My autistic sense of morality is off a little with this. My guess is that this type of thing happens far more often to unsuspecting adult women simply using public changing rooms or public bathrooms, etc.
My guess is that the child-incidents here are much fewer and far between and rarely ever publicly shared – and when they are shared (even if not publicly) it's taken extremely seriously by law enforcement (as it should be).
On the other hand, I get the impression that it's relatively easy to find this type content featuring adult women on popular porn / social networks – at least I see stuff that looks suspicious quite often on sites like Reddit and 4chan.
I really wish more focus was put on the "revenge porn" / "hidden camera" area generally. It's quite sad that so many women are victims to this and as a society we don't really seem to care unless a child is involved. In fact I'd argue our society and media almost normalises perving on adult women. Just search for any random famous celeb women and there's probably a dozen popular sites with nude or semi-nude photos of her taken by some perv spying on her during vacation. Anyone care to put some effort into stopping that? Why is that content even allowed on the public internet?
> Why is that content even allowed on the public internet?
Consenting adults can do whatever they like, including creating consensual/fake hidden camera pornography, and there's quite some market for such content. In general, at a glance, there's no way to distinguish legitimate from illegitimate content, no matter the pornographic (or other) genre. So how do you know what's illegal and what's not? It's by no means easy to solve at the level of an individual piece, let alone at scale. Many of the proposed solutions amount to mass surveillance, invade the privacy of performers, or make it so onerous to upload pornography that they effectively amount to bans of it. It's no secret that the Christian Right are quietly supportive of certain “anti-exploitation” approaches because they would destroy the market for legal pornography, putting sex workers out of work. It's a very difficult balancing act and no position avoids harming someone.
> Why is that content even allowed on the public internet?
How could this be even done? If you have open internet, then its every hard. If you just try to keep it off some specific sites, like facebook, its still hard. Facebook pays a lot of money to Accenture to clean up facebook, but from time to time you can still find something what is not supposed to be there.
Society takes the child-incidents more seriously because of how much more vulnerable children are to predators and how much trauma a predator can inflict. We take a snip it in the bud approach with anyone involved in these crimes. I agree that what you are talking about is terrible, and if law enforcement had unlimited resources we would stop all of that activity too.
Surveillance is bad enough as it is, I'll never understand why some people install internet-connected CCTV inside their own homes. What's that even for, spying on your family members?
Using a brand like Hikvision is the bizarre cherry on top.
> I'll never understand why some people install internet-connected CCTV inside their own homes. What's that even for, spying on your family members?
In case someone breaks in. To keep an eye on the housekeeper. This past winter an ice dam sprung a leak in the roof. I was there and caught it promptly. But had I been away, the damage would have been severe. Cameras would have let me keep an eye on that. I don't think it's worth the tradeoff in terms of privacy. But I can understand someone else deciding differently.
Motion sensors make way more sense imo. All you need to know is that someone's there who shouldn't be. What's the value of seeing them sneaking around your home in a balaclava?
The obvious answer is that motion can be made by more things than humans and knowing "there is a person in my house" is more urgent than "something moved in my house"
Anecdotally my motion sensors go off all the time from non humans. Mostly deer. Sometimes a dust-twister that moves the heated dirt.
Cameras on the other hand are useful for capturing a burglars face, their license plate, things they said to each other if the camera has audio, make and model of their car and last known direction. I am in a one party consent state that allows capturing audio.
Even if you give the police a video, it’s probably a stolen car and they aren’t going to lift a finger to find your stuff. This is what insurance is for.
I’m not sure why people think just because they have cameras that the police will follow up on the video evidence and make arrests. They’ll tell you to file an insurance claim and move on.
I’m guessing you’ve never had a break-in before? I’ve been burglarized and knew who did it and the police didn’t do anything about it.
I have. In big cities I completely agree with you. They have little interest in wasting time on such things even if I gathered finger prints and know the persons name. They go for easier wins. Most city cops have mostly given up at this point. That said they did get the guy that broke into my truck and I got everything back. He was a prior felon driving a stolen car and was in possession of firearms. Driving a stolen car is going to become more difficult with time due to real time LPR's being mounted on more marked and unmarked cars.
