Quote:
Originally Posted by TheDoc
Aye, people have told me I should do John's PR work, it has been talked about. But it won't happen :/
If I give a key to my house, it's 100% my ass if the house gets broken into. No the house builder, door maker, key creator, or anyone else.. It's 100% my fault.
So if you gave NATS the keys to your program, it's your own fucking fault. Even more so when you didn't turn on the built in security feature that would have stopped this.
And agian, not all programs were breached.. Not even close to half. Most did use the ip lock feature and not all had tmm admin accounts, because you aren't forced to have them.
Your turn, please twist what was said one more time in a different direction so I can answer the same thing again for the 1000 time.
|
No, its not the program's faults. TMM was expected to take reasonable care to ensure that those keys (the logins) were not disclosed or used improperly. Leaving a file of user/pass pairs laying around on a server is not a proper practice and if you think it is, then you need to go back to school. Its the digital equivalent of keeping a post it note on the monitor and its fucking ridiculous. Yes, data breaches happen every day to all sorts of companies. But that does not excuse the conduct of any of those companies, it is still 100% their fault.
People like to throw up "Oh, well how wouldn't you have done it differently, Mr. Know It All?" and to that I say this: I wouldn't have done it at all. If I owned a program, I would have looked into NATS but I would have never bought it. The first red flag would be the fact that it runs on Zend. ANYTHING that requires Zend is always a concern. Next, I would have found out that not only does it run on Zend, but I am not allowed to even install it myself. Another red flag. Why would I not be permitted to install it? I paid for it. My software, right? Next I would have found that the software has never been audited by an independent third party and whats more, John won't allow you to bring a third party in, citing intellectual property concerns. Major red flag. The only people who fear independent audits at someone else's expense are those with something to hide. Sure, John might have concerns over a particular expert, but surely an exert exists that is completely independent but qualified to render a competent opinion that both sides can agree on does not present and IP concern. At this point, I'd start digging into the past of the company and when I found the PornGraph saga, I'd say "You know, this guy is always close by when things catch on fire and burn to the ground. This is a bad pairing, thanks but no thanks."
The only thing the programs are guilty of is making a poor choice on who to do business with. Responsible program owners are - right now - making plans to ditch NATS and TMM. Due to the complexity of such a move, its gonna take some time, 3 to 6 months I'd say. And because of John's history of playing dirty pool, I think most programs that are leaving him are afraid to say so publicly until they have something in place and are ready to pull the plug on NATS/TMM out of fear that John will cut the cord to their licenses in an attempt to bust any unions that start to form. So I am cool with that - for now. But in about 3 to 6 months, the question for program owners who are sticking with NATS is: why? Show me why this program should be trusted and moreover, why I should continue to trust you and not be concerned about your apparent inability to put personal friendships and personal fondness for someone aside and make the right decision for the company.