Calling pre-revolution Russian society "great" sounds like a bit of a stretch, mostly due to quality (and freedom) of life for biggest group of it - farmers.
There is a paragraph that mentions other countries having their own deportation systems. How much of "other countries bad" must be in an article about very particular Russian system?
This isn't about intelligence, this is about how you view other people. And what are your beliefs about emotion control - is it your responsibility to control yourself, or is it others people responsibility to not make you angry.
Anecdote : your comment striked me, as I was in almost the same situation (but with dead chicken, instead of dog) and my family member, very intelligent, highly respected engineer screamed at the child and hit the mother because "It was their fault". And this was one of the more "sane" reasons for their abuse.
> You don't expect the security guard for your office building to generate profit, why would you do so for your digital assets?
Yes, that's why companies cut cost on security guards as much as they possibly can. From the product-making company standpoint security
is a mostly a cost.
Yes it is mostly a cost. Breaches are also a cost. When the homedepot security team tried to fix the issues that got them pwned, the execs said "we're not a security company, we sell hammers". Box ticking mindsets like that are held by incompetent and short sighted executives. The cost of security is decided by the cost of a potential compromise, it has nothing to do with profit margins. A lot of companies learn this lesson the hard way. Many "snakeoil" security companies exist because of this incompetent line of thinking by executives. It is easier to say you paid some company who made some b.s. claim than to actually fix problems, even if the 3rd party costs more than the cost of fixing problems.
In short, what you and OP commenter describe is incompetency, it should not be taken as the default, those are not defenders, those are mismanaged organizations. We're in 2024, every exec should know better.
> In short, what you and OP commenter describe is incompetency, it should not be taken as the default, those are not defenders, those are mismanaged organizations. We're in 2024, every exec should know better.
Everything in life is a trade off, and no-one is in the business of perfect cyber security defense. Therefore, businesses will *always* trade weaker cyber security defense for better/faster/cheaper/easier/more business in their actual line of business. Just like you do every single day. Do you have ALL traffic on your home network encrypted with mutual serve and client certificate verification? Do you only have your 256 character passwords memorized in your head and not stored in a password manager anywhere or otherwise recored somewhere? Are all of your home systems equipped with strict outbound firewall rules that only allow one time, on demand and confirmed communications with the wider internet? Have you hardened your home network against data exfiltration via DNS queries[1]? If you use 2FA for your accounts, and the objectively weaker password managers to store your passwords, are your 2FA tokens kept on completely separate devices from your password managers? Do you only allow direct console access to any of your systems and have no remote access like SSH enabled? Do you a have every single computer backing up their data into multiple redundant copies, without using the network for data transfer and with at least one if not more of those copies stored off site?
If you answered "No" to any of those questions, you also have chosen the route of "incompetency" and "mismanagement". It's 2024, and every IT person should know better. But of course we do "know better" and choose the objectively weaker options anyway because the stronger options get in the way of actually doing the things we want to use our systems for. You don't choose perfect cyber security defense for your home network because you don't have a home network for the purpose of practicing perfect cyber security defense. So it is with businesses, they don't have their systems for the purpose of practicing perfect cyber security defense either.
"Should" doesn't mean much. People respond to incentives. Can you explain the incentive function that exists today in the real world to prioritize the security cost center above the profit center?
I mean, I work at a company that I'd say does a pretty good job of this--in a regulated industry and after getting burned a few times. But you can still go full-send with VP approval, and the risk becomes part of the cost of doing business.
the problem goes even deeper, execs chase short term profits and stock ticker bumps, that's the root cause in my opinion. You shouldn't prioritize security over the main business and profit, that was not my suggestion, but you should prioritize long term profits and reputation (ability to make even more profits in the long term), which is where security comes into play.
In other words, security is necessary for business. Just like how you would want your offices secured from burglars -- because otherwise you can't do business well -- you should want your digital assets secured from hackers, except unlike physical security, it isn't just local malicious actors and competitors after your business but intellectual property thieves, hacktivists, financially motivated cybergangs and more (not just nation state actors).