In my current location a rural tight knit community they would most certainly try to track them down, adjust their attitude and get some of my stuff back. I listen to them tracking people down. It's both reassuring and scary at the same time because some of them sound like stereotypical good 'ol boys. There are also a surprising number of cameras going up in this area which is intriguing to me being so rural so I will just contribute to their mesh.
I don’t. Lived in New York for over a decade. Had two laptops pilfered.
Police showed up the next morning, took a report and called me for questioning a day later. The 13th precinct followed up twice with the super for the lobby camera’s footage. We saw our neighbour’s and realised the thief was her hookup from the bar. Neighbour didn’t have their name or contact information, but did have (or was able to find) their Instagram. An arrest warrant went out, but that was it (they were out of state).
Months later, the thief was caught jumping a turnstile. The investigator called and informed us of their arrest. (We got the property back, but that was more convoluted.)
NoMad/Flatiron was then a nice but not extravagant neighbourhood. We were in a middling no-doorman building. The investigator gave a shit because the voters in that district prioritise feedback to their electeds when cops ignored them. (I wrote a letter to the sergeant in commendation of her work.) Meanwhile, my parents couldn’t get the cops in Cupertino to give a shit about their catalytic converter being repeatedly jacked. They complained to me but ultimately shrugged it off.
There is a tragedy of commons in civic engagement. The rural/urban divide may be a proxy for that variable instead.
> In my current location a rural tight knit community they would most certainly try to track them down, adjust their attitude and get some of my stuff back. I listen to them tracking people down every day.
In your case I could definitely see police taking it seriously, or in wealthy communities where police don’t have much to do other than investigate property crime. My experience is in a big city where as you said, police have mostly given up on investigating property crime. Rural areas also have fewer neighbors to witness things so cameras seem like a reasonable option to deter thieves and burglars.
Sure, let's just write off two whole societal institutions because of your one poor experience. No point in trying to do something if it could fail, amirite? Of course then someone else can chime in with how they got stiffed by insurance and how you should just get a dog, then the next person says I had a dog but it was too friendly so just get a gun and stay home all the time, etc etc etc. Exit can be a strong check, but asserting it as a foregone conclusion is its own oppressive hell.
Anecdotally, I had a break in where the perp was stopped in the act and they even ended up getting prosecuted. The system can work, too.
I've also been kidnapped by the police, ransomed, and then harassed for a year by the "justice" system. So this is certainly not some "I love the police" comment.
I’m certainly not the first person to be cynical about the police investigating property crime, here’s a scene from the 1998 film, The Big Lebowski which echoes my position: https://youtu.be/GvT_VOJaXvs
I’m not saying the police are worthless or irrelevant, simply that using insurance is how you get made whole after a burglary or theft. It’s a crapshoot whether the perpetrator is found, which in some cases, they are.
I’m also not suggesting anything in particular to prevent burglaries, I don’t have home security, a gun, or a dog. My cat isn’t going to stop a burglar. My position is that sometimes theft and burglary happens, and insurance is the best tool to mitigate the risk because the police don’t have the time or the inclination to fully investigate every property crime.
> I’m not sure why people think just because they have cameras that the police
will follow up on the video evidence and make arrests
The plain answer to your question is that because some times they do. But the implication of your rhetoric is that they never will. That's the problem.
Being "made whole" is actually a separate concern from helping to catch the perp, and it doesn't help to brush off one concern in favor of another. Like for example if someone stole most of my computing gear, financial compensation by insurance could not possibly make me whole (months of bespoke setup and customization). But it would be nice to know that the perp got punished, regardless of whether they had already sold my stuff.
And personally, I'd double down on the cynicism and point to having video evidence as a good way of documenting the incident for insurance purposes, lest they attempt to screw you some how.
(Nothing in my comments should be construed as condoning having Internet connected cameras running proprietary crapware. Rather I'm just talking about the general motivation for cameras, and unfortunately many people are insensitive to the crapware)
People have pets and use the speakers on the camera to yell at their dog to get off the couch while at work! Still seems a bit crazy to me. You can't always be watching.
> What's the value of seeing them sneaking around your home in a balaclava?
That’s what I went with, as well as water and window-open detectors. It still doesn’t cover e.g. something smoking in the corner or a pest finding its way in.
