Re: Muppets
"If you can't see it, it's not spying on you..."
Even if it's BEHIND you?
16605 publicly visible posts • joined 10 Jun 2009
"That 20 year patent is from proof of concept stage and not when (if at all) it reaches market, by the time it has gone through testing and regulatory you get about 10 years market exclusivity. Have a late stage failure and it can be around £500m or more flushed down the toilet. I'm not saying the pharma industry is perfect and patent abuse does occur but you need an incentive to lay out that much money."
Different industries run at different paces. The pharmaceutical industry, as notes, runs glacially due to the bureaucracy involved in testing and proving medicines. Same for mechanical industries (especially large ones) where machines are acquired in cycles lasting a decade or more.
The electronics industry is the speedy one here, with duty cycles often being as short as a few years. So perhaps what's needed is acknowledgement of this and a splitting of patent terms based on industry: slow-moving industries can be kept to two or three decades while faster, less physical ones can reflect their breakneck nature and be limited to say 3-5 years.
"Software needs to be treated like a hardware product legally. Its that simple. Why we ever allowed them to escape this liability is just beyond me."
Simple. China happened. How do you force a country like China to cooperate when it doesn't have to? They're sovereign, after all, with nearly two billion people all by itself.
"However, "Keep buying our shit or we'll turn you into a barren radioactive wasteland" does appear to be somewhat self-defeating as a strategy, because in order to keep a particular export market you have to actually HAVE that export market.."
China has nearly two billion people. They could turn INWARD if they wanted to. Plus they have an Eastern attitude towards warfare. Look how fiercely the Japanese fought in World War II, and how many Chinese swarmed in battles in the Korean War. This is an attitude that could well see everyone losing (MAD) as a winning condition.
"There are ALREADY liability laws in the USA. Perhaps they require a bit of tweeking, but if it can be shown (in a *cough* class-action lawsuit) that the IoT vendors were NEGLIGENT with respect to security and WELL KNOWN types of exploits, we'll get some REAL action."
Except when it gets INTERNATIONAL. How can American laws get Chinese companies to comply when a lot of them are coming through grey markets that are by design nearly impossible to regulate. And you can't go to the manufacturers because they're in another country: protected by that country's sovereignty.
Even if the regs are put in place, the grey market will just expand to go around it since the devices are too small to police. It's like trying to insist on an Internet license: how do you police what people do within their own homes?
As for security first, that only applies when security is the actual industry. Everywhere else, productivity trumps security; who cares about security when the job doesn't get done?
"You're thinking of the Pinto, the model that was infamous for bursting into flame when rear ended being my wife's very first car. It was never "pulled".
Um...does the term "recall" ring a bell? That's the formal term for pulling a product, either to fix it or to destroy it. There's still the matter of the lawn darts.
As for campaign contributions, death, especially unexpected death, is expensive to a company. That's why they take it seriously. No amount of campaign contributions will help if a bereaved (and possibly famous) family decides to sue you for bookoo bucks for negligence, wrongful death, and so on. Remember, juries are from the populace and judges are tough to bribe. And we're not even starting on the media circus that could easily ensue. No amount of bribing seems to have helped Volkswagen or Toyota (and note, the latter has a strong American presence, so that's saying something). Burning batteries on an airliner left Boeing with a lighter pocket and a lot of egg on its face.
"Funnily enough industries such as aviation and nuclear spend a lot more money to find and fix bugs in their software"
Because planes falling out of the sky and an exploding plant in the Ukraine have directly killed people. Killing people tends to put the strongest focus on you. That's why the Edsel was pulled, why lawn darts are banned, and so on. When has the IoT directly and demonstrably KILLED people?
"The only time that anything will change is when it hits the decision makers in their pockets. Then they will do the absolute minimum necessary to address the identified issues; and no doubt, at a later stage, they will get hacked again. Rinse and repeat."
