Re: "They're doing it too" is not an acceptable defense
Well, that's exactly what I meant when I said "It's not right."
But what I'm calling out is the inordinate, out of proportion distaste Karl has for IoT. Has he been similarly sour about every other innovation that had security as an afterthought? Because most of them did.
MOST startups here in Silicon Valley struggle to build an MVP (a Minimum Viable Product), and then to shove that product out to market as fast as possible. There are massive pressures from first-to-market, to cash flow, to investor pressure. Most of these startups tend to look at security as a distraction from their race to grab market share fast. They figure they'll worry about security when security becomes a problem. If anyone here would like to debate this assertion, I'd be interested. But I think most would agree.
I have absolutely never asserted that this is right. Simply that this is true.
So to act like IoT is unique is misleading.
To act like IoT is a stupid idea because lots of it is insecure is short-sighted and untrue.
Fair enough, John. Your argument is cautious and sensible.
FYI, though it's not fully true. I use a number of IoT devices which are not cloud services, but rather things that I manage and access myself. It's technically much harder to do, so not mass market, but it's also available.
And of course, it's still vulnerable, as any connected device is.
Jason's first point is right. Is IoT even relevant if physical access is required?
I could "hack" your conventional thermostat with a hammer if I had physical access. So this isn't even an IoT story.
OTOH, I'm not on board with point 2. Lots of private data about my presence and patterns can be gleaned from my thermostat. It's not about the risk of the $200 thermostat. There is much more at stake.
So, the ability to save money and pollution by gaining remote access to your thermostat is a lack of common sense?
It's not. It's a feature that has varying degrees of value to different people. To those with a second home, or those away from home for extended periods, it's very sensible.
I agree that security is not being implemented enough in IOT, but Karl, you seem to have a chip on your shoulder against IoT for some other reason, and are using the security weakness as a hammer.
"companies get so excited about the IoT marketing and revenue possibilities, they fail to embed even basic security in supposedly intelligent devices:"
That may be true of some, or even most IoT. But it does not justify painting the entire category as stupid.
Just about every innovative technology starts with security as an afterthought. It's not "right". But it is standard practice. Why would the first innovators worry about security when they have hundreds of other issues to work through, AND when 'obscurity' is pretty good security given the devices are a new category. As I said, it's not right, but it's normal.
Orville and Wilbur Wright did not worry about hijacking defenses. Should they have?
Carmakers computerized the CANBUS network and the OBDII in cars long ago. Should they have made it hack-proof?
The first smartphones (PalmOS, Windows Mobile) had few deliberate defenses against virus and attacks. But almost no attacks occurred.
Once again, I agree with you that this is not the best. It's better if security is built in from the start. But it almost never is. So why all the specific hate for IoT?
Although buggy whip sales are down, we are convinced in the inherent consumer demand for what we sell - people still want transportation from one place to the other, so the market for buggy whips MUST be out there. We just need to cross this difficult stretch of water, and find the way to package our product that meets the demand.
"we will find our way to the far shore where the industry is thriving and growing once again"
Meet in the middle. Technology. AI-assisted buggy whips. Other stuff. Loud noises. This is how we will achieve our goals.
...or NOT. Sometimes businesses just evolve, and that evolution can mean shrink or go away. It happens particularly fast to industries who lacked clarity about what their actual product was, and where their value was. The notion that they will "find our way to the far shore where the industry is thriving and growing again" is the kind of mistaken goal-setting that will result in failure. You can't go back to the way it was, no matter how much tech jargon you sling in your boardroom or your videos.
True. Could be Poe. If so, it's the only law to which the screed adheres.
But, too much, it resembles the attitude prevalent in our "justice" system, and that is the assumption of guilt. That's consistent with police behavior, politically-minded DAs, budgets for public defenders, trials, and of course plea bargains.
Perhaps they all feel this way, because they are dealing with the lowest people day after day. It must start to look like, basically, they're all guilty.
But I don't care if (hypothetically) 100% of the people ever accused of a crime up until today are actually guilty. When, someday, *I* get arrested for a crime I didn't commit, I want the burden of proof to remain on the prosecution.
I don't want some lazy system to make me the victim of a rounding error.
