Richard Bucker

Stupid Stupid Stupid

Posted at — Jun 29, 2020

It’s Monday morning and it’s time to start thinking new thoughts. The morning started with thoughts of Webassembly in my head only to be reassured that while Webassembly might be secure in the browser because of browser security it may not be secure as a server component.

effectively a vulnerability was trojan’d in a 3rd party library

I have been afraid of this for a very long time. We trust 3rd parties too much for the sake of getting shit done. Senior management just does not want to add the expense of developing everything and in many cases everything simply does not exist and so there you go.

Back in the day DOS apps were simple to develop. Early Windows and OS/2 apps were easy to implement. That was partly because what we needed to get done was pretty simple but that we were naive too. Back then we would but compilers, SDKs, APIs. Today everything is free and for the most part the economy of reputation. Reputations are cheap.