I'm not really sure what point you're making. Is the point that it is harder to to secure more things? Is it that security events happen more frequently the higher your number of employees goes?
If so, I bristle at this way that many developers (not necessarily you, but generally) view security: "It's red or it's green."
Attack surface going up as the number of employees rises is expected, and the goal is to manage the risk in the portfolio, not to ensure perfect compliance, because you won't, ever.
And just as dangerous: 50 employees. Because quite frequently these 50 employee companies have responsibilities that they can not begin to assume on the budgets that they have. Some business can really only be operated responsibly above a certain scale.
A law firm with 50 employees who use nothing but Microsoft Word, Outlook and a SaaS practice management application is really easy to button up tight, though they probably don’t have any inhouse IT and the quality of MSPs varies wildly.
A company of 50 software developers is an enormous headache.
Conversely I didn’t understand incentives for junkies to steal bikes to sell those only for 10 or 20 bucks.
My incentive structure is nowhere near to theirs. It took a lot of mental effort and empathy for me to grasp what kind of environment they navigate in life to steal my bike I bought for $200.
So I also lack understanding of being a millionaire or a billionaire but I definitely lack empathy for those people.
You sound like you would confidently say that you can play chess. Basic moves are easy to learn by very young children.
But if only thing you know are basic moves playing against a player with 1600 ELO you are not going to win without serious training and 1600 is still far below grand master level.
Absolutely. I am quite capable of moving the pieces around a chess board within the confines of the rules. I think you would be hard-pressed to find many who are incapable of that, given exposure to the game. If that isn't easy, what is? I am not all that good at figuring out what moves to make, but that analogs with "what to program", not "programming" as it pertains to the discussion that has been talking place. Nobody has ever suggested "what to program" is easy.
At some level even if you know basic moves those moves are wrong.
Some things are hard to express in code even if you know exactly what you need to achieve and you know all the basic moves like loops and if statements.
If you know that you have to do a check mate or get amount of points and you know how to do basic moves but you don’t know any openings you are going to loose in 3-5 moves. If you get past openings you might get to 15 moves. If you do easiest greedy approach you loose if you take easiest defensive approach you loose.
It is not „what to program” because in chess you exactly know what is the goal. Getting to that goal alone is hard.
> Some things are hard to express in code even if you know exactly what you need to achieve and you know all the basic moves like loops and if statements.
Like what? Are you, perhaps, confusing "hard" with "time consuming"? Some things take a long time to express in code (absent AI, at least). It's not hard, though. It's just rote copying down what you have already determined "what needs to be programmed". Getting to the point where it is just rote copying can be difficult, but is decidedly in the "what to program" phase.
Then let's disregard cost of running and maintaining a system for having exact financial feedback.
We do proxy measurements because having exact data is hard because there is more to any feature than just code.
Feature is not only code, it is also customer training, marketing - feature might be perfectly viable from code perspective but then utterly fail in adoption for reasons beyond of Product Owner control.
What I saw in comments — author is selling his consultancy/coaching and I see in comments that people who have any real world experience are also not buying it.
Demand is higher than supply it is just the start of bubble.
Everyone and their dog is burning tokens on stupid shit that would be freed up if they would ask to make deterministic code for the task and run the task. OpenAI, Anthropic are cutting free use and decreasing limits because they are not able to meet the demand.
When general public catches up with how to really use it and demand will fall and the today built supply will become oversupply that’s where the bubble will burst.
Normal people refuse to learn markdown - they want RTF editor.
I could understand someone might refuse learning LaTex but markdown is so simple.
RTF editing sucks badly if you have to include it in your project. No one wants to specifically pay for implementing it but they also expect it to be there.
Nowadays you can just use one of those WYSIWYG markdown editors that come with a toolbar (incl. buttons for inserting images) and hide the formatting syntax by default.
But each editor also has its issues with generating "backend html" doing bunch of wonky stuff so it works for this editor — using that text in various other places and when you have multiple rich text fields and not single big one to edit whole document is always a major PITA.
Then you get whatever they write to PDF report so for example you have to render HTML correctly there. Amount of ways it can break is basically infinite, getting paragraphs page breaks is non trivial amount of work, especially when customer wants their own layout for the report and not generic looking or just broken layout. So problem is mix and match display of whatever they write in different places.
Not to mention, everyone wants prefilled templates, so they don't start from scratch, oh and your templates need to have dynamically filled in placeholders, now you have to put something like tags that will be updated by your back end.
