Insecure is a curious word as it entangles with what is or isn't known, more than informs about design.
A different way to put it is GCP architecture has made different tradeoffs. For example favoring operability over confidentiality*, or scalability over integrity.
This makes sense from its mono-tenant engineering origins. Those were the right calls. Google exported SRE not SecEng.
Frankly, for most cloud customers, it's what they need.
---
* Take this break glass process. It arguably shouldn't be possible. If clients need their CSP to be "NSL proof", unable to leak corporate info responding to a national security letter (or any less obligatory rationale) without the corporation knowing, GCP is not their cloud. CSPs mostly consider it more difficult than it's worth to design a cloud offering that can be proven unable to provide a client's data. On the contrary, customers yell if CSP can't restore lost data, like Apple users yell if Apple can't restore iCloud. iCloud Advanced Security is what happens when you build clients the choice -- witness the warnings.
i guess the difference is i chose my hyperscalers à la carte instead of getting the all-in-one bundle. at least when cloudflare breaks something i can still ssh into my linode and debug it directly
people with something to share, people with something to say, who share and say it because they want to
that's how pamphleteers worked, that's how the Internet worked
at scale, static (CMS-managed) information sites cost effectively nothing even for arbitrary amounts of traffic, and smoothed across a range of people sharing stuff, it approaches zero per person
publishing used to be free with your ISP, and edge CDN used to be (and still is) free to a point (an incredibly high volume point) as well
having people pay something nominal to say things instead of pay far too much in attention-distraction or money to consume things, would put this all back the right way round
I couldn’t disagree with this more if I tried. The biggest benefit of the internet is to make it easier to talk to each other and share ideas. Putting financial gates in front of that ability is hot garbage.
Also, I agree that the platforms and paradigms we have are fucked up, but do believe that people who put work into making something deserve to charge for it if there are folks who’d pay.
The first widely distributed and open source version of this typist timing validation idea I saw (and incorporated into my own software at the time) was released by Michael Crichton as part of a password 2nd-factor checker (1st factor a known phrase or even your name, the 2nd factor being your idiosyncratic typing pattern) in Creative Computing magazine that printed the code.
A different way to put it is GCP architecture has made different tradeoffs. For example favoring operability over confidentiality*, or scalability over integrity.
This makes sense from its mono-tenant engineering origins. Those were the right calls. Google exported SRE not SecEng.
Frankly, for most cloud customers, it's what they need.
---
* Take this break glass process. It arguably shouldn't be possible. If clients need their CSP to be "NSL proof", unable to leak corporate info responding to a national security letter (or any less obligatory rationale) without the corporation knowing, GCP is not their cloud. CSPs mostly consider it more difficult than it's worth to design a cloud offering that can be proven unable to provide a client's data. On the contrary, customers yell if CSP can't restore lost data, like Apple users yell if Apple can't restore iCloud. iCloud Advanced Security is what happens when you build clients the choice -- witness the warnings.
Support drives design choices, not security.
reply