| ▲ | eek2121 5 hours ago | ||||||||||||||||
Funny enough, I thought this earlier about Arch Linux and it's deritives. It was mentioned on reddit that they operate on a small budget. A maintainer replied that they have very low overhead, and the first thought that popped into my mind was that most of the software I use and rely on comes from the AUR, which relies on the user to manage their own security. If engineers can't even manage their own security, why are we expecting users to do so? | |||||||||||||||||
| ▲ | zer00eyz 5 hours ago | parent [-] | ||||||||||||||||
> If engineers can't even manage their own security, why are we expecting users to do so? This latest attack hit Crowdstrike as well. Imagine they had gotten inside Huntress, who opened up about how much they can abuse the access given: https://news.ycombinator.com/item?id=45183589 Security folks and companies think they are important. The C suite sees them as a scape goat WHEN the shit hits the fan and most end users feel the same about security as they do about taking off their shoes at the airport (what is this nonsense for) and they mostly arent wrong. It's not that engineers cant take care of their own security. It's that we have made it a fight with an octopus rather than something that is seamless and second nature. Furthermore security and privacy go hand and hand... Teaching users that is not to the benefit of a large portion of our industry. | |||||||||||||||||
| |||||||||||||||||