Pfft what kind of crazy un-'Mercun drizzle you spouting there? Any cost that has to be borne by others, or can be hidden on our next quarterly is a cost we can fully ignore in our quest for innovation and profit! Anything less is communism!
The problem with that is that users aren't capable of deciding. With gasoline, one liter is exactly the same as every other liter. You know where its coming from, you know where its going, and (blurring the details) you know how its getting from input to output and why.
None of that is true with packets. Every packet is different. Finding out what application generated any individual packet, determining the packet's destination (not just the destination IP but what's hiding behind that IP,) and knowing why its being sent are all rather difficult problems.
Even experts in the field have to spend a fair bit of time researching anytime they find something unexpected before they can claim its malicious. Assuming that every random grandma and CxO and twitter tween is capable of making those decisions (or even knows where/how to input their decisions) is unrealistic at best.
Reversing this is pretty much impossible. The only effective solution would be a government ban on privacy invasions like this, but since they're benefiting as much if not more than anyone else, they sure as heck won't make that sort of law.
And the companies definitely won't stop the practice voluntarily -- its way too profitable.
And "voting with your dollar" won't work either. When your only options are a range of companies that universally all engage in these practices, your dollar's vote isn't worth squat.
Your only option is to completely go offline -- no phone, no internet, no TV, no credit cards, no store loyalty cards, nothing. Hell probably not even electricity (smart meters and all.) But I'm pretty sure you won't manage to convince any significant number of people to effectively go back to living in the 1800s.
End-to-end encryption can help somewhat. At least AT&T wouldn't know the content of your messages, though they'd still know the source and destination. Onion routing can help that a bit as well -- then they'd only know the source.
But then you have to deal with the fact that half the software on your system these days sends information back to its creators, and its not just Windows 10 so "don't use Windows" isn't a fix-all there.
OK so you switch to all open-source software and verify for yourself that it's not doing any sort of call-home (and you manually verify and apply all security patches, right?) You _still_ have to deal with the fact almost all useful services require you to sign up and provide at least a minimum of potentially identifiable information.
And a subset of those will actually require that information in order to provide the service so you can't easily just fake it unless you want to be getting yourself a boatload of PO boxes and single-use credit cards.. but then that practice could be noted and tracked as well so you're still screwed.
Its not that hard. A quick Google will find you dozens of pages and Youtube videos showing you how to do it.
The hard part is trusting any of those rooting programs to not be malware themselves. Any time you're doing something that's against the rules (even if not actually illegal,) you'll find a boatload of shady people offering questionable solutions since most "legitimate" sources tend to avoid breaking the rules.
There's a difference between demanding compensation for a legitimate police request vs developing a spying system and actively trying to sell it to the police.
The first is not wanting to work for free, and entirely understandable.
The second is doing work they didn't even have to do based on some very very questionable practices. They could have chosen to just not do this. They wouldn't be "working for free" since _not_ doing something involves zero work.
That's easy enough to say. A lot harder to convince small businesses to swallow though, when those "business lines" generally cost 2-3x more for lower bandwidth and other common service metrics. You're basically paying for "your ToS doesn't prevent server programs, never mind the fact that we don't enforce that restriction anyway since its so broad as to be useless."
And I'm not convinced they still wouldn't mark you as a spammer when you send your statements.
Setting up your own email server is also a bit of a fool's game unless you're extremely competent with your email software, the DNS system, etc in order to avoid just being immediately shoved onto spamhaus and similar major blacklists -- a level of competence that your average small business owner definitely doesn't possess.
But really that was just one example.. and yes there's an obvious workaround -- pay for a third party mail server that's more forgiving -- but presumably if we were going to "quarantine" spammers then alternative email servers (including self-run ones!) would need to be outfitted with such utility in order to be globally effective.
Plus, unless spam filters can be trusted to have almost zero false positives, its just an unworkable plan in general. The amount of lost time and productivity would be immense with the amount of false positives you see on any modern spam filter. Add that up over the scale of the entire world (and you'd need to, otherwise real spammers would just move outside of the quarantined jurisdictions,) and things start looking really bad for this plan.
There's little need to have internet on your phone, or on your computer, or hell even own a computer. Or at least there didn't used to be.
But its just so damned useful! And there's a good chance that IoT will eventually be that as well.. if we ever get past the security-isn't-profitable and built-for-advertisers mentality that runs the 'net today.
