new | ask | show | jobs
zer00eyz 3 days ago  [ - ]

> If engineers can't even manage their own security, why are we expecting users to do so?

This latest attack hit Crowdstrike as well. Imagine they had gotten inside Huntress, who opened up about how much they can abuse the access given: https://news.ycombinator.com/item?id=45183589

Security folks and companies think they are important. The C suite sees them as a scape goat WHEN the shit hits the fan and most end users feel the same about security as they do about taking off their shoes at the airport (what is this nonsense for) and they mostly arent wrong.

It's not that engineers cant take care of their own security. It's that we have made it a fight with an octopus rather than something that is seamless and second nature. Furthermore security and privacy go hand and hand... Teaching users that is not to the benefit of a large portion of our industry.

marcosdumay 3 days ago  [ - ]

> It's not that engineers cant take care of their own security.

I dunno. My computer has at least 1 hardware backdoor that I know off, but that I just can't get hardware without any equivalent exploit.

My OS is developed with a set of tools that is known to make code revision about as hard as possible. Provides the bare minimum application insulation. And is 2 orders of magnitude larger than any single person can read on their lifetime. It's also the usable OS out there with best security guarantees, everything else is much worse or useless.

A browser is almost a new complete layer above the OS. And it's 10 times larger. Also written in a way that famously makes revisions impossible.

And then there are the applications, that is what everybody is focusing today. Keeping them secure is close to useless if one don't fix all of the above.

dehugger 3 days ago  [ - ]

You never actually told us what your OS is.

dotancohen 3 days ago  [ - ]

Because that would be a distraction to the point they're actually making.

dehugger 2 days ago  [ - ]

The point is thoroughly undermined since we can't judge the veracity of their claims

dotancohen 2 days ago  [ - ]

And discussing the specifics of whatever OS GP uses is exactly the type of OT he was wise enough to avoid.

Personally, I think he uses Emacs.

Alive-in-2025 3 days ago  [ - ]

They must mean macos, right?

dehugger 2 days ago  [ - ]

I think you could find a dozen different operating systems that someone, somewhere, would say similar about.