> The right thing to do would be to redesign the system from the bottom up to actually be secure in the face of vulnerabilities
i understand the impulse to immediately question if this might solve security, but it just won’t. there are some classes of known vulnerabilities which it may mitigate, but at best it would be a temporary security solution.
security is hard.
we also need to remember that we would, with almost 100% certainty reintroduce long forgotten about mitigations that someone silently did years ago but they didn’t make a big deal over. or even mitigations which were made a big deal of, but they were a decade ago therefor long forgotten about.
we have a tendency to think those who built complex systems before us were unenlightened, or lazy, or primitive. this often really isn’t the case.
anyone who has worked on large projects will inevitably learn the hard way that scale adds incredible fractal depths of complexities that we can’t dream of until it slaps us in the face. so we put out that fire, do not-nearly-enough-documenting on why or what caused it so future people might avoid the same mistake, and then we continue running up the hill.
security is hard.
and of course sometimes a from-scratch-rebuild might make sense but we’d be looking at years and years of relearning mistakes which were previously learned and corrected for.
i understand the impulse to immediately question if this might solve security, but it just won’t. there are some classes of known vulnerabilities which it may mitigate, but at best it would be a temporary security solution.
security is hard.
we also need to remember that we would, with almost 100% certainty reintroduce long forgotten about mitigations that someone silently did years ago but they didn’t make a big deal over. or even mitigations which were made a big deal of, but they were a decade ago therefor long forgotten about.
we have a tendency to think those who built complex systems before us were unenlightened, or lazy, or primitive. this often really isn’t the case.
anyone who has worked on large projects will inevitably learn the hard way that scale adds incredible fractal depths of complexities that we can’t dream of until it slaps us in the face. so we put out that fire, do not-nearly-enough-documenting on why or what caused it so future people might avoid the same mistake, and then we continue running up the hill.
security is hard.
and of course sometimes a from-scratch-rebuild might make sense but we’d be looking at years and years of relearning mistakes which were previously learned and corrected for.
security is hard.