Sure, it'll do nothing to stop a determined attacker, but it does wonders to stop the noise from passive scanners.
Are you familiar with the Swiss cheese model of risk management[0]? Obscurity is just another slice of Swiss cheese. It's not your only security measure. You still use all the other measures.
It will conserve a lot of defender resources, it will completely bypass all mass scans, and it will make "determined attackers" much more visible as they will have to find the port first which will show up in logs and potentially land them in a tarpit.
This isn't about security of the same kind as authentication/encryption etc where security by obscurity is a bad idea. This is an effort where obscurity is almost the only idea there is, and where even a marginal increase in difficulty for tampering/inspecting/exploiting is well worth it.
My point is: the "security through obscurity is bad" and "security through obscurity isn't real security" are both incorrect.
They apply to different threats and different contexts. When you have code running in the attackers' system, in normal privilege so they can pick it apart, then obscurity is basically all you have. So the only question to answer is: do you want a quick form of security through obscurity, or do you not? If it delivers tangible benefits that outweigh the costs, then why would you not?
What one is aiming for here is just slowing an annoying down an attacker. Because it's the best you can do.
also, let's not conflate easy to repair with cheap to repair.
The macbook is quite easy to repair, it's just insanely expensive because they made the choice that, for user experience, they attach the keyboard to the machines body.
You can have ease of repair and build quality, but then you give up portability I guess (bulky and heavy). And also cost goes up
you need a ton of third party tools to make it behave like Windows, that's what you mean.
I'm perfectly happy with my "vanilla" macbook. Runs Baldurs Gate 3 and my final fantasy ps2 emulator just fine, and even trackmania was quite easy to get installed and runs well.
Can't comment on that hash thing, but I don't see why that would be a problem? It's not linked to your name or something. Windows does a ton of things too that I find inexcusable, such as changing settings or permissions after updates, those have an actual impact on my daily experience with these things
In our office, we'd definitely need the enterprise version for compliance reasons, not because of the features. That's about 14/user/month.
At a workforce of roughly 2500, that's a 4million+ yearly cost for something that is comparable to something you can get without that pricetag. It's no competition at all at that point. Think about it, would you be willing to ask your boss to pay 4 million so you can have a different chat app? No matter how much more ergonomic and friendly and intuitive it is.
The question is: "are staffers $14 / mo more productive with it, than the free version?"
The answer may also boil down to satisfaction, support calls, other things, aka 'total cost of ownership' as well.
Not 'But it costs $X million!'.
Companies will spend a fortune giving staff the right monitor, or chair, but literally don't think they're smart enough to know the dam tool they use all day?
Let them pick their chat software, like they pick their monitors.
This is exactly right. You're going to pay a dev on the order of $10,000 per month, then make it harder to do their job to save $14? That's idiocy.
The person responsible for picking our work laptops asked me for advice selecting our new Macs since our old model was being replaced:
"Do we really need to spend an extra $1000 for 64GB of RAM instead of 24GB?"
"That'd save us $300 per year, or about a dollar a day, over the deprecation schedule, and it'd make our devs slower. We spend more than this to have lunch catered."
"You know... good point. 64GB it is, then."
And that's how we opted for beefy machines on this hardware cycle. The guy I talked to is extremely smart and competent, but just hadn't looked at it from that angle. Once he saw it, he instantly bought in. There are dumb ways to save money with massive negative ROI, and cheaping out on basic equipment and resources is one of them.
My company doesn't OK basically any software requests, even cheap stuff :( We also don't make anywhere near $10k/mo (not USA). REcently got a new dev machine and it had 512GB m2 SSD and 16GB of RAM. I had to order 32GB but I had to explain why: to run docker images (and i'm hitting limits with 32GB constantly). I had to wait 2 weeks for the RAM upgrade. I wanted a bigger SSD but it would have taken longer and I needed to upgrade ASAP. It doesn't even have a USB-C plug (but a SD card slot, good grief).
Monitors are a personal choice. My monitor doesn’t force anyone else to install yet another a chat app to talk to me. The choice of chat app has to be made centrally, or at least at an organizational level.
I feel like most Americans don't appreciate the financial constraints under which European startups are operating :) The median series A is something like 1–6 million Euros over here. You have to seriously consider what you spend money for on these scales.
> I feel like most Americans don't appreciate the financial constraints under which European startups are operating :) The median series A is something like 1–6 million Euros over here. You have to seriously consider what you spend money for on these scales.
I, living in Germany, rather wonder myself quite often why US-American tech startups don't act much more frugally: this would give them so much more leeway/runway to make their startups succeed.
Half of the time it's startups subsidizing each other in a circle to have users. Like if you're a VC, you "force" your companies to use tools made by your other companies. So everyone will use the chat app made by one company the VC owns, the CRM software, all the different SaaSes etc. So it's just money moving in a circle, but then all the apps get to claim good sales and user numbers.
A big part of it is that if you're in a very competitive realm, where most of the startups you hear about are working, then every day counts. If you can spend $1M to develop a product in a year or $2M to develop it in 6 months, that extra million gives you a 6 month head start in sales, revenue growth, and publicitity. Depending on the numbers involved, that frugality could cost huge amounts of money overall.
Note that you don't hear so much about the many, many startups doing slow growth things in less glamorous fields. I know a few companies making agricultural products for small farmers. Yes, frugality makes perfect sense for them. They're not going to have a hockey stick growth curve where they go from $0 to $10M to $1B over the course of 2 years. Their revenue graph will look more like a traditional manufacturer. They're doing things the way you describe, but they're not all over tech and non-tech news sites.
So cca 16 million $ yearly for my corporation... Nobody is going to approve that, thats a ridiculous sum. There must be massive discounts above certain threshold.
QuantumBlack is synonymous -- it's where all of McKinsey's AI expertise got reorganized these days, anyone working on this tool was likely doing it on a rotation in between client engagements under "QuantumBlack, AI by McKinsey"
This observation makes sense, because all models currently probably use some kind of a sparse attention architecture.
So the closer the two related pieces of information are to each other in the input context, the larger the chance their relationship will be preserved.
Sure it's not a security measure as such, but it's still a worthwile component to the overall defense system.
reply