"I am no longer compelled to help the self-chosen lawbreaker"
You wrote a lot of text, there. But what strikes me is that it sure seems that more than once you expressed an assumption of guilt for all parties that need a Public Defender.
That seems unconstitutional, and counter to what little I know of justice and law. Please correct me if I'm wrong.
I went to the steps of the Alameda County Courthouse this spring, and bid on a real estate auction on behalf of a friend who had been foreclosed. I was gonna rent her place back to her in a win-win.
Can't say I'm thrilled about being recorded, if I was.
The auction was a very strange experience. Some very shady looking characters hanging around, then suddenly they all coalesce and start bidding millions of dollars. But they are all just frontmen (like floor traders at a stock exchange). Each had a clipboard of the properties for the day, a phone and headset, and were in constant contact with the real buyers during the actual sales. They seemed to make no decisions themselves, but just relayed info.
Shockingly, one needs cold, hard cash (or similar instrument) and must prove (show) it to the auctioneer just to bid. The total amount of money on the courthouse steps was impressive, given about a dozen homes sold for over $500k each. The reps generally bid every house, with varying levels of motivation. I only bid for the one.
"The evidentiary record here confirms that Defendants did not speak at a volume loud enough for an undercover agent or an FBI cooperator to overhear them."
I personally found the volume of the auctioneer to be a particular problem for me. As a newb, I didn't know the process, and there was scant help available. So I wanted to hear everything. That required very close proximity.
As for the other bidders, the absolutely took steps to mask their conversations over their telephones, so as to reveal as little information to the rest of us as possible.
As for expectation of privacy, it's the COURThouse steps. Should we not expect a lot of discussions between lawyers and their clients all around the courthouse? Lots of privileged conversations surely happen there. Further, I reject Judge Hamilton's opinion that any public place negates the expectation of privacy:
Electronic age or not, the expectation of privacy should be based on HUMAN experience and human perception. Would she obviate my right to privacy in my home simple because a laser mic pointed at my window can hear me from across the street? While the state of technology does define a spy's ability to hear us, it does not define our RIGHT to privacy, WE do that.
My remaining questions are whether I was the victim of some kind of collusion or collaborative bidding? What was the FBI after? Seems unlikely since I got outbid in the end, so the asset owner (the bank) got more money than I though the property was worth.
I think it's important to establish the following point in caps to our anonymous friend:
Given: A free market is good.
THERE ARE MANY THINGS THAT CAN INTERFERE WITH A FREE MARKET, not just regulations.
Others examples: monopoly monopsony dirty dealing/crime/racketering/coercion/intimidation lies, false marketing information dis-symmetry systemic advantage of incumbents over new entrants
So, if regulations can target fixing market failures, they can be an improvement. Take for example, the Schumer Box (no, not the thing below Amy Schumer's belt that she jokes about all the time), her uncle's namesake box on credit card applications that require banks to offer clear, concise information about the finance terms, which allows consumers to choose better. This regulation addresses information dis-symmetry between banks and customers, preventing them from disguising higher rates with confusing presentation. So, it's good.
I think a lot of people, like this AC, think that "Free market" means "a market with NO regulations", and that's wrong. A complete lack of regs does NOT automatically result in the economist's idealized "free market". Many things can go wrong, so we NEED rules to optimize the outcomes.
"When it comes to recordings, law enforcement has proven repeatedly it's not up to the job"
Whether the police are deliberately deleting video and covering up evidence, or if they are simply incapable of recording, handling, and backing up video data is irrelevant. It is clear the responsibility for doing so should not be in their hands.
Is there some way for a neutral third party to record this data, providing it freely like in a good FOIA process?
You seem to be searching for absolutes. You have incorrectly guessed the absolute is: TD thinks regs good, free market bad.
That is the opposite of the default case at TD. So you are just wrong.
But also, TD does not comply with your desire for absolutes. TD will never say: "All regs are bad". That's too much of a simplification. Thus, in some cases, regulations are considered good. At TD, this is generally in cases where the regs "correct" a free market that has already been distorted by some other factor (ex: monopoly control, information dis-symmetry, overkill intellectual property ownership, markets that favor incumbents and block entry of new entrants.)
