Comment by throwaway684936
3 years ago
Is the current monstrosity of billions and billions of lines of code from different vendors and dozens of layers of abstraction in different languages really all that safe? More code, more fragmentation, more complexity, more layers, more vulnerabilities. We're seeing more hacks and exploits than ever.
I'd trust things like OpenBSD over whatever sandboxed browser or cloud service, despite their security spending.
It's hard to evaluate whether stuff is really more or less secure.
I think it's definitely safer than 20 years ago, when all the exploits seemed to be trivial script kiddy stuff and nobody even used encryption, but we also have a lot more hackers, and a lot more attack surface, because we do more with tech.
In terms of CVEs per feature I'd think we are a bit safer, but the dominating factor is just the fact everything is online and black hats unfortunately are everywhere.
It would be interesting to sketch out how the modern world could exist without all these billions of layers though. How could we get everything online, do contactless payments with phones, make passwords sync, have web apps with all the current features, track our keys with tile, etc, without all the billions of lines.
Is is possible/economical in real world conditions?
To me, the extra risk of getting hacked is fairly low in terms of expected value. Someone could get hacked 5 times and still be ahead if a smart device stopped their neighbors from burning down the neighborhood, or prevented some wacky chain of events that made them get fired.