Failure to give proper priority and funding to cybersecurity, is failure to ensure conditions that make the company profitable and viable in the long term.
It's not, though, that's the thing you aren't picking up. Managing risk to the tolerances necessary to make money is necessary for business. That's what's being done.
You say that it's about the long term, but within epsilon of nobody has gone out of business or even been seriously impacted by bad security posture. Experian gets wrecked on the regular, but it's not going out of business. Azure springs holes regularly enough that Corey Quinn has an ongoing schtick about it, but Microsoft isn't going out of business, either.
If you want security to be necessary for business, you need to make failing to operate securely a legitimate threat to an organization. Waiting for consumers to act collectively means you'll die of old age before seeing a twitch, so you're really talking about legislation. I would be in favor of this, to be clear--I think we as an industry are bad at cybersecurity, terrible even. But I'm describing what is, not what ought.
Companies go out business because someone from China stole their intellectual property, that isn't uncommon. There are companies like riskiq and bitsight that rank your security posture, which other companies use to decide on giving you their business. If it is between your ransomwared company and the competition, you just lost a business advantage there. Azure and Microsoft are bad example, as is Experian, they don't have much competition. I think the whole ransomware trend has skewed how people think about security. It isn't just outages like the ones caused by ransomware that are a concern, keeping secrets and confidential information from your competition is a big deal. as is the trust of your clients, that you will protect their information.
> Managing risk to the tolerances necessary to make money is necessary for business. That's what's being done.
I agree, but that isn't what is being done at most places. Every organization should spend as much as their risk tolerance allows them to do so on security. My problem is with spending as little as possible without getting into legal trouble.
Also, private observation : Poland was relatively safe country during communist rule, although everyone was very poor. Then '90s happened, income disparity went through the roof, unemployment skyrocketed, and you could be greeted on the street by a group of young gentlemen asking you for your possessions, not to mention extreme gang violence and fights between hooligans.
Maybe government won't be overthrown, but you can easily loose the election.
European cities are dense, and there is limit to their growth, as they are often surrounded by tight circles of villages. Sure, you can build a few buildings there, but those villages are often fighting against high buildings, and residents often fight against urbanisation of the area. So you can't build suburbs like in USA and this makes the already problematic situation (high prices, big funds buying whole apartment complexes to rent them, many people buying apartments as assets and being afraid of renting due to protections towards tenants) even worse. So every building is worth it's weight in gold. And whole abandoned buying is going to be a daily reminder for many people that cannot afford to buy 1 room apartment about how unfair current situation is.
I don't want to argue about what to do with situation, just adding a perspective.
From what I observe, although spanking is described as basically harmless, not everyone who lived through it see it as something that improved their lives. Even if it was administered by well-meaning, loving parents.
To be clear, as this is often required on HN, I was speaking of a subset of spanking:
out of care and love, when they did things dangerous to themselves or others, and sometimes a strap or switch when something truly horrific was done.
In other words, never because fed up / angry. Never because of minor situations, and so on. For example, swearing isn't "dangerous to themselves or others". Spanking employed when the life of the child or others is involved, is a short-cut to locking an intense memory into long-term recall.
This sort of event is rare.
And to be frank? "Improved their lives" isn't necessarily important. Note how I state "dangerous to themselves or others"? Siblings and other children have to be taken into account.
Lastly, and take this from someone with grey hair, it wasn't until my 30s that I started to appreciate some of the discipline I disagreed with as a child. Disagreeing, doesn't mean it was wrong.
Anecdotal data from Poland : mostly, yes, they are owned by people living in them, or by people renting them (people having small amount of apartments that they are renting). Mind you - in post-communist countries, in cities houses are not as popular as apartments, as we do not have USA-style suburbs.
There is issue on the housing (apartment?) market, but it has nothing to do with communism, mostly with capitalism - big funds are buying apartments en masse (mostly new ones) and a lot of people started buying previously cheap apartments and renting them, causing prices to skyrocket in the last years.