Leads to a chicken and egg problem.. you can't sell those devices unless people have such a hub, and you can't sell such a hub until people have devices to go with it.
IP is cheap, easy and ubiquitous. There's little to no chance that manufacturers will opt into a more difficult path.
Not to mention the issue at hand included things like web cameras.. which by their very nature require IP access since that's what the web uses. Now you can definitely suggest that a default password on an open device is stupid, and can probably question why a web camera is _accepting_ connections at all.. maybe it had a legitimate reason for that maybe not i don't know the device in question, but what you can't really say is that it doesn't need internet access of some sort.
Now you're just talking crazy. How is your toaster supposed to suggest you enjoy a Starbucks coffee with your breakfast if it can't pull down from an ad server?
Except you then have to define "malicious" traffic. And you can bet that it would be defined as "bittorrent" rather than "botnet zombie." Because the former is easy and desired by people with lots of money, while the latter is very very hard and nobody cares more than a couple of times a year when a major site gets nuked and have forgotten about it by the following week.
That's not true. There could well be technical solutions and fundamentally, it is a technical problem.
For example if routing systems had a feedback mechanism so that any time things back up too much, a target system could tell the incoming routers "slow down and take some of the load from me," it could potentially spread the DDoS around, continually pushing it out until its balanced across the network, effectively rate-limiting access on a large scale.
Of course I'm just tossing that out off the top of my head.. I have no idea how practical it would be in the real world.. but there's nothing to say that technical solutions can't exist. In fact, technical solutions are about the only hope. You can't legislate manufacturers to essentially "create no bugs," because that's infeasible.
Likewise you can't just force consumers to replace (or even update) their devices any time a bug is found -- assuming that its found by an honest hacker before its used in an exploit, which is a big leap of faith in itself.
Now this particular case is a bit special -- having a standard default password on an internet-accessible anything is just dumb and something American manufacturers realized over a decade ago. But its also the kind of thing that they're unlikely to do twice so while it sucked for a day, its a rather small drop in the world of broken software (especially if they have the ability to force push an update that prevents future use of the flaw.. though I'm not sure they do or not and of course as noted above, we can't trust consumers to do it themselves.)
Yes and no. The license would typically indemnify them against you or I (as consumers of the product) from launching a suit (at least not directly..)
It doesn't stop Dyn or the US Govt from taking action though. They aren't party to the license agreement between me and the manufacturer. They're a completely distinct party that was damaged due to the manufacturer's failures, and have all the right in the world to seek compensation (though they're probably more interested in just seeking some guarantee of that not happening again in future at this point..)
By whom? And in what way? And what counts as "sending spam?"
Many of my customers get caught in their ISP' spam filters (to the point that they have to use third-party providers.) Why? Because they send out statements via email. That's it. No ads, no flyers, no unsolicited emails. Nothing else. Just the monthly statements. And apparently ISPs around here figure that if you happen to have 200 fully legitimate customers at the end of a month, you're a spammer and its really really hard to convince them to remove you from the list once you're on it (and then you get thrown back on next month no matter how many times they say they'll "update your file.")
I don't even want to imagine the lawsuits that would entail if they got their entire internet "quarantined" once a month due to 100% legitimate traffic.
Stupid peoples' money is just as good as anyone else', and whether you like it or not the internet primarily exists as a medium for monetary exchange these days, whether its direct purchases or ad streaming or begging for donations or anything else.
The "system" isn't usually the problem -- even Windows has kind of tried to sort out its DPI issues by now.
The problem is application software. Try running steam on even a 1920x1080 screen. The font is absolutely tiny and they don't provide any option for changing it (at least not that I've found.) And that's an enormously popular and profitable product made by a company with plenty of technical skills. They just don't care. And you can sure as hell bet that smaller companies without Valve's finances and technical talent behind them really really don't care.
Web sites have a little less ground to stand on since the browser handles much of the layout work for them, but even then it usually doesn't work right for more than a small range of screen sizes and DPI choices unless they do a bunch of extra work.
Technical solutions can be quickly changed and adapted to new methods
Not even close to true on any but the smallest scales. IPv6 still has barely a foothold after 20+ years. The article itself already suggests an ISP protocol that still hasn't been implemented after 12+ years.
