• 0 Posts
  • 3 Comments
Joined 1 year ago
cake
Cake day: June 3rd, 2023

help-circle
  • I used to work in a place where we constantly got looked at by security companies and consultants. The wisdom of that time? Companies don’t hire security firms and consultants to find nothing, so no matter how asinine or impractical it is, they’ll still file it because an empty report is bad for business.

    Our security handling was pretty strict, and we had to constantly talk customers off the ledge and kindly inform them that their consultant was blowing crazy swamp gas up their asses. My favorite was a firm that listed all Easter eggs as a vulnerability. An open source package could raise the list of developers with a secret key combo, and so the customer saw this on their report and raised a stink. The customer had no idea what this all meant, but their consultant had scared the crap out of them, so we had to layer on a patch to disable the stupid thing.


  • I’ve been on the internet long enough to know that any argument that goes on for long enough is going to get uncivil. You’re also very unlikely to convince someone who feel threatened by your point.

    So I’ve got a soft ‘respond once’ policy. if someone replies to one of my comments, I respond once to clarify my position and address anything important. If I have failed to make my point by then, then my writing ability will continue to be insufficient in n > 2 comments, and I am adult enough to let them have the last word.