Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Did Scott Hanselman have too much cough syrup on show #135?

So this question will get technical – eventually – but first check out Hanselminutes with Atwood (et. al.) where Scott basically invites developers to try to hack this site. It’s a hoot. I first thought (out loud of course, because with headphones on you get the best stares from people as you think out loud) “he either just got off a plane without meal service from Hong Kong or was ticketed for driving a Bobcat after too much cough syrup.”

So the question is, if a site like this can survive on one box, does it need multiple firewalls, a DMZ, and an anal ex-banker with a big stick? In other words, do we chase after the grail of security architectures just because THEY tell us to?

Disclaimer: I love Scott Hanselman and am a big fan of his another layer of abstraction theory.

like image 422
Ken H Avatar asked Nov 21 '08 03:11

Ken H


2 Answers

Ya, I agree that my paranoia probably got the best of me. I think it's MORE useful to complain about Jeff's lack of a separate dev and staging machine...not sure I have the stomach to push directly out to production. ;)

Seriously, though, forgetting about the hardware aspects of things, I should have talked more about threat modeling. It seems like Jeff's got a pretty good handle on that, however, and is plugging holes as fast as they are found.

like image 172
Scott Hanselman Avatar answered Sep 21 '22 03:09

Scott Hanselman


I really enjoyed the podcast, and found it refreshing to hear someone of Jeff's reputation sharing the same business/cost driven reality that so many of us face. I often find books/podcasts/presentations a little Utopian.

Making it work is still the primary goal. Beautiful code, perfect abstraction, NSA level security - those are all lofty goals too, but too much focus on those things can drive a project into premature bankruptcy.

like image 42
aSkywalker Avatar answered Sep 20 '22 03:09

aSkywalker