We need something in the middle. Not true laws, but an organization along the lines of the FCC that can recommend solutions and has the power to pursue fines against companies that don't comply. Similar to laws in some ways but a) generally handled by a body more in tune with the technical issues, b) can be updated and/or revoked on a much faster timeline than true laws and c) are beholden more to stakeholders and relevant discussion rather than election cycles and partisan politics (not that those are ever too far out of reach when large, public organizations are involved.. but its at least a bit of separation.)
The FCC already does some regulation along those lines, and there's some voluntary industry standards as well.. but formalizing something (and perhaps using a fully new body rather than the FCC) geared toward security in particular might be of a benefit.
Adding regulatory compliance costs to a device like that actually favors domestic producers.
Uhhh no it doesn't -- at least not significantly. Unless they're so strict that they effectively ban imported products.
Your $200 unit price goes up to $202 say -- a 1% increase. That $3 import, even if it costs the same $2 for compliance is now all of $5. Your $197 margin may not buy you as many replacements at $5 but its still plenty enough to not care. And its even worse if the compliance is a percentage of price rather than flat.
The only things that will balance the equation are a) explicit trade tariffs, which of course China would fight tooth and nail. Or China's quality of life getting high enough (ie: their workers paid enough) to drive the cost of production up on their end. And I mean that will happen eventually -- you don't generate a large economy without the people getting at least a share of it. But whether that will be in 10 or 20 or 100 years is anyone's guess (and given America's choices for president right now, it may be the US economy crumbling to meet China's rather than the other way around..)
There's an enforcement issue there. Its kind of like current copyright laws -- yeah you can write them, but when there's millions upon millions of "perpetrators," how do you possibly make more than a small handful of them even aware that they're guilty never mind getting them to care enough to do something about it.
require Internet connected device and software vendors to provide complementary, opt-out, timely security updates for a minimum of X years after product withdrawal from sale
That sounds good and all, but is entirely unenforceable. Very few companies even have a guarantee of being in business in 5 years, never mind knowing whether or not they'll still have the talent and finances available to continue maintaining products that are generating little to no revenue -- and simultaneously taking that talent and money away from creating new, saleable products.
I mean you may as well equally say that consumers should be forced to purchase new products every 5 years. I mean at least that wouldn't completely kill innovation in the field. But its still not something anyone would ever agree to.
Maybe you could aim for a middle ground though. Force manufacturers to implement a "soft" kill that activates 5yr after each firmware release and if the user still has the device at that point, give them a nag screen once a week or month or something suggesting that their device is out of date and should be upgraded (if newer firmware exists than whatever they have installed) or replaced.
I mean its still a reasonably annoying burden on both the manufacturers and the users and nag screens necessarily would need to involve software on the interface PC (which could be hacked to remove the nag screen never mind the eternal alternative OS issues with software drivers,) but at least it doesn't require predicting the future.
It's still proportionally much less than Mac's market share so move along
That's not really something you can move along from. There's a critical mass issue involved. Both a critical mass of users and a critical mass of third-party software:
- Users: Nobody, including bad people, are going to intentionally choose a market that's only 10% of the total when its just as easy to target the other 90%. I don't know what the critical mass percentage is, but its definitely higher than 10%.
- Third-party software: I'm not going to try and claim that the Windows kernel is as secure as the BSD one, but even in Windows the vast majority of exploits are enabled via third-party software (well, and IE..) The bigger the Mac software library gets, the more targets there will be for finding back doors.
Now, for the moment at least, "less viruses" indeed is a valid reason to choose a Mac. But "less possible viruses" is something we can't possibly judge until/unless Mac starts breaking some of these critical points. Whether or not Apple will be able to avoid the cat and mouse game that Microsoft plays with the virus writers and other villians other remains to be seen.
I personally suspect that if Mac ever manages to get close to parity in the market, Apple will end up with just as much of a malware issue as Windows has. Because software is hard no matter how good your marketing department or how zealous your fanbois.
From my experience, Macs work great.. as long as you only ever want to do the things Steve Jobs thought you should want to do. Which admittedly, is a good fit for most non-techies that just want email and a web browser.
As soon as you try to break out of the mold though, things tend to take a nosedive very fast. Just try sorting your iTunes list by path/filename. Yeah no juice there. You use Apple's library system or you piss off. There's no third option.
Or Flash. Sure Flash might be terrible in many ways, but you _still_ can't access like half the video sites on the web from a mobile phone. Because Apple decided that breaking the web was a good tradeoff in order to boost their battery life marketing by 10%. I was super disappointed when Google followed suit on that one.
And of course, there's the age-old issue of lack of software for Macs. Definitely nowhere near as bad as it was 10 or 15 years ago, but you still don't have to go too far outside of the mainstream to find software that's Windows-only. A particular problem for gamers where its much more common to want to purchase and use a wide range of products.
Depends on your definition of "waste." Its definitely not constructive, but it must benefit us in some way since people everywhere have been spending energy on hating things that otherwise wouldn't affect them for basically all of recorded history.
Of course, it may be among those things that were handy back when we were running around dodging tigers and just hasn't had time to de-evolve now that we no longer need it so much in the modern world. Who knows.
There's a huge difference though: A microwave has exactly one function with usually less than 20 buttons, most of which "everybody" actually doesn't understand and just ignores.
A car again has a single purples with only two pedals, a wheel and a few levers and/or knobs. Again probably less than 20 controls, many of which are rarely if ever used by the majority of people.
A computer on the other hand has typically has at least a half a dozen _functions_ for any particular user, and often into the dozens of functions when you add up your email, browser, editor spreadsheet, music, etc etc etc. And each one of those functions frequently has dozens if not hundreds of controls or options.
Your typical modern computer, regardless of brand or hardware or whatever business you're in, can potentially be hundreds of times more complex than a car or a microwave, just from a very high level "count the things you do with it" perspective.. never mind getting into the details!
Add in all of the background processes that most people don't even know exist never mind what they do, unexpected software bugs (especially the non-repeatable ones that just happen "sometimes",) intentionally malicious software, weak power lines/UPS' that can cause all sorts of random issues, drives and/or memory that "mostly" works but mucks up a byte here and there and so on and so on.
Remember, most people can't change their own oil in that car. That kind of kills your analogy. Its frankly simply amazing that we don't have _more_ issues among the computer illiterate given the complexity involved.
This will be the most obstructionist do nothing Congress ever iff Trump wins.
Agreed. Which is why I hope he wins. I have a feeling Clinton will get stuff done, and a lot of it won't be for the good. An ineffective government is still (slightly) better than an aggressively evil one IMO.
100 handwritten letters is viewed as far more valuable that 100 emails
Sure, but its not necessarily more valuable than 10,000 emails. Or 100,000. Scale is important.
Sharing your opinion in a letter/email/etc removes no politician from office, so they are largely irrelevant to politicians
That's an extremely pessimistic view. That assumes that politicians do absolutely nothing beyond sit on their thumbs for 3 out of 4 years. The issues that won't get them removed from office are actually more likely to get noticed during non-election years as its far less likely to bite them in the ass down the road than hot topics.
politicians know it is meaningly
A decent politician knows that they're representing all of the people in their jurisdiction, not just the ones that voted for them. Obviously when they're gearing up for an election they're going to target their core audience but again, for the rest of the time they actually have a job to do and its pretty pessimistic to assume they just aren't bothering to do it.
All they do, if anything, is give a politician heads up on an issue they need to manage opinion on, or distract from
Or you know, take action on. Write up a bill. Request a more scientific survey. Whatever else might be needed.
I don't know what world you're living it but you seem to think that the government does nothing at all other than run election campaigns. That's just not reality. These people have a job to do and sure, they might not always do it the way you want them to but they ARE doing it for at least 2 and often closer to 3 out of every 4 years.
Sure if your letter comes stapled to a $1000 check it will likely get a bit more consideration, but normal letters get read too. Every politician will have an aid (or 2 or 3 or 10) that does nothing but read letters all day and while they're certainly not bringing every single one up to the attention of the politician, if they start seeing the same issue being discussed over and over again by multiple letter writers, it will get noticed and perhaps at least discussed even if nothing comes of it in the long run.
Think of it like a log file. If you see one Russian IP address some day, you'll think nothing of it. If you see 100 that day you might raise an eyebrow. If you see 100000 you're simply going to have to take action, even if that action is "ehhh they tried but it didn't work so whatever" -- you at least looked into it enough to make the decision that no further action was required.
Voting is essentially meaningless these days on a national scale. There's just far too many people (making individual votes almost insignificant) and you have to cover far too many issues with a single 2-option choice for it to have any significant impact on the country (both of which are practically identical these days, and half the claims they make fall through anyway even when they aren't outright lies.)
Its during the non-election times where we should be focusing our efforts if we want to see real change on specific issues. When politicians are doing politics rather than glorified sales pitches.
Slashdot Mirror
Pfft what kind of crazy un-'Mercun drizzle you spouting there? Any cost that has to be borne by others, or can be hidden on our next quarterly is a cost we can fully ignore in our quest for innovation and profit! Anything less is communism!
The problem with that is that users aren't capable of deciding. With gasoline, one liter is exactly the same as every other liter. You know where its coming from, you know where its going, and (blurring the details) you know how its getting from input to output and why.
None of that is true with packets. Every packet is different. Finding out what application generated any individual packet, determining the packet's destination (not just the destination IP but what's hiding behind that IP,) and knowing why its being sent are all rather difficult problems.
Even experts in the field have to spend a fair bit of time researching anytime they find something unexpected before they can claim its malicious. Assuming that every random grandma and CxO and twitter tween is capable of making those decisions (or even knows where/how to input their decisions) is unrealistic at best.
Reversing this is pretty much impossible. The only effective solution would be a government ban on privacy invasions like this, but since they're benefiting as much if not more than anyone else, they sure as heck won't make that sort of law.
And the companies definitely won't stop the practice voluntarily -- its way too profitable.
And "voting with your dollar" won't work either. When your only options are a range of companies that universally all engage in these practices, your dollar's vote isn't worth squat.
Your only option is to completely go offline -- no phone, no internet, no TV, no credit cards, no store loyalty cards, nothing. Hell probably not even electricity (smart meters and all.) But I'm pretty sure you won't manage to convince any significant number of people to effectively go back to living in the 1800s.
End-to-end encryption can help somewhat. At least AT&T wouldn't know the content of your messages, though they'd still know the source and destination. Onion routing can help that a bit as well -- then they'd only know the source.
But then you have to deal with the fact that half the software on your system these days sends information back to its creators, and its not just Windows 10 so "don't use Windows" isn't a fix-all there.
OK so you switch to all open-source software and verify for yourself that it's not doing any sort of call-home (and you manually verify and apply all security patches, right?) You _still_ have to deal with the fact almost all useful services require you to sign up and provide at least a minimum of potentially identifiable information.
And a subset of those will actually require that information in order to provide the service so you can't easily just fake it unless you want to be getting yourself a boatload of PO boxes and single-use credit cards.. but then that practice could be noted and tracked as well so you're still screwed.
Its not that hard. A quick Google will find you dozens of pages and Youtube videos showing you how to do it.
The hard part is trusting any of those rooting programs to not be malware themselves. Any time you're doing something that's against the rules (even if not actually illegal,) you'll find a boatload of shady people offering questionable solutions since most "legitimate" sources tend to avoid breaking the rules.
There's a difference between demanding compensation for a legitimate police request vs developing a spying system and actively trying to sell it to the police.
The first is not wanting to work for free, and entirely understandable.
The second is doing work they didn't even have to do based on some very very questionable practices. They could have chosen to just not do this. They wouldn't be "working for free" since _not_ doing something involves zero work.
That's easy enough to say. A lot harder to convince small businesses to swallow though, when those "business lines" generally cost 2-3x more for lower bandwidth and other common service metrics. You're basically paying for "your ToS doesn't prevent server programs, never mind the fact that we don't enforce that restriction anyway since its so broad as to be useless."
And I'm not convinced they still wouldn't mark you as a spammer when you send your statements.
Setting up your own email server is also a bit of a fool's game unless you're extremely competent with your email software, the DNS system, etc in order to avoid just being immediately shoved onto spamhaus and similar major blacklists -- a level of competence that your average small business owner definitely doesn't possess.
But really that was just one example.. and yes there's an obvious workaround -- pay for a third party mail server that's more forgiving -- but presumably if we were going to "quarantine" spammers then alternative email servers (including self-run ones!) would need to be outfitted with such utility in order to be globally effective.
Plus, unless spam filters can be trusted to have almost zero false positives, its just an unworkable plan in general. The amount of lost time and productivity would be immense with the amount of false positives you see on any modern spam filter. Add that up over the scale of the entire world (and you'd need to, otherwise real spammers would just move outside of the quarantined jurisdictions,) and things start looking really bad for this plan.
There's little need to have internet on your phone, or on your computer, or hell even own a computer. Or at least there didn't used to be.
But its just so damned useful! And there's a good chance that IoT will eventually be that as well.. if we ever get past the security-isn't-profitable and built-for-advertisers mentality that runs the 'net today.
