30 Days....
... would usually be plenty.
In this case, 30 weeks would not be enough, and I suspect that most of these "thinglets" will never ever be patched/upgraded, and will become a zombie army for someone/thing.
Dearly hope that "we" can identify and block traffic from them in the future, or this is how the Internet will die :(
Biting the hand that feeds IT
