On Wed, Dec 28, 2005 at 11:17:11PM -0500, Barry Shein wrote:
To beat a dead horse just a little harder the problem I have is when a certain company kept distributing software with security flaws specifically because they're profiting from those flaws.
For example, graphics libraries which accept binary code chunks to be executed in kernel mode without limits for support of quick screen updates in games considered of marketing importance. Blaming it on the games vendors seems inadequate, particularly over several years and releases of each.
That's just pure economics and, hence, profiting on others' serious pain.
And yet, I'd bet $10 that: * They know this. * They are just implementing what their customers demand. * They accept that allowing direct access in order to obtain performance at the experience of security is a necessary model in a wide variety of situations, particularly gaming. * They don't give a flying crap what a bunch of perceived whining kooks on NANOG think about that tradeoff. God knows, I wouldn't. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)