| > One, it makes me worry about the mental health of the author. They are clearly really not having a good time living in our reality, and I hope they can find a way to relieve the suffering. > Two, I hope no one else gets caught up in it. There are a lot of strong words and claims but nothing remotely actionable. It's pushing pure panic/fear/angst. This made me laugh, it comes off as so condescending. Don't worry about my "mental health". The purpose of life is not to just be content all the time, it's to overcome suffering and achieve some level of self-actualization. If we are on the verge of the apocalypse, It should feel apocalyptic. The question is of how urgent the apocalypse really is (taken with a grain of salt to make room for the unknown) and what can be usefully done. > cloudstrike is just a company that is strong on sales/marketing but weak on tech, who found a market that requires you to be strong on both. I don't think there's anything wrong with such companies existing, but it seems clear they should never be in a position to break everything. I do think there is something wrong "fixing" security by just outsourcing your problems to some other company to monitor. Real security is about one's own operating practices and standards. Companies like cloudstrike don't necessarily increase security, they increase fragility because they act as a central point of failure. > The fix could be the market, regulatory, and/or technical. There are tradeoffs, so we probably need to work through the arguments of different approaches and different combinations of approaches. The author suggests that the problems are more systematic. I would say the fix is cultural: we have a flawed culture of outsourcing security to the market, regulators, or technology. |