Canonical notes on long-lived system design: control vs exposure, authority, recovery, and architectural failure modes.
Why exposed authority, not implementation error, is the dominant failure mode of long-lived digital systems.
Why systems that cannot survive compromise are not secure, only intact.
Why long-lived systems fail not because of single events, but because exposure accumulates over time.
Why correct verification does not imply legitimate control in long-lived systems.