Comment by Karrot_Kream
3 years ago
Software dev is part function and part art. All of us live somewhere on the reductive 1D dichotomy "function" <-> "art". Some (not all) people more on the "art" side prefer an open canvas which involves having direct access to the computer. Some on the "function" side find that commoditized software is safe and repeatable software. These two perspectives differ but often because of interests. There's more than enough room out there for both types of devs.
It seems like the scene is kind of splitting though.
Commercial and commercial-inspired software is doing a great job of making totally standardized predictable platforms, and the DIY minded people pretty much only do things like Arch, unless they're getting paid a lot.
Doesn't seem like the dev community is really excited about anything safe and repeatable anymore.
Is the current monstrosity of billions and billions of lines of code from different vendors and dozens of layers of abstraction in different languages really all that safe? More code, more fragmentation, more complexity, more layers, more vulnerabilities. We're seeing more hacks and exploits than ever.
I'd trust things like OpenBSD over whatever sandboxed browser or cloud service, despite their security spending.
It's hard to evaluate whether stuff is really more or less secure.
I think it's definitely safer than 20 years ago, when all the exploits seemed to be trivial script kiddy stuff and nobody even used encryption, but we also have a lot more hackers, and a lot more attack surface, because we do more with tech.
In terms of CVEs per feature I'd think we are a bit safer, but the dominating factor is just the fact everything is online and black hats unfortunately are everywhere.
It would be interesting to sketch out how the modern world could exist without all these billions of layers though. How could we get everything online, do contactless payments with phones, make passwords sync, have web apps with all the current features, track our keys with tile, etc, without all the billions of lines.
Is is possible/economical in real world conditions?
To me, the extra risk of getting hacked is fairly low in terms of expected value. Someone could get hacked 5 times and still be ahead if a smart device stopped their neighbors from burning down the neighborhood, or prevented some wacky chain of events that made them get fired.
Hm on thinking about this, I agree. As someone interested in standardized, predictable platforms I just don't see a welcoming atmosphere in the DIY world. The DIY programming world has an anti-intellectual streak these days that turns me off from it. I find the kind of work I like doing to get more purchase in academia or the corporate world.