Leads to a chicken and egg problem.. you can't sell those devices unless people have such a hub, and you can't sell such a hub until people have devices to go with it.
IP is cheap, easy and ubiquitous. There's little to no chance that manufacturers will opt into a more difficult path.
Not to mention the issue at hand included things like web cameras.. which by their very nature require IP access since that's what the web uses. Now you can definitely suggest that a default password on an open device is stupid, and can probably question why a web camera is _accepting_ connections at all.. maybe it had a legitimate reason for that maybe not i don't know the device in question, but what you can't really say is that it doesn't need internet access of some sort.
Now you're just talking crazy. How is your toaster supposed to suggest you enjoy a Starbucks coffee with your breakfast if it can't pull down from an ad server?
Except you then have to define "malicious" traffic. And you can bet that it would be defined as "bittorrent" rather than "botnet zombie." Because the former is easy and desired by people with lots of money, while the latter is very very hard and nobody cares more than a couple of times a year when a major site gets nuked and have forgotten about it by the following week.
That's not true. There could well be technical solutions and fundamentally, it is a technical problem.
For example if routing systems had a feedback mechanism so that any time things back up too much, a target system could tell the incoming routers "slow down and take some of the load from me," it could potentially spread the DDoS around, continually pushing it out until its balanced across the network, effectively rate-limiting access on a large scale.
Of course I'm just tossing that out off the top of my head.. I have no idea how practical it would be in the real world.. but there's nothing to say that technical solutions can't exist. In fact, technical solutions are about the only hope. You can't legislate manufacturers to essentially "create no bugs," because that's infeasible.
Likewise you can't just force consumers to replace (or even update) their devices any time a bug is found -- assuming that its found by an honest hacker before its used in an exploit, which is a big leap of faith in itself.
Now this particular case is a bit special -- having a standard default password on an internet-accessible anything is just dumb and something American manufacturers realized over a decade ago. But its also the kind of thing that they're unlikely to do twice so while it sucked for a day, its a rather small drop in the world of broken software (especially if they have the ability to force push an update that prevents future use of the flaw.. though I'm not sure they do or not and of course as noted above, we can't trust consumers to do it themselves.)
Yes and no. The license would typically indemnify them against you or I (as consumers of the product) from launching a suit (at least not directly..)
It doesn't stop Dyn or the US Govt from taking action though. They aren't party to the license agreement between me and the manufacturer. They're a completely distinct party that was damaged due to the manufacturer's failures, and have all the right in the world to seek compensation (though they're probably more interested in just seeking some guarantee of that not happening again in future at this point..)
By whom? And in what way? And what counts as "sending spam?"
Many of my customers get caught in their ISP' spam filters (to the point that they have to use third-party providers.) Why? Because they send out statements via email. That's it. No ads, no flyers, no unsolicited emails. Nothing else. Just the monthly statements. And apparently ISPs around here figure that if you happen to have 200 fully legitimate customers at the end of a month, you're a spammer and its really really hard to convince them to remove you from the list once you're on it (and then you get thrown back on next month no matter how many times they say they'll "update your file.")
I don't even want to imagine the lawsuits that would entail if they got their entire internet "quarantined" once a month due to 100% legitimate traffic.
Stupid peoples' money is just as good as anyone else', and whether you like it or not the internet primarily exists as a medium for monetary exchange these days, whether its direct purchases or ad streaming or begging for donations or anything else.
The "system" isn't usually the problem -- even Windows has kind of tried to sort out its DPI issues by now.
The problem is application software. Try running steam on even a 1920x1080 screen. The font is absolutely tiny and they don't provide any option for changing it (at least not that I've found.) And that's an enormously popular and profitable product made by a company with plenty of technical skills. They just don't care. And you can sure as hell bet that smaller companies without Valve's finances and technical talent behind them really really don't care.
Web sites have a little less ground to stand on since the browser handles much of the layout work for them, but even then it usually doesn't work right for more than a small range of screen sizes and DPI choices unless they do a bunch of extra work.
Technical solutions can be quickly changed and adapted to new methods
Not even close to true on any but the smallest scales. IPv6 still has barely a foothold after 20+ years. The article itself already suggests an ISP protocol that still hasn't been implemented after 12+ years.
