Comment by pessimizer
10 hours ago
> What is the purported lesson we should have learned?
Not to automatically execute things within data that we have been sent.
10 hours ago
> What is the purported lesson we should have learned?
Not to automatically execute things within data that we have been sent.
The subtle lesson, which we won't learn is [astronaut meme] all communication is potentially remote code execution. This isn't a computer thing, it's in the inherent nature of how communication works for us too. You can be more or less careful, but you can't eliminate the problem entirely or else communicating ceases to be effective.
I think it's "don't use parsers written in unsafe languages".
I think it's simpler: don't touch untrusted content unless/until you need to.
That's easy, and already done. Phones only touch untrusted content when they need to, it's just that they need to touch it immediately upon receipt