If you haven’t listened to it already, here’s a fantastic cut-down (no bullshit) version of Jim Comey’s testimony to congress, on why he recommended Hillary Clinton not be prosecuted for hosting her own e-mail servers.
For the uninitiated, while Hillary Clinton was US Secretary of State, she hosted her own official e-mail servers, and the contention was whether she was right in hosting a service that would handle classified e-mails in the basement of her house.
The politics and legal wranglings are fascinating but I want to focus on the technology.
At one point of the testimony, you can hear the shock of a Congressman that Hillary Clinton’s e-mail server was less secure than Gmail. To his credit, Jim Comey went on to elaborate that Google has a full team of security experts working on its mail servers, something Hillary could not afford, when pressed on whether he considered Hillary’s mail server ‘secure’, he answered that security “wasn’t binary”, and it’s not secure vs. insecure, but rather a spectrum of more secure or less secure.
That was a good answer.
Security is define by various factors, such as from what, from whom, and what kind of attack.
It’s very easy to look at a piece of code and determine that it’s insecure, because we know what insecure code looks like.
But it’s impossible to look any code and say it’s ‘secure’, because unless you know all the attack vectors, you’re not going to be able to determine the absolute security of any system or application.
Going back to the original point though, nobody should be surprised that Gmail has better security than anything you could build on your own. Even Hillary Clinton, with all her Clinton dollars couldn’t compete with an industrial e-mail solution from a big corporate conglomerate–and why should it?
You wouldn’t build your own car, or microwave oven, or toaster? Why would you build your own e-mail system.
A lot of people think that e-mail servers, and website are easy things to host and maintain–actually they’re not. And you couldn’t compete with the scale of services like Gmail in terms of pricing, features and security….no way jose.
Sure, we love our mother’s cooking more than any industrialized fast food, but those are the exceptions. With computers and technology, it’s often a good idea to be just like everyone else, in other words just buy Mc Donalds and be happy with it.
Highly customized solutions ‘tailored’ for your every need, are not just more prone to software errors waiting for be exploited, they’re also less likely to be fixed even if those issues are found.
I hear it all the time, people want customized websites that ‘represent my brand’, but never stop to consider the other issues at hand.
Would you ask for a customized brick and mortar shop that ‘represented your brand’, or would you be happy with a standard generic store-front that you just plaster your signboard on? A highly customized shop, that looked unique to just your brand, cost a lot of money, and that’s money only the largest companies would be willing to shell out.
If Berkshire Hathaway (with a market cap of 326 Billion) is happy with this website–do you really need anything more fancy.
That’s why I recommend people to just get a wordpress.com blog, or a Squarespace site, it’s simple, it’s secure and it’s cheap. Of course it looks like every other website out there, but hey less worries about DDOS attacks, and less targets for hackers, and you can just focus on the content–not managing the dodgy IT vendor you got to help with your site.
Differentiate on the content, not on the looks.
Rolling your own website, usually involves employing a website designer, a UX/UI designer, a coder, and infra guy, and a whole lot of invoicing that frankly 99% of people aren’t prepared to deal with. Even if you were, the cost would be 1000’s of times higher what you could get with sites like squarespace or ghost.
I’ve heard people moan that they spent RM10,000 on a website and it didn’t look pretty enough–but what were you hoping to get for RM10,000? Sure it’s a lot of money, but if you bought a RM10,000 car, what kind of car do you think you’ll get? A modern website is actually more complex than a car, especially one that is tailored to you, rather than a generic off-the-shelf solution.
A custom website requires custom maintenance, custom patching, and custom hosting–all of which require expertise that don’t scale very well. So unless you’re willing to shell out tens of thousands of dollars on something that will cost another tens of thousands to maintain over the years, do yourself a favor and just go generic.