> However, if it is a very wide spread problem then they will eventually install a light on your dash to notify you to change your oil. My wife's car currently does this. Since this is the first car she's ever owned, it's good because I don't think she would have known. We also have check engine lights and indicators for when a turn signal light bulb stops working. New cars even keep track of things like tire pressure.
This is getting off subject, but I'm of the opinion that this trend is primarily motivated by locking people into a dealer for maintenance, not helping people maintain their vehicles. For example, I think BMW dealers are the only ones who have the ability to calibrate tire pressure sensors on bimmers, and some new cars are abandoning OBD-II ports.
> My argument is in the similar vein of those who aren't physically fit to win a fist fight. Doesn't mean they deserve to pushed around, robbed or beaten just because I'm stronger and a better fighter.
I don't think it's fair to compare these things. Of course no one deserves to be assaulted. And likewise, if someone sabotages your car or has a remote exploit for your computer, I find it hard to dish out blame. But beyond this, I think the only person who could possibly be responsible for the condition of their possessions is the owner, and I don't see why computers should be any different. Not knowing better or being too busy is not an excuse to be a party to a DDoS attack.
You bought this computer, you plugged it in, and it was setup in a way where it was able to receive signals that made it send out signals that violate the contract you signed with your ISP and violate the laws that your representatives passed. "I didn't know" isn't an excuse in any other comparable situation. Just because computers are hard doesn't mean we should rework our entire legal framework. We shouldn't codify into law the idea that some subjects are obvious and should be enforced consistently, while some are beyond understanding (for most, for now), and ignorance is a viable excuse. It will inevitably become outdated.
I'm held responsible if I have an old car rusting away in my backyard and it pollutes my neighbors well-water. And sure, it's harder to claim ignorance about a rusty car than it is to claim ignorance about a misconfigured computer, but I think the law has to be impartial about that.
> And likewise, if someone sabotages your car or has a remote exploit for your computer, I find it hard to dish out blame.
> Not knowing better or being too busy is not an excuse to be a party to a DDoS attack.
I feel you contradicted yourself here. In one way you excuse it, but you also claim users should know better. When it comes to having a strong password, I feel this is where it's acceptable to place blame. When, for example, they went to their favorite website which has a malicious ad that takes advantage of the latest exploit. Can they really be blamed? Average end users expect their smart thermostat to give them capabilities advertised. Some can't even imagine that it's basically a small computer.
> that violate the contract you signed with your ISP
How many people really read these agreements? It's assumed that if your computer works it's in spec. Whatever arbitrary clause they came up with to allow them to legally track your every move is a different conversation.
I won't divulge into throwing analogies back and forth. I'll just say this, I know plenty of Dr's, people who are much smarter than me that don't know a thing about networking. They're running their own practice and stay concerned about being up to date and not getting sued. That's their job. Building software that is easy enough to use while keeping people secure is ours. There's no excuse, it's hard and it's yet another aspect programmers need to learn. But it rests on our shoulders.
Sorry for the late reply. I think I did contradict myself there. And I don't see any way I could fix that contradiction.
There might be a meaningful difference to me between a remote kernel hole versus using a default password, but for most people there is no difference there.
So you've changed my mind, to an extent. I don't think that we should "blame" them, but at the same time, if you entrust a large part of your life into computers and are not aware of the risks you're putting yourself in, I do think you deserve some blame for believing the advertising pitch without researching on your own-- and that kind of blame is relevant for everything, from cars to tablets to vacuum cleaners. I think doing your due diligence is relevant to any topic, and people who don't put it in will reap what they sow. But that blame is more superficial-- you shouldn't have to become a mechanic to buy your car and you don't have to be a programmer to buy an IP camera.
This is getting off subject, but I'm of the opinion that this trend is primarily motivated by locking people into a dealer for maintenance, not helping people maintain their vehicles. For example, I think BMW dealers are the only ones who have the ability to calibrate tire pressure sensors on bimmers, and some new cars are abandoning OBD-II ports.
http://www.roadandtrack.com/car-culture/a30505/new-car-servi...
> My argument is in the similar vein of those who aren't physically fit to win a fist fight. Doesn't mean they deserve to pushed around, robbed or beaten just because I'm stronger and a better fighter.
I don't think it's fair to compare these things. Of course no one deserves to be assaulted. And likewise, if someone sabotages your car or has a remote exploit for your computer, I find it hard to dish out blame. But beyond this, I think the only person who could possibly be responsible for the condition of their possessions is the owner, and I don't see why computers should be any different. Not knowing better or being too busy is not an excuse to be a party to a DDoS attack.
You bought this computer, you plugged it in, and it was setup in a way where it was able to receive signals that made it send out signals that violate the contract you signed with your ISP and violate the laws that your representatives passed. "I didn't know" isn't an excuse in any other comparable situation. Just because computers are hard doesn't mean we should rework our entire legal framework. We shouldn't codify into law the idea that some subjects are obvious and should be enforced consistently, while some are beyond understanding (for most, for now), and ignorance is a viable excuse. It will inevitably become outdated.
I'm held responsible if I have an old car rusting away in my backyard and it pollutes my neighbors well-water. And sure, it's harder to claim ignorance about a rusty car than it is to claim ignorance about a misconfigured computer, but I think the law has to be impartial about that.