Hacker News new | past | comments | ask | show | jobs | submit login

Would you trust a bank that protects their vault with the same kind of lock as your front door?



Yes I don't care how they do it as long as they can protect my money.

Likewise, they may use top of the line, super secure lock but if they can't protect my money, I wouldn't use them.


> Yes I don't care how they do it as long as they can protect my money.

That is like saying I don't care about having a bucket of water thrown on me as long as I don't get wet.


Heres another analogy, I've been using a black box sorting function from third party library, its super fast and satisfied all my requirements. Then they told me they implemented it using <insert super scetchy/controversial method>. From my perspective, as long is doing a good job and works as I expected, I don't care how its implemented.


..., but I don't care how it is implemented as long as it is secure.

I totally agree with this part. The problem is that the security of the implementation is the security of the implementation. So your sentence reads:

This is implemented extremely insecurely, but I don't care how it is implemented as long as it is secure. I also don't care about water, as long as it is dry.


Yes, at the end of the day, as long as the money is there when i need it, I don't really care how you store it.


You stopped reading after the first sentence?


I did read your whole post. Can you elaborate?


You only replied to the first part I wrote. The second part says that your stance is contradicting itself.

The following is meaningless:

> I don't care that it is insecure, as long as it is secure.

But the following would be fine:

> I don't care what they change it to, as the new solution is secure.

The point being that "stored in plain text, as long as it is secure" is impossible just like "water, as long as it is dry".


> I don't care that it is insecure, as long as it is secure

Ok let me clarify, I don't care if they use plain text pwd as long as it secure.

>The point being that "stored in plain text, as long as it is secure" is impossible just like "water, as long as it is dry

No, it is possible that they do some thing else to secure the money, not just password.

Using analogy can eventually break downs but its fine I'll go along.

Let say I need my car to be cleaned, I have only two requirements :

- the car is clean

- the car never get wet

So someone did that satisfied all my requirements. The car is clean and never get wet. Later on they told me that they use water all along.

Will I get mad ? No, why should I. They fulfill my requirements as I expected.

How they do that is implementation details, which is not my concern, its not part of my requirements.

Unless "not use water" is specifically part of my requirements, I wouldn't be mad at them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: