politics
Welcome to the discussion of US Politics!
Rules:
- Post only links to articles, Title must fairly describe link contents. If your title differs from the site’s, it should only be to add context or be more descriptive. Do not post entire articles in the body or in the comments.
Links must be to the original source, not an aggregator like Google Amp, MSN, or Yahoo.
Example:
- Articles must be relevant to politics. Links must be to quality and original content. Articles should be worth reading. Clickbait, stub articles, and rehosted or stolen content are not allowed. Check your source for Reliability and Bias here.
- Be civil, No violations of TOS. It’s OK to say the subject of an article is behaving like a (pejorative, pejorative). It’s NOT OK to say another USER is (pejorative). Strong language is fine, just not directed at other members. Engage in good-faith and with respect! This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban.
- No memes, trolling, or low-effort comments. Reposts, misinformation, off-topic, trolling, or offensive. Similarly, if you see posts along these lines, do not engage. Report them, block them, and live a happier life than they do. We see too many slapfights that boil down to "Mom! He's bugging me!" and "I'm not touching you!" Going forward, slapfights will result in removed comments and temp bans to cool off.
- Vote based on comment quality, not agreement. This community aims to foster discussion; please reward people for putting effort into articulating their viewpoint, even if you disagree with it.
- No hate speech, slurs, celebrating death, advocating violence, or abusive language. This will result in a ban. Usernames containing racist, or inappropriate slurs will be banned without warning
We ask that the users report any comment or post that violate the rules, to use critical thinking when reading, posting or commenting. Users that post off-topic spam, advocate violence, have multiple comments or posts removed, weaponize reports or violate the code of conduct will be banned.
All posts and comments will be reviewed on a case-by-case basis. This means that some content that violates the rules may be allowed, while other content that does not violate the rules may be removed. The moderators retain the right to remove any content and ban users.
That's all the rules!
Civic Links
• Congressional Awards Program
• Library of Congress Legislative Resources
• U.S. House of Representatives
Partnered Communities:
• News
view the rest of the comments
First of all, there are better ways to deal with anything than privateering. There's a reason why all countries in the world have abandoned it.
Secondly, everybody is operating under the assumption that cybercrime is something that happens and there's no way around it. I contend that if software vendors were penally responsible for vulnerabilities in their software, you'd see a dramatic reduction in hacks very, very quickly.
As in, if a piece of software is exploited, the engineers who worked on it, their managers and the CEO of their company had better come up with extensive documentation proving how they did their best to implement security before releasing the unfortunate piece of code, else one or all of that bunch gets to spend time in the slammer.
If this was implemented into law, I guarantee you software would become very secure across the board in no time flat.
But of course, in the age of tech monopolies and generalized corruption, it will never happen.
You don't need to (and shouldn't) hold the lowest level employees responsible. Just hold the company responsible with severe fines, like their entire revenue for a year or something. For gross malfeasance, hold the CEO and CISO (or CTO) responsible. That would be enough to see budgets for application and network security teams and training skyrocket. Right now those budgets are as small as possible to avoid catastrophic brand risk.
I mean, mostly that is because speed of communication increased significantly and most of the major powers increasingly formed alliances that were mostly to enhance trade. So having Captain Ron murder all the cargo ships on behalf of England would not only hurt England's pockets but also get out really fast.
A dedicated blackhat is like someone who is dedicated to getting into your house. You can take precautions but if they want in, they'll get in. Which is why there is so much emphasis on threat detection and policies to react to them.
Probably closer to twenty years ago than not, there was a pretty fun show on Discovery (?) called "To Catch a Crook" or something. The premise being that two brothers used to be burglars but now help families improve their security by selling name branded security systems. Every episode would begin with them breaking in, explaining how, and the security system would be installed. Then they would try again and always get in because the family didn't turn it on or they left an upstairs window open or whatever. Except for one episode where the family DID actually follow all best practices... so they just smashed a window and stole shit before the cops got there.
This already exists. And much of the software that the world actually runs on has regular security audits from third parties and even governments. They suck but they are also what lead to "We are going to make damned sure every merge request has a detailed review" and so forth.
This is why "supply chain hardening" is such a big deal and why Canonical and Redhat exist.
If this was the law, I guarantee you that every software company subject to these laws would shut down instantly. And the ones that are left would be structured as a series of shell companies to minimize liability and flee the country.
Don't get me wrong. I don't think (official) letters of marque are at all a good idea for the same reasons we migrated away from them as a people: They are just a way to trace liability and trigger a war. But basically giving hackers the PMC treatment (which russia, china, north korea, etc already publicly do) and sending them after enemy infrastructure? Welcome to the cold war of the 21st century... assuming we don't just go hot in the next year or two.
Not to mention the impact on Kurt Russel's free time.
My god, exactly this. Instead of AI slop features being slammed into every nook and cranny, we'd see software release rate slow to a crawl. Features would take way longer to produce and that would be a good thing. Software engineering licensing should also be a thing, just like with other engineering disciplines. Imagine if your building or bridge were treated like a typical software product. God damn terrifying. It is time for this discipline to grow up.
And software like Lemmy and PieFed would become nonexistent because they can’t afford to meet the regulatory capture.
This would be disastrous for us as users of software and would only benefit the big companies.
That's what I'm thinking as well. I'm sure you know the attached meme, modern software would collapse, if FOSS software had to be certified like that.
As if we wouldn't have a voice/vote to prevent that regulatory capture? And as if social software in particular wouldn't be reshaped to avoid those regulations? So much of the world runs on FOSS already. It would be a monumental shift in the landscape and I sincerely doubt corpos would be successful in that regulatory capture without shooting themselves in the face. They need FOSS to be profitable.