https://youtu.be/L3LbxDZRgA4

Papers, please.

I think it’s more the case it gets bundled in for free (or near enough) with other MS crap like Office.

Nym looks interesting and I hadn’t heard of it before, but based on my reading I wouldn’t say it supports wireguard.

It implements wireguard but it still looks like you need to use their client instead of a vanilla wireguard one.

I can’t argue, but there are benefits.

If you need something running 24/7 then on-prem may work out cheaper for you. Keep in mind you need a team of server monkeys to keep that running, and your company’s security certifications will come nowhere near that of a major cloud provider.

Cloud is good for elastic workloads. And you can save money that way if you’re set up for it. A simple lift and shift will always be more expensive. But doing things like moving build tasks to spot instances and auto scaling capacity in peak periods is a huge win. No need to over provision your DC and no need to upgrade your hardware – generally AWS releases new products at roughly the same price as old but with increased performance. You get upgrades “for free”* with no capex.

Again I’m not saying that your circumstance means that cloud isn’t more expensive. But there are medium term benefits.

AWS refused to offer hybrid as an option for years. They’ve changed their tune in the past 5 or so. No reason not to take advantage and do what mix makes sense for you.

I’m legitimately curious to understand more (not challenging your assertions). They offer hosted Jira/Confluence and probably other stuff no-one cares about.

What’s the problem with adoption?

I strongly recommend Mullvad. Exceptional performance, wireguard support and if you’re really paranoid about anonymity you can literally send them money via post.

Even for the technically literate, running a mail server is an ongoing nightmare. If you think it’s easy, you’re not doing it right.

From a UX perspective I disagree. 1password wins at UX hands down but Bitwarden is a very close second and IMO has better privacy guarantees.

Security is useless if it’s too difficult. Despite liking Bitwarden I am a 1Password subscriber and happy with my choice.

Hypothesis

What excuses are you referring to?

Are you also arguing that if a problem isn’t in your immediate periphery then it doesn’t exist? We are all human beings, living on the same planet.

There’s nothing wrong with feeling a modicum of empathy for those less fortunate by circumstance of geography or socioeconomic influence.

Even more simply:

Government: closes their curtains in the evening.

Sorry, all you get is images of a maxi pad to indicate enormous damage for what was likely a graze.

An attempt on a former president’s life is a big deal, whether I think he’s a human dumpster fire or not.

However, the way he played this up was and is ridiculous. He didn’t need to prove anything. Someone shot at him and that’s not in doubt. Instead he chose to milk it and I personally find that ludicrous given the circumstances.

They’re not more effective. They might assist with speed of absorption but that’s it.

Never trust the network in any circumstance. If you start from that basis then life becomes easier.

Google has a good approach to this: https://cloud.google.com/beyondcorp

EDIT:

I’d like to add a tangential rant about companies still using shit like IP AllowLists and VPNs. They’re just implementing eggshell security.

I actually disagree. I only know a little of Crowdstrike internals but they’re a company that is trying to do the whole DevOps/agile bullshit the right way. Unfortunately they’ve undermined the practice for the rest of us working for dinosaurs trying to catch up.

Crowdstrike’s problem wasn’t a quality escape; that’ll always happen eventually. Their problem was with their rollout processes.

There shouldn’t have been a circumstance where the same code got delivered worldwide in the course of a day. If you were sane you’d canary it at first and exponentially increase rollout from thereon. Any initial error should have meant a halt in further deployments.

Canary isn’t the only way to solve it, by the way. Just an easy fix in this case.

Unfortunately what is likely to happen is that they’ll find the poor engineer that made the commit that led to this and fire them as a scapegoat, instead of inspecting the culture and processes that allowed it to happen and fixing those.

People fuck up and make mistakes. If you don’t expect that in your business you’re doing it wrong. This is not to say you shouldn’t trust people; if they work at your company you should assume they are competent and have good intent. The guard rails are there to prevent mistakes, not bad/incompetent actors. It just so happens they often catch the latter.

deleted by creator