I love many things about the hacker ethos, but after being in tech for several years, I’ve learned the following painful lesson:
Do not self host. The only thing you should ever self host is software your company wrote; unless you have a dedicated team for that specific piece of software alone.
You will never meet the uptime of Google Workspace. Your tools will never have less bugs. You will never meet the security certifications. Your real-time document editing, which may you think doesn’t matter, will never meet your employee’s expectations. You will never have as good tools for automated legal compliance. And if it goes down, which it will, even a day of downtime is more expensive than years of Google Workspace in all but the smallest of businesses. Additionally, every time something doesn’t work (or, heaven forbid, you’ve been hacked), your company’s employees and lawyers can and will blame you instead of an unmovable entity.
> Additionally, every time something doesn’t work (or, heaven forbid, you’ve been hacked), your company’s employees and lawyers can and will blame you instead of an unmovable entity.
That's what it's really about. Modern day "nobody ever got fired for buying IBM". It's not about the better solution, it's about blaming someone else if things go wrong.
Azure has been completely hacked twice now, yet people still move their shit over to Microsoft's cloud offerings. I don't understand how fucked in the brain you have to be to consider this a good idea, except for being able to shift blame.
It doesn’t matter if it’s fair, it’s just reality.
If you self-host for a business, and your self-hosted instance is hacked when other self-hosted instances of the same software weren’t, you are at risk for legal action and a possible criminal investigation. Was it really the software that was hacked, or were you negligent? Was it truly an accident, or did you have malicious intent? Plus, define negligent - does not having a service like CrowdStrike installed count? (You might say, “obviously not,” but if it takes $50K to convince the court on that point, shallow victory there.)
If you have a family, even if this is only a 10% chance of happening, you would have to be, in your own words, “fucked in the brain” to put your livelihood and career on the line to save a few bucks.
In my ideal world, beer would rain from sky and nobody would ever get drunk. We’re not in an ideal world, and “CYA” is a valid reason until you have a proper, large, dedicated IT team.
We completely agree here. I just don't think that's how it's supposed to be. How could Microsoft get away with this? They should pay billions in damages or penalties. And specifically, anyone who decided to move anything to the Microsoft cloud after the two hacking incidents should be treated just like someone who ran a nextcloud instance and got hacked, should Microsoft be hit a third time.
Do not self host. The only thing you should ever self host is software your company wrote; unless you have a dedicated team for that specific piece of software alone.
You will never meet the uptime of Google Workspace. Your tools will never have less bugs. You will never meet the security certifications. Your real-time document editing, which may you think doesn’t matter, will never meet your employee’s expectations. You will never have as good tools for automated legal compliance. And if it goes down, which it will, even a day of downtime is more expensive than years of Google Workspace in all but the smallest of businesses. Additionally, every time something doesn’t work (or, heaven forbid, you’ve been hacked), your company’s employees and lawyers can and will blame you instead of an unmovable entity.