[Info-vax] api for ncp
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon Aug 2 16:39:36 EDT 2021
On 2021-08-02 19:12:34 +0000, Dave Froble said:
> So to declare that something can never change, might be easy to say,
> but impossible to enforce.
Absent unusually-isolated deployment or administrative circumstances,
software is "done" as much as lawns are "mowed".
> Perhaps certification can be designed so that each piece of a whole
> could be individually certified. Perhaps not.
Ayup. Operating and updating and re-certifying in parts is often the
most reliable and affordable way to update a complex application.
The alternative involving the often-substantial risk of wholesale
upgrade or wholesale replacement.
Incremental app changes can involve (for instance) incremental
development work around migrating DECnet connections to IP SSL/TLS/DTLS
connections.
> The more stubborn someone gets, the more it will likely cost when
> change will happen, like it or not.
Ayup. The further back an app gets, the larger the effort involved to
update it, or to port it, or to port its data.
A decade or two of "can't do that" can toggle into "we're doing that"
in a day, too. It's impressive to watch from afar.
Do I like the upgrade treadmill we're on? Nope. But we're on it.
And the windows for exploit remediation upgrades are ever-shorter,
which means working toward better robustness, whether to
BeyondCorp-like or otherwise.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list