If you can't trust your housekeeper not to steal from you (or do something else you want to catch on camera), you either hired the wrong person or are not paying them a fair wage. Either way, it's a you-problem.
I have exactly those Hikconnect all over my house. I always felt unsafe about them. My house doesn't have a static IP, so obviously the only way for me to connect to them when I'm away is through an intermediary
Having some technical networking knowledge I disconnected them from the Internet and set up a VPN where my wife and I first have to connect to prior to viewing the cameras.
Why do I surveil my own home? Because I have small children, when my wife and I go out and they stay with a baby sitter it gives us peace of mind to have the ability to verify everything is good. Also although we trust the sitters, we trust them even more knowing they know there's cameras.
Why did I get the cheap ass sketchy cameras? Cause I'm a cheap ass. The system I have cost about 2K with installation and spending 2 or 3x was outside our budget.
> My house doesn't have a static IP, so obviously the only way for me to connect to them when I'm away is through an intermediary
Dynamic DNS record services have been around almost since the beginning of the public internet, and it's not the only way to deal with a remote location that has a changing IP address.
It's far from "obviously the only way for you to connect" - you are just ignorant of your options
Making potential intruders uncomfortable. The whole point of protection isn't to stop burglars, as there's no such thing as an impenetrable house, but to delay and discourage them so that they will rather try the next house or, better, move to another area. It may seem harsh, but that's how it works. Surveillance forces them to wear masks, park their cars far away, etc.
Regarding HikVision cameras, they're closed and untrustworthy just like every other brand out there; there's a huge list of compromised cameras, and only some of them were from HikVision. I wouldn't feel safe with any camera that I didn't put behind a physical separated and firewalled network that I would access only using Open Source software (read: no proprietary apps).
> I'll never understand why some people install internet-connected CCTV inside their own homes. What's that even for, spying on your family members?
Well, babysitters (there is a reason they are called nannycams), and also often just for local app access to video baby monitors because no one makes consumer devices LAN accessible, they always use internet with a hosted server for app access.
> Using a brand like Hikvision is the bizarre cherry on top.
The virtual death of brick and mortar retail and the general Amazonization of retail (not just Amazon itself, but the other looks-like-an-online-retailer-but-really-is-an-ungatekept-open-marketplace sites) contributes heavily to that.
We use ours when we're away from home but have people in our home to watch our pets. Otherwise, they're unplugged and sitting in a drawer in my home office.
I bought some cheap IP cameras to monitor our cabin while we're not there, and every single time we arrive I unplug them. This makes me feel vindicated that I'm not just paranoid; the creeps really are one buggy firmware away from selling videos of your family on the Internet.
I use a Raspberry Pi, cheap USB webcam and https://raspberry-valley.azurewebsites.net/MotionEye-OS/ Motion Eye to watch out for intruding cats coming through the cat flap. Entirely open source, completely under my control, and simple to set up. What's not to like?
Never use cameras than rely on some dubious (or even on legit) cloud “providers”. Heck knows that employees do with the content. I bought a baby monitor off of amazon once only to discover it sends content somewhere in china. Never again. Went for a local radio based monitor and called it a day. Ring doorbells have their camera off when at home. Also they are pointed towards objects (door or parked car).
Yup, my setup is local RTSP cameras with firewall rules to completely block traffic to/from them, local Frigate server that pulls the stream and runs object recognition and handles recording, and then a Wireguard VPN if I need access from outside the local network.
It's been very reliable, has no fees, and I'm not worried about cameras being hacked or cloud storage issues.
I might be reading this different than most; I read this as: "these cameras are being used as a storage medium for Child Pornography, and content is being shared by leveraging Hik Connect"
Not necessarily that the cameras were doing the capturing.
These ip cameras have 2-3 different backdoors, which are even easy to discover. Probably more not so easy ones. If you have this in your home disable outgoing connections at router level, and you're safe.
> If you have this in your home disable outgoing connections at router level, and you're safe.
This is bad advice and people should stop posting it. An IP or MAC based rule does not prevent a malicious device from exfiltrating data and neither does it protect a vulnerable device from other devices in the network.
IP cameras must be installed with a separate broadcast domain. Be that a separate switch or a port-based VLAN. The only connection if any should be through the trusted NVR/VMS.
If the camera is ONVIF compatible, and most Hikvision are, it should work with Zoneminder and its mobile Open Source app zmninja.
As for the cloud, if you have a public (not necessarily static) IP and your carrier doesn't filter incoming connections, you can use a dynamic DNS such as DuckDNS.
It is however always advisable to put all cameras behind a firewall, so that whatever it could happen (compromised or not, it still runs a closed firmware) it can be restricted to a dedicated physical network with no access to any personal data.
A license, that can be revoked. Like a doctors license. (Not just some "seal of professionalism" certificate, like, ITIL, PCI, Prince2 or that garbage of course.)
Its an interesting proposition. But thinking it through: suppose the issue were that Hikvision weren't licensed and that therefore all those cameras were illegal. But they're still there, filming. And so will future cameras from certified suppliers that simply never get firmware updates, because the user never enabled them.
A professional license will probably help. Another approach would be to completely outlaw cameras in certain locations.
But the broader problem is that people like cheap cool new stuff and then neglect it.
That's definitely a very spicy take but I think people need to be more willing to engage with the idea. There is a serious problem where software engineers are building systems that, when built poorly, are causing significant harm.
If we don't engage with that problem we're going to get regulated in a way that we may not like.
edit: Look at how many comments are just attacking a straw man policy. This is why we're going to end up getting regulated in some dumb way - people can't or won't even imagine a situation better than this one.
This is one of the few opinions which are consistently rejected by the HN peanut gallery, unsurprisingly since most of us are developers. OP is brave to outright say it!
Any time you bring up the idea of accountability to “engineers” for defects in their software that cause serious, real life harm, you get a litany of excuses in response, instead of good faith debate. If an engineer signs off on a bridge and it collapses, injuring a dozen people, there will at the very least be questions asked, if not more accountability. But if a software engineer implements a shoddy system that gets hacked and results in this kind of very personal data getting exfiltrated, all you get is 1,000 versions of “it’s not the developers’ fault!” and “they were probably under an impossible deadline!” And “bad manager told them what to implement, they had no choice!” and “the market forces this, careful developers can’t compete!” and so on.
Saying there should be licensure with revocation as a consequence in extreme cases? Now that’s crazy-talk here!
> Any time you bring up the idea of accountability to “engineers” for defects in their software that cause serious, real life harm, you get a litany of excuses in response
I'm generally against it, because I don't trust anyone to regulate this in a sane manner, but I'm open to discussion.
If we're going have engineers sign off on things and be legally liable, there has to be a context that you're signing off on them to be used in as well. If a physical engineer signs off on a pedestrian bridge, and then people decide to drive semi-trucks over it, there's generally no liability for the original engineer. Same situation if an engineer signs off on a sturdy bridge, and someone makes a bunch of changes to materials without telling them.
These seem roughly analogous to someone opening up something designed for private use to the open internet, and someone making changes to a function without telling the original engineer, respectively. These have to be excluded, or nobody can ever sign off on anything.
Yep, context and environment is important. You're signing off on your product being used in a particular context and in a particular environment. The semi-truck driving over a pedestrian bridge is a great example.
Unfortunately for much of software engineering, our "environment" is the open Internet where there are largely invisible, international, adversarial attackers working 24 hours a day, seven days a week. With Internet-connected software we can't just say "Oh, this software's intended environment is a clean-room LAN with no connected devices! That's all I'm signing off." That's not reality. As for your example, companies should really, really have a hard conversation about taking a software designed for privacy use and just opening it up to the Internet without hardening it sufficiently. Accountability would help make that conversation possible.
Professional ethics generally apply to representing the interest of your clients, not their victims. Engineering ethics and professional licensure don't discourage creating new weapons systems (eg armed drones) or more unnecessary prisons. Which means that for the main problem we're facing - big tech surveillance panopticon - widely understood engineering ethics has basically nothing to say! I wish this were different, but it's not.
There's also the practical problem that this software wasn't even produced in the US. So then also ban the importation of any software that wasn't produced under a similar regime?
So no, the idea that licensing software engineers could correct the problems of our industry seems wholly untenable and ultimately from the same broken-political vein of finding some fall guy to blame rather than directly regulating the behavior of malevolent companies.
