@danderson It seems to me that dismissing all technical solutions because the problem is social is itself a form of giving up because stopping 100% of badness is impossible. If the option of hijacking crypto code in the sshd process through an obscure dynamic linking feature and an underfunded library hadn't been an option, for example, would the attacker have gotten nearly as far as they did?