From: Charlie Stross (charlie@antipope.org)
Date: Tue May 21 2002 - 06:18:02 MDT
On Mon, May 20, 2002 at 11:15:12PM -0700, Reason wrote:
>
> Whatever happened to caveat emptor?
I hope that next time you buy a car you insist on a full source-code
audit of the engine management software and the security cut-out. Otherwise,
the first time anything goes wrong I will mock you from the sidelines.
The sad fact is, most of us make most of our buying decisions on inadequate
and flawed information because adeqaute, complete information about products
is unavailable. Most of the time we buy goods on the basis of marketing or
advertising, or at best a brief demo. We don't know what's going on _inside_
the machine.
Nor do most people read every word of every shrinkwrap license they click
through. In fact, most users don't even *understand* the damned things --
they're just an annoying inconvenience! Click the button and get on with
things, already. They didn't realise they were agreeing to let some third
party they've never heard of run software they don't know anything about on
their computer, and in fact they probably _wouldn't_ agree if all the facts
were known to them. The parasitic computing backdoor hidden in KaZaA
stinks, in my view, because it's an example of bundling -- and covert,
furtive, bundling at that. If you want to do mass parallel computation,
why not make a sales point of it by asking people up-front and offering
to pay them for the use of their spare CPU cycles?
> The evil "they" aren't forcing anyone to
> install anything that they can't check out, read reviews of, or generally
> act responsibly about. Would you randomly go out and put third party wheels
> on your car without doing at least a little checking? This sort of thinking
> (X is evil because it does something unpleasant or has bad business
> practices that are completely avoidable with a little forethought) is part
> of the modern disease of denial of individual responsibility.
I _half_ agree with this assertion -- but my better half disagrees.
The fundamental point we're circling arouund is the fact that the
complexity of our technology outstrips its social utility.
Most people who use file sharing networks see them as a simple tool like
a jukebox, a way of listening to music. They don't approach them in the
reasonable expectation of having to do more than put a dime in the slot
then punch in the number of the record they want. It's being sold to them
as a simple, pretty, colourful musical box -- is it any surprise that
they're somewhat taken aback to learn that it's got security implications?
What you're asking for is the equivalent of expecting the general public
to examine the circuit diagrams and sign a waiver of liability agreeing
that they understand how the thing works, before being allowed to put a
coin in the slot machine. If we tried to run our society on this basis --
the same basis the software industry worked on -- it'd grint to a halt
within seconds. I'm reminded of Andy Tannenbaum's comment: "if architects
designed houses the way software architects design software, the first
woodpecker to come along would destroy civilization."
-- Charlie
Out now: "Toast, and other rusted futures" -- available via my blog
http://www.antipope.org/charlie/blosxom.cgi
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:14:14 MST