The bigger flaw in your argument is assuming that imposing strict regulations on developers in your own country would have magically prevented this software breach from engineers and a company in a foreign country.
I’m perplexed by how many people will see stories about companies having problems in foreign markets and conclude that we need to make things harder for ourselves domestically.
Programmers are more fungible than your local licensed doctor or your local licensed PE structural engineer.
> The bigger flaw in your argument is assuming that imposing strict regulations on developers in your own country would have magically prevented this software breach from engineers and a company in a foreign country.
Foreign companies care about complying with US policy when they sell to the US. It's not that complicated and I've said this repeatedly. Beyond that, one does not need an incredible imagination to think "how would these problems look domestically" so I don't know why so many people are hyperfocused on one problem existing in one country. It's not like the US doesn't see massive breaches constantly.
I have never once written bugfree code. ever. I can mitigate with a myriad of tools, but sooner or later, a bug will popup. Nobody writes bugs on purpose, so of course the idea is ludicrous.
I don't know what you're talking about wrt controlling what the bug will be but certifications already exist and they have nothing to do with bugs. Like SOC2.
What if an engineer designs a lock and someone picks it? What if an engineer designs a bridge that someone later destroys by finding a weak point and placing explosives there?
Root cause analysis with findings made public. What exactly was signed off, in what context, what was the failure and was it a design defect? If it was a design defect, what action could have prevented it? Did the engineer sign off that the action was conducted?
Was the defect known at the time of shipping? I personally don't think it's fair to hold people accountable to unknown defects, as long as corrective action happens when they become known. You could limit accountability to known defects and still find lots of serious problems. We all know that our companies ship software with known defects all the time!
I like how it works in aviation: Any time something happens, the NTSB swoops in and does a report and publishes their findings so everyone can learn from them. They list primary and contributing causes. If negligence or violations of FAR are found, then the FAA may start down the path of certificate suspension/revocation.
Software is not as serious or deadly as aviation, so you wouldn't take it that far, but I'd say it's directionally where we should be going. Baby steps...
Your opinion is admirable but you're missing something.
I, as a software engineer, sign nothing. I do not have a license, I do not have a labor union, and I do not have the "professional stature" to tell my boss to fuck off when he suggests something dangerous. The reason engineering disciplines have such benefits is because after enough cars crumbled and bridges fell the leaders in the industry conceded they needed to listen to professionals. I hear similar bad faith arguments like "you can always quit!" or "your job is to write good code!". I can't always quit because I just got done being jobless for 3 months interviewing. My job was never to write good code. It was to deliver something on budget. If it so happens I get the time to write good, safe, code it was either an accident by management or something I did on my spare time. If you think this is a "bad faith" argument for software engineers being unlicensed you have never worked in the industry outside of high speed military stuff.
I have no stake in the code I write because the code I write means nothing. I have no one to defend me and nothing to fall back on that qualifies me as an expert that can tell a VP of engineering to fuck off. Software engineering is an over-educated phrase for the new factory worker. We don't send factory workers to the brig for screwing up a widget. Neither will we send software engineers.
If you want to change that it begins at the top. You need a labor union and/or an accreditation board backed by the largest companies guiding the industry. For that, I say, good luck. There's no fundamental physics of software engineering. There's no "basic safety" in software engineering. There are N languages and N+1 ways to blow your own foot off. Standardization would not be well received because the language itself would need to be blessed. This works well for the military who likely still runs a copy of GCC from 1992. It does not work for an industry evolving by the day. What does a PE look like in software engineering? What language? What planning framework? What compiler? This isn't even beginning to talk about contending with the fact a licensing scheme would send every H1B in America home and crush companies like InfoSys overnight. There's a lot of capital in just these two places to fight the licensing battle for several generations.
Conflating engineering with software is a hazard. Software "engineers" are just laborers. Very well paid, but fundamentally no different than the guy who built your house. You may be able to argue language designers, software architects, etc would need to be "licensed" but the actual people writing the code are digital welders, house builders, and painters. These people are bonded but not licensed (usually). Companies implicitly bond their software engineers by eating the N million dollar cost of a mistake.
> I, as a software engineer, sign nothing. I do not have a license, I do not have a labor union, and I do not have the "professional stature" to tell my boss to fuck off when he suggests something dangerous.
