Hacker News new | ask | show | jobs
by dcminter 449 days ago
How is it better to not look into or share such information when we know that a vast army of assholes are doing the same thing for nefarious purposes?

Yes, they might not spot it themselves, but we know that in practice they often do and the results are horrible. If we stop looking then they will definitely be the first to find vulnerabilities - as it is they are only sometimes the first (and the vulnerabilities they find are likely to be the lesser appalling ones).

Privately sharing the issue with the authors lets them fix it in a timely way, publicly announcing the issue after a reasonable period of time incentivises them to do so - corporate authors often won't bother unless their arms are twisted.

If those black-hat hackers were not really out there then I might agree with you, but they are, and they don't care that we don't like it.
1 comments
whatnow37373 449 days ago
In a way I am definitely seeing your perspective here. Letting "good guys" win this race ocassionally is an improvement over never letting them win.

It's just that I think we can do better, because I think the web is a hostile, vitriolic open sewer and must be governed properly before civilized business can be conducted on it. It was perhaps a great innovative place, but it now is a dumpster fire causing endless headaches and beyond redemption. I think it's time to face this reality instead of trying to dress up the turd.

link
dcminter 449 days ago
That's an equivalent demand to expecting the world as a whole to be "governed properly" and thus won't be achieved for exactly the same reasons.
link
whatnow37373 448 days ago
Not the world, our patch on it. We more or less succeeded in the physical world depending on who you ask. Don’t see the problem with the digital.
link
dcminter 448 days ago
Are you not aware that the internet is an international artefact? Will you institute a Great Firewall to prevent your citizens from seeing outside your borders?

An inconvenient question I often ask about proposed architecture changes is: "How will you get there from here?" - if you can't answer it then it's not going to happen.

link
whatnow37373 441 days ago
I am, in fact, aware of that.

> if you can't answer it then it's not going to happen.

My point is that if we as a technical community don't start looking outside our technical bubble the powers that be will at some point figure out a way to get there from here and without consulting you (us). But maybe that's wrong and maybe nothing's going to need changing. I hope so.

link