> Slightly alarmed by the implied air-quotes around "security". Does the author think there's no need for security? That it's not important?
I can't speak for the author, but I think a lot of this industry sacrifices way way too much in the name of nebulous "security". Case in point: Spectre and Meltdown are not likely to ever be a significant threat to any desktop computer user, nor to any server that is only running trusted code, yet a lot of IT people lost their shit over it and were willing to significantly degrade their performance via heavy handed mitigations.
It’s worse in networking where firewall admins block first and ask questions later, breaking VoIP, making video calls slow, and breaking anything P2P. The rationale is security but if you ask them what risk is being mitigated by blocking this or that they can’t answer. It’s superstition.
The vast vast majority of targeted attacks today are by exploiting the least secure part of the system: the meat bag in front of it.
But if the whole shebang had been built with multi-user, online, and hostile as a default we wouldn't have spent 20 years dealing with the failure of protocols in the face of black hats, and the meat bags would be more secure in their ignorance.
I can't speak for the author, but I think a lot of this industry sacrifices way way too much in the name of nebulous "security". Case in point: Spectre and Meltdown are not likely to ever be a significant threat to any desktop computer user, nor to any server that is only running trusted code, yet a lot of IT people lost their shit over it and were willing to significantly degrade their performance via heavy handed mitigations.