Most people have a specific association to the word server as it applies to information technology. They conjure up images of large, loud and fast machines that is designed to run 24/7 and handle server workloads. If asked whether servers tend to be faster than desktops and laptops 99% of people will most likely respond with an enthusiastic YES!

Unfortunately the past couple of years have seen a dramatic shift in processor performance. I am solely focussing on processor speed, not anything else. The recent trend has seen a proliferation of cores per CPU die as opposed to raw frequency bumps. We have hit 4GHz two years ago already, though even today Intel does not have a single CPU that can run at a base clock of 4GHz. Rather, we have 8-way systems that runs at 2.4GHz with each die containing up to 8 cores, for a total of 64 cores.

Now do not get me wrong - scaling up the amount of cores per server is a real way of increasing performance. Certain loads that are highly concurrent will most definitely see a dramatic increase in performance regardless of the clock speed. A simple (and naive) calculation shows that - all things being equal - a server with 64 x 2.4GHz CPU cores will complete a perfectly scalable task 32 times faster than a single core CPU running at 4.8GHz. But this is where things get murky. Most companies are not hosting a stock exchange database, or tries to render the next Avatar. Most businesses use servers for things like corporate databases, remote desktop servers, application servers, file servers etc.

I found this gem at the end of a recent business requirement document I received. Not sure if I need to explain.

ASSUMPTIONS
* System should be available 24/7
* Working 99.9% accurately
* No other system will be impacted
* Information supplied in the template to be 100% correct without errors.

The problem with today's society is that a single moronic statement can be perpetuated so quickly across the world via the internet that it becomes gospel. Take for example this beauty:

And a popular password-cracking tool available on the Internet was upgraded so it could decrypt up to 55-character passwords - so what protection do we really have?
Source

She is referring to Hashcat, who decided to add support for cracking passwords up to 55 characters in length in their GPU engine. What was NOT stated, is that

There has been much talk about Chrome's way of storing passwords for web forms.

Some people argue both sides. I have my personal opinion on the matter though. And it is not very complicated.

Security is not an on/off switch. Security is not an all or nothing concept. It consists of layers, with varying degrees of importance. Just as the threat is not a singular black/white threat - it is a large grey scale of potential attack vectors.