Or when it KILLS someone (or demonstrably proves it WILL do so) outside of its purpose. And I mean DIRECTLY. Why was the Edsel pulled? Because a rear-ender could set it ablaze, killing the people inside. Why can't we have lawn darts? Because one ended up in an innocent kid's head. If the squelching of most the Internet results in significant or shocking death, then the lawmakers will HAVE to pay attention because it'll become an election point (meaning if they don't pay attention, they'll be replaced by people who will).
"Which will stand not for Underwriters Lab but for Undertaker's Lab, with the remit to FSCKING BURY any vendor (and their products) that don't conform to the security standards set by a panel of international security experts."
Question: How do you bury a country with more people than any other, nukes, and a not-so-nice attitude toward you?
"If just a few big, rich states move, the other will be forced to follow. It the US or the EU set regulations, they are too rich markets to stay away from with non-compliant products."
But China has pressure it can apply, too, and it's on the OTHER side of the line. Think Prohibition when smuggling became such a lucrative game. What's to stop China finding ways to go AROUND any regulation you can whip up, hiding behind their own sovereignty (and their nukes)?
Then we're probably up the creek because we probably won't get either side to cooperate. Most of the devices in question are made in China, who could care less about what happens to the West. As for the users, they're just ordinary people in search of turnkey solutions. They don't WANT to learn and aren't interested in licensing or such for things they do in the privacy of their homes.
"The design of Internet is flawed, assumed good users and well behaved devices. The design of eMail ignored spam issues on Telex, RTTY, and earlier Telegraph and added almost no security at all and missed out the idea of whitelists."
Well, here's your fork in the road. The only alternative to the current Anarchy of the Internet is a Stateful Internet, and that means bye bye privacy, hello Police State. From the way things are going, no third option is possible because any inroads will be abused to take us back to one or the other.
So, pick your poison.
"That's a good point, a part solution would be to have a http landing page once the router is connected that forces you to change the password before it activates and connects to the internet."
Then something hits, the router goes bonkers, and people forget the password (which if you'll recall happens ALL THE TIME which is why passwords are not considered a reliable identity metric). And they won't take, "You lose" for answer; they'll answer with scathing reviews and defections.
But Joe Stupid isn't smart enough to do everything you say, and it's HIS devices that are running roughshod all over the Internet making life miserable for everyone else. Like you said, standards mean nothing to device makers who hide behind the sovereignty of a hostile power and can always use the gray markets to sidestep around regulations (and few countries can embargo another, especially one as large and powerful as China, without retaliation).
We need a solution that even a brick can understand (and this knowing bricks can understand few things other than perhaps a hammer blow, which is against civilized society when applied to humans).
"Contrary to what most of the press has been spouting, we won't need millions of more workers to take care of the consumption habits of the retirees."
Not saying you do. In fact, the problem behind the problem is that it's difficult to correct a severe population imbalance without consequences. First world populations waxing elderly (which also puts political pressure: seniors are consistently the most active voters). China heavily male, and so on. Best I see it, this can't help but get ugly at some point because, in spite of imbalance, none of the imbalanced side are going to be willing to step aside.
"What Japan needs to do is implement a UBI so that employers can't threaten peoples survival with 80hr workweeks or no job and no money."
Only one problem. Who PAYS for it that isn't going to just up and leave the moment you try?
"What has actually happened is that China has finally taken most of the manufacturing jobs, and if they haven't then automation probably has. Governments are afraid of increasing the debt. The whole cycle has started breaking down because the people that actually want to buy what is being produced don't have a job to pay for it."
Which then raises a real specter. What happens when NO ONE is able to pay for the stuff and the people with all the money, realizing the game is up, have gone into their walled gardens to cater exclusively to each other?
"If you want an alternative analogy, consider a contagious disease - of humans or animals. If the disease is sufficiently dangerous TPTB usually have sufficient powers to ensure that humans are isolated and animals destroyed. It's draconian but essential for the wider community."
