[Scott_Helme_]

"Please put yourself in the shoes of someone actually operating a site." - I run 8 sites right now and one of them is processing 10,000,000,000+ requests a month. I speak from a position of experience on this topic.

"Every single issue mentioned in that post only affects end-users. Not a single issue for the operator" - so don't care about the user and the risks we expose them to, only ourselves? This isn't really an approach I'm happy taking.

[steventhedev]

With 10B monthly requests, you speak from a position of having an operations team who spend 40+ hours a week on keeping your site secure (possibly even a dedicated security team?). Most sites do not have that luxury. If you're doing that on your own, then you're far from the average site operator that I'm referring to here. In fact, most everyone on HN is not the average site operator I'm talking about here.

My poorly communicated point is that by using extreme language like "I'm going to hack your static site" dilutes the message and makes average operators less receptive to more advice in the future. Troy does a lot of good work on reducing friction and advocacy, but sometimes he puts out more extreme content like this which makes me worry that it may have the opposite effect.

PS - Do you think the vaccine analogy works? I'd appreciate some advice on how to improve it