You are harping a lot on the FCC regs. These regs are praised here, yes. The market for fixed broadband is NOT competitive in the USA. UNE-P was a reg that fixed it, but it was shot down in the courts, so we're back to too much market power in the hands of incumbents. Net Neutrality and Title II regs are not perfect, and nobody here said they were. But do they make things better, or worse? We think better. But do we love regs here? Not really. If you actually read the articles, I'd bet that over 80% of them that praised the Title II also CLEARLY stated that a better solution than regs would be "more competition."
Techdirt consistently argues in favor of a freer market, more competition, and regs ONLY for the sake of fixing market failure.
It's because the lobbying is so much cheaper and so much more effective per dollar spent that it never ceases.
One of the good arguments that libertarians make is that we're so large as a nation, and that large governed groups mean that money spent lobbying and controlling government will sap away money that should have been directly invested in production.
I don't agree. Did Hillary use her own email account to send/receive emails from ANY official account? Because, if so, her email practices would certainly come out under any investigation that reviewed the other people's email.
Which is predictable, and..um..is what happened.
If she were devious enough to deliberately use her own email to avoid FOI, then she would also be clever enough to never send or receive any message from any official account.
What you propose is like a cheating husband using his "burner" phone to call his wife to see if he should pick up milk.
Is something often -and only- uttered by some jerk with a team of people doing and managing their email and communications for them.
He most certainly DOES "do email"...at least as much as he "builds hotels", in the sense that other people print them out, highlight the easy words, and reply on his behalf. His cluelessness is hardly a virtue.
On the post: Your 'Smart' Thermostat Is Now Vulnerable To Ransomware
Re: "They're doing it too" is not an acceptable defense
But what I'm calling out is the inordinate, out of proportion distaste Karl has for IoT. Has he been similarly sour about every other innovation that had security as an afterthought? Because most of them did.
MOST startups here in Silicon Valley struggle to build an MVP (a Minimum Viable Product), and then to shove that product out to market as fast as possible. There are massive pressures from first-to-market, to cash flow, to investor pressure. Most of these startups tend to look at security as a distraction from their race to grab market share fast. They figure they'll worry about security when security becomes a problem. If anyone here would like to debate this assertion, I'd be interested. But I think most would agree.
I have absolutely never asserted that this is right. Simply that this is true.
So to act like IoT is unique is misleading.
To act like IoT is a stupid idea because lots of it is insecure is short-sighted and untrue.
On the post: Your 'Smart' Thermostat Is Now Vulnerable To Ransomware
Re: Re: Not On Board 100%
FYI, though it's not fully true. I use a number of IoT devices which are not cloud services, but rather things that I manage and access myself. It's technically much harder to do, so not mass market, but it's also available.
And of course, it's still vulnerable, as any connected device is.
On the post: Your 'Smart' Thermostat Is Now Vulnerable To Ransomware
Re: Re:
But this story is not even about remote hacking.
On the post: Your 'Smart' Thermostat Is Now Vulnerable To Ransomware
Re: Click Bait
I could "hack" your conventional thermostat with a hammer if I had physical access. So this isn't even an IoT story.
OTOH, I'm not on board with point 2. Lots of private data about my presence and patterns can be gleaned from my thermostat. It's not about the risk of the $200 thermostat. There is much more at stake.
On the post: Your 'Smart' Thermostat Is Now Vulnerable To Ransomware
Re:
It's not. It's a feature that has varying degrees of value to different people. To those with a second home, or those away from home for extended periods, it's very sensible.
On the post: Your 'Smart' Thermostat Is Now Vulnerable To Ransomware
Not On Board 100%
"companies get so excited about the IoT marketing and revenue possibilities, they fail to embed even basic security in supposedly intelligent devices:"
That may be true of some, or even most IoT. But it does not justify painting the entire category as stupid.
Just about every innovative technology starts with security as an afterthought. It's not "right". But it is standard practice. Why would the first innovators worry about security when they have hundreds of other issues to work through, AND when 'obscurity' is pretty good security given the devices are a new category. As I said, it's not right, but it's normal.
Orville and Wilbur Wright did not worry about hijacking defenses. Should they have?
Carmakers computerized the CANBUS network and the OBDII in cars long ago. Should they have made it hack-proof?