I think that's the original-OP's call to action: Our industry should set up this licensure/accountability infrastructure. Software Engineers should sign off that their creations will not cause harm. They should have a license they can point to when the V.P. tells them to ship harmful software. They should have a strong union behind them to give teeth to their ethical position.
Software Engineering is decades old and full of very capable professionals. We should be working to set up the mechanisms of "professional stature" similar to what allows other licensed engineers to seriously push back against doing harm.
4. What does pay look like after bonding and licensing?
5. What do we do about H1Bs and foreign contractors?
6. How do you fight the, likely, trillions in capital that will be deployed from companies that contract engineers?
7. How do you fight the billions of dollars invested into agile project management?
8. What do we do with software written outside the country? Even if it's written by someone licensed in their country?
9. How long does adoption of new software take?
There have already been several failed attempts at licensing and achieving a PE status for software. It occasionally makes the news in IEEE. None of them have worked because none of them address these points. Worse, the ivory tower "we should seriously think about this" people address even fewer points than the organizations that failed. This battle has been fought and lost numerous times.
I think the pro-licensing crowd forgets that licensing implies there will be exactly one (maybe two) blessed languages. It may even mean one or two blessed editors, one blessed UML software, one blessed planning framework (waterfall), etc. The language will either be C++ or Java and that will be how we code for the duration of the licensing scheme. Don't believe it will be either C++ or Java? Well, simply ask what your government uses.
I'm not designing the whole licensure system in an HN post. If there was an actual, serious push for this, people would figure all those things out. I didn't realize there were already failed attempts--maybe the next try could learn from them. OP and I are fully aware this is a pipe dream, seeing how far along the "wild west" track we've gone.
I also don't believe licensing necessarily implies there will be one or two "blessed" languages or technologies. What might be hard is finding someone willing to sign off on 100,000 lines of unsafe C++ code vs. 5,000 lines of sandboxed Python.
I didn't intend for you to design the system but rather demonstrate every single hurdle it would have to overcome.
As for your hypothesis, I'd go the opposite. Dynamic typing would basically be untenable. I would NEVER sign off on anything hinting at dynamic code. I have had so much apparently well written, apparently well tested, dynamic Python code completely blow up in my face. That's why I suggest languages like C++ and Java. They have insane adoption levels and are where all the "probable PEs" probably work. While both are still weakly typed in a literal sense you can box the types in such a way the compiler, and therefore the engineer, can make promises. This is actually one of my main gripes of the industry in general. I am a Python developer. I predict Python will become the new Javascript. A language we should've, in hindsight, just let rot in the past. Just trying to standardized what safe concurrency and parallelism looks like in a post-licensing world gives me a headache.
It's actually a very good argument for the complete destruction of dynamic type systems in favor of a haskell-esque, rust-esque, ada-esque development methodology. I am not entire opposed to the idea though the cult of agile will beg to differ. The standard software engineers would have to rise to would necessitate a formal education and entire system we have would be upended. Everything outside of RTOS-level development is dynamic these days. It's weird knowing everything can blow up in your face and you'd never be able to predict why. Imagine a bridge builder saying we tested everything but there's still a 30% chance the bridge just implodes by itself.
I'm up for ravenscar profile Ada. I don't think 95% of the industry is on my side on that one though :).
I think you're misunderstanding how licensing works. It's very rarely the case that one technology is blessed and another is not. That may happen in cases like FIPS but for the majority of existing software regulation it's far more about threat modeling and showing that the threats are considered.
Do you think a PE building a bridge doesn't have rushed deadlines? That they don't face pressure from bosses to do it faster and cheaper? That they are not faced with the choice to design something immoral or quit? Regular engineers face all these same problems every day. Its simply a a matter of having the fortitude to stand up and call things out when they are irresponsible, and leave if they stay that way. There is no magic PE stamp that you can flash at management and suddenly they have to listen to you.
China will care a lot about regulations in the US that prevent them from selling products to us. More so when the myriad US allies enforce similar laws, which the US can very trivially influence them to do.
Anyway, my point isn't "we should regulate" or that "regulating will work". My point is that we need to start thinking much more seriously about our responsibilities because, if we don't, the government will do that thinking for us.
