Yes. In effect, Bernie actually needed the superdelegates more than Hillary did to win. Of course, he wasn't going to get them, even though he tried to make a case for it, because they tend to vote for whoever has the majority of the popular vote, and that was Hillary.

One can argue whether the election was skewed against him, but if so, it was more due to DNC scheming than superdelegates, which were never actually a factor, except, I guess, psychologically for some people.

True. It's amazing what you can put together after even an explosion. One charred and warped, but mostly intact panel with a hole consistent with a .50 cal anti-materiel round would be pretty conclusive.

Of course, if you know how rockets are generally constructed, you might be able to put a round somewhere that isn't as easy to conclusively prove was from a rifle.

Still, given all the things you have to do just right to enable space flight with rockets, I'm still going to regard this as pretty unlikely. The fact is that somebody inside that conglomerate would have to have hired a professional and had a pretty detailed program to make something like this happen. You're not just going to put a sniper on the roof and tell him to take potshots at it. That sniper will need to have been given a briefing with specific places he needs to hit with one shot to havethat effect. And he'll probably need to practice it. All of that takes time, money, and most importantly, other people committed to a secret that they all know would be very, very illegal. Such people exist, certainly, but are those people going to be involved in something as petty as this? No idea.

I don't know, I've been in IT for about as long as you have, and I have never seen where IT was more than overhead, unless the company itself was a tech company, and even then, internal IT is still overhead.

I agree that some pretty routine protection can give you a considerable amount of value.

But it wouldn't stop a concerted attack on you. You'd have been vulnerable to something like Heartbleed for two years, even if you patched every hour of every day of that two years. There have been other examples of obscure vulnerabilities that have been very serious and still missed for all of that. There are definitely things out there that no one knows about, or no one has gotten around to fixing yet. All it takes is for someone to want to devote enough attention to you in order to exploit them.

That's why if you work for a small company, you might do very well with routine patching, but that will not be at all be sufficient for a big bank.

Well, it is important to point out that no one really thinks their life is less important than tasty food. The real factors are:

There is always a reasonable probability that it won't be what kills you. That bacon triple cheeseburger may eventually kill you, but your smoking habit will probably do that first. You're going to die of something, you're betting you don't live long enough so that all of your bad decisions play out.

Second, people just have really bad perception of relative risk. That's why some people are more afraid of terrorists than they are of driving to work, even though driving to work is probably at least two orders of magnitude more likely to get you killed on any given day than all types of terrorist (Muslim, Christian, Marxist, eco-nuts) put together.

Yeah, except the government can't secure itself, and you think they are the solution to securing everyone else?

It's going to be security theater all the way down.

Sometimes I wonder if the real solution to this is a requirement that board members actually have to use the service their company is providing for their own personal use.

I hope you aren't suggesting the government is going to do a better job of making that happen.

All the government makes you do is a shitload of paperwork and then when you fail because you spent more time on filling out your 400 page system security plan than actually securing anything, they throw the book at you anyway. Or not, if you're golfing partners with your tame congressman.

Will we? I seem to recall some rich people who had their nudes posted all over the internet in recent memory. Perhaps you mean the 0.1%?

Security is security. The rich people are just as vulnerable as we are to it, and if you think about it, those are the people who are more likely to ignore their own security because they don't spend any money on it in their professional lives either.

That's why you don't back up servers, you back up data.

Installed server software like the application and OS, especially in this day and age, should be completely disposable. Unless they can cryptolock you somehow from a dump file or an oplog, all they have done is cause a short outage and annoy the shit out of some admins.

Wipe the hardware, reinstall from your golden image and have your configuration management software reconfigure things, and then restore from backup.

Not to mention with any redundant DB, there is a good chance that only one host is crypto locked, so you shut down the primary, and the secondary takes over as if nothing happened because crypto locking one server's disk merely causes your DB cluster to be broken.

Although lawsuit comes far too late to protect the people who needed to protect their data more than they needed a $30 rebate from a class action suit.

Make no mistake, the article makes this very clear. Most of the downside of not spending on security is on the customers, not on the business that got hacked.

Security solutions and spending also often includes the security people operating the solutions. And just one of them can easily be almost $200,000 a pop, not necessarily in salary, but in benefits, salary, and even getting a headhunter to find one.

As far as security software, that's pretty expensive too, but varies based on your level of security. I've seen packages that keep the records of every keystroke made on every server that you connect to it. Real Big Brother types of packages. That easily costs more than $200,000 a pop.

Also note that if you work at a smaller company that uses a certain piece of software that isn't very expensive for you because you have few heads and few computers to secure, that same package becomes much, much more expensive for big companies due to their scale, and even with deep discounting. I have to work with Fortune 100 companies in integrating with their security, and while it is not always inspiring to see their level of competence, it is very easy to see that they spend a shitload of money on what they have because they have high visibility and complex environments.

I don't think his advice is particularly bad, it's more of an admission of reality. Spend the money to make a good solid security program, but let's face it, with all the 0-days out there and the threat sources, it is probably best to understand that successful attacks are inevitable. At least then, you also set aside time, money, and resources to deal with the impacts, and do planning that assumes that since breaches are possible, they need to be taken seriously when they happen.

I'm less concerned that someone stole my password than I am that a password might have been stolen, but I didn't know about it for weeks or months or years. If I at least know about it, I can take action.

I disagree. There are plenty of people who can use money well. The problem is that the system rewards people who make money for the purpose of making more money. The problem here is that security is not profitable, and the downside seems to be less expensive than not covering that overhead cost.

We need to find a way to properly incentivize security as its own end, because as I have noticed in my career, getting security resources is like pulling teeth, until someone threatens a suit or seriously damages the reputation of the company. Even then, it is usually more for window dressing.

The problem with the extreme libertarian ideal of what would happen is that it assumes that no one can generate a monopoly. Particularly the monopoly of force of a government.

If that was not possible, it is possible that there would be more freedom for that mechanism to work, but as you say, those conditions don't seem to ever actually occur.

The reality is that I think people want something that prevents anarchy, but they don't want it to become oppressive. I think government is okay in moderation, but it is really taking over just about everything these days, and I don't really think people think about what that means for the future... or even if they care. I dislike the idea of a population that is fully dependent on a government, because I don't see it as much different as being dependent on a corporation or some other force that I have almost no serious input into.