I think the lesson we should all reflect on here is that when designing very critical systems one should not try to be too clever or optimize to the point of the correct working of the whole system being dependent on a single assumption.
Old-school engineering used to have the concept of a safety factor, where you used a material twice as strong as the one that your equations have shown to be strong enough to sustain the conditions you expect it to operate under. Richard Hamming also put this very nicely: "Would you fly a plane if you knew it depended on some function being Lebesgue-integrable?".
Was the scenario that something unwanted might get synced one day really that improbable or so unobvious nobody considered it? Hard to say in retrospect, but I would say no. Anyway, this might happen to every one of us, so I will use the time to reflect on the systems _I_ built and whatever assumptions _I_ could have done mistakingly.
Old-school engineering used to have the concept of a safety factor, where you used a material twice as strong as the one that your equations have shown to be strong enough to sustain the conditions you expect it to operate under. Richard Hamming also put this very nicely: "Would you fly a plane if you knew it depended on some function being Lebesgue-integrable?".
Was the scenario that something unwanted might get synced one day really that improbable or so unobvious nobody considered it? Hard to say in retrospect, but I would say no. Anyway, this might happen to every one of us, so I will use the time to reflect on the systems _I_ built and whatever assumptions _I_ could have done mistakingly.