In message <20161026205800.7188D57B29B8@rock.dv.isc.org>, Mark Andrews <marka@isc.org> wrote:
Actually things have changed a lot in a positive direction. ... * Microsoft, Apple, Linux and *BSD issue regular fixes for their products and users do intall them.
At the risk of repeating a point I have already made in this thread, please do let me know how I can obtain this month's security patches for my iPhone 3GS. (Note that Wikipedia says that this device was only formally discontinued by the manufacturer as of September 12, 2012, i.e. only slightly more than 4 short years ago. Nontheless, the current "security solution" for this product, as made available from the manufacturer... a manufacturer which is here being held up as a shining example of ernest social responsi- bility... is for me to contribute the entire device to my local landfill, where it will no doubt leach innumerable heavy metals into the soil for my children's children's children to enjoy.)
- Manufacturers need to be held accountable for devices that go on the internet...
My iPhone 3GS "goes on the Internet". Through no fauly of my own, it is also, apparently, destined in short order to "go onto" a landfill, if not here, then in China or India, where a pitiful plethora of shoeless and sad-eyed third-world waifs will spend their childhoods picking through the mand-made mountains of e-refuse in a daily and desperate search for of anything of value. http://motherboard.vice.com/read/much-of-americas-e-waste-recycling-is-a-sha... In short, if the "good" companies, like Apple, are the solution to the problem, then I obviously misunderstood what "the problem" is, and would be obliged if someone (anyone) would re-phrase it for me in simpler terms, for the benefit of my limited little noggin. In lieu of that, for the moment I'd just like to emphasize again that it is my opinion that any "solution" to the now self-evident IoT problems which relies, even in the slightest, upon manufacturers providing a con- tinuous and timely stream of security updates is a fantasy. Wishful thinking, pure and simple. When even the "good" companies have built their fortunes and entire business models around convincing/forcing everyone to purchase "new and improved" units every two years, at a maximum, and when the same said companies stop issuing patches of any kind for products that have only departed the corporate price list three years earlier, then one shudders to even contemplate what the contribution of the "bad" companies will be to this ongoing catastrophy. Regards, rfg