Just lol, not sad, not even surprised.
Just lol, not sad, not even surprised.
Someone from security team explained why security is so important, I cannot post original presentation or words here but the rough idea:
If security issues cause 25% loss of our revenue, it will be $250K when we make $1M, and it will be $250M whenever we reach $1B revenue, so we should keep improving our security figures, like reduce the loss from 25% to 0.25% so we will “just” lose $2.5M when we are at $1B.
Makes sense, right?
Not exactly to me especially thinking how security team deal with “improvement”, they tend to make changes without notifying teams being affected, they roll out new stuffs without discussing with teams being affected, they are running in “god mode” that nobody can challenge them and/or change their decision.
Let me make a similar statement:
If security issues cause 25% loss of our revenue now and 0.25% loss in a year, with the impact that our revenue growth 1000x to 10x, our revenue in a year, subtract loss, will be $9.975M instead of $750M, is that a good deal?
Neither is perfect, security is about balance, I’m not a security expert but I think the most secure system is that has no functionality, store zero data, and offer no interface to access it, in this way it will not be breached, data will not be leaked, and so on. Is that secure enough? Yes for sure, but is that what business wants to be? Not at all.
Ubuntu 22.04 was just released, I managed to upgrade my WordPress site (running on VM and only publish static site), it was not as smooth as I thought, there were quite some small problems here and there, but eventually it worked after like 4 hours of troubleshooting, and so on.
As a side note, I no longer running Parallels since I found it tricked me to subscription which involves $79.99 per year, luckily I noticed the weird charge on my credit card so was able to cancel it the same day. I’m running my VM on UTM now, I didn’t notice performance difference between UTM and Parallels, though Parallels does provide more convenient features like desktop integration, snapshot, etc.
I think I’ve been running Ubuntu since 10.04, but I’m seriously thinking of moving away from it now due to snap, there are more and more applications over Ubuntu dropped deb support and are solely on snap only, I don’t mind a distro changes its package management tool like yum to dnf, but I just don’t want to have 2 package management mechanism at the same time.
I may not run Fedora as I need LTS, I cannot choose Rocky as it (actually RHEL) lacks of aarch64 support. Most likely I’m going to play with Debian or Arch.
Read from reddit that JetBrains offer free license of their IDE to FOSS projects, applied, got approved in a couple of day, and I’m playing with Goland now. The process could be even faster if I expose my email over github.com, so JetBrains did not have to reach out to me for the verification (licenses bound to email).
I just used it for a day and still trying to change my mindset from VS Code to Goland although both are quite alike, something made me feel weird when I started with Goland includes it collapses “import” section by default, it feels so “java-ish”, and it does not automatically add/remove import whenever code changes, I also missed vim compatible mode as I use vim more than any other editors include VS code.
The screen looks a bit crowded especially when I launched debug, which is understandable as 1. there are lots of details to be shown during debug, and 2. I’m on my 13 inch Macbook Air. I’m going to try this on a larger screen and I’m also going to try if license works for Windows as well.
Several things happened in the past a couple years so I moved this blog site to static, some major issues lead to this change:
For now I have an VM running Ubuntu with WordPress installed, I launch the VM whenever I want to write something, then using Simply Static to generate pure static pages then copy to an Nginx server. The Nginx is still running on GCE but since everything’s static, I can easily port it to anywhere cheap whenever needed.
I’ve disabled most dynamic features during this process, like search, comment, AdSense, Analytics, etc. There may be some features that are currently broken, I will fix them whenever I know.
Moved to Firefox, and looking for other service providers so I can move away from Google.
Running Plex Media Server and now I can stream videos to any devices at home.
I used to use nginx server to serve HTTP traffic which works fine for all laptop/pad/phones, but PS3/PS4 don’t take it well.
certbot certonly \ --server https://acme-v02.api.letsencrypt.org/directory \ --manual \ --preferred-challenges dns \ -d 'xiehang.com,*.xiehang.com'
route53 is now hosting all my domains, though registrant is still godaddy, will change that part next August.
tcpdump -A -s 10240 'tcp port 8080' \ | egrep --line-buffered "^........(GET |HTTP\/|POST |HEAD )|^[0-9][0-9]:[0-9][0-9]|^[A-Za-z0-9-]+: " \ | sed -r 's/^........(GET |HTTP\/|POST |HEAD )/\1/g; s/^([0-9:\.]*) IP .*/\n\1/g'