Jeffrey said:
For the average driver and net stumbler
A "net stumbler" is a slang/technical term that you have evidently
stumbled across, but failed to grok. It refers to a person who uses or
searches for WiFi gateways that have been left unsecured.
http://www.netstumbler.com/
Never mind:
there is no difference. They buy the car and assume the locks work as
advertised, or they add on "The Club" or some alarm system. They Buy
the PC with the OS installed and assume the security works as
advertised, or they add on a firewall, AV/AS software, etc. In
*NEITHER* case is the user anything of what you'd call a
"technition". They have no more clue about how their car locks and
alarms work than they do their network configuration. They insert
their keys or passwords, and drive away.
The analogy is perfect, you are incorrect.
No analogy is perfect, otherwise it wouldn't be an analogy; it would
simply be an account.
Anyway, the analogy is perfectly awful.
If the analogy were appropriate, then all computers (apart from those
designed in France, perhaps
would have consistent user-interfaces,
and it would be illegal to operate them on the internet without first
taking a test, and purchasing a licence and at least third-party
insurance. Net-cops would pull you over if you were hogging bandwidth or
under-taking (e.g. forging packets), and give you a ticket. You would be
required to submit your equipment for regular inspections by qualified
experts, and it would be illegal to operate it without an up-to-date
certificate of internet roadworthiness.
You are right in only one respect: computer manufacturers and buyers
alike treat computers as if they were consumer products, like cars (or
perhaps even electric kettles). This is a massive fraud that is
perpetrated by the industry (in which I work) on consumers. It is a
disgrace that the industry has failed to deliver to the market a
consumer-grade computing appliance, some 20 years after the introduction
of computers as retail products. It could have been done 15 years ago.
[Correction: you can now buy a webcam that has an ethernet port and a
TCP stack; and I think that is about as close as the industry has come
to delivering an internet appliance to the consumer market]
Only a decade or so ago, cars were machines that the average consumer
could reasonably expect to be able to learn to dismantle, repair and
reassemble himself. This is no longer possible; modern cars are equipped
with smart electronic components (read: computers) that are not
user-servicable. I learned the little I know about motor-car maintenance
on a Morris Minor - a machine on which the fuel-pump was so simple that
it could be dis-assembled into its constituents, and every part could in
principle be re-manufactured by an amateur (I think that pump had about
10 parts, including the screws).
Even If we stick to newer models, then cars are many orders of
magnitude less complex than computer systems. It is theoretically
possible to build a general-purpose digital programmable computer from
levers, cogs and wheels, and the like; but the resulting mechanism would
be overwhelmingly complicated, and it would also be delicate to the
point of being more-or-less unusable.
A piece of software such as an operating system is massively more
complex than the computer itself. I have heard educated, intelligent,
competent software technicians state that "computers are magic", meaning
that they are so complex that their behaviour is frequently inexplicable.
I forsee a future in which general-purpose computers (in the sense of
computers on which you can install arbitrary software) will no longer be
retail products; they will be purchased only by computer technicians.
Instead, consumers will buy a word-processor, or an accounting machine,
or a "internet device" that provides a browser and an email client.
These appliances will not need software patches or bug-fixes, because
they will be shipped with defect-free software. Such devices *will* be
analogous to cars - if a bug were found in such a computing appliance,
one would be entitled to return it to the manufacturer for repair,
exchange or refund.
Similarly, if one wanted an improved model of browser, one would have to
purchase it. What one chose to do with the old model would be a matter
of choice - one could, for example, give it to one's teenage child, when
they are learning to drive; or one could simply discard it. Upgrading
such devices would be an activity for enthusiasts and hobbyists - a bit
like customising cars. Such upgrades would, of course, violate the terms
of the warranty.
This is the opposite of the present situation, where software
manufacturers will refuse to even discuss support issues with their
customers, unless they are working with, at the earliest, the current
version less 1.
Infants don't steal cars. Criminals do. Infants don't crack into
computers and set up phishing scams either. That would those
criminals again.
Nor are infants charged by their parents with ther responsibility of
securing the home at night (at least not by responsible parents). My
references to "infants" was meant to denote the owners and lawful users
of the computers, i.e. Mr. and Mrs. Average. It is perfectly clear from
my previous post that I wasn't trying to refer to black-hat hackers as
"infants". Perhaps you got confused by the common usage of the term
"script-kiddie".
The only thing you're doing here is attacking the average user
because their software has holes, and you don't think they fit some
arbitrary standard of competence you've pulled out of thin air.
I'm *not* attacking the average user; I'm saying that computers are
*not* consumer appliances, and are *not* suited for use by the average
person, at least not on the public highway. At least, not yet.
Calling people who have their computers broken into "infants" can
bite you in the ass a couple different ways. First, you'll look like
a buffoon when someone cracks yours.
Even grown-ups can have motor accidents, or have their home broken into.
Driving is a complex task. Tea-leaves will figure out how to break even
the most sophisticated lock. Even network security consultants get
hacked. Perhaps you've never had a motor accident; if you have, you
probably felt like a buffoon, even if it was the other guy's fault.
But enabling untrained consumers to connect computers to the internet
should be a crime, rather like giving a five-year-old the keys to a car,
and telling them they can drive on the freeway.
When cars can drive themselves, and all you have to do is "dial" the
destination, then five-year-olds can in principle be given charge of a
motor car. Similarly, when computing equipment is safe for retail sale,
then Mr. and Mrs. Average can (reasonably-) safely be allowed to connect
their equipment to the internet. It still won't be possible to guarantee
their security, but their power to damage other road-users through
ignorance will be greatly mitigated.
Second, there's always someone out there whose competency is a bit
higher than yours, and you open yourself up to them suggesting you
remove your incompetent self from the internet "gene pool". And with
every justification as far as I'm concerned. What goes around, comes
around.
Well, as I've pointed out, the term "infant" wasn't intended to refer to
either a victim or a perpetrator of crime; it was meant as an analogy
for a person who is unfit to operate computing equipment on the
internet, whether that be due to age, stupidity, mental illness or lack
of training. I was comparing Mr. and Mrs. Average doing their surfing,
with an infant driving a car.
Argument by analogy usually fails, sooner or later, and it was you that
chose to argue from the comparison of computers with cars.
All of this probably makes it sound as if I'm against Joe Average being
allowed to use the internet. I'm not; the fact that Joe buys internet
services makes the ISP business a commodity business, and it makes it
cheap for me. I get very little spam in my inbox these days; I don't
fall for phishes or 419s, and I generally inspect incoming spam as
RFC2822 source, if I can be bothered at all.
