I'd say that it's not quite as simple as that, because a lot of these places just don't have a useful LAN. Sure, a hospital might be expected to have an IT department that can configure proxy servers. But a small doctor's practice is unlikely to have its own server in any meaningful sense. And a freestanding Deutsche Bahn ticket machine on a semi-abandoned platform in Thüringen certainly won't.

Many of them will be accessing central servers somewhere else in the country; the protocols there may not work well with a proxy server. Obviously this is not an impossible or even difficult problem to solve but it's not necessarily cheap or trivial. It might be worth it in the long run, but that's hard to estimate. Big IT projects always run over budget so it's not surprising that things like this are low on the priority list. And sometimes maintenance of the gateway ends up being an extra point of failure that, when it breaks, prevents communication with the outside world.

And a freestanding Deutsche Bahn ticket machine on a semi-abandoned platform in Thüringen certainly won't.

This topic reminds me of Citizen four. Anybody see it? if so what did you think?

Ahh anyways....

"I remember what the internet was like before it was being watched and there has never been anything in the history of man like it. I mean you could have children in one part of the world having an equal discussion, where you know they were sort of granted the same respect for their ideas and conversation with experts in the field from another part of the world on any topic any where any time All the time. And it was free and it was unrestrained and we've seen the chilling of that, the cooling of that, the changing of that model towards something where people self police their own views and they literally make jokes about ending up on the list if they donate to a political cause or say something in a discussion. It's become an expectation that we're being watched. Many people I've talked have mentioned that they are careful about what they type into a search engines because they know it's being recorded and that limits the boundaries of their intellectual exploration" -Edward Snowden, Citizenfour ( 2014 )

What interesting times we live in.

So, it's time for the Linux/Unix people to eat a little crow; ladies and gentlemen I give you CVE-2017-7494.

All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

Maybe this wasn't a Windows-specific vulnerability after all?