This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
... I see a lot of you arguing that The_Nybbler believes that giving an inch here is a bad idea because they think that a tiny regulation will directly kill innovation, while The_Nybbler is arguing that there's no particular reason for the regulators who introduced this legislation to stop at only implementing useful regulations that pass cost-benefit analysis, and that the other industries we see do seem to have vastly overreaching regulators, and so a naive cost-benefit analysis on a marginal regulation which does not factor in the likely-much-larger second-order effects is useless (though @The_Nybbler do correct me if I'm wrong about this, and you think introducing regulation would be bad even if the first-order effects of regulation were positive and there was some actually-credible way of ensuring that the scope of the regulation was strictly limited).
Honestly I think both of you could stand to focus a bit more on explaining your own positions and less on arguing against what you believe the other means, because as it stands it looks to me like a bunch of statements about what the other person believes, like "you argue that the first-order effects of the most defensible part of this regulation are bad, but you can't support that" / "well you want to turn software into an over-regulated morass similar to what aerospace / pharma / construction have become".
Quoting the examples:
Ok, fair enough, I can see why you would want to prevent users from accessing these particular secrets on the device they own (because, in a sense, they don't own this particular bit). Though I contend that the main "security" benefit of these is fear of being legally slapped around under CFAA.
Seems kinda pointless. If an attacker can read the flash storage on your door lock, presumably that means they've already managed to detach the door lock from your door, and can just enter your house. And if a remote attacker has the ability to read the flash storage because they have gained the ability to execute arbitrary code, they can presumably just directly send the outputs which unlock the door without mucking about with the secrets at all.
What's the threat model we're mitigating here, such that the benefit of mitigating that threat is worth the monetary and complexity cost of requiring an extra component on e.g. every single adjustable-color light bulb sold?
On examination, I misread, and you are correct about what the documents says.
That said, the correct reading then seems to be "users should not be able to debug, diagnose problems with, or repair their own devices which they have physical access to, and which they bought with their own money." That seems worse, not better. What's the threat model this is supposed to be defending against? Is this a good way of defending against this threat model?
In support of this interpretation:
https://www.themotte.org/post/995/culture-war-roundup-for-the-week/210060?context=8#context (whole thing)
https://www.themotte.org/post/995/culture-war-roundup-for-the-week/209894?context=8#context ("Maybe their little subculture will change.")
https://www.themotte.org/post/995/culture-war-roundup-for-the-week/209881?context=8#context ("coloring inside the lines")
Not once in there did I say anything about it becoming an over-regulated morass. You can change your culture enough to do the trivial fucking basics without becoming an over-regulated morass.
If your idea is to change the culture of tinkerers, then I must withdraw what I said about you, and conclude you're not interested in reasonable regulations at all, but rather are getting off on imposing your views on others / are seething that so many people have managed to escape you for so long.
Fair enough. If there is literally no way to change the culture to something that doesn't have trivially-hackable default passwords on billions of devices with anything other than unreasonable regulations, if this is honestly the dichotomy that you think exists in the world, then I guess I have to throw my lot in with the unreasonable regulations folks. But if you can come up with any plausible way to change the culture enough so that we don't have a spigot of trivially-hackable devices with default passwords on them, and your method is anything other than 'unreasonable regulation', I will jump to your side immediately. Nybbler has already committed to the claim that this is a complete impossibility, that the only options are "a culture that churns out trivially-hackable devices with default passwords" and "unreasonable regulations". Do you embrace this position, that those are the only two options?
The approach I outlined earlier, which you called reasonable, was to regulate mass produced end-user consumer goods, and let people who build stuff on their own, or otherwise are reasonably expected to know what they're getting into, have a large degree of freedom. There wasn't a word there about changing anyone's culture, in fact the whole approach is designed to let everyone keep their culture the way they like it.
I don't think it does, but I think the things you are saying here strongly imply that trivially hackable default passwords are just an excuse for you to destroy a culture you hate.
Nybbler would declare that this is, in fact, changing the culture of people who mass produce end-use consumer goods. That this is the only way, that we have to change their culture. If that is required, I am willing to do it. If you think that we can regulate them so that they don't churn out billions of trivially-hackable devices, without changing their culture, I'm fine with that. But they keep telling me that we can't do that! That we have to change their culture! That that's the only option!
Not at all. I love the 'tinkerer' culture. I love the innovation culture. I love the building new stuff culture. I love coding and coming up with interesting new shit, though my day job is more on the new math side and I'm having less time for coding lately. The culture that I dislike is the "we can keep pumping out trivially-hackable shit because it might be slightly boring to take the basic steps everyone knows and nobody's going to do anything about it" culture.
He's mistrustful of people who request minor reasonable regulations, for fear that they will stay neither. Given the history of law, culture, and social movements in his country, I think that's a largely justified fear. There's ways of having a productive conversation with people who have such fears, but you seem determined to strongly signal you are exactly the kind of person they shouldn't trust. For example:
Ok, in that case I'm out. If it's your way or the highway, and forcing change on a culture doesn't even phase you, I don't know how you can pretend to only want some reasonable regulations.
Tell me again why you were upset about being mischaracterized by Nybbler.
It is not "my way or the highway". Again, if you can come up with any other way to make it so that we don't have billions of trivially-hackable shit with default passwords, sign me up. But I keep getting told this is my only option! It's not even "my way"! It's the only option! That this is a fact about the universe! Nothing to do with me at all!
EDIT: Give me "your way"! Make it an option! If you can do so in a way that won't result in Nybber telling us that "your way" would break their culture, great! But he keeps telling me that you can't.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link