I think it's a fantastic example because it's flexible enough for us to extend to make our points.
You make a good point, as when I made my comments I was considering an 'average' usecase, typically wanting to guard against malicious attacks from unknown actors on the internet.
You're talking here though about absolute security against basically a state level actor. No one else is going to be dealing with exploiting backdoors in firmware for specific targets.
But I still maintain my points is correct, it just requires substantially more money. If guarding against state actors is the requirement, that can be met by having custom or at least verified (at every stage of manufacturer) hardware. Expensive, but far from impossible. As for software issues, that's why we have stuff like SELinux and SEL4.
So yeah, I maintain you can absolutely secure a server. You just have to be clear about what the threats you are wanting to protect against are, and for most people that isn't state actors.
You make a good point, as when I made my comments I was considering an 'average' usecase, typically wanting to guard against malicious attacks from unknown actors on the internet.
You're talking here though about absolute security against basically a state level actor. No one else is going to be dealing with exploiting backdoors in firmware for specific targets.
But I still maintain my points is correct, it just requires substantially more money. If guarding against state actors is the requirement, that can be met by having custom or at least verified (at every stage of manufacturer) hardware. Expensive, but far from impossible. As for software issues, that's why we have stuff like SELinux and SEL4.
So yeah, I maintain you can absolutely secure a server. You just have to be clear about what the threats you are wanting to protect against are, and for most people that isn't state actors.