Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

System patching 0-days and ancient-day vulnerabilities

There's a good article at Michael Sutton's Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulner…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

There's a good article at Michael Sutton's Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulnerability has, we forget. The point is this, there are plenty of machines online vulnerable to ancient flaws that have been known (in some cases for years.) In his article, he does a search for one specific vulnerability and finds targets. Some of the comments speculate that some may be honeypots, but I would doubt that a high percentage are and suspect that most are the real deal.


I see zero-day ( 0-day ) exploits as a news tool to grab peoples attention and encourage them to patch EVERYTHING. Kind of like a virus that is on the television news encourages EVERYONE to make sure they've got up-to-date antivirus protection. Unfortunately to most people a pc is an appliance, like a toaster that either works or it doesn't. If it works, then great - that's what it's for, if not, they either get it fixed or replace it. (That comes down to a cost decision.) Of course, with a toaster these days it's replace.... People tend to treat software the same way. Updates aren't typically thought of by MOST software users. (It's working fine - why should I update?) This is why I think software vendors need to distinguish more clearly between feature and maintenance/security updates and consider more automated ways to implement maintenance/security updates.