>Amen. It's great to be able to say something bad "probably" didn't >happen, but that's a big ole fat "probably" (proportionate to the cost >of having it happen). My motto has always been to be as paranoid as I >can afford to be.
I agree that we need to not be sloppy with backups or security. If it takes you only 5 minutes to secure against the improbable, do so by all means. As long as it does not become 5 minutes x 1000. What I am saying is that sometimes we lose touch with reality and go overboard. Let's consider a real-life example. Somebody with a budget of about $300 who runs a relatively small site that makes maybe $500 a month from online ads comes to you and asks you why there is some weird Javascript code on the main page that was not there before. Somebody wrote the web application for him a long time ago. He does not have a full-time sysadmin to do backups or anything close to that. When bad things happen he hires a consultant. Yes, he does value his data, it brings him $500 a month. No he does not value his data by more than $500 a month, he cannot spend most or all of it on a sysadmin "doing it right". So what do you do? A) Tell him he's got it all wrong, he needs a sysadmin to run his system. Since he does not have a backup and who knows what his application does now after being hacked, he needs to re-install the OS on his dedicated server that is 1000 miles a way, and the application needs to be re-written from scratch to be sure. B) Find the offending code, remove it. Investigate the break-in, close the holes. Instruct him on how to make a backup and encourage him to do it regularly. Spend the rest of the time permitted by the client's budget securing the most vulnerable parts of the system. A real-life analogy to illustrate what I am talking about. Hwy 6 is dangerous, many people have lost their lives driving on it. When you go to Moab from Provo do you take I-15/I-70 route instead to avoid Hwy 6 just to be sure? -- Sasha Pachev AskSasha Linux Consulting http://asksasha.com Fast Running Blog. http://fastrunningblog.com Run. Blog. Improve. Repeat. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
