This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
I don't think the "detail" required is going to fit in that table. So it's going to be a reference to some much longer document which explains each item, in language understandable to regulators. And then all this will have to be reviewed by a lawyer specializing in UK regulations. And every time a change is made to the device, the document will have to be audited to ensure there's still compliance.
Of course just this one document isn't going to do much, aside from make new IoT devices less available in the UK and other countries adopting it as mandatory. The more regulation in more countries, the more the works get gummed up.
The good news is that it reads like they're expecting that companies will just publish this document on their website along with other support documentation. So, it won't be long until we get to see some and find out whose prediction is closer to accurate. As for the prediction of availability, would you like to predict anything specific about companies pulling out of the UK market?
If it's really so easy there won't be any problems. But I'm pretty sure, given the absolute glee expressed in your original post, you know it isn't.
I don't follow your line of reasoning. Can you speak plainly, please?
Your original post expresses considerable contempt for "tech folks" and demonstrates absolute joy for us having regulation "dropped" on us "in a much stronger way that you really won't like." This really doesn't fit with an idea that you think the regulations will be anything like easy or simple to follow -- rather, you actually think they will be difficult and painful to follow and are joyfully anticipating the pain it will cause.
Yeah, regulation sucks. It's terrible that in the "real" engineering professions, you need a minimum 10 years of experience before you're allowed to do anything more than turn the crank on well-tested models to determine if some very slight variation of an existing thing meets all the requirements, and then fill in all the boxes on the paperwork to maintain traceability. Doing that has high costs; applying those costs to the software industry as a whole will cause it to stagnate.
This does not follow. It's just a non sequitur. It can be easy and simple to follow, but incredibly grating to the personality of "artists". They don't like coloring inside the lines, even if it's easy and simple to follow.
Who are 'artists'? Can you speak plainly and say what you actually mean instead of sneering and generalising like this?
"Artists" aren't real artists. They're just programmers and engineers at tech companies who developed a culture of believing that if they just imagined really hard that they were artists, it would be a good excuse for not being regulated. This culture grew out of the 90s and just happens to be a useful rationalization for them to refuse to do anything that seems "boring" to them. Sure, every other industry has boring parts of the job that need to be done in a proper fashion, but this cultural imagination gives them an excuse to object and only ever chase the "cool" stuff, no matter how much damage it does to the world. How long did they put off doing any sort of vulnerability work (except the "cool" red-teaming stuff) before it became such an incredible thorn in the side of the industry (and the world that uses their tools) that they were existentially forced to figure out some cultural modifications to actually manage a vulnerability disclosure and response cycle, pulling bodies away from the "cool" stuff and assigning them to "boring" patching work?
More options
Context Copy link
More options
Context Copy link
If it's that grating, it's not easy even if it is simple. The word for such a thing is common: "tedious".
The difference is that it's easy to people who don't have a particular psychology or culture. You're concluding that it's not easy to certain folks, which is perfectly compatible with it being objectively easy to most people. Maybe it's even tedious, or as the dictionary would recast that word, boring, to you. But hey, I think we're making progress. The reason why IoT devices have been an absolute security shitshow for years is just because a small culture of powerful technokings think that it's too boring for them to fix the obvious problems that everyone knows are obvious problems and which are objectively easy and simple to fix. We may have reached agreement!
So you say. But those people can't do it, because they aren't the people building the devices. The people being required to do it are the people you (gleefully) admit it is painful for.
I do not agree. The reason IoT devices have been an absolute security shitshow for years is no one except you and some European regulators actually gives a shit. There are no technokings building them, and nobody's going to pay a red cent more for an internet-connected light bulb that's more secure than some other internet-connected light bulb.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link