But what if the disease is encouraged by a foreign power because it (a) helps to cull their own excesses or (b) some of them are immune, and they don't care about the rest? If everyone but them dies, THEY WIN.
That's the situation now. Most of this stuff is made in China, and China is noted to be competitive if not hostile to the west, at least economically. In this light, they could care less if the devices are being pwned. Indeed, THEY may be doing the pwning as covert warfare. Meanwhile, they're using channels that are hard to control (alibaba and the rest), AND they can be testy. Not to mention they have nukes AND an Eastern mentality (more accepting of MAD). As the saying goes, it's complicated, and Darwin favors THEM right now. Your move.
"Stupid is the problem. If the punter is too stupid it has to be their problem rather someone else's. I'm a biologist by training. I see no problem in applying Darwinian selection to the IoT.
How about "Here's your device, there's the password. We have no copy of it. Looking after it is your responsibility.""
Problem is, Darwinism doesn't jive well with civilized society since it smacks of throwing people to the wolves. Thus attitudes about capital punishment, eugenics, and unwilling euthanasia in its various forms (illness, population, age limits, whatever). There's a reason "Social Darwinism" is considered a dirty word.
"Then, once you've sold a few million to grateful end-users who have been frustrated by the quality of routers mandated by bottom-feeding ISPs, cash in the company and move house."
And WHEN (not IF) your Kickstarter fails because all you're hearing are "squeaky wheels" and the average Internet-goer really doesn't give a soaring screw about what their stuff does, they just wanna go online, thank you, and many of them don't own or drive cars so won't get the driver's license analogy, either?
"All IoT devices MUST have open source software, must be update-able over the network, and perform the update from secure servers, look for updates on a weekly basis. All above and future problems solved. Don't adhere to this, don't get a license from FCC, EU etc"
The devices come from China and are imported direct. Who gives a damn? As for the update mechanism, they'll just hijack it and pwn it THAT way.
"However, it's a problem that needs solving. There has to be a back-pressure mechanism that sends a "stop" to the ingress point since there is no practical means of ensuring that every piece of equipment in private hands is well behaved. That of itself is not a panacea - and is potentially a new route to DDoS by spoofing the back pressure - and, if you look at the IPv6 gestation period, unlikely to be with us any time soon. It's also not the only issue that needs attention - more privacy, anyone?"
Intractable problem. The ONLY reliable way to manage a network is to introduce ironclad attestation. But that instantly eliminates privacy. What's happening is that the wired world is reaching the "wishbone" point: a point in which the third option is disappearing from the strain exerted from both extremes (in this case, the Anarchy of the current Internet and the Police State of a Stateful Internet). The pressures mean ANY third option quickly slides into one or the other extreme, rapidly NOT becoming a third option. Eventually, the wishbone will break, meaning no third option is possible anymore because it'll IMMEDIATELY gravitate towards one or the other extreme (the "winner"). In which case, only three options will be left: Anarchy, Police State, or Walk Out?
"An Amazon gift card is sufficient. So I can buy paperback novels. Nope, no electronic gizmo needed. When the mega-EMP strike occurs I'll have plenty to read while I starve to death, thank you."
What if it's a FIRE, though? Lot easier to take your library when it's one little device instead of a bookshelf full. And a fire is MUCH more likely than any EMP holocaust (which can BTW be mitigated to a good degree, ask your military).
"Building devices into the road would also fix the "Australia problem", since as the continent moves, so do the roads and everything built into them :)"
But what about the "New Zealand Problem" where their islands move inconsistently (as in not at the same rates at all points, meaning some masses extend while others contract)?
"However, for the stuff that's actually in operations and exposed to the net the users are likely to be the only ones who can actually take action, especially if the only possible action is to disconnect it."
Which means it's NOT an option because the average user won't care. And if their ISP cuts them off, they'll say they're being denied service they paid for and the lawyers will get involved.