top | item 36378484

(no title)

For me, a technology itself isn't a red flag. Not being able to explain the reason for choosing one approach over another is a big red flag.

Or if the reason is "I want to try this new thing" and not "Our standard production stack won't work for this because (valid technical reasons)" that's a huge red flag.

discuss

rbanffy|2 years ago

Some combinations tend to be red flags. Most Windows server setups are, for instance. I find it alarming to see PHP or Django applications deployed on IIS.

There are some situations where Windows may be the best answer - compliance and fleet management, for instance - but unless you are running a Microsoft app that requires (or works better with) Windows, it is a lot of extra attack surface.

I would be immediately suspicious of an IBM mainframe or an IBMi lying directly exposed on the internet as well. I know web servers run under IBMi and zOS, it’s just that it seems like a crazy choice - that’s not what those machines are designed for.

As for that being a red flag rather than a suspicious choice, my attitude is always to find a reason for it - just assuming idiocy is both unkind and arrogant - there may be valid reasons for the craziest choices.

As an aside, in the late 90’s a Brazilian ISP and portal went proudly with Novell’s Netware. They died without a trace after numerous outages and nobody was really surprised.

If you are doing something nobody else is doing, you are either crazy or very clever and the odds are almost never favouring clever.