Hacker News new | comments | show | ask | jobs | submit login

That's the same logic that says people who get fired from their jobs should be homeless and starve, or that those who get sick without insurance should be denied care. We don't do that in our society.

There's a moral distinction between culpability and impact. There are profoundly stupid things that people do, yet still need protection from.

Those DB admins were incompetent by lots of measures, but their data still has value and its seizure is a public harm. It's the job of the rest of us (in this case, MongoDB's developers) to take reasonable steps to minimize the chance of that happening.

Secure defaults are a very reasonable precaution. MongoDB fucked up.

I'm no Mongo fan, but that's a false equivalence. You don't need to use Mongo in order to survive.

And having your data stolen is preferable to starving. The point is that, morally: X is bad X being all Y's fault doesn't imply that Y should be unprotected from the consequences of X.

We help each other out in this society. So in this case if you're a database developer with a good handle on deployment security, you don't put a insecure-by-default product in the hands of people who aren't. I genuinely can't understand why people are arguing to the contrary.

Cars can be dangerous and everybody should read the manual before using one, but it doesn't mean they are sold in an unsafe state where the user has to configure something first, otherwise it'll kill everybody.

Even knifes are sold with some package that prevents them from cutting before the package is removed.

I agree, I don't think your job is done just because you wrote somewhere "pay attention to this".

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact