> best thing to do is segregate and control damage
I first encountered that concept with a client that put every webapp in it's own virtual server and expected the vm to get compromised at some point. Seemed like a very sensible idea 15 years ago.
The Apple ][ basic interpreter placed its "get next token" routine down in the first 255 bytes of the computer's memory. Being there allowed for the machine instructions to be fetched twice as fast as "high memory". And "get next token" is definitely a good guess for hotpath.
I first encountered that concept with a client that put every webapp in it's own virtual server and expected the vm to get compromised at some point. Seemed like a very sensible idea 15 years ago.