"Pavel Kankovsky" <peakat_private> wrote: > I see a trend: Yesterday, the Internet was a happy place free of DoS > attacks. Today, we suffer from a relatively small number of intentional > DoS attack. Tomorrow, the whole Internet will collapse under a massive > wave of accidental DoS attacks caused by braindead software written and > configured by ignorant people. :P And this is largely because of current "accepted good practice"... How often in this and related lists (and in the RFCs, etc) do you see advice such as "be generous in what you accept..."? Because many implementors are so "generous" (but in differently incompatible ways) it is easy for a bad/lazy/stupid implementor to build and test an implementation that works well in all (the limited) ways s/he conceives to test against the limited other implementations chosen as for those tests. The result is an ever-increasing amount of crappy, non-standard compliant code being put into production. And, as Pavel notes, when you then deliver this to people who have no idea of what the standard is or how to "properly" configure their system anyway, things starts swirling more and more rapidly down the drain. The really sad thing is, many developers' "solution" to the fact that yet another non-standards compliant implementation has been foisted on the market by a competitor is to rush out and "break" their own product so it inter-operates with the rubbish... Regards, Nick FitzGerald ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 10:16:11 PDT