Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://provably.online/users/ktemkin/statuses/113866421168080247">Kate Temkin (ktemkin@provably.online)'s status on Tuesday, 21-Jan-2025 22:57:12 JST</a><a href="https://provably.online/@ktemkin" title="ktemkin@provably.online"><img src="https://gnusocial.jp/avatar/315096-48-20250112164409.webp" width="48" height="48" alt="Kate Temkin" style="position: absolute; left: 0; top: 0;">Kate Temkin</a><div><a href="https://gnusocial.jp/notice/8641286" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/92115" title="dymaxion@infosec.exchange">Eleanor Saitta</a></li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias" rel="nofollow noreferrer">@dalias</a> <a href="https://infosec.exchange/@dymaxion" rel="nofollow noreferrer">@dymaxion</a> I don't generally subscribe to statements that ignore nuance.</p><p>While I accept that there's generally some responsibility to prevent machiens from themselves turning into threat vectors (e.g. it's not great to have your iot device be easily made part of a botnet), I am also not going to suggest there's an oversized onus on the authors of e.g. a Thread flashlight to make sure their little uC that's too slow to render its own confiugration UI and which could last maybe five minutes as a slow-as-hell active threat before its battery ran out is protected from the other devices on the theoretically-bridgable Thread network</p><p>especially when the time is better spent e.g. understanding that the best solution to most problems that could include many devices is to improve the UI so people stop using insecure defaults</p><p>this is why threat modeling is important and nothing is just an implicit "responsibility' with its priority fixed to '1'</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4409293#notice-8642180">In conversation</a><time datetime="2025-01-21T22:57:12+09:00" title="Tuesday, 21-Jan-2025 22:57:12 JST">about a month ago</time> <span>from <span><a href="https://provably.online/@ktemkin/113866421168080247" rel="external" title="Sent from provably.online via ActivityPub">provably.online</a></span></span><a href="https://provably.online/@ktemkin/113866421168080247">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Kate Temkin (ktemkin@provably.online)'s status on Tuesday, 21-Jan-2025 22:57:12 JSTKate Temkin
in reply to
- Rich Felker
- Eleanor Saitta
@dalias @dymaxion I don't generally subscribe to statements that ignore nuance.
While I accept that there's generally some responsibility to prevent machiens from themselves turning into threat vectors (e.g. it's not great to have your iot device be easily made part of a botnet), I am also not going to suggest there's an oversized onus on the authors of e.g. a Thread flashlight to make sure their little uC that's too slow to render its own confiugration UI and which could last maybe five minutes as a slow-as-hell active threat before its battery ran out is protected from the other devices on the theoretically-bridgable Thread network
especially when the time is better spent e.g. understanding that the best solution to most problems that could include many devices is to improve the UI so people stop using insecure defaults
this is why threat modeling is important and nothing is just an implicit "responsibility' with its priority fixed to '1'
In conversationabout a month ago from provably.onlinepermalink

Public

Embed Notice

HTML Code

Corresponding Notice