Then you just pass the `--disable-all-security` flag. (Or whatever similar metho... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Ajedi32 on July 27, 2020 \| parent \| context \| favorite \| on: New ‘Meow’ attack has deleted almost 4k unsecured ... Then you just pass the `--disable-all-security` flag. (Or whatever similar method the project you're using exposes to allow that.) Secure-by-default doesn't have to be complicated; it's just a way to ensure people don't shoot themselves in the foot without comprehending what they're doing.

rectang on July 27, 2020 | [–]

Thank you for this reply; it's my favorite post in the entire discussion. It illustrates perfectly why insecure defaults are a terrible way to implement "tutorial mode".

dawnerd on July 27, 2020 | [–]

Exactly. Do people complain about how hard it is to spin up mysql or postgres?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact