Scalability of today resembles security of ten years ago

Thursday, 05 March 09
About eleven years ago I was 20, and entered the computer world as a programmer thanks to the fascinating and wonderful field of information security. IT was very effervescent at the time, a lot of truly smart people and a lot of new things to learn and discover.

Then, in few years, security become a product. Need security? It's easy, install a firewall, an IDS, follow this guidelines, and blablablabla. A lot of money, a lot of false needs, and of course it didn't worked. Some year later the slogan was Security is not a Product but a Process, and anyway security was not funny anymore for me, I had already moved into programming languages for my hacking sessions, much more fun, a lot less money (tending to zero, actually).

Today the new big word is Scalability. Web-scale scalability, to be more precise, since for the first time to scale is not a rare need, like it was before. To have a big site is enough to compress your web servers and databases. Like Security of the past, scalability of today appears to be too much of a recipe: use memcached, replication, try to scale horizontally, use MySQL as a stupid BTREE and use Blob fields to store your data json-encoded!

It is very hard to find people talking about time complexity, data structures, and ultimately that you should try to store the data in a way that makes easy to access them in the way your application needs this data back. Maybe relational databases put in our heads this pattern, that we store data in tables, and we'll see later what queries we will need to get this data back: but it does not work, like Security as a Product of ten years ago.

vote on reddit

Posted at 12:04:35 | permalink | 1 comment | print