On 31 Jul 2003, Paul Vixie wrote:
the anti-nat anti-firewall pure-end-to-end crowd has always argued in favour of "every host for itself" but in a world with a hundred million unmanaged but reprogrammable devices is that really practical?
Not everything could be hidden behind a firewall, particularly in this world of increasingly mobile and transient connectivity. Besides, firewalls only protect against outsiders, whereas most damaging attacks are from insiders. What we need is a new programming paradigm, capable of actually producing secure (and, yes, reliable) software. C and its progeny (and "program now, test never" lifestyle) must go. I'm afraid it'll take laws which would actually make software makers to pay for bugs and security vulnerabilities in shipped code to make such paradigm shift a reality. --vadim