On 10/13/17 05:01, Mihai Popescu wrote: >> That's sensible, but if money or lives were on the line, I think It'd >> be better to have a running but potentially vulnerable service. > > Not OpenBSD related, but I was truly amazed people like you still > exist and still set up computers for others! > For you curiosity about user case, I preffer such a service not to be > started at all. > > Money(online bank accounts) should not be managed by broken software. > If they can't do this in a proper way, they should not start such a > service at all. > Life(medical, work) should not be risked behind this kind of services. > > I wonder, was it a joke what you've asked?
I wish it was. I wish this really was a rarely seen attitude. While quite out of place in this community, the rest of the world is much more about "security last". Oh sure, if you ask, "security is important!" will be stated, but when you start asking questions, it will truly be the last priority. Absolutely f'in' last. Just this week, someone told me that OpenSSL was better than OpenSSH because OpenSSH is too difficult to Man-in-the-middle, "obviously not designed for Enterprise use". What do you say to things like that? (I said, "It was designed for security first"). Ah, the stories I could tell if it wasn't for the need to make a living. ["Enterprise grade"??? What's so good about that? That damn ship was broke almost every week! And broke twice a year in exactly the same way!] Nick.
