No it doesn't, and anyone who would draw a conclusion about an entire profession from the actions of a handful (positive or negative) can, in my opinion, go fuck off.
Yep, those are all grounds for interesting ideas that one could discuss over coffee for a good while. The entrepreneurs identified in the article that is being criticized however seem to have very bland businesses (coffee intern placement doesn't really capture the imagination).
IMHO this isn't about politics. Political issues include: strategies in foreign policy, the introduction of new taxes, the reform of the health system etc. I wouldn't care if somebody posted commentaries pro/contra this or that position. A political statement doesn't refer to the opponents race, gender etc. though.
You found a security exploit, feel special. Finding an exploit isn't a voucher to rant against the people responsible for it. The bottom line is that nobody can be 100% sure that their data is secure after they've put it in the hands of a third party.
The author did not claim anybody can expect or provide 100% security. The write-up was (among other things) about something more important - how do companies respond when presented with an important security issue. 37signals responded fairly poorly and that's useful information. Interestingly, this is not the first report of a somewhat strange attitude they seem to have regarding possible exploits -
I didn't read the post as a rant at all. If anything I think that the author has articulated an important factor in evaluating any third party provider's security infrastructure: attitude.
"Web application security is still an immature field, and many of the layers are sufficiently poorly designed that issues like this will pop up for a good long while. Just like buffer overflows have been a weak spot for C security as long as the Internet has been around, escaping issues will continue to be a weak spot for web security for as long as we're afflicted with this particular architecture."
It seems like a field not only in its infancy but also oddly unglamorous and under-reported. There's no repository (that I know of, at least) of vulnerability reports of major web apps, for instance, yet it's easy to look up an exhaustive history of Flash vulnerabilities down to the seventeenth decimal sub-version. And yet the various XSS/CSRF/etc vulnerabilities are easily as dangerous and as exploitable. Twitter's dreams of a billion users and a new internet were not exposed by a buffer overflow, after all.
That's possible especially since I'm not a 'security practitioner' and I'm essentially talking about a subjective personal impression - that it's taken less seriously, is less reported and incidences of specific vulnerabilities or exploits in specific apps are not tracked in the way they are for operating systems and major applications. This may, in part, be because in the case of web apps fixes are immediately available to all users. On the other hand, you can head to the RoR download page right now and click your way to downloading the current vulnerable version of RoR. At no point will you get a suggestion to check for recent security advisories or patches.
Fair enough if it’s true, but for many people who say this, it would be better to say, “I’ve chosen to spend money on a lot of other things, so now I don’t have money to travel.”
Shall we never forget the lovely Victorian ethic that the poor have only themselves to blame.
I don't see how this Victorian ethic applies. He's not talking about the poor, but rather those who have "chosen to spend money on a lot of other things", i.e. the middle-class.
The argument suggests that your net worth is mostly your own choice and has little to with circumstances. My point is that this flawed notion is responsible for other, more noticeably flawed notions.
