Flexibility leads to complexity and complexity is the enemy of security, so it's a shame that many security-related systems and APIs seem to themselves be designed with maximum flexibility in mind

Here's Niels Ferguson and Bruce Schneier's paper from 2000 where they dedicate about a quarter of the paper to ranting about how IPsec is too damned complicated

@fraggle ah yes SElinux, designed such that no mortal could possibly configure it properly.

I'm looking forward to Wireguard coming out of alpha. It's so beautifully simple.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!