[gjsman-1000]

It doesn’t matter if it’s fair, it’s just reality.

If you self-host for a business, and your self-hosted instance is hacked when other self-hosted instances of the same software weren’t, you are at risk for legal action and a possible criminal investigation. Was it really the software that was hacked, or were you negligent? Was it truly an accident, or did you have malicious intent? Plus, define negligent - does not having a service like CrowdStrike installed count? (You might say, “obviously not,” but if it takes $50K to convince the court on that point, shallow victory there.)

If you have a family, even if this is only a 10% chance of happening, you would have to be, in your own words, “fucked in the brain” to put your livelihood and career on the line to save a few bucks.

In my ideal world, beer would rain from sky and nobody would ever get drunk. We’re not in an ideal world, and “CYA” is a valid reason until you have a proper, large, dedicated IT team.

[iforgotpassword]

We completely agree here. I just don't think that's how it's supposed to be. How could Microsoft get away with this? They should pay billions in damages or penalties. And specifically, anyone who decided to move anything to the Microsoft cloud after the two hacking incidents should be treated just like someone who ran a nextcloud instance and got hacked, should Microsoft be hit a third time.

Related: https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_c...

I'm surprised someone finally has the guts to state it that clearly.