Yet another Quadruple DNS?
Scott Weeks
surfer at mauigateway.com
Tue Apr 3 22:07:27 UTC 2018
--- bortzmeyer at nic.fr wrote:
From: Stephane Bortzmeyer <bortzmeyer at nic.fr>
Rich Kulawiec <rsk at gsp.org> wrote
a message of 10 lines which said:
> Watch what you wish for: you might get it. The number of
> attack/abuse vectors (and the severity of their consequences for
> security and privacy) involved in doing auto-update may rival those
> involved in not doing auto-update.
Also, there is the risk of getting updates that will disable some
features, if there is a change in the commercial strategy of the
vendor
<https://boingboing.net/2016/09/19/hp-detonates-its-timebomb-pri.html>.
All these risks are documented in RFC 8240, a highly recommended
reading.
-------------------------------------------
Regarding the HP example story, won't natural attrition fix this? My
stuff has been in storage for well over a year for various reasons and
if I pull out my HP printer (which has non-HP cartridges) and it does
this to me, I surely won't get another one. I'm also sure I'd be the
norm on this as it would anger other non-technical HP customers, as
well. (I was on the fence with HP anyway as they try to take over my
equipment too much)
scott
ps. Who knows, I don't let my printer talk outside my network anyway,
so maybe I didn't get the update.
More information about the NANOG
mailing list