Showing posts from December, 2016

My view on Security

People in the Software Industry seem to be quite a bit bothered by the notion of Security. Security seems to be this ooh-so-magical castle that's innately "more important" than anything else that your company does and any and all pain and sacrifice demanded at the altar of security is justified (because oooh! Users! & Privacy!!!). Well, let's face it - security is a pain... a massive pain that provides very little reward in return. Security is like brushing. Do it once everyday and you'll be happy, your teeth will be healthy and you'll have a long life. And that's all the importance it deserves.  ACLs are like flossing. You know you should be doing it, but you keep putting it off as long as possible. ACLs give you a sense of security, a warm fuzzy feeling of being in control. An easy way of saying - yeah, we know what we're doing - look! ACLs! And every single day, an engineer's creativity dies a little bit when he or she spends 3 hours trying