Don't obsess with security and privacy unless they are your core business

6 points by amano-kenji 15 hours ago

11 comments

View on Hacker News

Making a simple sandwich from ingredients is a full-time job that takes roughly 6 months. You grow chickens, fetch sea water, make bread from ingredients, and so on. Unless you sell a lot of sandwiches you made from scratch, you will bleed a lot of money and time.

Only God can make sandwich instantly. If you try to make a simple pencil, it will probably take more than 6 months.

Now, consider security and privacy. Just constructing what seems to be a reasonably private and robust linux computer took at least a year of full-time effort. It is genuinely more difficult than making a simple sandwich from ingredients, and making a simple sandwich "from ingredients" is a full-time business by itself. The so-called system crafting is a full-time business that doesn't pay.

The cost of constructing a private linux computer with your "personal" labor is your business, your job, your health, your relationships, and everything else in your life. The cost of privacy is extremely high. You need to be okay with rough edges in your computing environment.

If you force yourself to make sandwich and pencil from ingredients, make your furniture, build a house, grow foods, run an e-commerce store, construct a private linux computer, and so on, then you will not be good at any one thing, and you won't be paid much. You are only paid as much as your best expertise. Only specialization can make you rich. If you try to scatter your energy into multiple things including security and privacy, you will remain poor. Even linus torvalds, a rich computer programmer, avoids fiddling with linux kernel options on his linux computers. He just uses fedora without modification. Linus torvalds doesn't care about the fact that his AMD CPU has hardware backdoor and certainly can't be bothered to "manually" construct a backdoor-free router that blocks AMD PSP and Intel ME behind the router. But, he may "buy" computers with Intel ME disabled by others.

If you want to become rich, you should have laser focus on your core business and sacrifice other things like excellent privacy.

Now, you know what it means to sacrifice. Sacrifice may even mean you use mac pro instead of a personally hardened linux desktop. The creator of linux can't be bothered to "manually" harden his own linux computers.

If you want to be rich and have a good life, you should be ready to buy everything outside your core business. Buying things takes infinitely less time than building things from scratch.

Spending time on things outside your core business is basically a financial suicide.

vrighter 7 hours ago

" Just constructing what seems to be a reasonably private and robust linux computer took at least a year of full-time effort."

How? I mean seriously, if it took one whole year to set up one linux system, then you must have close to no idea what you're doing. It takes a couple of minutes to install the OS, and another couple of hours (heck, make it days if you want to be extra thorough) to apply some hardening techniques.

Edit: Also, you can't buy "don't write code vulnerable to SQL injection" and you can't buy "Don't ever store passwords, plaintext or encrypted or whatever. You must never know any of your users' password". This to me indicates a naive wannabe vibe-coding their way to disaster. You can't buy "privacy and security" separately from your own product. They must be part of the core business, fundamentally part of the product's design

Reply View 0 replies
whatevermom2 an hour ago

This was my stance as well about 1.5 year ago.

This is simply not true even when hyperoptimizing for cash.

I always had this gut feeling of using GrapheneOS and QubesOS but decided to go with an iPhone and MacOS because of this idea that I should optimize for cash first and then only I should buy private devices.

Truth is: I started ignoring my "tech intuition" and stopped enjoying programming at all, which obviously led to a decrease in both happiness and revenue.

I started picking up tech that I'm interested about (GrapheneOS, QubesOS, Rust) and I've had a big boost in productivity as a result.

Same can be said with AI adoption; I was forcing myself to use it to be more productive but it had the opposite effect given that it weakened the exceptional intuition that gave me my incredibly privileged position.

Some people need to just execute, but some people are meant to explore, learn and gather new ideas and innovations. Sure, I am not a R&D researcher but everything I learn our of pure joy ends up being useful to my coworkers who are more the "get shit down" type and don't bother learning new tech.

There is a cost to ignoring your intuition and taste! If you feel like implementing privacy and security into your product or your digital life, you will pay a cognitive price by ignoring it.

Reply View 0 replies
lordkrandel 14 hours ago

Thank you, for telling us what we should do. People can do whatever they want, at their expense. Maybe people don't want to become rich, but have a private life no one knows about, but people they voluntarily choose. Who are you ranting to? Who is the employee, friend or boss that unnerved you?

Reply View 3 replies
  • amano-kenji 9 hours ago

    I think it's much better to become rich and then buy security and privacy than to implement them with your manual labor.

    Your time is a lot more valuable than your money if you actually spend your time correctly.

    You can be a 6 million dollar race horse if you drive it well.

    I don't think people actually want privacy and security over everything else. It's better to focus on earning a lot of money from what you really want to do and buy security and privacy.

    Reply View 2 replies
    • [removed] 4 hours ago
      [deleted]
      Reply View 0 replies
    • l___l 8 hours ago

      I want privacy and security over everything else. This disproved your point.

      Reply View 0 replies
codingdave 3 hours ago

Why the false dichotomy? You can implement security and privacy without this whole "from ingredients" concept.

Reply View 0 replies
moritzwarhier 4 hours ago

I wanted to upvote this for the headline, because I think it's a valid point.

I did, but then reverted to no vote when I was at "if you want to become rich". So yeah the sandwich analogy and the headline are enough to make your point?

I read this page because I am curious, interested in IT and philosophy and want to be a tolerable software developer.

I know HN is a startup and SV site, so there's nothing wrong with talking about business ideas or wanting to become rich.

But if I wanted to read "get rich" slop, I'd read LinkedIn.

Also, you could replace "security" with any specialization in this text, same for replacing IT with any other business:

If you want to get rich with a sandwich shop, or selling any food really, it's crucial to set the right priorities. Gordon Ramsay doesn't bake his own bread! (...)

Reply View 0 replies
serf 8 hours ago

>Buying things takes infinitely less time than building things from scratch.

> financial suicide.

man i'm sick of exaggeration.

anyway , generally speaking I don't try to hyperoptimize for producing cash. I'm not a machine. I appreciate security more than I do squeezing the last penny out of someone. I'm frugal, and it works out okay for me because the time I dont save by not paying people is spent doing things I already enjoy.

what's the point here? why would you bother with producing your own business instead of buying one? It takes infinite time or something -- I don't know, I didn't pay attention in econ.

I don't know if it matters, or if you'll ever see things this way, but value isn't cash. similarly, but not exactly : cash isn't value. Some of us prefer to produce value over cash -- and that confuses the hell out of some people.

Reply View 0 replies
7222aafdcf68cfe 12 hours ago

Well you'll learn a few things in your future, that's for sure. Good luck !

Reply View 1 reply