One hundred percent. I was exploited personally by a couple startups, and worked crazy through much of my young adult years. At one I think hundreds of people were traumatized as it fell apart and it became an internal war. Eventually I was part of something successful made it to the exit. Given the choice to go back to age 21 and get a cushy job at let's say, a university, with strong job protections and great pension, or play the startup game and work like mad, I'd choose the latter still. I'm grateful I had the chance to go all in.

Europe wants to have digital sovereignty, but the reality is its tech sector has lagged far behind in innovation. Why is there no Apple or Google of Europe? Having worked with many startup founders in the US and several in Europe, the conclusion I've come to is: it is infinitely more difficult to create a tech startup in Europe than the USA. Regulations around employment make it very hard to recruit for a startup, people stay at their jobs as it's far harder for them to get hired and fired than in the US. If you're not a well-connected descendent of the aristocracy or nobility, raising money is far more difficult as well. Silicon Valley has two things Europe won't do: Unenforceability of most noncompetes, and overtime-exempt at-will employment. As brutal as these things can be, they're core institutions that resulted in successful tech startups.

I don't think you read the next page of the audit report. They spend $100mm a year in salaries, so the scenario you suggest means they'd fire everyone.

I took a look, and your statement is wholly incorrect. There's not billions, just 67MM in long term investments, and they spend most of their revenue on operating costs of over 120mm/year. Where did you come up with this information? I got mine from https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwikimediafoundation.or..., see the KPMG audit report.

If that's a concern to you (and I haven't seen any attacks like this successfully exploited in the wild), you can enable dedicated compute (for more money) at most cloud providers.

Dude, no one who isn't legacy or huge legacy enterprise has a domain controller or LDAP anymore. Domain controller lives in Azure/Microsoft Entra -- workforces are mostly laptops now and you need to VPN in to get to a traditional DC, or it caches passwords locally for some time (not the best security). LDAP is called Okta, Azure Identity services etc; because no SaaS apps callback to your LDAP. I haven't seen a DC in the wild since 2016 or so, and that was to decommission it...at a library.

Also please explain how meltdown/spectre, which are notoriously difficult to actually exploit, didn't affect self hosted setups? It's a vulnerability in process architectures, not cloud infrastructure.

Have you been in a modern tech office lately? With Zero trust principles, there is no office LAN. The office is a glorified wifi access point you can get an MSP to install and support. Rarely do companies that would use AWS/Azure (without a massive footprint as I discussed) have in-office servers etc anymore. Offices with server rooms built out are using them as sparse network racks and gyms. And no, with the cloud you don't get an ISP in the traditional datacenter sense where you sign contracts with two or more ISPs, get a network range, convince them to play nice and allow BGP peering between, and maintain complicated external network setups. Your firewall is called security groups, and it's far easier to manage than anything Cisco.

Repatriation makes sense for expensive edge cases, like running Apple hardware (which is a questionable architectural decision). Short of that the average cloud environment is significantly more secure, and much easier to scale in than self hosted infrastructure...until you get a very large footprint. The generation of cloud-phobic infrastructure people from around the early 2010s largely either adopted the cloud or found other work within that decade. Same was true for the prior generation of anti-virtualization folks who insisted on bare metal only. People who still insist on self hosting today tend to downplay the numerous issues it brought, such as maintaining the entire stack (need staff in 24/7 rotation for network, storage, compute etc), paying for ISPs separately and maintaining your own BGP peering, late night trips to the data center for emergencies, regular trips to the data center to swap failing disks and do other maintenance, late night maintenance and downtime windows for patching your routers, SANs etc, and ripoff VMWare licensing. Unless you have a huge footprint, paying for people to do all this negates the cost savings.

In that case, I've got to tell you your duplicate post commenting about duplicate posts and duplicate replies is a duplicate.

It's duplicates all the way down.

It's the fruition of his Project for the New American Century. He laid the groundwork of giving presidents more power so Trump could make decisions that lead it to be the New Chinese/Russian/North Korean century.

Did you expect any less from a guy who shot his friend with a shotgun, and then the friend who got shot apologized to him? https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.theguardian.com%2Fwo...

You deserve a succinct: Ok, Boomer for that perspective. Passwords are the #1 weak point in infosec, and many organizations are moving away from them. https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fz...

If you are typing a password in 2025, something is terribly wrong or outdated in your company's security. If passwords must be used, they should be in some type of password manager. For corporate apps, SSO should be the default. Add that to your reauthentication fatigue and it may appear the CISO should be fired from a cannon.

Probably quite vulnerable as GrapheneOS's developers note only Pixels meet their security requirements currently. Other Android phones don't have the Titan M2 security chip among other security features.