undefined | Better HN

0 pointschaps3y ago0 comments

We weren't able to reliably install security daemons on a client's machine because the entire automation system didn't account for autoscaling. The issues were raised well before I joined and the project head legitimately didn't understand it as a problem that needed solving. The hosts were for a presidential candidate's webserver, and they noticed the webservers were missing security daemons days before the election.

0 comments

outworlder3y ago

> security daemons

AKA compliance checkbox crap?

If infrastructure is immutable (which makes it work even better for autoscaling), nothing new will get installed unless you build a new image. Export whatever data you require to ensure things you want to be running are running. Monitor entry and exit points.

What is left for the "security deamons" to do?

DiggyJohnson3y ago

Maybe I'm missing a joke, but was your client HRC's campaign?(?!)

rightbyte3y ago

I think she should have gotten more hacker cred for running her own mail server.

SturgeonsLaw3y ago

Right? Of all things to self host.

Although if it was an IRC server then that would have been truly 1337.

strbean3y ago

Did HRC's campaign website get hacked? I know her mailserver was hacked, but that was when she was secretary of state, no?

aliqot3y ago

That's not important and this ain't the place to ask otherwise they'd have told us.

DiggyJohnson3y ago

> this ain't the place to ask

Am I double-whooshing here?

How is a Hacker News comment thread not the right place to respectfully ask questions in response to interesting comments. I know I'm not entitled to an answer, nor do I intend to start a flame war. Sheesh

2 more replies

iosono883y ago

Lol

aliqot3y ago

jeez thats a rough spot to be in. did you stick around to fix it or just get the hell out of dodge after that?

chapsOP3y ago

I did what I could with a handful of selenium scripts, then hit a road block because we didn't have ssh access to a chunk of the autoscaling hosts. Gave up after that, told the customer rep to tell them we can't do it, and gave my two week notice about a month later.

aliqot3y ago

Ouch, that has to be rough to endure. I'm glad you seem to be in a better place now. Good on you for doing the right thing and getting the hell out of there when your options ran out.

riffic3y ago

are "security daemons" truly necessary though?

this whole thing sounds like a troll with enough convincing language to seem plausible

chapsOP3y ago

We could debate security daemons until our minds bleed, but.. man, I wish that all didn't happen.

77pt773y ago

Without the security daemons you risk a flux capacitor overload and that leads to it being exploitable via pointer wraparound.

riffic3y ago

in that case I'll throw on my wraparound shades..

and deal with it

j / k navigate · click thread line to collapse

0 comments

outworlder3y ago

> security daemons

AKA compliance checkbox crap?

What is left for the "security deamons" to do?

DiggyJohnson3y ago

Maybe I'm missing a joke, but was your client HRC's campaign?(?!)

rightbyte3y ago

I think she should have gotten more hacker cred for running her own mail server.

SturgeonsLaw3y ago

Right? Of all things to self host.

Although if it was an IRC server then that would have been truly 1337.

strbean3y ago

Did HRC's campaign website get hacked? I know her mailserver was hacked, but that was when she was secretary of state, no?

aliqot3y ago

That's not important and this ain't the place to ask otherwise they'd have told us.

DiggyJohnson3y ago

> this ain't the place to ask

Am I double-whooshing here?

2 more replies

iosono883y ago

Lol

aliqot3y ago

jeez thats a rough spot to be in. did you stick around to fix it or just get the hell out of dodge after that?

chapsOP3y ago

aliqot3y ago

Ouch, that has to be rough to endure. I'm glad you seem to be in a better place now. Good on you for doing the right thing and getting the hell out of there when your options ran out.

riffic3y ago

are "security daemons" truly necessary though?

this whole thing sounds like a troll with enough convincing language to seem plausible

chapsOP3y ago

We could debate security daemons until our minds bleed, but.. man, I wish that all didn't happen.

77pt773y ago

Without the security daemons you risk a flux capacitor overload and that leads to it being exploitable via pointer wraparound.

riffic3y ago

in that case I'll throw on my wraparound shades..

and deal with it

j / k navigate · click thread line to collapse