Broadening a thought: We'd be better off if we stopped talking about "the internet of things" and started talking about "computers don't always look like we expect them to".

Instead of saying "internet-enabled" it might be wise to say "regardless of what it looks like, that's a computer and you should treat it like one".

"Somebody hacked my fridge!" Yes, your fridge has a computer built into it and you should treat it like a computer (and demand that the manufacturer treat it like one).

@noelle Whilst I agree, good luck with that.

We've added fundamental complexity to a whole class of objects. I'm trying to think of a similar parallel and what its consequences were.

My first thoughts are automobiles and telephones, though various aspects of chemistry might be more apt, in that through synthetic chemicals we attained several useful characteristics, but also numerous slow-to-be-realised harmful ones.

Related #TechOntology thought: #TechnologyIsDebt

Follow

@dredmorbius @noelle I remember attending a talk by Mark Weiser, "father of ubiquitous computing" (which, loosely speaking, is now the IoT + mobile) at Xerox PARC in, erm, well, a long time ago, back when I was doing systems admin there. He was enthusing about 'puters being "in the woodwork everywhere", and I asked who was going to do the systems admin - security and updates. I was frostily told this was a "non issue". Yeah, right.

@dredmorbius @noelle jeez, I could maybe narrow it down to a year, probably 1990. PARC was focusing heavily on ubicomp, with things like smart whiteboards (Liveboard) and Pads. I was there on secondment from EuroPARC in Cambridge (UK) representing the "research programmers" ("they think up clever shit, we make it work") and trying to figure out how to safely integrate this stuff into the main corporate network. I think it was a Blue Book talk.

@cheesegrits @dredmorbius @noelle

Seems to me that *if it was done right*, security wouldn't have to have become an issue.

Like, require some kind of local *physical* intervention in order to control the device (just as a crude example).

Unfortunately, the people who make these things have very little "incentive" (that glorious capitalist concept without which nothing can happen) to prioritize security.

@woozle @cheesegrits @noelle But a core and compelling advantage of much of this automation is *you don't have to be there for it.*

Hell, that's one of the things I've loved about Unix / Linux. Give me cron and ssh, and shit happens regardless of my co-location in /either/ time or space. *You don't have to be there for it.*

A co-location constraint pre-empts one hell of a lot of possible applications or interactions. And I don't think it's remotely reasonable to request those be abandoned.

@dredmorbius @woozle @noelle @dredmorbius @noelle oh for sure, plenty of folk (myself included!) screaming from the wings. But nobody involved in the initial research or, as far as I can tell, in the current implementation and deployment (certainly in the IoT) fully grasped the magnitude of the problem, of treating an Internet Thing (toaster, butt plug, whatever) as a "computer", which needs as much care and attention in keeping updated as any other computer, and the fallout from not doing so.

@dredmorbius @cheesegrits @noelle

For a fridge? A toaster? A *butt-plug*?

Yes, if you want remote access, then you have to deal with security issues.

I'm just saying there are a lot of devices where this kinda doesn't make sense but is just the *easiest* way to let people control stuff from their smartphones.

That said, I suppose security considerations still apply even for things like Bluetooth.

It just clearly wasn't a priority at all -- and there are systemic reasons behind this.

@dredmorbius @noelle (I'm not dissing Mark, he was/is a genius and nice guy, I just watched this whole Internet of Shit grow from its genesis, with not one person involved ever really giving a serious thought to how to keep it secure. That was just some kind of implementation detail that we'd all work out somewhere down the road, and anyone mentioning it was viewed as kind of pissing in the pool)

@cheesegrits @noelle There /have/ been people screaming from the wings the whole time. Theo de Raat. Bruce Schneier. Peter Neumann (SRI / comp.risks). Cory Doctorow. Shoshana Zuboff. Many, many others.

It's far more compelling to believe a convenient lie than an inconvenient truth.

Sign in to participate in the conversation
Not Very Social

This is a "general purpose" Mastodon instance, no specific theme. I created it because I'm sick of being a product for Corporate Surveillance and Big Data, sick of the hate filled cesspools and algorithm driven engagement factories that pass for social media. I want my internet back! It seems like a decentralized, open source, federated platform like Mastodon has possibilities, and as I've been a network admin for 35 years, I thought I might as well run an instance.