On security

Hoff made a good point in a comment on the security entries, where I signalled a number of unhandled access errros on FTP.

It’s to be expected to be crappy code, but it serves the cause and fits the functional requirements. Efficiency, maintainability, correctness; using other system’s resources for nothing; who cares? CPU is cheap. Memory is cheap. Storage is cheap. Bandwith is cheap.

If it concerns your own system, be my guest. It’s your money.

My resources are limited, and expanding the isn’t cheap (I would if only I could afford it).
I’m using inefficient stuff like MySQL and PHP but that has been my choice and I accept the fact it takes too much resources sometimes. Errors accessing the system are possible and accepted, if properly handled.

But I’m not willing to silently allow deliberate abuse, no matter where it comes from; no matter what kind of deployment; no matter how big, or small, my systems are; no matter what OS I use.

If an attempt has been made to abuse my server, and I can explicitly pinpoint the abuser, I will not hesitate to notify the owner of the address.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.