Servers are directly attackable over the internet, unlike browsers :) Browsers are a very well hardened target at this point after decades of attacks. The fact that browsers still see exploitation, despite the money spent on their security by large well funded teams like those at google and Microsoft, shows the difficulty of securing applications.
Where servers have a direct correlation to money (e.g. if they are involved in processing crypto payments), there's a direct financial gain to exploitation, increasing the likelihood of attack.
(IMHO) After the first wave of worms compromising home users web3 servers, it would be pretty hard to convince people that it was a good idea to do it again
> Servers are directly attackable over the internet, unlike browsers :) Browsers are a very well hardened target at this point after decades of attacks.
OTOH, browsers are expected to have an ever-expanding array of capabilities on behalf of the end user, which leads to ever-increasing code complexity and size. Moreover, breaking into any individual browser instances nets you almost nothing, so the interesting security issues are the ones that apply across the board (allowing you to do really large-scale blackhat stuff).
Servers, on the other hand, can be relatively static targets in terms of functionality and code, can use modular code design in a way that is harder for browsers to pull off, and have been much more hardened than browsers over time for the simple reason that even a single server break in has way more implications than a single browser break in.
I don't know how much money I'd put on this wager, but I'd bet that getting into a random nginx install is much, much harder than getting into a random browser instance.
oh I'd absolutely agree that a random nginx install is likely to be better than many browsers, but nginx has had years and years of attacks directed at it, so will be a very well hardened target.
What I was thinking of, when looking back at the article is that the web3 space will need new servers with new likely novel protocols to support it. when the code is written and released to be run in user's homes, would I expect that to be better than a browser like chrome or firefox.... no, I would not :)
> oh I'd absolutely agree that a random nginx install is likely to be better than many browsers, but nginx has had years and years of attacks directed at it, so will be a very well hardened target.
That would seem to be an existence proof that servers in the home is just a matter of design priorities then, no?
Where servers have a direct correlation to money (e.g. if they are involved in processing crypto payments), there's a direct financial gain to exploitation, increasing the likelihood of attack.
(IMHO) After the first wave of worms compromising home users web3 servers, it would be pretty hard to convince people that it was a good idea to do it again