Have we gotten a full accounting of what kind of breach it was or how it happened? They may have compromised an internal system.

Yeah, sometimes things like "disaster recovery" and "security" get a bit out of hand and/or miss the point. You get people really into the idea "If a nuclear bomb hit my office, I could get my operations back up and running from another location immediately, because all my data is immediately synced to a location on the other side of the country." Well yeah, that's great, until you realize the person has confused a "sync" with a "backup", and besides if a nuclear bomb hit your office, you'd have bigger problems.

What few people will admit is that most of us can afford to be out-of-commission for a few days. You might not like it, and you might lose some money, but the world would keep turning and life would go on. It can be tremendously expensive to protect yourself against every possible disaster scenario, and you may end up spending a bunch of money to save yourself only a little, for a scenario that almost never happens. And then, of course, there's also the possibility of some weird nightmare scenario that gets past all of your safeguards, which you couldn't have predicted.

Sometimes you're better off accepting that bad things happen, instead of trying to protect yourself from every possible bad scenario.

As someone who has done a lot of IT for a lot of different business-- different types of businesses of different sizes in different industries-- I'll say that real businesses run by competent people rarely have web hosting and email run on the same place. I'd estimate that in the majority of cases, it's web hosting with one company, email with another, DNS with a third. Often the web hosting also offers DNS and email for free as part of the package, but we don't use that because they often don't do a very good job of it.

On the contrary, I'd quess that the market includes these things not because it's what people want, but because it's what's easy to provide. If you're setting up a web server, it's not very hard to throw on support for IMAP/POP/SMTP. The people working at these places are familiar with how to do that, the software is free, bandwidth/storage use is relatively small and predictable, and the security risks and minimal. Services like chat, calendaring, and VoIP are a bit more complicated and less well understood to your average IT worker. If you're selling a hosting plan for $5/month, you aren't going to want to do anything weird or difficult, but adding IMAP/SMTP hosting, and even webmail hosting, is pretty trivial.

As far as "paying for services that you don't use", they could get around that by charging a certain amount for al la carte, and then a different amount for a package deal, so it's not really a sensible objection.

See, I'd agree that his grouping is arbitrary, but thinking about it leaves me wondering why we group web, mail, and DNS together. It seems more sensible to group email, VoIP, and XMPP together. Web space and email really have no functional overlap, whereas you can benefit from integrating chat, voice, and email.

So ultimately, what he's asking my not be nonsense. We have many various hosted services, so why do we arbitrarily group some of them together, and not others? I think the answer is that we don't include VoIP because ISPs tend to lock that up for home users, whereas businesses want dedicated business solutions. VPN is more of a niche service, and most people don't bother setting up chat services because they're used to using AOL. I'm not sure why we don't find a better solution than having dedicated certificate authorities that charge ridiculous prices, but we haven't done that.

I agree with you, and that's part of the reason we need to make cycling a viable form of transportation. That may sound silly, but the reason we make it so easy to get a license and to keep a license is that we've made it necessary to drive. For a lot of people in a lot of places, their lives would be unsustainable without being able to drive at will. They wouldn't be able to get to work. They wouldn't be able to buy groceries. As a result, taking someone's license is an extremely severe penalty.

However, if we lived in a society where a person could live comfortably using bicycles and public transportation, then we could take away someone's license without much consideration.

A) You're talking about a single anecdote.
B) I don't know that it's certain you would have died.
C) He was talking about going 10 MPH, whereas your story is about going 30 MPH.

It depends a bit on where you live, and I think there are more people who want to live in the kind of places where it's not a necessity. I don't think it's that hard to understand why people are uninterested. How many tens of thousands of dollars do you want to spend on a big dangerous mechanical status symbol? How many tens of thousands of dollars do you want to spend over the next decade for fuel, maintenance, and a place to store your enormous mechanical status symbol?

You're right. The problem is our urban sprawl. It damages our health, destroys our communities, makes infrastructure impractical, and makes cars necessary. So maybe let's do something about it...? How about we make incremental moves toward better urban planning and higher-density living. How about we encourage cycling as a valid method of transportation. I think that if millennials are uninterested in owning a car, it may be because they're thinking about these things, and rather than talking about how impossible it is to live without a car, they're finding ways to do it.

Or maybe it's just that they can't afford it because the economy is in the toilet. I don't know.

They're sort of framing the question as, "If you ride a bike, could you get hurt?" The answer is, of course, yes. But then, you can get injured while taking a shower. It's pretty sensationalistic saying, 'Lots of my colleagues do not want to ride after seeing these [city biking] injuries.' It's an anecdotal and emotional response, and it doesn't really help to explain the issue.

The question should be, "What is the rate (accounting for severity) of injury in a population, comparing bicycles and other alternate modes of transportation?" I'm sure that formulation could be improved, but a question like that is more appropriate. So if we encourage cycling in New York City, will the total number and severity of injuries increase or decrease? Could someone provide something factual or scientific regarding that specifically?

Because as a logical thought experiment, I would guess that if we stopped using cars for personal transportation completely and rode bicycles instead, I would guess that you'd see an increase in minor injuries (e.g. people falling and skinning their knees), but a huge decrease in serious injuries and fatalities. While we've commonly seen around 40,000 car-related fatalities per year (more than 10x the number of people who died in 9/11, every single year), if you take cars out of the equation, I would bet you'd see very few cycling-related fatalities. Even if you have a serious bicycle crash without a helmet, unless you're hit by a car or truck, you probably won't suffer a permanent injury.

Not only that, but people really should understand that *security is not about absolutes*. Things are not either "secure" or "insecure". Well executed security is essentially about a trade-off between "easy accessibility for authorized usage" and "difficult accessibility for unauthorized usage".

The only way to "completely secure" a computer hard drive, for example, is to completely destroy it. Otherwise, there is some risk that someone can eventually gain access to it and recover some data. Short of that, I can put it in a cement block and sink it in a deep trench in the ocean, which would make it very secure and also very inaccessible. I can encrypt the drive, and then the security task shifts to securing the encryption key (ignoring the possibility of cracking the encryption).

But ultimately, one of the key problems with security is that it's not just about preventing access by an unauthorized person, but also about preventing unauthorized usage by an authorized person. If I give you access to some documents because you need access for legitimate reasons, then I can't really then prevent you from using the information in those documents for some other purpose. A lot of malware ends up on computer systems because someone hit "OK" and granted access. As long as someone has admin rights and can hit "OK" to install software, malware will be able to be installed by tricking that person.

You are correct. What people don't realize is that there are actually two different update mechanisms behind the "App Store" updates. When you check for updates, Apple displays the updates for applications purchased from the App Store along with updates for the OS-- but the fact that they're displayed together doesn't mean that they behave exactly the same way. The updates for App Store apps are downloaded from the App Store and require you to have an App Store account, but the system updates are downloaded from a different location, and no account is required.

I administer these things as part of my job. You definitely don't need an account to download system updates.

As a nurse, after undergoing training? Sure. As a doctor, after completing medical school? I don't see why not.

I'm not sure that counts as a limited resource, since it doesn't explain why we can't scale up on doctors or nurses to meet the demand. After all, we do have unemployment. I'm not saying you don't have a point, but you're being very picky that we get down to the reason why things are so expensive, and your explanation doesn't quite seem adequate. Scarcity of materials for MRIs could be a real limit, but it would only explain why MRIs are expensive. Why is the aspirin in hospitals so expensive? Aspirin isn't meaningfully limited.

This isn't a simple supply and demand issue.

Which limited services are you referring to? What's the limit?