Maybe you need to send it via API and all kind of companies have WAF on incoming/outgoing data then you have to strip tags.
Yes you can encode/decode, limit options, white list allowed tags, and I was doing that for years now, but amount of things that break is still big and another customer wants you to enable lists when you wanted to
support just italic, bold, then you have whole blast radius and feature creep is real.
ROI is just not there, as I mentioned no one wants to specifically pay for all that, we have a really good run telling customers to just use plain text, amount of regressions to be tested, amount of expectations of things to work out of the box once you go with rich text is really high.
Bar to jump to is basically re-implement MS Word — oh did I mention everyone will expect copy pasting from Word to work perfectly - just imagine how much time your customer support has to spend explaining you limited options in that field to be just bold and italic.
RTF editor may be part of WYSIWYG solution but it also might be used to edit text that on publication will be looking entirely differently or will be used in various places.
Ohh, I think I get it now – is this about literally using RTF as an intermediate format? I really don’t think I’ve heard about it being used in the context of static sites, but I see how it might make sense as a way of storing, well, rich text.
On the contrary, that's very uniquely and peculiarly human stupidity, possibly caused by the fact that our brains take so long to fully mature. In other species, competing for mates (just like territory) is typically highly ritualized exactly because getting seriously hurt is the opposite of adaptive.
I feel that rituals of this nature work because they are backed implicitly by the threat of violence, which must be actualized from time to time in order for the ritual to hold force. Just like in human cultures.
Most of every species gets pretty insane over mates. Evolution is about spreading your genes, not about prolonging your life. Obviously the latter is often useful to achieve the former, but not always. There are even numerous examples, such as black widows and bees, where death is even a part of procreation.
And I think the exceptions are often found to not really be exceptions. For instance chimps were once seen and framed, most famously by Jane Goodall, as peaceful animals who only engaged in violence when pushed to the extreme by some outside force. And in looking up info about bonobos I'm somewhat unsurprised to find that recent observations [1] are rather contrary to their reputation as the same sort of peaceful kumbaya type.
Humans dying to impress a mate are super rare in reality. And even among humans dying to impress ... it is more likely to happen in male only groups where men try to impress and dominate other men.
There's an alternate hypothesis about that which is that a lot of adolescent level risky behavior may actually be a way to weed out psychopaths.
The argument is essentially: how come daring people to do something gross or embarrassing is so common? There's a weird social dynamic in being the one who goes through with it, and it frequently promotes group cohesion.
So maybe the point of it isn't the act or social dominance, but to get people to display normal emotional responses - safe people will be embarrassed, or hesitant or display social support queues or disgust if they have normal emotional processing. The psychopaths? They'll struggle - particularly at that age where the opportunity to learn to blend hasn't had time to develop.
Basically a group of guys egging each other on to do the riskier dive into the pool or something aren't trying to impress a mate, they're actually filtering for people who don't emotionally react correctly to whatever the dare is.
>I guess dying because you think you’re going to impress’s a mate and stay alive is quite common.
based on my memory of readings in the matter I don't think so, most animal species "impress a mate" is either
1. do mating ritual better than others
2. actually directly compete with rival who has mate to win mate.
In the second more rare scenario the actually directly compete with rival tends to be very ritualized, and thus when you lose you don't actually get significantly hurt.
In the ritualized combat for mates some species have evolved to points in which accidents become a major problem, for example Stags locking antlers in combat for does.
Obviously this is a scenario where you want to impress and stay alive but it doesn't work out, but it is relatively rare in the species that has evolved antlers to the point where it happens, and it is rare for species to have similar problems, generally the one who loses these competitions does not die, they just assume a lower status.
So all that said the human tactic of Bob, hold my beer while I impress Cindy by riding this croc, is a pretty rare tactic for getting a mate.
I once tried to rappel off the side of an apartment building using a garden hose I stole from the building so I could get into my apartment that I was locked out of because my roommate had gone away for the weekend, this was not to impress a girl, it was to get changed to go to the club to meet a girl. I'm also afraid of heights.
Luckily the apartment manager came driving up at the right time, probably saving my life.
that's true, but among humans the "impressing a girl" pattern seems to be more open ended as to how you will do it, and thus you end up with croc-riding accidents at times.
Now take limited time/budget and off you go making sure basic security hygiene is applied in a company with 500 employees or 100 employees.
If you can do that let’s see how it goes with 1000 employees.
reply