[chaps]

We weren't able to reliably install security daemons on a client's machine because the entire automation system didn't account for autoscaling. The issues were raised well before I joined and the project head legitimately didn't understand it as a problem that needed solving. The hosts were for a presidential candidate's webserver, and they noticed the webservers were missing security daemons days before the election.

[outworlder]

> security daemons

AKA compliance checkbox crap?

If infrastructure is immutable (which makes it work even better for autoscaling), nothing new will get installed unless you build a new image. Export whatever data you require to ensure things you want to be running are running. Monitor entry and exit points.

What is left for the "security deamons" to do?

[DiggyJohnson]

Maybe I'm missing a joke, but was your client HRC's campaign?(?!)

[rightbyte]

I think she should have gotten more hacker cred for running her own mail server.

[SturgeonsLaw]

Right? Of all things to self host.

Although if it was an IRC server then that would have been truly 1337.

[strbean]

Did HRC's campaign website get hacked? I know her mailserver was hacked, but that was when she was secretary of state, no?

[aliqot]

That's not important and this ain't the place to ask otherwise they'd have told us.

[DiggyJohnson]

> this ain't the place to ask

Am I double-whooshing here?

How is a Hacker News comment thread not the right place to respectfully ask questions in response to interesting comments. I know I'm not entitled to an answer, nor do I intend to start a flame war. Sheesh

[lmm]

There's nothing respectful about asking something that someone has very blatantly made a deliberate decision to leave out of their post, for completely understandable reasons.

[DiggyJohnson]

On the contrary, I don’t think there’s anything respectful about assuming that the OP doesn’t have the agency to decide for themselves whether they want to respond to my question or not.

Additionally, I don’t have a lot of respect for anyone with the ego to assume they know what information was withheld “deliberate”ly or not in a discussion like this. How do you know that?! How do you not see that the OP can make this decision for themselves?!

[chaps]

Man, you're pushy. Yes, it was deliberate to exclude that information, and yes they were correct in their assumption.

[lmm]

> On the contrary, I don’t think there’s anything respectful about assuming that the OP doesn’t have the agency to decide for themselves whether they want to respond to my question or not.

If being respectful means anything it means reading their post closely and trying to understand what they were trying to convey. You can't talk about denying someone agency if you won't pay attention to what they're telling you.

> How do you know that?! How do you not see that the OP can make this decision for themselves?!

They did make that decision for themselves! It was clear from their post!

[aliqot]

It is personal information that risks identifying them more than they already had at the time of posting. It took about two seconds to put everything together. I don't have a dog in this fight politically one way or the other, people don't need to identify themselves IRL here.

[DiggyJohnson]

Who are you to decide what others are comfortable sharing on here. It is quite literally as simple as the person I replied to choosing not reply to my comment. Why is this issue a concern to you?

> I don't have a dog in this fight politically one way or the other

Neither do I.

> people don't need to identify themselves IRL here

I don't think they do either. Why are you assuming I "needed" this information?

[chaps]

Can you not? They're right.

[iosono88]

Lol

[aliqot]

jeez thats a rough spot to be in. did you stick around to fix it or just get the hell out of dodge after that?

[chaps]

I did what I could with a handful of selenium scripts, then hit a road block because we didn't have ssh access to a chunk of the autoscaling hosts. Gave up after that, told the customer rep to tell them we can't do it, and gave my two week notice about a month later.

[aliqot]

Ouch, that has to be rough to endure. I'm glad you seem to be in a better place now. Good on you for doing the right thing and getting the hell out of there when your options ran out.

[riffic]

are "security daemons" truly necessary though?

this whole thing sounds like a troll with enough convincing language to seem plausible

[chaps]

We could debate security daemons until our minds bleed, but.. man, I wish that all didn't happen.

[77pt77]

Without the security daemons you risk a flux capacitor overload and that leads to it being exploitable via pointer wraparound.

[riffic]

in that case I'll throw on my wraparound shades..

and deal with it