zlacker

What motivates this attitude? Software, like anything else, needs to be actively maintained. This is a positive sign of technology evolution and improvement over time. To expect to run some software for 20 years without needing to apply a single security patch is ridiculous, and probably exactly the attitude that caused the author to get himself in this situation.

>>lopken+(OP)
> To expect to run some software for 20 years without needing to apply a single security patch is ridiculous

The whole point of my comment is that it's only "ridiculous" because of path dependency and the choices that we have made. There's no inherent need for this to be true, and to think otherwise is just learned helplessness.

>>kibwen+l7
Better security design fixes this. Sandstorm fixed this for self-hosters ten years ago (Sandstorm is designed to run unmaintained or actively malicious apps relatively safely), but people are still choosing the quick and easy path over the secure one.

>>kibwen+l7
Has there ever been any production software ever written that didn’t suffer from some kind of bug or exploit?

I don’t think imperfection is a choice we’ve made. I think imperfection is part of our nature.

That said, the current state of software development is absolutely a choice, and a shockingly poor one in my opinion.

>>ocdtre+4a
This is so true.

Sandstorm has been part of my selfhosted stack since it was a start-up, and it has worked for a decade with virtually zero attention, and no exploits I am aware of.

If there are other hosted apps that want a really easy on-ramp for new users: packaging for sandstorm is an easy way to create one.