I think that there's also inherent trust in "hardware security" but as we all know its all just hardcoded software at the end of the day, and complexity will bring bugs more frequently.
to be fair, most of MTE's benefit is realized by having enough users running your apps with MRE enabled, rather than having it everywhere.
This is because MTE facilitate finding memory bugs and fixing them - but also consumes (physical!) space and power. If enough folks run it with, say Chrome, you get to find and fix most of its memory bugs and it benefits everyone else (minus the drawbacks, since everyone else has MTE off or not present).
trade offs, basically. At least on pixel you can decide on your own
Dan Kaminski popularized this in 2007-8 or so. Not that it didn't exist here and there, but he made the perhaps first public version of a dns tunnel (ozyman). he inspired iodine and others and was a fairly well known guy.
Dan passed away in 2021, rip.
if you search for it its hard to find. his blog is down (hea dead...), and many companies and people talked about it on his behalf to drive traffic (hi duo sec..), so you can see the internet forget, rediscover, and rewrite some history even in a few years.
a lot of the western world learns only speaks about ww2 (let alone ww1, americans civil war, etc.).
there has been countless western and non western wars with slightly different patterns and a taste of "winner writes history".
one i find interesting is the french revolution. its also fairly recent, but not as tampered with as ww2 history. for example, there still are records of how terrible and cruel the revolutionaries were, how everyone was a royalist that needed to die and how the populace started to be ready to revolt - again - right after the change of power. thankfully, things eventually calmed down - as they were cruel, but not dumb.
either way I'd basically recommend expending the reading curriculum a bit.
It's, IMO, the action/reward loop that matters most (i.e. incentives).
Most, if not all big tech companies do not align incentives with principles - quite the opposite. Most folks in a position of leadership utilize principles and other "nice sounding arguments" for their own personal benefit, i.e. block internal competitors with principles (works great against employees with integrity and quality ethics) while claiming to follow these.. without actually following any.
I'm sure everyone here has had some taste of it, or even discussions on how this sucks but "they gotta play the game". Not playing the game is extremely hard when it comes to promos, salary, or getting a large project to go with your name on it (I'd know..).
So, until this rant become common sense, principles will just be that - nice words.
it mainly means control these days.
ive made SSL then later TLS requirements for web browsers and we had fights on this sort of stuff.
yeah encryption is needed. but then you need authentication. and then, if authentication is controlled by corporations you're f'd.
instead youd want identities to be distributed and owned by everyone. many trust models have been developed and other than raw UI problems (hi gpg/pgp) its really not a terrible UX.
That doesn’t really affect what I’m saying though. Yes, support capped out with the M2, but you can still observe the properties of efficiency on there.
Same for ; "" vs '', ex, eg, fe, etc. and so many more.
I like em all, but I'm crazy.