Importing products made from IP theft is illegal. How effective has that been?
(Before you care to answer that, know that I have a product that has been ripped off in China. My code is put onto cloned devices, and you can buy them on Amazon right now. We’ve gone from reporting, to lawyers, to working with customs police in USA, Canada, China, and Europe. We’ve even had multiple state reps, and two US Senators (for both states we produce in) involved. Nothing is effective and China really really really doesn’t care.)
Anyone that says “China will care if we just…” has little idea of this situation in my opinion.
I'm not saying that it would be the right way to go. I'm saying that other companies absolutely care about US policy.
As for IP, this has increasingly led to tensions between the countries. To say that China doesn't care is silly, China cares and they spend a lot of effort making it viable to continue their practices.
>I'm saying that other companies absolutely care about US policy.
Yea? Like Amazon and Walmart? It took a long time to get them to take our counterfeits down, and then only apply that to a vendor, so another pops up instantly.
Here I am with first hand knowledge of the situation over years of difficulty and finally defeat, but your opinion is good too.
Yes, like those companies. They care a lot about the law. That's why they spend so much time and money trying to create new laws or defend themselves against the laws that they break. It takes serious effort for them.
Your personal experience is irrelevant and is clearly biasing your opinion. It's obvious that companies care deeply about the law - even the ones who flaunt it do so only with great investment or with the belief that it will ultimately be worth it. Just because you were on the receiving end of the 'and it was worth it to them' does not change that.
I'd be supportive of licensing but it needs to go after the right things. Currently the industry is dominated by academics who took their CS & CE degrees and made them barriers to entry for jobs. Real software engineering involves very little DS&A. If we were making people demonstrate competency around OWASP on an infrastructure and dynamic application level I think licensure would go a long way.
It wouldn't work. A ton of recent attacks and crypto all originated outside the US as well. Plenty of porn, scam calls, and war research on weapons systems.
There is no way the entire world would agree/require a shared license for writing software.
The US could easily influence other countries here by enforcing labeling of 'non compliant' devices, tariffs, or flat out banning the sale of those items in the US.
Consumers could also look at something that is built in the US and understand that it is built to a different standard. Right now I don't think consumers really have a strong sense of "this is going to have worse security than that".
"uh.. yeah. Sure. All this definitely came from licensed software engineers. We pinky-promise. No unregistered hackers or slave labor." - 3rd world company probably
The rest of the world really don't care what the US thinks is important. They will do what is barely needed to do commerce with us (sometimes), but that's it.
No one cares about any law by that logic. We either inherently, 'intrinsically' care about the thing the law defines, ie: we have an ethical framework that aligns with the law, or, we don't care but we acknowledge the cost of not following the law.
Either way, the rest of the world by and large cares deeply about the US and its laws.
I don't think requiring a professional license would result in these cameras being secure. The issue isn't individual developers, but market forces not rewarding making the investment to make software secure.
I could imagine things like (spitballing) requiring security audits for this kind of software or, say, assessing very large financial penalties in the event of security flaws being found, working -- those would incentivize the company to make a genuine effort to make their software secure.
Why wouldn't it be any different than other Engineering disciplines?
A professional license comes with ethics. If you release a product that you certified was good to go but later comes out that you effectively skipped corners, you're out a career.
My gut reaction was "eww" but the more I think about it, the risk of losing my license to help sales team meet their goal gives me more incentive to say no to short cuts and forces me to build a better product.
I don't know about this in every industry or product. I would hate to require every dev out of college to now be required to pay for a license to get a job. However, some areas I could see this being a real good thing and ultimately benefit consumers.
Is it the licensing that results in mostly safe engineering? I don't know, but I'd guess not -- it's probably more about liability. If a bridge or a balcony or a car or whatever fails, the responsible parties can be held legally liable. That's a strong incentive to get it right.
If companies were similarly liable for security bugs, we'd see much more of a focus on that.
And this is not an easy problem! It's sort of unsolved, in fact; almost all available software is riddled with security flaws. (And constantly being patched, if the company cares.)
So getting this right for e.g. an online security camera, would probably necessitate a completely different approach to engineering. There's no way this would happen just by engineers being "diligent" imo w/o the backing of the company itself.
