
From the guy who makes SMBC to the guy who keeps hacking SMBC - acangiano
http://www.reddit.com/r/programming/comments/e08d5/from_the_guy_who_makes_smbc_to_the_guy_who_keeps/
======
Locke
This is a great post from a publicity standpoint. It's never a bad thing to
put a human face on your business, especially if you're still small.

But, I'm afraid, the only real long-term solution to a security problem is
better security. This isn't a people problem, it's a technical problem and
will require a technical solution.

~~~
invisible
If someone is hacking something for nothing but some odd satisfaction, it is
sort of a people problem in addition to a technical problem. The attacker
could very easily point to the problem and say, "OK, I had fun while it lasted
but here is the security bug: ..."

------
mrduncan
<http://www.smbc-comics.com/> for those unfamiliar with SMBC.

------
moultano
It's probably an automated script doing it if he's running any standard
software. The person running it probably doesn't speak English and is only
aware of smbc in a statistical sense.

------
iuguy
I had an interesting discussion with a friend of mine who believes that people
who want to run a web site should be forced to take an exam before being
permitted to do so.

Personally my view is that if you want to put up a web site, go for it. If you
can't secure it your options are basically:

a) Learn to secure it; or

b) Transfer the risk and get someone to secure it for you.

It seems that from the guy running the comic site, that option a is slowly
becoming a reality. However, given their appetite I get the impression they
may be more suited to option b.

------
Padura
I think he just has to deal with security of his website. He has a huge
readership and therefore always a possible target.

------
bmelton
The most important bit about this, to me, is that Marty, the
webmaster/brother, is apparently falling down on the job.

It's quite likely that Marty is unpaid in these duties, to which I can only
say that you get what you pay for. If he IS paid, then I think it's time to
replace him, and reflect deeply on the negative stereotypes associated with
nepotism.

My first inclination was to just email the guy and see if I could help, but
reading on, he apparently maintains a staff for other purposes he considers
important, and recognizes that the relative insecurity of his site impacts
their livelihoods, but doesn't see security as something worth paying for.

A donation of my time in this regard would, however noble the intent, demean
the profession and relative value of security analysts and companies all over
the world.

~~~
nathanb
I found this exchange in the reddit comments to be interesting:

karlr42: The only way you beat crackers is to set your site up securely and
maintain it. Nothing else, including this post, will help.

MrWeiner: No argument here. I could explain what the issue has been, but I'd
rather not do that publicly. Suffice it to say that we're doing a lot of
cleaning house right now.

Depending on how one interprets "cleaning house" it may be the case that Zach
has in fact realized the exact point you're making.

------
lachyg
I found this bit to be the best: <http://cl.ly/8892d1205d53681bea61>

(Context: <http://www.youtube.com/watch?v=hkDD03yeLnU>)

~~~
jackolas
Just link to the permalink of the parent comment.

------
gaius
Crackers not hackers.

~~~
tptacek
Dear metaphorical Japenese soldier stranded on an island in the South Pacific:

The war is over. You lost.

Love,

The Crushing Imperialist Juggernaut of Common Usage.

~~~
mcantor
I could care less about common usage!

~~~
handelaar
So you do care a little bit, then?

<http://www.youtube.com/watch?v=om7O0MFkmpw>

~~~
ars
I think saying could instead of couldn't was part of the joke.

------
Confusion
I find it scary that someone could write comics with such clever jokes, while
simulaneously being so oblivious to the security requirements of running a
website. Trying to address an anonymous hacker via Proggit is beyond
ridiculous.

