I realize it's a colloquialism and not to be taken too literally, but I don't care for the premise of Jeff's opening line:
I may not be smart enough to join Mensa, but I am smart enough not to build websites like the American Mensa website.
It implies that smartness is a single continuum (maybe, maybe not), and that you can measure it by looking at single actions like whether someone implements security feature X in a web site.
My feeling about something like this is that most people who get it right are probably people who have heard or read about the issues regarding plaintext passwords. That makes them more knowledgeable, which is a fine thing if you are hiring them to build a web application, but not the same thing as smart in this sense.
True, some people can work out the issues from first principles, which is definitely evidence of smartness, but I have strong doubts that you can get an accurate measure of smartness from just one "test" like this.
Overall, it would be a far better "zinger" if it were a security web site with a security flaw, something like the story of the identity protection company whose CEO had his identity stolen.
All that being said, I still upmodded the story. Blogging this kind of thing is a public service and a reminder for hackers doing start-ups can't hurt.
It would be terrible if you built a great service, were just about to raise a substantial round, and some know-it-all technoid working with the VC flipped your bozo bit because you stored passwords in plain text.
I may not be smart enough to join Mensa, but I am smart enough not to build websites like the American Mensa website.
It implies that smartness is a single continuum (maybe, maybe not), and that you can measure it by looking at single actions like whether someone implements security feature X in a web site.
My feeling about something like this is that most people who get it right are probably people who have heard or read about the issues regarding plaintext passwords. That makes them more knowledgeable, which is a fine thing if you are hiring them to build a web application, but not the same thing as smart in this sense.
True, some people can work out the issues from first principles, which is definitely evidence of smartness, but I have strong doubts that you can get an accurate measure of smartness from just one "test" like this.
Overall, it would be a far better "zinger" if it were a security web site with a security flaw, something like the story of the identity protection company whose CEO had his identity stolen.
All that being said, I still upmodded the story. Blogging this kind of thing is a public service and a reminder for hackers doing start-ups can't hurt.
It would be terrible if you built a great service, were just about to raise a substantial round, and some know-it-all technoid working with the VC flipped your bozo bit because you stored passwords in plain text.