• demesisx@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    ·
    10 months ago

    I’m not trying to get the last word, I swear! 🤣

    Go back to my bridge analogy and test that against what you just said.

    Your comment equates to: “oh well, that bridge falling killed thousands of people. At least we were able to allow them to fail in the crucible of the free market!”

    • eltimablo@kbin.social
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      10 months ago

      Your bridge analogy falls apart because there already are standards (FIPS, among others) that are shockingly insecure despite having been updated relatively recently, and yet we still have breaches. If the standards were effective, places like AmerisourceBergen, the country’s largest pharmaceutical distributor, wouldn’t be supplementing them with additional safeguards. No standard is going to work perfectly, or even particularly well, for everyone. Bridges still fall down.

      EDIT: Alternatively, there would need to be a provision that allows companies to sue the government if they get breached while following their standards, since it was the government that said they were safe.

      • demesisx@infosec.pub
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        Anyone who says, “think of the corporations” before they think of the people being PERMANENTLY compromised is a lost soul indeed. You are blaming the inadequacy of standards rather than the demagogues working for the corporations that enabled these lax standards. Of course there are going to be 0 day exploits that no one could protect for but that is a red herring. That’s something that could easily come out and be considered when that company is brought in front of a civil court to decide the fines, obviously!

        I think we’re too dissimilar for this conversation to bear any fruit. Thanks for the well constructed devil’s advocate stance but you certainly haven’t convinced me.

        • eltimablo@kbin.social
          link
          fedilink
          arrow-up
          2
          ·
          10 months ago

          When you say “corporations,” it seems like you’re exclusively counting companies like Google, Meta, etc, whereas I’m also including the mom and pop, 15-person operations that would be impacted by the same regulations you suggest. Those underdogs are the ones I want to protect, since they’re the only chance the world has at dethroning the incumbents and ensuring that the big guys don’t outlive their usefulness.

          • demesisx@infosec.pub
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            10 months ago

            I’m not.

            And what I proposed (see my revised original comment) actually protects those companies because it takes into account:

            • the amount of users infected
            • the general standards that were or were not followed by that theoretical startup rag tag team of hacks which would help paint a picture for regulators of the severity of the violation and codifying the ever-evolving concept of what is “reasonably secure”.
            • the market cap of said theoretical hacked corporation.
            • eltimablo@kbin.social
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              10 months ago

              See, I figure all of those things would be accounted for in whatever civil suit gets brought against the company. Frankly, I think that’s much more fair to companies both big and small because it involves a group of people working together to figure how much of a fine to levy in each individual instance, rather than having a blanket policy that may or may not account for edge cases. If the company is huge and the fuckup egregious, then the jury is (theoretically) going to throw the book at them.

              At the very least, I’d want a jury in between the company and whichever government body is fining them, because regulatory bodies are prime targets for corporate shills to take over and it’s harder for that to run rampant if you have a bunch of regular jackoffs acting as gatekeepers.

              There’s also the issue of ongoing compliance for small companies. Cybersecurity engineers are not cheap, and being all but required by law to employ one could (1) drive small companies out of business (180k a year may be cheap for Facebook, but it’s definitely not for Joe Buttsniffer and Sons Catering), and (2) cause market saturation so bad that the average salary makes nobody want to do the job anymore.

              • demesisx@infosec.pub
                link
                fedilink
                English
                arrow-up
                2
                ·
                10 months ago

                Agreed. Corporate regulatory capture was a 100% success in the United States. It has been that way since at least Reagan. It always comes back to government corruption and what I see in these kinds of civil suits against corporations that were breached is a gentle slap (actually more of a caress!) on the wrist (and a wink and a nod when the cameras turn off) between the demagogues and the corporations that own them.

                • eltimablo@kbin.social
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  10 months ago

                  Yeah it really comes back to “fines are only for poor people.” Google can just count the fines as the cost of doing business while simultaneously leveraging their dominance to force other companies to break regulations in order to work with them.

                  • demesisx@infosec.pub
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    10 months ago

                    It’s VERY similar to how we (in the US) allow Congress to decide the rules that THEY THEMSELVES have to follow when you have the legalized bribery that is known as lobbying in the US.

          • demesisx@infosec.pub
            link
            fedilink
            English
            arrow-up
            2
            ·
            10 months ago

            I just realized you’re the Tesla guy from yesterday. I’m glad we could have a more mature discussion on this topic and I’m glad I didn’t block you. 🤣

              • demesisx@infosec.pub
                link
                fedilink
                English
                arrow-up
                2
                ·
                10 months ago

                😃 Wholesome AF. Sorry about yesterday. That was a SUPER immature discussion after a while.

                I wouldn’t consider you my best friend or anything but I’m glad I didn’t put in blinders to someone critical of my ideas. Cheers, fellow fediverse user. After all, you don’t seem like a dummy; just a person with different perspective than me.

                • eltimablo@kbin.social
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  10 months ago

                  Hey man, it happens. I could tell that you had some valid arguments in there, I was just trying to get you to express them. I definitely didn’t help by joining in the immaturity either.

                  Side note, I’m legit starting to hate my Tesla anyway, but I wasn’t about to admit that yesterday lol. There are absolutely a lot of valid criticisms of them, I just think the majority are overblown, especially as they relate to FSD. I’m in the beta and it’s basically the only reason I still have the damn thing.

                  Anyway, I’m sorry too. I probably should have just walked away when things got heated, but there was a part of me that was secretly hoping to see how long we’d keep going back and forth calling each other assholes because I thought it would be funny.

                  • demesisx@infosec.pub
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    10 months ago

                    This interaction definitely improved my day even more than our interaction yesterday perhaps soured my day. Thanks for that!

                    This fediverse thing is really nice sometimes. I look forward to some really good discussions. I promise to try to keep my cool. If I call you a name, you should know that it is with a smirk and only meant as a soft, subtle jab. :)

                  • Numberone@startrek.website
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    10 months ago

                    Just want to say that I appreciate how you two ended up haha. It was a wide eyed “Woah” from me at the beginning there (both), but I do love that you guys talked it out and ended up all civil and complimentary. There’s hope for us all to understand each other is my takeaway. Thanks to both of you for showing us the way.