[194646] in North American Network Operators' Group
Re: Please run windows update now
daemon@ATHENA.MIT.EDU (Brad Knowles)
Tue May 16 13:23:53 2017
X-Original-To: nanog@nanog.org
X-Barracuda-Envelope-From: brad@shub-internet.org
From: Brad Knowles <brad@shub-internet.org>
In-Reply-To: <CAAXNyuD2VvmS8FrfzL900DeTRDfVHSyGG+Ca=rO6tyqUm86hrg@mail.gmail.com>
Date: Tue, 16 May 2017 12:23:36 -0500
To: JoeSox <joesox@gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On May 16, 2017, at 11:40 AM, JoeSox <joesox@gmail.com> wrote:
> LOL. I think that is a really bad example and I see many facilities in =
it,
> including a hasty generalization, as intersections, and roads for that
> matter, in America have been resigned to improve safety.
So, if you want to talk about roads in the US, the first thing you have =
to do is look at the budgets. There are trillions of dollars worth of =
road improvements that should have been made over the past decades, but =
which haven't. You'd have to ask the politicians as to what they think =
the real reasons are, but my guess is that they were unwilling to make =
long-term investment on critical infrastructure, because it was seen as =
being too expensive in the short-term.
And I definitely see a strong analogy there with what Microsoft has/has =
not done.
> Isn't it true, with any tech product, the more complex features, the =
less
> secure it is? Ask yourself why this is the case, and I believe the =
true
> issue with tech lays there.
To a degree, this is true. But there are more iOS devices out there =
than there are Windows boxes, and while iOS certainly isn't perfect, it =
definitely has a much better security posture.
So, there is at least one other company out there that can do the job. =
I have to believe that there is more than just one.
> I don't know. It is hard to imagine a professional IT nowadays, =
seriously
> blaming Microsoft for every bad thing out there.
I don't blame Microsoft for every bad thing out there. I do think they =
are, by far, the worst of the Fortune 25. But there are 24 other =
companies on that list who all have their own part to play -- including =
Apple.
> What would be more of an interesting discussion, to me, would be why
> doesn't Microsoft know about these hoarding of vulnerabilities by =
State
> actors and plug them up?
Well, this one is actually an old vulnerability, right? One that =
Microsoft supposedly fixed years ago? So, why didn't they fix it =
properly back then?
> Are they really that clever of vulnerabilities? Does Microsoft not =
have the
> resources? Is Windows like the ocean, where there are just hundreds of =
new
> species awaiting to be discovered?
> Did Microsoft at least know of the NSA vulnerabilities, for example, =
and
> kept it classified until NSA told them to plug them up?
Good conspiracy questions to ask. But frankly, I don't care that =
Microsoft wants to blame the NSA for hoarding vulnerabilities. If =
Microsoft had spent more time/money/effort to get their crap right the =
first time, then we wouldn't have this mess. We might have a different =
mess, but we wouldn't have this one.
--=20
Brad Knowles <brad@shub-internet.org>
