I love the last sentence: “…, if you set yourself the goal of crossing an 8-lane freeway blindfolded, it does make sense to focus on doing it as fast as you possibly can.”
replies(2):
There are also sets of events where the failing risk is an acceptable tradeoff. Even the joke can come up empty, if you want to cross the 8bit lane the fastest possible and dont mind failing/dying some times it might be worth it.
Also all the over emphasis on security is starting to be a pet peeve of mine. It sounds like all software should be secure by default and that is also false. When I develop a private project or a project with a threat scenario that is irrelevant i dont want to pay the security setup price, but it seems nowadays security became a tax. Cases in point:
I cannot move my hard disk from one computer to another because secure boot was enabled by default without jumping hoops.
I cannot install self signed certificates for my localhost without jumping hoops.
I cannot access many browser APIs from an HTTP endpoint even if that endpoint is localhost. In that case i cannot do anything about it, the browser just knows better for my safety.
I cannot have a localhost server serving mixed content. I mean come on why should i care about CORS locally for some google font.
I cannot use docker build kit with a private registry with HTTP but to use a self signed certificat I need to rebuild the intermediate container.
I must be nagged to use the latest compatibility breaking version library version for my local picture server because of a new DoS vulnerability.
[...] On and on, and being a hacker/tinkerer is a nightmare of proselytizing tools and communities. I am a build engineer at heart and even I sometimes just want to develop and hack, not create the next secure thing that does not even start up
This is like being in my home and the contractor forcing me to use keys to open every door to the kitchen, bedroom or toilet. The threat model is just not applicable, let me be.