Again, true or not is up to your own belief system.
Second, I don't expect anything to ever get done immediately over the phone. About once a quarter, sometimes once a month, I have some sort of an issue to deal with. Maybe billing, maybe account change, maybe whatever. I call, I leave the phone on speaker-phone until I get the right person -- sometimes I'm on hold for twenty minutes, rarely but sometimes. Doesn't matter, I'm working to hold music instead of to my own music, big deal.
Then, I ask for whatever I want. If it doesn't get done and solved perfectly in five minutes by the first reasonable-correct agent, I simply say: "I need to go, please work this out and call me back tomorrow at this time." 90% of the time, that's exactly what happens, and it's perfect. The remaining 10% of the time, if they don't call me back and it doesn't get done, then I walk into the physical brick and mortar store, and say exactly the same thing -- to someone wearing a manager tag. I smile, I shake her hand, I flirt a little (it works between men too, by the way), and I ask them to do me the personal favour and call me back with the solution -- and I give them a full week.
I think a lot of you forget that, assuming your phone is functional, all of these billing- and plan-, and account-related issues can be worked out retro-actively. There really is no rush. It's not urgent.
So I live a very happy life. I get problems solved within a week, with minimal time and effort spent by me. Why does anyone need any more? You deserve to have your problem solved. You don't deserve to have your problem solved within an hour.
Correct on all three. But you've missed two:
Different != worth exploiting compared to the myriad others
Secure != non-exploitable, ethan hunt can break into anything
Secure != free, cost-effective, profitable, nor worth doing most of the time.
I gave you that last one free of charge. Most people forget that secure has a cost, often greater than repairing the hack, or even just tolerating the hack. Ooh, someone changed my home page. Watch me change it back. For most businesses, that's not a problem worth avoiding. It's a $10/year problem, and you're suggesting a $100/year prevention.
You're putting security above actual profit and features and development and business and customers and time and recreation and family and friends and fun. That's a very big opportunity cost and monetary cost for a web-site that isn't mission-critical.
First of all, go back to grade six english and learn subject-verb agreement. "fewer defenses" or "less defence". Never "less defenses". The plural "defenses" is a declaration of quanta, not amount.
Second, and something I've said to others: Different != typical. Different means that a hacker would need to find you specifically, look at you specifically, and craft a hack specifically. It's very easy for them to do, and is not something that they will do.
I think you missed my entire statement. Which is odd, because it was in both the title and the body.
Different != Common. Make a note.
No one's going to find this small unsecured server, and figure out how to hack some mystery unknown customer software. It's just not worth the trouble.
If yours isn't a mass-market, mass-profit, hugely-popular site, you don't need to secure it. You just need to be different enough that the standard chinese attack vectors looking for standard run-of-the-mill popular web-site building packages don't find any.
Trust me, no one's going to your tiny site and trying to find the holes -- no matter how big they are.
We secure bank vaults with big heavy locks. Your house with a tiny mediocre lock. Your car door with a tinnier very crappy lock. Your car trunk with a down-right shitty lock.
Just be different. It'll get you through the 99% that you care about.
...that a military unit purchased bomb detectors never having tested their validity?
I've hated it for decades now. Whether or not I can consciously discern a difference has always been irrelevant. Similarly, whether or not my speakers can produce a difference is equally unimportant.
To the latter, assuming that I've "purchased" the music, and intend to retain it (as opposed to one-time streaming), at some point in my life I'll be using better speakers. Music lasts a really long time.
To the former, 3-minute listening tests are meaningless. Listen to the same song/album/artist/format for ten hours straight -- something I do recreationally, professionally, as background to work, and for inspirational moments. Some formats produce headaches. Some produce zero inspiration. Some have me "tired of listening to music". Others produce no headaches, tonnes of inspiration, and have me enjoy ten hours of music.
There is a difference. And not all differences are at the top of cognition.
Some music has my cat leaving the room.
I've never been able to mix exercise with work. I'm not fit, I'm not unfit. But any sort of workout significantly sends my blood far far away from my brain. The result is that I simply become too stupid to program anything. I become so stupid that I make unsafe driving decisions too -- which is a real problem in a tiny sportscar.
So for me, exercise comes on days off of work, or days of brainless work. I simply cannot mix the two.
I try to protect my friends, my family, and even my clients from the burden of undue stress and tedious work.
As much as I enjoy the work that I do, the requirement of doing it in order to survive is a burden.
I'm quite certain that one day the world will discover that working for a living results in a lesser life -- for some real value of lesser.
So, in short, I'm all for women working. But I'm not at all interested in equality. I want to stay home barefoot in the kitchen with life's great rewards -- i.e. food, shelter, and children. So if women want to take-over the burden of daily labour, let's help them to organize a plan to take it all.
I just can't believe anyone would fight so hard to work every day for their entire lives.
While we're at it, let's stop holding doors, paying for dinner, being polite, censoring verbal vulgarities, treating them kindly, smiling, and buying them gifts too. Clearly if they don't appreciate thousands of hours of annual work, let them take it all.
How it looks is a marketing issue, not a safety issue. The issue is with what happens in an unexpected scenario.
Welcome to baby-sitting. The task has always been easy. The job is easy and the scenario is easy. The hard part is the responsibility.
It's not about feeding the baby; and it's not about putting the baby to sleep. It's also not about changing the diapers.
It's about what you'll do if the drapes catch fire. What you'll do if the parents get stuck in the snow and can't make it back for 24 hours.
And that's what's taught in baby-sitting classes to 12 year-old baby sitters-in-training at your local community centre.
And that's what's missing from the robots being discussed.
By the way, it's also missing from all of the people you wouldn't trust to baby-sit your child.
So I guess the shorter answer is: if you want me to trust your robot, convince me to trust the stranger down the street to baby-sit.
all correct. the test works. nothing wrong with advocating against freedoms either. you don't have the freedom to do a lot of things. and that's good.
advocating is perfectly fine. having people advocate against inter-racial marriage is perfectly fine. marriage is a legal construct, nothing more. just because someone advocates against it, clearly doesn't mean they'll win. but you're actually judging them negatively, and convicting them, concluding that they are somehow incorrect, when all they are doing is advocating for their own wishes against yours.
again, welcome to democracy. it's a very stupid concept, but it's the one that you're using. and for some reason, no matter how many people vote against it, you won't choose another path. so democracy it is. and then you criticize those who vote however they choose. good job.
I couldn't care less what some guy says. Why do you? He can say it, he can believe it, he can actively advertize it, he can promote it, he can form a group of people who all agree. All of that is fine. The subject matter doesn't enter into things. As long as he doesn't stop anyone from doing anything that they are legally permitted to do, you shouldn't care what he says. Quite frankly, you shouldn't even be allowed to care -- eat that crow and like it.
I think you're forgetting -- he's not proposing changing the law. He's actually supporting the current, long-standing law. The fact that the current long-standing law may be stupid means that you should be upset with your government, not with him.
And he's right that in a democracy, if you want to change the law, you get to have people vote for it and against it (for and against the change). And he's correct that odds are, in some unnamed countries, more will vote against it than for it.
So, in summary: gay marriage is currently illegal (somewhere), that somewhere is a democracy, the majority of its voters don't want it. Seems like democracy has won. So what's your problem?
Oh, right, democracy is retarded -- because it allows retarded people to influence policy over intelligent people. Yeah, I guess so.
So what would you like to happen with 65% vote against gay marriage in your community?