Steve Jenson's blog

From Anil Dash:
It'll be interesting to note what effect it has on Blogger's reliability and scalability.
I believe the scalibility of Blogger's upcoming release will be quite good. The rest of the gang and I have taken a lot of pains over the past year and a half to make sure that we can fit hundreds of millions of users into Blogger. The most obvious evidence of that is that we've switched to an 18 digit postID scheme. Globo's Blogger installation supports our beliefs that the new version is pretty darn solid and will be able to scale to our proposed needs. Our biggest enemy has been a lack of resources; the nemesis of all small underfunded companies. I don't think that's too much of a problem anymore.
Back when Blogger was hacked, Steve sent me an indignant refutation of my assertion that the problem was with the development of weblog tools. His defense, which is entirely valid, is that the vulnerabilities tend to be in the platform software itself, and that it was to blame for most of the problems. It seemed kind of like he was saying "blame Rudy, not me!" while being too polite to actually say that out loud.
I'm really sad Anil drew that out of my post. Blame wasn't a part of my equation at all and certainly not blame of system administrators or system tools authors. My bone to pick, and I recognize that I did a poor job of defining my target, was that security engineering is still a back-room trade and still treated as a specialization instead of being a widely understood and studied commodity. Honestly, if you can teach a college Freshman to understand the lambda calculus (or to fart around with Visual Basic, depending on the credibility of your college), you should be able to teach him some basic security concepts at the same time. That we haven't is part of why Visa and Mastercard just had 2.2 Million credit cards stolen from them and a large part of why we'll continue to see security issues crop up in every piece of software ever written until these topics do become commodity knowledge. Here are some nice resources to start with.

# — 18 February, 2003