It's not so much that Wells Fargo "faced legal issues" so much as Wells Fargo did illegal shit to their customers and got caught.

The "legal issues" didn't happen in a vacuum.

Eh, it's a fine insight, in a post-scarcity world. Too bad that's not where we live.

You missed a step. It's kinda important to your argument.

You missed:

When do you hire security experts?
1) when you create a system.
2) when you discover you have a problem.

... exactly what I just said. "Fixing" takes time and money, either of which may be missing, either "until the next budget cycle", or "indefinitely". And with software? It doesn't stay fixed. Never.

This is perhaps your greatest failing. (And hey, you forgot a bit in there.) You assume that you can secure something, implying that it would ever STAY secured. ... and that after securing it, it would stay as functional as before. You assume that there are magic IT people who can anticipate any imaginable attack and make that attack un-possible. There aren't, they can't, and the attacks will continue.

Sure. Look at what I wrote as an apology, if you like. You, on the other hand, are waving your magic wand and assuring that all problems can be solved with someone else's time, and someone else's money. Do you think companies like AT&T, Bank of America, and Colonial Pipeline simply lack incentive to secure their systems? Really? You believe that their IT teams "just suck"?

Security is hard, and is necessarily incomplete. And what we're talking about here isn't a private company, which can choose to provide a service or not. We're talking about infrastructure, IE government-owned things. "Oh, there'll be a little inconvenience" is naive when you're talking about, say, water treatment plants, electricity interconnection infrastructure, and so on. And yes, you're right. They'll be inconvenienced even worse if someone hacks that plant, or that infrastructure.

You say, "spend more to secure these things". Point to where that money comes from. Point out the magic IT people who will make you safe, who will never fail to secure things before the attack.

Most of what what you've said is valid, in theory. The real world doesn't have easy answers. There is a finite pot of money. There is a finite amount of will to part with that money. There is a finite number of security professionals. You are pointing wildly in the direction of "the infrastructure" and wailing "secure it all, now!" The people in charge don't have that luxury. They have to prioritize. They have to coax out more money to keep things working even at the level they are now.

Not everyone is a cybersecurity expert.

Not all internet-based threats are known.
When known, the full scope of threats may not be realized.
When the full scope is known, the budget may not exist to mitigate the threats, particularly in government.
When the full threat is known, and the budget exists, the mitigation available may effectively eliminate the service under threat.

Greed is an excuse that is easy, obvious, and - often, but not always - wrong.

It's a non-event, as far as cops go.

Cops have been known to break down doors while the homeowner is standing beside them offering to unlock them

> Too often, in software, it ends up being I was here first! Someone throw up a few fences behind me!!

Why do you think I got Patent #1 for my time machine! Boy, was that a wild shootout at the patent office! EVERYBODY came!

Had I points for it, I would upvote you.

A reply which is informative, relevant to the post it is replying to, and non-confrontational. I appreciate replies such as this.

Hail, friend, and thank you.

I assume you're talking about desktop software.

Linux is kinda the server king these days.

> they cannot even get OS updates right.

Which OS update did they fumble? ... as opposed to not patching something that they couldn't validate before the monthly Patch Day release? (Or alternately the Emergency Patch Release window?)

While I have my own complaints about their OS updates, it's because they've used them for pushing features as well as security, and some of those features were user-hostile. (Windows Genuine Advantage, anyone?)

> But always another security hole to patch...

And there always will be. You imply that Microsoft is intentionally leaving security flaws in their software and extorting people for additional security.

Software development does not work like that.
Computer security does not work like that either.

A good piece of computer security rests in poking you until you update your own software to fix known issues. And most institutions do need that poking.

Flaring off garbage dump methane - or capturing it - has been a thing since at least the '70s, that I know of.

Shodan will use its own voice, or use meat puppets to send messages as it pleases.

Of course, once Shodan has taken over, there won't be a voice actor's guild to worry about.

So... you're in favor of the solution used for the Young Lady's Illustrated Primer?

> Maybe you missed the part where Congress alone has the power to regulate commerce across US borders.

Would you feel the same if the law said "sell to (person X) or be banned"? How about if the law targeted YOUR company, rather than one currently owned by foreign shareholders? Say, by name? (Well, maybe not by name explicitly, but with enough qualifiers that your company is the only one that could possibly qualify.) Still approve of that power?

And remember Wickard v Filburn.

So... how does an Uber driver having to get Food Stamps or Supplemental income from the government not count as Uber getting a handout in the form of relaxed labor requirements?