Golden Email #14: Thoughts on security

When you post your programs in computer/programming communities you get bashed if you have even the smallest security flaw in your programs. But security is overrated. You can have a normal lock on your door (not security cameras and expensive stuff) and it will probably be BETTER than installing a thousand locks. It will probably be secure enough, and it won't feed your paranoia. Computers are different but the principle is the same. Maybe the problem is that you have too much to lose and care about material things too much. Maybe your information isn't that dangerous to lose, maybe the world does̈́n't end if your server gets hacked, and maybe you don't need to store sensitive information on the internet. The healthiest view on security is not to worry that much, worrying almost creates more problems.

Also, programs constantly come with "security updates" but the fact is that programs that rarely update work better. The constant "fix security holes" loop is a scam, because if you constantly add (security) features to your program you also add bugs that you don't know about. Otherwise the security updates would eventually end, right? But they never do! Security doesn't come from fixing holes, it comes from making a program of as few parts as possible, and just making it work. It will continue to work if you don't touch it (if it was stable from the start). If you need to release new versions of a program to fix security issues, don't add 5 new features at the same time because those will probably be the ones causing the next security issues.

That's it. Now I'm tired of the abstract programming world. I'll instead dive deep into the computers' physical world and make a map over the internet (someone on SUNET said that you can't really make a geographical map of the internet, because some reason. Hah, challenge accepted! The internet consists of only physical things in the geographical world, so what's the problem?)

/kbrecordzz, 2024-02-26