[194643] in North American Network Operators' Group
Re: Please run windows update now
daemon@ATHENA.MIT.EDU (Brad Knowles)
Tue May 16 11:34:56 2017
X-Original-To: nanog@nanog.org
X-Barracuda-Envelope-From: brad@shub-internet.org
From: Brad Knowles <brad@shub-internet.org>
In-Reply-To: <7795b8ef-a738-75d6-f427-dc0ba9dabc4b@oracle.com>
Date: Tue, 16 May 2017 10:33:20 -0500
To: Jonathan Roach <jonathan.roach@oracle.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 15, 2017, at 4:31 PM, Jonathan Roach <jonathan.roach@oracle.com> =
wrote:
> What's key is that administrators need to know how to secure their
> estates. If they've failed to apply the patch, that's their failure, =
not
> Microsoft's, but patching was not the only way to have curtailed this
> weekend's outbreak.
But their failure leads to further intrusions elsewhere. Their failure =
has consequences beyond their own borders.
IMO, this is a herd immunity problem that Microsoft needs to get better =
at.
The analogy I would make here is the German versus the American =
approaches to road fatalities.
In the German approach, if there are significant road fatalities in a =
given location, then that implies there is a failure with the way the =
road system is engineered, and it needs to be fixed so that the number =
of fatalities is brought down. No blame is automatically assumed on the =
part of the drivers who failed at that location.
In the American approach, if there are a significant number of road =
fatalities, then it's the drivers own fault and they should have taken =
more care. They are automatically to blame for their own failure.
But if you're one of the other drivers out there who might be impacted =
by the lack of due diligence practiced by another driver on the road, =
which approach are you going to want to see implemented?
--=20
Brad Knowles <brad@shub-internet.org>
