site banner

Culture War Roundup for the week of May 6, 2024

This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.

Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.

We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:

  • Shaming.

  • Attempting to 'build consensus' or enforce ideological conformity.

  • Making sweeping generalizations to vilify a group you dislike.

  • Recruiting for a cause.

  • Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.

In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:

  • Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.

  • Be as precise and charitable as you can. Don't paraphrase unflatteringly.

  • Don't imply that someone said something they did not say, even if you think it follows from what they said.

  • Write like everyone is reading and you want them to be included in the discussion.

On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.

6
Jump in the discussion.

No email address required.

As a topic expert (despite myself, embedded is both fun and hell) I did not want and continue not to want any government standardization of software because:

  1. I know they'll fuck it up, because they fucked it up before
  2. It's the one high paying career left that you can bootstrap yourself into with just smarts and a computer, no expensive certification and years of guild dues needed
  3. It opens the door to further regulation of what I'm allowed to do with compute, and I happen to enjoy my freedoms
  4. I see no demonstrated need for intervention that can't be addressed by private society

Just make IoT doodad manufacturers liable for bad things that happen with them and the problem will sort itself out, no state intervention with the potential for universal surveillance and totalitarian control needed.

The real reasons people want to do this shit are economic and strategic, they don't like that the Chinese are beating everyone at the doodad game and want protectionism through the backdoor. It's the same reason you can't easily buy American ETFs in the EU, because they don't care to include the handful of made up documents that are mandated by law at the advice of European financial institutions that enjoy proximity to the rule makers.

Let us not mince words: nobody gives a shit about the end user here. This whole game of being "regulatory leaders" only works if the major players of the industry you are regulating actually want to help you prevent further competition.

You can have protectionism and regulation if you want, but you can't get that and innovation. You have to choose.

Just make IoT doodad manufacturers liable for bad things that happen with them and the problem will sort itself out, no state intervention with the potential for universal surveillance and totalitarian control needed.

How about a government funded Red Team who's raison d'etre is taking out insecure household devices? Could be a nice cyber-warfare bootcamp; I can certainly think of worse uses for government funds. The problem with letting the market take its course is that IoT devices are a low-value target for black hattery -- classic case for governments protecting the commons!

How about a government funded Red Team who's raison d'etre is taking out insecure household devices?

I think this is a great idea, though I'm sure China and Russia are doing it already.

I actually kind of like the idea of this; you wake up one day, your doodad has been pwned, and the screen on it says "if you are seeing this, please call [govt. number]."

Govt. number: DO NOT REDEEM THE CARD SIR. You think that idea would be to a net benefit of the normies?

The government isn't going to find the security holes and report them; they're going to find the security holes, report a couple, and save the rest for their own use.

Isn't this the reason the NSA is supposed to exist on paper too?

Security for devices for the defense industry is one of those reasons, but I think household devices would be mostly outside their purview.

Just make IoT doodad manufacturers liable for bad things that happen with them and the problem will sort itself out, no state intervention with the potential for universal surveillance and totalitarian control needed.

This is a very common opinion, but if you delegate the assignment of liability to the court, then you will get even more problems about state overreach.

Consider the following scenario: A consumer buys some smart lights for their house. The smart lights are hacked, and hacker uses these smart lights as a proxy to launch ransom-ware attacks against hospitals. The hospitals are collectively "forced" to pay $100 million in ransom to continue their operations. Who is liable in this case? The consumer who didn't put the smart lights behind a firewall? The hospitals who had employees fall for phishing emails? Or the IOT company for not updating the security of their devices? If you don't have legislation defining what makes someone liable, then unaccountable judges will be forced to legislate from the bench about who is liable and who is not. If you don't like the decision, then you can't just vote them out of office the same way you can with legislators.

Just cap the liability costs at 10x the costs of the device. This should be enough to get vendors to take security seriously without having to worry about black swan outcomes.

Also, a hospital getting attacked by ransomware should obviously not only be liable for the ransom they elected to pay, but be fined on top of that if it turned out that any patient files were accessible to attackers.

Of course the problem of codifying responsibility doesn't magically dissolve if we oppose someone doing it.

Most of the issues raised by your hypothetical can be resolved by the content of the contract signed by the parties.

The only crucial thing that isn't there is what the standard for being negligent about your security is, and while I get the argument that it's easier to resolve if codified by politicians, I actually think it's fuzzy and contextual enough that it is better left to the courts.

I also am under no such delusion as to believe that I could vote legislators out of doing the bidding of the interests that pay for all of their campaigns. Judges might at least accidentally stumble upon some good sense and integrity. Politicians are constitutionally incapable of such things.

Most of the issues raised by your hypothetical can be resolved by the content of the contract signed by the parties.

I do not want to live in a word where people buying a $10 device from walmart have to sign a contract.

To some extent we do live in that world already: your $10 electronic device from Walmart probably already has a click wrap license that you have to accept to use the product. The validity of those is perhaps subject to question, but they aren't, to my knowledge in the US, categorically invalid.

Funny you mention clickwrap, because this whole topic reminds me of Ross Scott's campaign on stopping the destruction of live-service-type games, and the legal precedents in the US that basically give consumers no rights over software publishers.

That's too bad, because you already live in one.

I too hate that we don't distinguish strongly enough between computers bolted onto appliances and regular appliances. It's confusing. But when your fridge is actually a computer with a delivery service that happens to come with a free fridge, we have to deal with the complexities of the former, not the latter.