We need something in the middle. Not true laws, but an organization along the lines of the FCC that can recommend solutions and has the power to pursue fines against companies that don't comply. Similar to laws in some ways but
a) generally handled by a body more in tune with the technical issues,
b) can be updated and/or revoked on a much faster timeline than true laws and
c) are beholden more to stakeholders and relevant discussion rather than election cycles and partisan politics (not that those are ever too far out of reach when large, public organizations are involved.. but its at least a bit of separation.)
The FCC already does some regulation along those lines, and there's some voluntary industry standards as well.. but formalizing something (and perhaps using a fully new body rather than the FCC) geared toward security in particular might be of a benefit.
Adding regulatory compliance costs to a device like that actually favors domestic producers.
Uhhh no it doesn't -- at least not significantly. Unless they're so strict that they effectively ban imported products.
Your $200 unit price goes up to $202 say -- a 1% increase. That $3 import, even if it costs the same $2 for compliance is now all of $5. Your $197 margin may not buy you as many replacements at $5 but its still plenty enough to not care. And its even worse if the compliance is a percentage of price rather than flat.
The only things that will balance the equation are a) explicit trade tariffs, which of course China would fight tooth and nail. Or China's quality of life getting high enough (ie: their workers paid enough) to drive the cost of production up on their end. And I mean that will happen eventually -- you don't generate a large economy without the people getting at least a share of it. But whether that will be in 10 or 20 or 100 years is anyone's guess (and given America's choices for president right now, it may be the US economy crumbling to meet China's rather than the other way around..)
There's an enforcement issue there. Its kind of like current copyright laws -- yeah you can write them, but when there's millions upon millions of "perpetrators," how do you possibly make more than a small handful of them even aware that they're guilty never mind getting them to care enough to do something about it.
require Internet connected device and software vendors to provide complementary, opt-out, timely security updates for a minimum of X years after product withdrawal from sale
That sounds good and all, but is entirely unenforceable. Very few companies even have a guarantee of being in business in 5 years, never mind knowing whether or not they'll still have the talent and finances available to continue maintaining products that are generating little to no revenue -- and simultaneously taking that talent and money away from creating new, saleable products.
I mean you may as well equally say that consumers should be forced to purchase new products every 5 years. I mean at least that wouldn't completely kill innovation in the field. But its still not something anyone would ever agree to.
Maybe you could aim for a middle ground though. Force manufacturers to implement a "soft" kill that activates 5yr after each firmware release and if the user still has the device at that point, give them a nag screen once a week or month or something suggesting that their device is out of date and should be upgraded (if newer firmware exists than whatever they have installed) or replaced.
I mean its still a reasonably annoying burden on both the manufacturers and the users and nag screens necessarily would need to involve software on the interface PC (which could be hacked to remove the nag screen never mind the eternal alternative OS issues with software drivers,) but at least it doesn't require predicting the future.
It's still proportionally much less than Mac's market share so move along
That's not really something you can move along from. There's a critical mass issue involved. Both a critical mass of users and a critical mass of third-party software:
- Users: Nobody, including bad people, are going to intentionally choose a market that's only 10% of the total when its just as easy to target the other 90%. I don't know what the critical mass percentage is, but its definitely higher than 10%.
- Third-party software: I'm not going to try and claim that the Windows kernel is as secure as the BSD one, but even in Windows the vast majority of exploits are enabled via third-party software (well, and IE..) The bigger the Mac software library gets, the more targets there will be for finding back doors.
Now, for the moment at least, "less viruses" indeed is a valid reason to choose a Mac. But "less possible viruses" is something we can't possibly judge until/unless Mac starts breaking some of these critical points. Whether or not Apple will be able to avoid the cat and mouse game that Microsoft plays with the virus writers and other villians other remains to be seen.
I personally suspect that if Mac ever manages to get close to parity in the market, Apple will end up with just as much of a malware issue as Windows has. Because software is hard no matter how good your marketing department or how zealous your fanbois.
From my experience, Macs work great .. as long as you only ever want to do the things Steve Jobs thought you should want to do. Which admittedly, is a good fit for most non-techies that just want email and a web browser.
As soon as you try to break out of the mold though, things tend to take a nosedive very fast. Just try sorting your iTunes list by path/filename. Yeah no juice there. You use Apple's library system or you piss off. There's no third option.
Or Flash. Sure Flash might be terrible in many ways, but you _still_ can't access like half the video sites on the web from a mobile phone. Because Apple decided that breaking the web was a good tradeoff in order to boost their battery life marketing by 10%. I was super disappointed when Google followed suit on that one.
