Re: WANTED: ISPs with DDoS defense solutions

[Vadim Antonov <avg () kotovnik com>]

On 31 Jul 2003, Paul Vixie wrote:

> the anti-nat anti-firewall pure-end-to-end crowd has always argued in
> favour of "every host for itself" but in a world with a hundred million
> unmanaged but reprogrammable devices is that really practical?

Not everything could be hidden behind a firewall, particularly in this
world of increasingly mobile and transient connectivity.

Besides, firewalls only protect against outsiders, whereas most damaging
attacks are from insiders.

What we need is a new programming paradigm, capable of actually producing
secure (and, yes, reliable) software.  C and its progeny (and "program
now, test never" lifestyle) must go.  I'm afraid it'll take laws which
would actually make software makers to pay for bugs and security
vulnerabilities in shipped code to make such paradigm shift a reality.

--vadim