The first smartphones (PalmOS, Windows Mobile) had few deliberate defenses against virus and attacks. But almost no attacks occurred.
Once again, I agree with you that this is not the best. It's better if security is built in from the start. But it almost never is. So why all the specific hate for IoT?
On the post: Newspaper Association Of America Complains That Comedian John Oliver Failed To Solve Newspaper Biz Model Problem
Can't Bring Back The Past
"we will find our way to the far shore where the industry is thriving and growing once again"
Meet in the middle. Technology. AI-assisted buggy whips. Other stuff. Loud noises. This is how we will achieve our goals.
...or NOT. Sometimes businesses just evolve, and that evolution can mean shrink or go away. It happens particularly fast to industries who lacked clarity about what their actual product was, and where their value was. The notion that they will "find our way to the far shore where the industry is thriving and growing again" is the kind of mistaken goal-setting that will result in failure. You can't go back to the way it was, no matter how much tech jargon you sling in your boardroom or your videos.
On the post: Frustrated Public Defender Appoints Governor -- And Licensed Attorney -- To Provide Indigent Defense
Re: It's pretty darned Poe.
But, too much, it resembles the attitude prevalent in our "justice" system, and that is the assumption of guilt. That's consistent with police behavior, politically-minded DAs, budgets for public defenders, trials, and of course plea bargains.
Perhaps they all feel this way, because they are dealing with the lowest people day after day. It must start to look like, basically, they're all guilty.
But I don't care if (hypothetically) 100% of the people ever accused of a crime up until today are actually guilty. When, someday, *I* get arrested for a crime I didn't commit, I want the burden of proof to remain on the prosecution.
I don't want some lazy system to make me the victim of a rounding error.
On the post: BBC Now Training Its Secret, Likely Imaginary, Fleet Of Detector Vans On Your WiFi
Re: Re:
More likely to find my 'alf a bee, Eric.
On the post: Frustrated Public Defender Appoints Governor -- And Licensed Attorney -- To Provide Indigent Defense
Re: Re: "someone who caused . . ."
You wrote a lot of text, there. But what strikes me is that it sure seems that more than once you expressed an assumption of guilt for all parties that need a Public Defender.
That seems unconstitutional, and counter to what little I know of justice and law. Please correct me if I'm wrong.
On the post: Judge Tosses 200 Hours Of Recordings From FBI's Courthouse Bugs
Wow. I'm On Those Tapes
Can't say I'm thrilled about being recorded, if I was.
The auction was a very strange experience. Some very shady looking characters hanging around, then suddenly they all coalesce and start bidding millions of dollars. But they are all just frontmen (like floor traders at a stock exchange). Each had a clipboard of the properties for the day, a phone and headset, and were in constant contact with the real buyers during the actual sales. They seemed to make no decisions themselves, but just relayed info.
Shockingly, one needs cold, hard cash (or similar instrument) and must prove (show) it to the auctioneer just to bid. The total amount of money on the courthouse steps was impressive, given about a dozen homes sold for over $500k each. The reps generally bid every house, with varying levels of motivation. I only bid for the one.
"The evidentiary record here confirms that Defendants did not speak at a volume loud enough for an undercover agent or an FBI cooperator to overhear them."
I personally found the volume of the auctioneer to be a particular problem for me. As a newb, I didn't know the process, and there was scant help available. So I wanted to hear everything. That required very close proximity.
As for the other bidders, the absolutely took steps to mask their conversations over their telephones, so as to reveal as little information to the rest of us as possible.
As for expectation of privacy, it's the COURThouse steps. Should we not expect a lot of discussions between lawyers and their clients all around the courthouse? Lots of privileged conversations surely happen there. Further, I reject Judge Hamilton's opinion that any public place negates the expectation of privacy:
Electronic age or not, the expectation of privacy should be based on HUMAN experience and human perception. Would she obviate my right to privacy in my home simple because a laser mic pointed at my window can hear me from across the street? While the state of technology does define a spy's ability to hear us, it does not define our RIGHT to privacy, WE do that.
My remaining questions are whether I was the victim of some kind of collusion or collaborative bidding? What was the FBI after? Seems unlikely since I got outbid in the end, so the asset owner (the bank) got more money than I though the property was worth.
Rough times for my friend, though.
