Computer security expert Marcus J. Ranum discusses the six dumbest ideas in computer security. They also cover why story points are useless in software development, the efficiency of the Posting HTTP client, instant branching for Postgres databases, ES Toolkit upgrade, and reflections on ten years of Varnish project work by Poul-Henning Kamp (phk).
Read more
AI Summary
AI Chapters
Episode notes
auto_awesome
Podcast summary created with Snipd AI
Quick takeaways
Computer security should focus on common sense practices over specific tools.
Using measured cues is more effective than story points for project estimation and planning.
Deep dives
Security in Computer Systems
Computer security has become overly reliant on specific tools and technologies, neglecting common sense practices. The podcast highlights six 'dumb ideas' in computer security, such as default permit and hacking as penetration testing. It emphasizes the importance of questioning conventional wisdom to enhance security measures and mitigate system compromises.
The Flaws of Story Points and Measured Cues
The discussion delves into the inefficiencies of story points in project estimation and suggests moving towards measured cues as a more effective alternative. Measured cues offer a better approach for estimating tasks and handling scope changes, leading to improved team performance and reduced uncertainty in project planning.
Marcus J. Ranum’s 2005 post on dumb ideas in computer security still holds up, Barry Jones argues why story points are useless, Posting is an HTTP client as a TUI, Varnish ceator Poul-Henning Kamp (phk) reflects on ten years of working on the HTTP cache & es-tookit is a major upgrade to Lodash.
Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!
Sponsors:
Neon – Fleets of Postgres! Enterprises use Neon to operate hundreds of thousands of Postgres databases: Automated, instant provisioning of the world’s most popular database.