undefined | Better HN

0 points6DM9y ago0 comments

> And likewise, if someone sabotages your car or has a remote exploit for your computer, I find it hard to dish out blame.

> Not knowing better or being too busy is not an excuse to be a party to a DDoS attack.

I feel you contradicted yourself here. In one way you excuse it, but you also claim users should know better. When it comes to having a strong password, I feel this is where it's acceptable to place blame. When, for example, they went to their favorite website which has a malicious ad that takes advantage of the latest exploit. Can they really be blamed? Average end users expect their smart thermostat to give them capabilities advertised. Some can't even imagine that it's basically a small computer.

> that violate the contract you signed with your ISP

How many people really read these agreements? It's assumed that if your computer works it's in spec. Whatever arbitrary clause they came up with to allow them to legally track your every move is a different conversation.

I won't divulge into throwing analogies back and forth. I'll just say this, I know plenty of Dr's, people who are much smarter than me that don't know a thing about networking. They're running their own practice and stay concerned about being up to date and not getting sued. That's their job. Building software that is easy enough to use while keeping people secure is ours. There's no excuse, it's hard and it's yet another aspect programmers need to learn. But it rests on our shoulders.

0 comments

1 comments · 1 top-level

nickysielicki9y ago

Sorry for the late reply. I think I did contradict myself there. And I don't see any way I could fix that contradiction.

There might be a meaningful difference to me between a remote kernel hole versus using a default password, but for most people there is no difference there.

So you've changed my mind, to an extent. I don't think that we should "blame" them, but at the same time, if you entrust a large part of your life into computers and are not aware of the risks you're putting yourself in, I do think you deserve some blame for believing the advertising pitch without researching on your own-- and that kind of blame is relevant for everything, from cars to tablets to vacuum cleaners. I think doing your due diligence is relevant to any topic, and people who don't put it in will reap what they sow. But that blame is more superficial-- you shouldn't have to become a mechanic to buy your car and you don't have to be a programmer to buy an IP camera.