On 3 Nov 2016, at 21.26, Brian E Carpenter <[email protected]> wrote: > Yes, I agree it's possible to do better, but what's the incentive for a > bottom-feeding vendor > of cheap devices to bother?
I hate to say this, but how about legal solutions? If you sell e.g. guns that explode if you use them, you are going to go out of business, EULA or no EULA. (I guess this mitigation strategy works better in the US than e.g. EU, though.) Cheers, -Markus P.S. Funny datapoints from my home infra: - 2,5 years old firmware on my CER seems to be holding strong; of course, there are zero open ports to the outside world. Default deny policy makes even broken hardware work. It is the ‘call me to administer’ + weird authz when you get to trouble. - The VDSL2-ethernet bridge (aka lobotomized ZyXEL router) that is in front of it is using about 5 years old default firmware, and I am still not worried, it does not talk IP. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
