misunderstanding scale

Matt Palmer mpalmer at hezmatt.org
Sun Mar 23 23:23:19 UTC 2014

On Mon, Mar 24, 2014 at 10:15:27AM +1100, Mark Andrews wrote:
> In message <532F60DD.3030302 at foobar.org>, Nick Hilliard writes:
> > On 23/03/2014 21:02, Mark Andrews wrote:
> > > Actually all you have stated in that printer vendors need to clean
> > > up their act and not that one shouldn't expect to be able to expose
> > > a printer to the world.  It isn't hard to do this correctly.
> > 
> > perish the thought - and I look forward to the day that vendors write
> > secure software which is impregnable to all vulnerabilities past and
> > present.  When that happens, I'll cast away my default deny configurations
> > and advise other people to do the same.
> And there you go putting stricter requirements on printers that you
> don't put on laptop, servers.  None of us would put any machines on
> the net if they had to meet your printer's requirements.

To be fair, laptops and servers today tend to have better baseline security
than printers today, and laptops and servers tend to have a better patch
release and patch management support than printers.  That isn't to say that
printers (and other similar devices *cough*Residential CPE*cough*) couldn't
be made to be at least as secure, out-of-the-box and ongoing, as today's
laptops and servers, but that isn't the case today, and I'm not aware of
anything on the horizon that would encourage a swift change in the current
trajectory for those devices.

On a completely unrelated topic, anyone else looking forward to XPocalypse
next month?

- Matt
(A pragmatic proponent of the end-to-end principle)

School never taught ME anything at all, except that there are even
more morons out there than I would have dreamed, and many of them like
to beat up people smaller than they are.
		-- SeaWasp in RASFW

More information about the NANOG mailing list