And of course, there's the age-old issue of lack of software for Macs. Definitely nowhere near as bad as it was 10 or 15 years ago, but you still don't have to go too far outside of the mainstream to find software that's Windows-only. A particular problem for gamers where its much more common to want to purchase and use a wide range of products.
Depends on your definition of "waste." Its definitely not constructive, but it must benefit us in some way since people everywhere have been spending energy on hating things that otherwise wouldn't affect them for basically all of recorded history.
Of course, it may be among those things that were handy back when we were running around dodging tigers and just hasn't had time to de-evolve now that we no longer need it so much in the modern world. Who knows.
"A single purples" A wild Lulu appears!
There's a huge difference though: A microwave has exactly one function with usually less than 20 buttons, most of which "everybody" actually doesn't understand and just ignores.
A car again has a single purples with only two pedals, a wheel and a few levers and/or knobs. Again probably less than 20 controls, many of which are rarely if ever used by the majority of people.
A computer on the other hand has typically has at least a half a dozen _functions_ for any particular user, and often into the dozens of functions when you add up your email, browser, editor spreadsheet, music, etc etc etc. And each one of those functions frequently has dozens if not hundreds of controls or options.
Your typical modern computer, regardless of brand or hardware or whatever business you're in, can potentially be hundreds of times more complex than a car or a microwave, just from a very high level "count the things you do with it" perspective.. never mind getting into the details!
Add in all of the background processes that most people don't even know exist never mind what they do, unexpected software bugs (especially the non-repeatable ones that just happen "sometimes",) intentionally malicious software, weak power lines/UPS' that can cause all sorts of random issues, drives and/or memory that "mostly" works but mucks up a byte here and there and so on and so on.
Remember, most people can't change their own oil in that car. That kind of kills your analogy. Its frankly simply amazing that we don't have _more_ issues among the computer illiterate given the complexity involved.
This will be the most obstructionist do nothing Congress ever iff Trump wins.
Agreed. Which is why I hope he wins. I have a feeling Clinton will get stuff done, and a lot of it won't be for the good. An ineffective government is still (slightly) better than an aggressively evil one IMO.
100 handwritten letters is viewed as far more valuable that 100 emails
Sure, but its not necessarily more valuable than 10,000 emails. Or 100,000. Scale is important.
Sharing your opinion in a letter/email/etc removes no politician from office, so they are largely irrelevant to politicians
That's an extremely pessimistic view. That assumes that politicians do absolutely nothing beyond sit on their thumbs for 3 out of 4 years. The issues that won't get them removed from office are actually more likely to get noticed during non-election years as its far less likely to bite them in the ass down the road than hot topics.
politicians know it is meaningly
A decent politician knows that they're representing all of the people in their jurisdiction, not just the ones that voted for them. Obviously when they're gearing up for an election they're going to target their core audience but again, for the rest of the time they actually have a job to do and its pretty pessimistic to assume they just aren't bothering to do it.
All they do, if anything, is give a politician heads up on an issue they need to manage opinion on, or distract from
Or you know, take action on. Write up a bill. Request a more scientific survey. Whatever else might be needed.
I don't know what world you're living it but you seem to think that the government does nothing at all other than run election campaigns. That's just not reality. These people have a job to do and sure, they might not always do it the way you want them to but they ARE doing it for at least 2 and often closer to 3 out of every 4 years.
Sure if your letter comes stapled to a $1000 check it will likely get a bit more consideration, but normal letters get read too. Every politician will have an aid (or 2 or 3 or 10) that does nothing but read letters all day and while they're certainly not bringing every single one up to the attention of the politician, if they start seeing the same issue being discussed over and over again by multiple letter writers, it will get noticed and perhaps at least discussed even if nothing comes of it in the long run.
Think of it like a log file. If you see one Russian IP address some day, you'll think nothing of it. If you see 100 that day you might raise an eyebrow. If you see 100000 you're simply going to have to take action, even if that action is "ehhh they tried but it didn't work so whatever" -- you at least looked into it enough to make the decision that no further action was required.
Voting is essentially meaningless these days on a national scale. There's just far too many people (making individual votes almost insignificant) and you have to cover far too many issues with a single 2-option choice for it to have any significant impact on the country (both of which are practically identical these days, and half the claims they make fall through anyway even when they aren't outright lies.)
Its during the non-election times where we should be focusing our efforts if we want to see real change on specific issues. When politicians are doing politics rather than glorified sales pitches.