>but if this recall is being conducted at Hangzhou Xiongmai's own initiative
I imagine there were a lot of angry calls from Washington and Beijing over this. I don't think companies are magnanimous like this without external pressure.
>but I think we should also applaud efforts of those who are taking the expensive steps of fixing the problem with no direct incentive to do so.
Applaud what exactly? That all these companies ship devices that happily take IP addresses and go on the public internet or punch through firewalls with upnp and do not force a first-time password change and do not have an auto-updater installed? Even the cheapest Netgear comes with a sticker on the side for a semi-random password instead of shipping everything with 'admin/password.' Or using antiquated and non-encrypted transports like telnet. These 1990's habits need to die and it won't happen because of corporate good graces, because those haven't worked historically. If it happens, it'll happen via external pressure via governments and lawsuits. Market forces are rarely a fix all here.
I imagine there were a lot of angry calls from Washington and Beijing over this. I don't think companies are magnanimous like this without external pressure.
No one in Washington or Beijing with diplomatic credentials and contact with the other side even knows what DNS is or that there was an attack on Friday.
A lot of Chinese companies are both privately owned and awash in money, and that gives them the latitude to behave in ways that aren't strictly about achieving maximum Pareto efficiency.
These guys are doing the right thing. Please don't try to minimize that.
>No one in Washington or Beijing with diplomatic credentials and contact with the other side even knows what DNS is or that there was an attack on Friday.
They have advisors that sure as hell know exactly what is going on here. This is a very naive view of how government works. Diplomates don't need to know what code is to make policy. Chinese bureaucrats certainly know that pissing off their biggest trade and manufacturing partner isn't good for their economy.
This was a very high-profile attack. Pretty much every intelligence agency in the world has notified their higher-ups on what likely happened and the hammer most definitely fell on this company. Chinese businesses aren't exactly known for their good corporate personas and generosity. See baby and dog poisonings and desperate reactions by the government like executing executives. On top of the everyday IP infringements and other cavalier attitudes towards international business norms.
They have advisors that sure as hell know exactly what is going on here. This is a very naive view of how government works. Diplomates don't need to know what code is to make policy.
Are you speculating? Do you work in the diplomatic corps? I get the opposite impression given what I've read in wikileaks releases.
This was a very high-profile attack. Pretty much every intelligence agency in the world has notified their higher-ups on what likely happened and the hammer most definitely fell on this company.
Assuming for the moment that there is any communication made at all regarding this incident, do you really think the Chinese government is going to pressure some small Chinese business to lose a whole bunch of money unnecessarily because an American anarchist group attacked some American websites with said Chinese company's webcams?
Nobody cares.
Chinese businesses aren't exactly known for their good corporate personas and generosity.
> Assuming for the moment that there is any communication made at all regarding this incident, do you really think the Chinese government is going to pressure some small Chinese business to lose a whole bunch of money unnecessarily because an American anarchist group attacked some American websites with said Chinese company's webcams?
What about naked self-interest? Those webcams are vulnerable and can be used to attack any infrastructure, including China's own.
I imagine there were a lot of angry calls from Washington and Beijing over this. I don't think companies are magnanimous like this without external pressure.
>but I think we should also applaud efforts of those who are taking the expensive steps of fixing the problem with no direct incentive to do so.
Applaud what exactly? That all these companies ship devices that happily take IP addresses and go on the public internet or punch through firewalls with upnp and do not force a first-time password change and do not have an auto-updater installed? Even the cheapest Netgear comes with a sticker on the side for a semi-random password instead of shipping everything with 'admin/password.' Or using antiquated and non-encrypted transports like telnet. These 1990's habits need to die and it won't happen because of corporate good graces, because those haven't worked historically. If it happens, it'll happen via external pressure via governments and lawsuits. Market forces are rarely a fix all here.