Dániel Buga

I resynced the telemetry bar with the video of MECO & Hot Stage. Now it's more obvious the order of engine shut down, relight and failure on the boost back. I suspect that booster failure is something like a fluid hammer effect given the stop and restart puts lots of stress on plumbing.

Deadliest words in infosec: “It’s better than nothing, right?” Wrong These words are the enabler of so many worthless “security solutions”. From phishing testing, to SAST, to “threat intel feeds”, to well, look around the floor of RSA… Instead of identifying real problems and finding or engineering solutions that fix those problems, “security” continues to bolt on the cheapest “solution”, masking the real problem and kicking it down the road, saying “it’s better than nothing”. It’s really not. Every organization has limited, finite resources, no matter how well funded. Wasting time, effort, and money implementing “solutions” because that’s what everyone else does is harmful. Those resources should be spent on identifying and addressing the root cause. Making it so your users aren’t sure if they should open that attachment from their supervisor, or burying developers in false positive vulnerabilities _is not_ better than nothing. These are technical problems, they need engineering, not fairy dust and best practices. The VC driven infosec — oops, I mean “cyber security” — startup world drives this world of worthless security “solutions”. There’s a perverse incentive to bring to market the weakest approach to a problem as quickly as possible. There’s absolutely _no_ incentive to solve hard problems. “The human is the weakest link, so let’s test if we can trick them”, not “let’s make it impossible for a person being tricked to result in a compromise, and also provide a great, usable UX”. This is then enabled by security people that don’t actually understand the problem they’re trying to solve. Their view of security is entirely shaped by what vendors are trying to sell them, what their peers are doing, and what Gartner et al says is the best. Gartner and their peers are also just taking what the market is offering (junk) and comparing. Platform providers are probably in the best position to address the underlying issues. They’re not incentivized in the same way. They’re not (usually) selling security, but security affects their bottom line. That’s why you see real work coming from them on Passkeys, etc. They do have other, sometimes competing incentives though, so it’s not a panacea. My advice to security leaders: - Before investing in a security product, ask yourself if you really understand the problem you are trying to address. Does this approach really address the issue? For instance, trying to stop phishing attacks against your users? Does TOTP MFA address that? - If you find yourself, or someone saying to you “it’s better than nothing”, stop and reevaluate. Is it really better than nothing, or should your available resources be put to use on a real solution. - Hire technical people that question the status quo. - Train your people to be more technical and question the status quo - Don’t let vendors tell you what the problem is, they’ll always have a solution to the problem they invented - Identify the problem, then go to find a solution - Don’t be afraid to build the solution (even though it’s not always the the best approach)