Hacker News new | past | comments | ask | show | jobs | submit login

A box under development can and will have all sorts of terribly insecure behavior. It shouldn't be on the internet. I'm not saying you "lose" anything by trying to secure it, I'm saying that you already "lost the [security] game" when you put the box on the unfiltered internet in the first place. Your goal should be limiting exposure when it is compromised, not trying to lock down hatches on a leaky hull.

Specifically: dickering over whether or not to make screen suid root on your dev boxes is an exercise in needless optimization.




  > Specifically: dickering over whether or not to make
  > screen suid root on your dev boxes is an exercise
  > in needless optimization.
Are you speaking from the point of view of a 13 person startup, a 200 person business or a Fortune 500 corporation?


> Your goal should be limiting exposure when it is compromised, not trying to lock down hatches on a leaky hull.

But isn't running applications only as regular users just that, limiting exposure?




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: