Comment by qwertycrackers
Comment by qwertycrackers 2 days ago
I think what is this ignoring is that "security updates" are generally corrections to defects in the original product.
In principle, a complete product would ship with no defects. You could run it for 1000 years unpatched and it would be no less secure than the day it shipped.
Manufacturers ship security updates because the original product was defective. So it makes sense that they remain on the hook for security updates -- we paid them full price up front.
> In principle, a complete product would ship with no defects. You could run it for 1000 years unpatched and it would be no less secure than the day it shipped.
Not necessarily. Something could be perfectly secure today and for the next 100 years but be trivial to crack in 1000 years because the landscape changed so much. Something that is inconceivable to crack by brute force now won’t be as compute power keeps rising.
It’s impossible to cover every base from the start and forever. Who would’ve thought that soundproof glass could be beat with a camera filming an object?
https://www.newscientist.com/article/dn25999-caught-on-tape-...
> We were able to recover intelligible speech from maybe 15 feet away, from a bag of chips behind soundproof glass