On the post: Even The Usual Defenders Of The RIAA Are Pointing Out They're Simply Lying About YouTube
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Regulation drums
Given: A free market is good.
THERE ARE MANY THINGS THAT CAN INTERFERE WITH A FREE MARKET, not just regulations.
Others examples:
monopoly
monopsony
dirty dealing/crime/racketering/coercion/intimidation
lies, false marketing
information dis-symmetry
systemic advantage of incumbents over new entrants
So, if regulations can target fixing market failures, they can be an improvement. Take for example, the Schumer Box (no, not the thing below Amy Schumer's belt that she jokes about all the time), her uncle's namesake box on credit card applications that require banks to offer clear, concise information about the finance terms, which allows consumers to choose better. This regulation addresses information dis-symmetry between banks and customers, preventing them from disguising higher rates with confusing presentation. So, it's good.
I think a lot of people, like this AC, think that "Free market" means "a market with NO regulations", and that's wrong. A complete lack of regs does NOT automatically result in the economist's idealized "free market". Many things can go wrong, so we NEED rules to optimize the outcomes.
On the post: Police Get Facebook To Kill Livestream Of Standoff Which Ended With Suspect Being Shot To Death
Conspiracy or Incompetency?
Whether the police are deliberately deleting video and covering up evidence, or if they are simply incapable of recording, handling, and backing up video data is irrelevant. It is clear the responsibility for doing so should not be in their hands.
Is there some way for a neutral third party to record this data, providing it freely like in a good FOIA process?
On the post: Even The Usual Defenders Of The RIAA Are Pointing Out They're Simply Lying About YouTube
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Regulation drums
That is the opposite of the default case at TD. So you are just wrong.
But also, TD does not comply with your desire for absolutes. TD will never say: "All regs are bad". That's too much of a simplification. Thus, in some cases, regulations are considered good. At TD, this is generally in cases where the regs "correct" a free market that has already been distorted by some other factor (ex: monopoly control, information dis-symmetry, overkill intellectual property ownership, markets that favor incumbents and block entry of new entrants.)
You are harping a lot on the FCC regs. These regs are praised here, yes. The market for fixed broadband is NOT competitive in the USA. UNE-P was a reg that fixed it, but it was shot down in the courts, so we're back to too much market power in the hands of incumbents. Net Neutrality and Title II regs are not perfect, and nobody here said they were. But do they make things better, or worse? We think better. But do we love regs here? Not really. If you actually read the articles, I'd bet that over 80% of them that praised the Title II also CLEARLY stated that a better solution than regs would be "more competition."
Techdirt consistently argues in favor of a freer market, more competition, and regs ONLY for the sake of fixing market failure.
On the post: Broadband Industry Formally Tries, Once Again, To Kill Net Neutrality
Re: Screw you America
It's because the lobbying is so much cheaper and so much more effective per dollar spent that it never ceases.
One of the good arguments that libertarians make is that we're so large as a nation, and that large governed groups mean that money spent lobbying and controlling government will sap away money that should have been directly invested in production.
On the post: No Matter Who Our Next President Is, They Won't Understand Technology
Re:
Which is predictable, and..um..is what happened.
If she were devious enough to deliberately use her own email to avoid FOI, then she would also be clever enough to never send or receive any message from any official account.
What you propose is like a cheating husband using his "burner" phone to call his wife to see if he should pick up milk.
On the post: No Matter Who Our Next President Is, They Won't Understand Technology
Thing Always Said
Is something often -and only- uttered by some jerk with a team of people doing and managing their email and communications for them.
He most certainly DOES "do email"...at least as much as he "builds hotels", in the sense that other people print them out, highlight the easy words, and reply on his behalf. His cluelessness is hardly a virtue.
On the post: Intellectual Property Fun: Is Comedy Central Claiming It Owns The Character Stephen Colbert?
Familiarity
He is mathematically as influenced by his brother as I am by the mid-fielder on my soccer team.
On the post: Will The FTC Investigate People & Companies Paid By Facebook To Use Facebook Live?
Payola
It always skirts the grey legal area, but is sleazy nonetheless.
On the post: Verizon Buys Yahoo In $4.8 Billion Attempt To Bore The Internet To Death
The Title Bout
Next >>