Hot take (?): No company should be the CNA for their own products.
Uncategorized
22
Posts
8
Posters
0
Views
-
-
-
RE: https://infosec.exchange/@boblord/116075393614821884
Hot take (?):
No company should be the CNA for their own products. 
@cR0w How do other sectors handle safety-related product defect notifications? I'm thinking about sectors covering planes, trains, automobiles, food, medicine, etc., all of which have achieved dramatic improvements in safety for both their customers, as well as the general public. 🙏
-
@cR0w How do other sectors handle safety-related product defect notifications? I'm thinking about sectors covering planes, trains, automobiles, food, medicine, etc., all of which have achieved dramatic improvements in safety for both their customers, as well as the general public. 🙏
@boblord First and foremost, they hold manufacturers responsible for poor engineering. In tech it's just "LOL patch if you can." Without that, respectfully, the comparison is not valid.
-
@boblord First and foremost, they hold manufacturers responsible for poor engineering. In tech it's just "LOL patch if you can." Without that, respectfully, the comparison is not valid.
@cR0w If we want to improve the safety of software like we have for other sectors, we need to figure out how to build software informed by those truly incredible successes. That road may be long, but we can do hard things! 💪
-
@cR0w If we want to improve the safety of software like we have for other sectors, we need to figure out how to build software informed by those truly incredible successes. That road may be long, but we can do hard things! 💪
@boblord I believe you want to improve things, I really do. But I think in order to get there, computer science needs to be engineering-focused rather than business-focused. And it's not. Especially in academia.
-
@cR0w If we want to improve the safety of software like we have for other sectors, we need to figure out how to build software informed by those truly incredible successes. That road may be long, but we can do hard things! 💪
-
@hotsoup @cR0w It's true that no system is perfect, but we don't let car makers opt out of filing defect reports, for example. We should ask what types of incentives would create more transparency from commercial software makers. As we see from all those other sectors progress is possible. Which tactics would work best in the software?
-
@hotsoup @cR0w It's true that no system is perfect, but we don't let car makers opt out of filing defect reports, for example. We should ask what types of incentives would create more transparency from commercial software makers. As we see from all those other sectors progress is possible. Which tactics would work best in the software?
@boblord @hotsoup Fines. Look at the auto industry. Transmissions fail to park, gas tanks explode, Lancias rust like a trans girl's GitHub history, you get the idea. But they were fined. Publicly traded corporations only care about the feelings of their investors. Kick them in those plums and they'll start trying to improve instead of finding cheap ways to hide their cheap failures.
-
@boblord @hotsoup Fines. Look at the auto industry. Transmissions fail to park, gas tanks explode, Lancias rust like a trans girl's GitHub history, you get the idea. But they were fined. Publicly traded corporations only care about the feelings of their investors. Kick them in those plums and they'll start trying to improve instead of finding cheap ways to hide their cheap failures.
@cR0w @boblord those industries have actual, real, Big E, Engineers. With Standards. And stamps. And liability. And consequences.
They are held personally responsible for their mistakes, and are thus incentivized not to make mistakes. (And like you implied, maybe not intentionally, they are also incentivized to hide their mistakes. Which is why inspections need to be done by unbiased third parties).
That is what software needs. Standards, Regulation, enforcement, consequences. And third party inspections. Real Engineering.Edit: part to party
-
@cR0w @boblord those industries have actual, real, Big E, Engineers. With Standards. And stamps. And liability. And consequences.
They are held personally responsible for their mistakes, and are thus incentivized not to make mistakes. (And like you implied, maybe not intentionally, they are also incentivized to hide their mistakes. Which is why inspections need to be done by unbiased third parties).
That is what software needs. Standards, Regulation, enforcement, consequences. And third party inspections. Real Engineering.Edit: part to party
-
-
-
@cR0w
okay, give them a few days for the patching & QA work - maybe up to a week?
Zero days if a functioning workaround is known (even if with degradated performance/functionality). -
undefined oblomov@sociale.network shared this topic
Exactly. So much in tech says it's engineering but it's not. Engineering requires an understanding of how things work. But tech is about how to make money the fastest.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@kappazeta @thunderpussycat dimenticavo: trenord.it/linee-e-orari/circo…
(ci sono treni comodi anche da como, ma di là c'è l'effetto comoLake e sospetto che non troppo costoso non sia pervenuto neanche lì)
-
lugano
non troppo costosa
non pervenuto
(è possibile che qualche albergo economico ci sia lungo la S50 Malpensa - Biasca, però poi c'è da contare il prezzo del treno, in cui la tratta svizzera non è da poco)
come comodità del servizio credo che sia fattibile, c'è un treno ogni ora e viaggiano abbastanza bene, di solito
-
-
@ticho @_elena, you could have opened your browser's dev tools (with F12), and hack into the page to "delete" the backups by deleting the nodes (they are all in `<a ...>...</a>` tags). That way, you only give the impression there is no backup, but a simple page refresh would make them reappear. 😉
-
Che scherzo di merda che ci hai fatto, Frusciantone.
-
@oblomov @Zambunny documenta tutto quello che fai, prendi il tuo contratto, rivolgiti a un sindacato e parla con loro. Ti sanno dire cosa fare. Queste situazioni non migliorano da sole. @GustavinoBevilacqua
-
@cate @mdione @float13 our soldering iron is something like 20W, basically irrelevant
and I don't have a welder, nor can use it (yet)
I suspect that the clothes iron isn't that much of a load either, at least once it's up to temperature, because it's rated 2.2 kW or something, but it's also on for very short periods of time, I should take some actual measurement
the same applies to the kettle: rated 2.2 kW, but for a tea it only stays on for a couple of minutes, so it's less than 100 Wh
