Level3 routing issues?

• Previous message (by thread): Level3 routing issues?
• Next message (by thread): Level3 routing issues?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jan 25, 2003 at 06:51:01PM +0000, steve at telecomplete.co.uk said:
>
>>> True altho it does appear to affect MS more so than it ought to even
>>> considering
>>> their market lead.
>> 
>> What evidence do you have here? If I count the number of DDOS attacks
>> from insecure Linux boxes that we've seen in the last year, I'd say that its 
>> on par. 
> 
> I think you are on the right lines below in suggesting that products and
> services should be supplied safe and not require additional maintenance out of
> the box to make them so (additional changes should make them weaker)

"secure by default" is a wonderful goal that has, to date, failed to reach
very many vendors, either commercial or otherwise. As the number of hosts
connected to the Net continues to rise, and as broadband continues to spread,
we can expect to see the damage caused by insecure software grow. When the
damage reaches a certain critical mass (whatever that may be; I thought we'd
have reached it already), those who are coughing up millions of dollars (if
not now, that figure will certainly be realistic very soon) to deal with the
effects of insecure software will eventually stop accepting this as merely
"the way things are". At that point, the lawyers will get involved, and there
will be a change in the way software liability is viewed, and a resulting
change in the focus from vendors (commercial ones, anyway).

====
When the costs of releasing insecure and buggy software exceeds the profit
from doing so, vendors will make security a priority. Not before.
====

(As far as free/open software goes ... figuring liability there could be
significantly more tricky, if the lawyers decided it was worth it at all.
Microsoft, for instance, makes a much more lucrative target (and a better
public lesson) than suing, say, the Apache Group. Most commercial software
licenses declaim any and all responsibility, as do their GPL/BSD
counterparts, but commercial entities are easier to chase down legally.)

IANAL, nor am I a fortune teller. I also admit to far less operational
experience than most of the folks on this list. This is what I see coming. I
suppose time will tell whether I'm a crackpot or a visionary. :)

-- 
-= Scott Francis || darkuncle (at) darkuncle (dot) net =-
  GPG key CB33CCA7 has been revoked; I am now 5537F527
        illum oportet crescere me autem minui
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030127/ece1ccfc/attachment.sig>

• Previous message (by thread): Level3 routing issues?
• Next message (by thread): Level3 routing issues?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]