Please run windows update now

JoeSox joesox at gmail.com
Tue May 16 16:40:50 UTC 2017


On Tue, May 16, 2017 at 8:33 AM, Brad Knowles <brad at shub-internet.org>
wrote:

> On May 15, 2017, at 4:31 PM, Jonathan Roach <jonathan.roach at oracle.com>
> wrote:
>
> > What's key is that administrators need to know how to secure their
> > estates. If they've failed to apply the patch, that's their failure, not
> > Microsoft's, but patching was not the only way to have curtailed this
> > weekend's outbreak.
>
> But their failure leads to further intrusions elsewhere.  Their failure
> has consequences beyond their own borders.
>
> IMO, this is a herd immunity problem that Microsoft needs to get better at.
>
>
> The analogy I would make here is the German versus the American approaches
> to road fatalities.
>
> In the German approach, if there are significant road fatalities in a
> given location, then that implies there is a failure with the way the road
> system is engineered, and it needs to be fixed so that the number of
> fatalities is brought down.  No blame is automatically assumed on the part
> of the drivers who failed at that location.
>
> In the American approach, if there are a significant number of road
> fatalities, then it's the drivers own fault and they should have taken more
> care.  They are automatically to blame for their own failure.
>
> But if you're one of the other drivers out there who might be impacted by
> the lack of due diligence practiced by another driver on the road, which
> approach are you going to want to see implemented?
>


LOL. I think that is a really bad example and I see many facilities in it,
including a hasty generalization, as intersections, and roads for that
matter, in America have been resigned to improve safety.
Isn't it true, with any tech product, the more complex features, the less
secure it is? Ask yourself why this is the case, and I believe the true
issue with tech lays there.
If a country must build a China Wall duplicate in 300 days (for some
reason, to save money lets say), unless the team can pull it off and
depending upon how long it must be, the wall you end up with will probably
have some holes in it or pieces of it may collapse at later dates.
I don't know. It is hard to imagine a professional IT nowadays, seriously
blaming Microsoft for every bad thing out there.
What would be more of an interesting discussion, to me, would be why
doesn't Microsoft know about these hoarding of vulnerabilities by State
actors and plug them up?
Are they really that clever of vulnerabilities? Does Microsoft not have the
resources? Is Windows like the ocean, where there are just hundreds of new
species awaiting to be discovered?
Did Microsoft at least know of the NSA vulnerabilities, for example, and
kept it classified until NSA told them to plug them up?
--
Later, Joe



More information about the NANOG mailing list