Hacker News new | ask | show | jobs
by don_draper 4774 days ago
>>* The service writes a new HTML file in the Jekyll dir and runs `jekyll build`

With Jekyll once it is up on say AWS you don't have to worry about it. You add a service in the mix, that means you need a server, that means you have an attack vector to worry about, among other things.

People like Jekyll because it is so simple. Once you start adding services, it's no longer simple.
1 comments
jacques_chester 4774 days ago
> With Jekyll once it is up on say AWS you don't have to worry about it.

You still need to update the base system.

link
don_draper 4774 days ago
Right. But when a security vulnerability is announced for Apache, MySQL, Postfix, etc, I don't have to worry about it.
link
jacques_chester 4774 days ago
We're going to wind up splitting fine hairs, but here goes:

Having to worry about updating because of security defects is the same as ... having to worry about updating because of security defects.

Reducing the attack surface still leaves an attack surface, is my point. You can't just "forget about it", your server can still be subverted to unpleasant ends.

link