> A professional license comes with ethics. If you release a product that you certified was good to go but later comes out that you effectively skipped corners, you're out a career.
And since there is no professional license there is no need for whatever you call "ethics". You want what, a license to fucking deploy a php script on a server? some html file with javascript in it? fuck that shit.
Every time there is that sort of scandal in the news you come here pushing for that stupid idea. The "The Shock Doctrine"...
> Stuff like this is why I believe software engineering ought to start requiring a professional license.
So the developer goes to jail in case of negligence? Not the executives who actually forced bad decisions? Like in the car industry? No.
The people here who are pushing for a license to deploy anything every time there is a hacking scandal somewhere just want to stifle innovation, and eliminate competition and create their own little "developer elite" with themselves as gatekeepers.
I just want to know what the certification examination that somehow is going to determine the worthiness of every developer across every domain look like.
Even with heavy licensing in the medical field, research cites medical errors like wrong diagnoses and surgical mishaps causing over 250,000 US deaths yearly [0]. Granted, some studies argue over the exact number, but the core truth remains. Licenses don't eliminate human error.
> Stuff like this is why I believe software engineering ought to start requiring a professional license.
Many murderers had a regular gun permit, and almost all drivers who killed someone in a car accident because of their negligence had a driving license.
A professional license for software engineering would not help at all if not accompanied by a thorough psychological evaluation of the person who is being given access to sensitive personal data.
Like have you seen the code academics write? Who is supposed to license developers, bad software is the result of bad management and profit maximization not giving a shit about software quality. It's just in the neoliberal hell world we live in we can only ever blame the workers of course. The managerial class has so much class solidarity, we just down here idiotic peasantbrained as always.
Difficult to generalize. There are varieties of programming and software engineering and varieties of safety and rigor needed. Writing software for a janky little web app vs. phone app for note taking vs. firewall software vs. compilers vs. operating systems vs. operational software for automated trains vs. medical device software.
It's probably better to regulate the particular domain.
Okay. Would you rather drive on a bridge that was just designed by amateurs in their basement or engineers that are licensed and professionally held responsible if it collapses?
> Okay. Would you rather drive on a bridge that was just designed by amateurs in their basement or engineers that are licensed and professionally held responsible if it collapses?
Software engineering doesn't need a bunch of gatekeepers telling developers who can deploy code and who cannot or what technology they should be forced to use. Specific projects in specific domain already are already subject to laws and regulations, there is no need for gatekeeping that profession with a license.
Every time there is that sort of scandal in the news you come here pushing for that stupid idea. The "The Shock Doctrine
"...
I don't know. After reading through this thread there appears to be a lot of 'software engineers' that lack a lot of basic fundament understandings of Engineering as a professional discipline.
> I don't know. After reading through this thread there appears to be a lot of 'software engineers' that lack a lot of basic fundament understandings of Engineering as a professional discipline.
the plurality of opinions and solutions is what makes the wealth of the software industry, not people who think they are smarter than everybody else because of the tech they use and want to impose that tech on the rest of us.
The industry doesn't need a bunch of self-serving people who could decide who should write, deploy, release programs and who shouldn't.
The employer didn't know he was a killer until later. How is this relevant? Are you indicating the kinds of people who might be attracted to this work?
Daydream: At some level of such child-safety f*uck-ups, the company's exec's get to spend the rest of their lives in brightly-lit plexiglass jail cells. Naked. Surrounded by publicly accessible web cams.
My guess is that the child-incidents here are much fewer and far between and rarely ever publicly shared – and when they are shared (even if not publicly) it's taken extremely seriously by law enforcement (as it should be).
On the other hand, I get the impression that it's relatively easy to find this type content featuring adult women on popular porn / social networks – at least I see stuff that looks suspicious quite often on sites like Reddit and 4chan.
I really wish more focus was put on the "revenge porn" / "hidden camera" area generally. It's quite sad that so many women are victims to this and as a society we don't really seem to care unless a child is involved. In fact I'd argue our society and media almost normalises perving on adult women. Just search for any random famous celeb women and there's probably a dozen popular sites with nude or semi-nude photos of her taken by some perv spying on her during vacation. Anyone care to put some effort into stopping that? Why is that content even allowed on the public internet?