a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by kleinbl00

No. Not buyin' it. It's a ends-justify-means headfake that allows nerds to feel good about the schadenfreude they feel towards the people that pay their salaries for not wanting to know the intricacies of SSH or whatever and FUCK'EM.

There's this vision of slovenly, lazy manufacturers attempting to make a quick buck off of the poor, benighted, uneducated consumer (do you see how even you are dripping with condescension on this one?) without any thought to principles, ethics or good design practices when what actually happens is:

1) Nerds come up with a software package that does all sorts of cool shit

2) Manufacturers integrate that software package

3) Other nerds poke giant fucking holes in that software package causing real economic harm

4) Nerds on both sides come together to blame the manufacturers for using their software and the consumers for not understanding the undeniable superiority of nerds.

I've got 40-odd TB worth of Synology in the closet. It cost me multiple thousands of dollars and it does nothing sexy. It's a backup target for three different Time Machine instances, three Carbon Copy Cloner jobs and two instances of Macrium Reflect. It is literally a dumb linux RAID array, the second I've built, the first using Embedded bullshit and IDE back in 2000 when that shit was bleeding edge.

I built that 40-odd TB using Synology because if you ask the nerds, the nerds will say "if you want to set it and forget it, run Synology." Great. the non-hobbyist route, the "I'm willing to pay to do it right" approach that won out over the "I've got a spare DL380 I can sell you" method, required me to configure an NTP server via SSH in order to get my backups to work. So when you deliberately say "I want to do this right, I want to dot all the I's and cross the T's, you're still writing fucking shell commands.

And then Synolocker hits. And what's the advice of the nerds?

"Unplug it."

Yeah. Top professionals, competent everywhere, and whenever a threat comes out that they don't get to gloat about ahead of time, the response is hair-on-fire SHUT-IT-DOWN panic.

Okay, so you bring it back after three days of zero functionality and how do we nail it down to protect it from a vulnerability that existed when the damn thing was sold to you but nobody knew about it because reasons? Well, first compile this GNU repository...

And really, fuck 'em all. I can't think of a single client-side problem I have observed in the entire IT industry where the first instinct of everyone wasn't to slag on everybody who knew vaguely less than them. And you know what? Twice in my life I've had to load up a hard drive full of MP3s to replace the crashed music collections of friends who make their living supporting users but somehow don't have the common sense to back up terabytes of information. And you give them a stern look and they say "I know, I know, I should have backed up" but these are the same people that will berate someone for using one password across two websites.

There's no "but." Nerds giveth, nerds taketh away, and nerds thrash on everyone else for giving them the means to do so and fuck 'em.





goobster  ·  2769 days ago  ·  link  ·  

Ok. I see your point.

Now we are 10 years down the road. 2027.

None of these weak ass devices exist any more, because manufacturers have been forced to develop quality products that are secure and resilient. And that's just the way it is.

As recently as 5 years ago, we had to regularly restart our smartphones because they would crash or just stop working.

That was unacceptable, so manufacturers were forced to address the problem, and now I can't remember restarting my iPhone at all this year.

I'm not saying you are wrong, but there is a hint of the guy busting down the highway with no hands on the wheel of his Tesla, and getting decapitated by a truck the cars' vision systems didn't see. The user bears some responsibility here, but so does the manufacturer.

Maybe we need an "EnergyStar-compliant" rating system for "Internet Secure" standards?

I know I look for EnergyStar-rated appliances, and won't consider other models.

Maybe there is an opportunity for an IP Security standard...? (heck... that's how Elon made his first money.)

kleinbl00  ·  2769 days ago  ·  link  ·  

You're still proselytizing the Myth of the Black Hat, though. Greater good through mayhem. You're arguing that "inconvenience" is equivalent to "deliberate destruction of product" so long as things get better at some point but using that logic, I could make the argument that NSAIDs are safer now that Vioxx has killed somewhere this side of a half million people.

Maybe we need this. Maybe we need that. Maybe we need to make it so that the people who buy and install app-controlled gewgaws don't need six months of Khan Academy before they can figure out if they're contributing to a botnet. But there's nothing moral or commendable or admirable about fucking with people's shit because maybe someday their shit will be harder to fuck with. You're basically arguing that hood ornaments are an attractive nuisance and if you don't want your hood ornament stolen, you shouldn't buy a Mercedes.

And for fuck's sake, let's stop gloating over those poor benighted users with desktops full of icons as if it's their fault a coder three layers down left a backdoor in the build.