I think you answer your own questions, right? The reason for people's (false) expectations regarding computers like set top boxes or webcams is _because_ of your latter argument. If the goal is a "clear security model", then when I install a webcam on my TV, I expect a clear security model, not sporadic hack attempts by script kiddies or anonymous internet mappers.
Your advocacy of engineering is what provides the false/misplaced confidence of the average Joe. Personally, I think we should stop trying to convince average Joes that there exist white hat engineers who spend their time looking out for us. Instead, we should tell the average Joe that these devices are _fun_ and anytime you bring a fun device to a party, there will be at least one or two yahoos at the party who will use it in a way you cannot predict. Similarly, if someone else brings a device to a party, you are _obligated_ to abuse that device in some way befitting your personality. If they didn't want their device abused, they should have left it at home, preferably turned off, in their safe ... or better yet, smash it with a hammer and stop buying fun devices. Marcus G. Daniels wrote at 05/01/2013 08:39 PM: > What is good or bad? If someone installs an internet webcam without a > password, why would they expect internet users not to reach that > webcam? If someone installs a set-top box to a cable TV coax, do they > seriously not expect that their viewing habits won't be recordable? > > Immunity to the "bad" first has to determine that something can even be > defined to be bad. When a person shops at a mall, do they expect to be > anonymous? If so, I hope they wear dark glasses and a trench coat! Or > if they go to a favorite restaurant and the waiter asks "The usual?" > should they be alarmed? What's the general "immunity" here? > Choosing to be conversational or aloof is personality trait, not a > universal. If the waiter doesn't ask a second time, that's a choice of > the waiter, presumably a function of the model they've inferred of their > patron's behavior. > > In so far as computing environments, or operating systems, are > concerned, I think the goal should be to state a clear security model > and implement it correctly. I think these "evolutionary" layers are > just a way of saying, "Golly, we just don't understand what we want or > how to implement it." > > If the goal is to have a open negotiation process between all kinds of > agents over scheduling, that's a novel use case for connected devices. > But I'd say most people aren't interested in facilitating computational > internet terrariums (though that would be neat). That there exist > botnets is just to say there exist exploitable bugs, and that users have > a poor understanding of what they expect -- that there exist careless > and irresponsible people. -- glen e. p. ropella, 971-255-2847, http://tempusdictum.com In all affairs it's a healthy thing now and then to hang a question mark on the things you have long taken for granted. -- Bertrand Russell ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
