On Fri, 27 Mar 2015, Andrew McGlashan <andrew.mcglashan@affinityvision.com.au> wrote:
People don't care because ... they don't know better!
True.
Most ordinary people don't know about all the problems with openssl in the last 12 or so months. Most people don't know about all the password compromises the world has seen.
It's a real pity that non-tech people will never understand the extent of some problems that are real; but that is no excuse for Samsung not getting us reasonable update to fix such problems.
People shouldn't need to understand the extent of the problems. The problem here is that unrestricted capitalism is clearly and directly against the best interests of citizens. Companies should be compelled to make products work well for a reasonable period of time. There are statutory warranties for hardware, so if you buy a Samsung phone and it stops working within a year they have to replace it. I think that we also need statutory warranties for software. If you buy a new commodity item and it needs an SSL update within 5 years then I think that the supplier should be compelled to provide it. I think that a good way of implementing that would be to have a higher tax rate for products that have no guarantee of security fixes (IE imports of small quantities). If the tax difference was $50 per item and Samsung was expecting to ship 1M items to Australia then it would be good business to offer such support. As part of their support guarantee (to get the tax benefit) they could provide a full copy of the source code so that if they became unable to fulfill their commitment to support then other people could do it. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/