Changelog Master Feed

The six dumbest ideas in computer security (Changelog News #103)

Jul 15, 2024

08:14

Snipd AI

Computer security expert Marcus J. Ranum discusses the six dumbest ideas in computer security. They also cover why story points are useless in software development, the efficiency of the Posting HTTP client, instant branching for Postgres databases, ES Toolkit upgrade, and reflections on ten years of Varnish project work by Poul-Henning Kamp (phk).

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Computer security should focus on common sense practices over specific tools.

Using measured cues is more effective than story points for project estimation and planning.

Deep dives

Security in Computer Systems

Computer security has become overly reliant on specific tools and technologies, neglecting common sense practices. The podcast highlights six 'dumb ideas' in computer security, such as default permit and hacking as penetration testing. It emphasizes the importance of questioning conventional wisdom to enhance security measures and mitigate system compromises.

Intro

2min

Debunking Story Points and Introducing a New HTTP Client

2min

Database Branching, ES Toolkit Upgrade, and Reflections on Varnish Project

3min

Marcus J. Ranum’s 2005 post on dumb ideas in computer security still holds up, Barry Jones argues why story points are useless, Posting is an HTTP client as a TUI, Varnish ceator Poul-Henning Kamp (phk) reflects on ten years of working on the HTTP cache & es-tookit is a major upgrade to Lodash.

View the newsletter

Join the discussion

Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!

Sponsors:

Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.

Featuring: