This is exactly what I would have expected from an Apple "business" offering. Apple's whole shtick is to take away most of your choices so that they can focus on the limited number of things they still allow you to do. Businesses need the opposite of that.

Businesses will show up needing integrations with multiple existing third party (often legacy) systems with inherent complexity and then want something that allows them to manage that complexity since it can't be eliminated. It's not really possible in that context to have the experience people otherwise expect Apple to provide, and the thing Apple normally does will often make it worse by removing choices you may have needed in order to make interaction with a third party system less of a pain.

The problem is that "secure firmware" is a relativistic statement. You ship something with no known bugs and then someone finds one.

What you need is not a government mandate for infallibility, it's updates. But then vendors want to stop issuing them after 3 years, meanwhile many consumers will keep using the device for 15. And "require longer support" doesn't fix it because many of the vendors will go out of business.

What you need is the ability for consumers to replace the firmware.

That solves the problem in three ways. First, when the company goes out of business you can still put a supported third party firmware on the device. Second, you can do that immediately, because the open source firmwares have a better security record than the OEMs to begin with. And third, then the device is running a widely used open source firmware instead of a custom device-specific proprietary black box, which makes it easier for the government or anyone else who is so inclined to find vulnerabilities and patch them.

So, we don't need an electrical code to enforce correct wiring. We just need a kind soul driving by our house to notice the company who built our house wired it up wrong. Then that kind person can inform the company of the bad wiring.

And if the company agrees it's their wiring at fault, we can wait 3 months for a fix. Then the next month another kind soul finds more bad wiring. And we just have to hope there is an army of kind strangers out there checking every building built by every company. And hope in the meantime that the building doesn't burn down.

Meanwhile, people have to live with bad wiring for years, that could have been completely prevented to begin with, by an electrician following the electrical code we all already agree on.

For an analogy to work, its underlying elements should have a relation to the target. Your analogy is not in the same universe. For electrical work, there is a baseline of materials and practices which is known to produce acceptable results if adhered to. For software, there isn't. (Don't tell me about the Space Shuttle. Consumer software doesn't cost tens of millions and isn't written with dedicated teams over the decades.)

Software absolutely has baseline materials, have you never written software before? Never used a library? Programming language? API? Protocol? Data format or specification? CPU instruction? Sorting algorithm? A standard material is just a material tested to meet a standard. A 10d nail is a 10d nail if it meets the testing specs for 10d nails (ASTM F1667). Software can be tested against a spec. It's not rocket surgery.

No known practices with acceptable results?? Ever heard of OWASP? SBOMs? Artifact management? OIDC? RBAC? Automated security scanning? Version control? Code signing? Provenance? Profiling? Static code analysis? Strict types? Formal proofs? Automated testing? Fuzzing? Strict programming guidelines (ex. NASA/DOD/MISRA/AUTOSAR)? These are things professionals know about and use when they want standard acceptable results.

What are you talking about re: space shuttle and tens of millions? Have you actually read the coding standards for Air Force or NASA? They're simple, common-sense guidelines that any seasoned programmer would agree are good to follow if you want reliability.

I think the problem here is there's too many armchair experts saying "Can't be done" when they don't know what they're talking about, or jaded old fogeys who were on some horrible government project and decided anything done with rigor will be terrible. That's not the way it is in the trades, in medicine, in law, and those folks actually have more to think about than software engineers, and more restrictions. I think SWEs are just trying to get out of doing work and claiming it's too difficult, and the industry doesn't want to stop the free ride of lack of accountability it's had for decades.

AI is going to introduce 100x more security holes than before, so something will have to be done to improve security and reliability. We need to stop screwing around and create the software building code, before the government does it for us.

GP was almost certainly referring to "They Write the Right Stuff," an old article that is pretty well known in spaces like this. It discusses a process that (a) works extremely well (the engine control software was ~420 kLoC with a total of 17 bugs found in a window of 11 versions) and (b) is extremely expensive (the on-board shuttle software group had a budget of ~35 million per year in mid-90s dollars).

Even before we start, you immediately have a problem. When a house is built, the thing to be inspected is built in the jurisdiction requiring the inspection.

If you have some code being written in China or India and some US jurisdiction wants to require the sort of programming practices you're suggesting, is the US going to send inspectors to other countries? How do they even validate that the processes are being followed either way? And what are you proposing to do with all the existing code that was written in the past? Requiring the company to have a checklist included in their book of procedures that nobody is actually following doesn't solve anything.

The way this nominally works for building inspections is that the inspector waits until after the work is done and then inspects the work, but that's a validation of the result rather than the procedures. The equivalent for code is an audit, which is dramatically more labor intensive for the government than sending someone to have a quick look to see if the wires appear to be hooked up right, if you expect it to actually do anything.

> I think the problem here is there's too many armchair experts saying "Can't be done" when they don't know what they're talking about

There are too many armchair experts saying "if they can land a man on the moon then surely they can land a man on the sun."

> That's not the way it is in the trades, in medicine, in law, and those folks actually have more to think about than software engineers, and more restrictions

First notice that you're listing all the professions where costs are out of control and the incumbents have captured the regulators to limit supply.

On top of that, those regulations are not even effective in solving the analogous problem. For example, the ethical requirements for lawyers nominally require them to do the thing public defenders aren't provided with the ability to do, i.e. spend enough time on the case to give the client adequate representation. Public defenders are given more clients by the state than they have the resources to actually represent. Quite unsurprisingly, this utterly fails to solve the problem of indigent defendants not having adequate representation.

But that's the thing most analogous to what you're proposing. If you nominally require companies to do something they otherwise have no real incentive to do, which you have no efficient way of verifying that they've done, and provide them no additional resources to do it, you can't expect "they will now do it well" to be the result.

> I think SWEs are just trying to get out of doing work and claiming it's too difficult, and the industry doesn't want to stop the free ride of lack of accountability it's had for decades.

What makes you think the software developers are the ones objecting to it? They, and the incumbent companies trying to raise costs on smaller upstarts, are the ones trying to establish a new racket and exclude newcomers from the industry. The ones objecting are the customers, and anyone who values efficiency and efficacy.

> We need to stop screwing around and create the software building code, before the government does it for us.

"We need to stop screwing around and create the Torment Nexus, before the government does it for us."

It would certainly help, but no economically feasible amount of auditing and best practices could lead to having a warranty on that software. My thesis is that our current understanding of software is fundamentally weaker than that of practical applications of electricity, so it makes no sense to present analogies between the two.

Jokes aside, there's so much low-hanging fruit in IoT it's utterly ridiculous. Having any standards at all would be an improvement.

Trying to make analogies from software to hardware will always fall down on that point. If you want to argue that there should be stricter security & correctness requirements for routers, maybe look more toward "here is how people actually treat them in practice" with regard to ignoring updates...?

As in my example, some random stranger needs to first find out your "house" (the vendor's software) is wired wrong. And this needs to happen for every "house" (every piece of software). While waiting for this to be discovered, your house burns down (hackers penetrate millions of devices, or perhaps just Microsoft Sharepoint that the govt is uses).

I don't think that's enough. Most people aren't going to replace the firmware on their device with an open source replacement made by someone else. Now if the firmware was required to be open source, and automatic updates could be seamlessly switched over to a non-profit or government agency in the event of the company going out of business, you might have something. But there would be a lot of details to work out.

That "genericness" is what's missing in the router space. Literally every consumer router that comes out has some super proprietary design that's meant to be replaced in its entirety in 3-4 years. Many can run Linux, sure, but how many have a replaceable/upgradable board? How many are like a PC where you can install whatever OS you want?

Sure, you can forcibly flash a new OS (e.g. OpenWRT) but that is a hack. The company lets you do that because they figure they'll get a bit more market share out of their products if they don't lock the firmware so much. They key point remains, however: They're not just hardware—even though they should be!

The world of consumer routers needs a PC-like architecture change. You can buy routers from companies like Banana Pi and Microtik like this but they're not marketed towards every-day consumers. Mostly because they're considered "too premium" and require too much expertise to setup.

I think there's a huge hole in the market for consumer-minded routers that run hardware like the Banana Pi R4 (which I have). When you buy it, you get the board and nothing else. It's up to you to get a case and install an OS on it (with OpenWRT, Debian, and Ubuntu being the normal options).

We need something like the Framework laptop for routers. Not from a, "it has interchangeable parts" perspective but from a marketing perspective. Normal people are buying Framework laptops because geeky friends and colleagues recommend them and they're not that much more expensive/troublesome than say, a cheap Acer/Asus laptop.

This is the most thoughtful comment I've seen on this topic. I hadn't even considered this approach, but you're right. The hardware needs to be commoditized in a way that makes the software a layer that can be replaced. Someone else said this but in a way that described flashing a third-party package as HN nerds would. That's too much effort and it won't work.

It should be as generic as PC hardware. Every router manufacturer should build devices that can run the OSes of all their competitors' devices and vice versa. Maybe some features won't work with the other company's OS cause it isn't designed for that, but overall it ought to be replaceable. "Normal people" still wouldn't flash a new OS, but making it an option is a step towards making devices more secure.

If every router could get a new OS as easily as your techy friend could install Firefox or an ad-blocker or whatever else, we'd start the long march to a real longterm solution.

Or they could just run an existing open source OS, like openwrt.

i will allow sunsetting and removing ipv4 after 2020 (that is more that 5 years ago)

What they're actually trying to do is obsolete the devices faster because then they won't add new protocols or other software-only features to older devices so you have to buy a new one, or only expose features in more expensive models that the less expensive hardware would also be capable of doing. Which is all the more reason for us to not have that.

And if they were required to allow anyone to replace the firmware then you would get companies reflashing and selling them that way from the store because the free firmware has more advertisable features. There's a reason you can go to major PC OEMs and pick between Windows, Linux and "don't even install one" and the reason is that if you give customers a choice, they generally don't want their software to be made by the OEM.

This is exactly why. Obsoleting older devices keeps (in their eyes) the purchase treadmill running. Making a device that could be updated forever means never making another sale to that user (unless some physical failure happens, or the user wants a second one).

Anyhow, this is a common enough practice. Many companies that provide infrastructure type software and sell to Fortune 500 companies often have a clause whereby they deliver their software to their customers if the shut down.

And you can't wait until after they're dead to have them do something. By then they're gone or judgment proof because they're already bankrupt. Especially when you're talking about companies that aren't in the jurisdiction because you can't even make them do anything when they're already not shipping products to you anymore. It has to be from Day 1.

There was a promising design from Azure Sphere for 10 years of IoT device Linux security updates from Microsoft, even if the IoT vendor went out of business. This required a hardware design to isolate vendor userspace code from device security code, so they could be updated independently. Could be resurrected as open standard with FRAND licensing.

A decade of security updates for routers would require stable isolation between low-level device security and IoT vendor userspace. In Sphere, the business model for 10 years of paid updates was backed by hardware isolation. Anyone know why it didn't get market traction? There was a dev board, but no products shipped.

Oh gee. Maybe because no one sane looks at an industrial product adversarially built to confine and prevent the end user from doing anything to it and wants anything to do with it? It isn't rocket science. If I can't buy it and get a damn manual and programming tools to twiddle all the bits, I'm not adopting. Not even at gunpoint, or if you're the last supplier on Earth. I won't be held voluntarily hostage because a bunch of corporate types, and bureaucrats decided to work together to normalize adversarial silicon. Multiply by everyone I know, and anyone with enough braincells to rub together to pattern match "regulatory capture" and "capitalist rent seeking". You can call me a bore if you want. The incentives are completely unaligned, as this place is so fond of saying. End user adoption is built on faith in product. End user capacity to have faith in the product is based on the capability of the technically savvy purchaser to keep the thing running, repair, understand, and explain it to the non-technically savvy. I look at adversarial silicon isolating me from the hardware; I have to sound off-my-rocker to my non tech-savvy friends family to actually explain that yes, there are industrial cabals out to keep you from doing things with the thing you bought.

It doesn't make any business sense, or practical sense whatsoever. Don't bother quoting regulations that demand the isolation (baseband processors and radio emission regulations) at me. Yeah. I know. I've read those too.

Get over business models that require normalized game theory, and we can talk. Until then, enjoy never having nice things catch on. Hint: your definition of "nice" (where I can't control how it works after purchase) is mutually exclusive with things I'm willing to syndicate as "nice". Nice people don't manipulate others.

Hence the isolated device security hardware should be an open standard with FRAND licensing. If devices ship with a prepaid commercial license for 10 years of device security updates from BIG_CO, the default commercial baseline would be raised independent of IoT vendors. Tech-savvy users could then have the option to replace the device security layer with the OSS _or_ competing commercial stack of their choice.

Which is not a real issue in practice. It's like arguing that warranty doesn't matter because the vendor might go out of business.

Then if you're a five person shop making routers and you publish the firmware source under a license that allows anyone to make and distribute modifications you're all set. And if you're Apple or Microsoft and you want to make a router without publishing the source code, you post the enormous bond which you have no trouble doing because you're an enormous company and you're all set.

Are you serious? The number of IoT companies that make a product for a couple years and then go bust is enormous.

> It's like arguing that warranty doesn't matter because the vendor might go out of business.

How are you going to use a warranty from a company that no longer exists to get a security update for a product a million consumers still have?

> How are you going to use a warranty from a company that no longer exists to get a security update for a product a million consumers still have?

I was not talking about using warranty for this.

But then many consumers value cost or other things over security, which is why you need all the devices to be able to be updated even after the vendor is gone.

> I was not talking about using warranty for this.

Then why are you talking about a warranty to begin with?

> That solves the problem in three ways.

That alleviates the problem, but definitely doesn't solve it. Updates are still required, and most people will never update devices they don't directly interact with.

Continue your chain of reasoning: DNS name becomes unmaintained, gets grabbed by open source / foundation / gov agency, pushes open source firmware update.

Same thing happens today with botnet C&C servers.

Tough shit. You provide updates for the mandated amount of time, or you lose access to the market. No warnings, you're just done.

> And "require longer support" doesn't fix it because many of the vendors will go out of business.

Source code escrow plus a bond. The bond is set at a level where a third party can pay engineers to maintain the software and distribute updates for the remainder of the mandated support period. And as time passes with documented active support, the bond requirements for that device go down until the end of the support period.

Requiring that the customer be allowed to replace the firmware is essential, I agree, but not for this reason. That requirement, by itself, just externalizes the support costs onto open source communities. Companies that sell this sort of hardware need to put up the resources, up front, irrevocably, to ensure the cost of software maintenance is covered for the entire period.

Personally I don't buy consumer router hardware that I can't immediately flash OpenWRT on, but that option is not suitable for the general public.

The real problem is: assuming that firmware can be updated, how do you run a nationwide update programme overcoming a population that doesn't really care or have the skills to do it.

Vehicle safety standards (mandated annual safety checks like the UK MoT test) is the closest analogy I can think of - in the UK you can't insure your car without a valid MoT. If you were serious, then maybe tying ISP access to updated router firmware would be the way to go.

How does one ensure the support for the devices is funded?

Do you mean 'out of business so they cannot provide updates'?

Because, if you mean cheap companies won't be able to provide updates and stay in business, surely that's the point. Companies would have to shim to a standardised firmware that was robust, or something, to keep costs down.

Isn't this all to protect USA business interests and ensure the Trump regime can install their own backdoor though?

You managed to say that with a straight face!

Let's keep this ... non partisan. You might recall that many vendors have decided to embed static creds in firmware and only bother patch them out when caught out.

How on earth is embedded creds in any way: "no known bugs"?

I think we are on the same side (absolutely) but please don't allow the buggers any credibility!

You misunderstand how organizational knowledge works. You see, it doesn't.

Some embeds the credentials, someone else ships the product. The first person doesn't even necessarily still work there at that point.

Remember that time NASA sent a Mars orbiter to Mars and then immediately crashed it because some of them were using pounds and the others newtons? Literally rocket scientists.

The best we know how to do here is to keep the incentives aligned so the people who suffer the consequences of something can do something about it. And in this case the people who suffer the consequences are the consumers, not the company that may have already ceased to exist, so we need to give the consumers a good way to fix it.

It doesn't matter. When you are building software, you build a security process, not security individuals or stuff like this happens.

>orbiter to Mars and then immediately crashed

Right, and it cost NASA 1.4 billion+ is direct losses to them. With software writers the losses occur to the end user.

You can't solve an incentive problem with process because then they lack the incentive to follow the process.

To enforce a law you need to be able to identify a violation at a point in time when you can still impose a penalty for it. When a device is first released, you don't yet know if anyone will find a vulnerability in it or if the company will stay around to update it if they do. By the time you find out if it will happen, you can't punish them for the same reason they can't provide updates: they've ceased operations and no longer exist. So that doesn't work.

> With software writers the losses occur to the end user.

Which is why the end user needs to be empowered to efficiently prevent the losses, since they're the one with the strongest incentive to do it.

Enterprise must be able to pay for support for as long as they use devices. Solved.

I can only think of requiring the devices to be serviceable, as you say. The absolute only way I can think of charging the consumers, ie the owners, is to charge a tax on internet connections. Then the government would pay somehow vulnerability hunters working along patchers, who can oversee each other.

Consumers are tricky: if you include support in the sale price, the company will grab the money and run in 3 or 5 years; and some companies will sell cheaper because they know they won't provide support.

The problem is not that people need a free meal. The problem is that people need the ability to eat some other food when the OEM's restaurant is closed or unsatisfactory.

Who ensures the maintainers for these routers are incentivized to do this competently and in a timely fashion?

You haven’t answered these key questions, which are equally or more important than whether a community firmware can be applied.

99% of the firmware is not actually device specific, and more to the point no one has to create it because it already exists and is already maintained. You don't have to write the Linux kernel from scratch for every different device.

The problem looks like this: The vendor creates an opaque blob that runs on part of the device. This is only 1% of the code that runs on the device but it's the device-specific part. Moreover, that code interacts with the kernel, but was written to assume a specific older version of the kernel which is now out of date.

Updating it to use a newer kernel requires very little work if you have the source code -- in that case much of it is just automated refactoring -- but without the code it becomes a much more arduous reverse engineering effort. Likewise, if the device-specific code has a bug and you have the source code, the cause of the problem is easier to identify and the fix is to change two lines and recompile it. But without the code just identifying the problem becomes an intensive reverse engineering task again.

So you have a community which is willing and able to do a finite amount of work. Some subset of the device owners are programmers and if they can spend two hours fixing a problem that they themselves have, it gets fixed for everyone. But if fixing the same problem takes them two months, they don't. Therefore, the solution is to do the thing that allows it to take the shorter amount of time so that it actually happens.

Businesses aren't incentivized to maintain it and hoping that the community can support it by opening it is perhaps necessary, but it's far from sufficient.

Either the business or maintainers need to be sufficiently incentivized--whether it's through funding, reputation, or something else (graduate-student torture).

No it isn't, software formally verified to EAL7 is guaranteed to be secure.

Then what's KPTI etc.?

> which also needs to be formally verified for a secure system.

Now we just need a correct and complete theory of quantum mechanics and to do something about that Heisenberg thing.

In general formal proofs tell you if something is true given a stipulated set of assumptions. They don't tell you if one of the stipulated assumptions is wrong or can be caused to be wrong on purpose by doing something nobody had previously known to be possible.

Even EAL7 can't guarantee anything. It can only say that the tools used for verification didn't find anything wrong. I'm not saying the tools are garbage, but the tools were made by humans, and humans are fallible.

400,000 km is around two years for a commercial driver, isn't it?

What kind of vehicle is it though? There are battery electric vehicles available now in almost all commercial vehicle segments in Europe.

Isn't this the purpose of a loan? You have a truck with a higher purchase price that adds ~$2000/month to your loan payment but then you save ~$3000/month in diesel.

And you're saving a lot more than that in diesel when it's $5/gallon.

If you need a lot of low quality code in a hurry, AI can definitely do that for you now. The path to making money by writing mediocre code for people who don't really care that much is going to look like managing a network of bots that constantly spit out a huge volume of code that kind of mostly works and if it sometimes doesn't then whatever. The people in it for the money can probably make a decent amount in the "high volume low quality" space.

Then there's the code that needs to actually work, or have some thought put into it. Consider the process of writing IETF RFCs. Can you get an LLM to spit out English text that conforms to their formatting? Absolutely you can. Is the RFC it emits going to be something you'll want to have the whole world trying to implement as a standard? Not likely. So the people doing that are going to be doing it something closer to the old way.

This seems like a non-problem to begin with. There are electric semis with a 500 mile range, which at 60 MPH is over 8 hours of driving, i.e. the legal maximum in most places. The same trucks can also add 300 miles of range in 30 minutes, which adds five hours of driving in the time it takes for a typical lunch break. Why do you even need to swap the batteries?

Chemical feedstocks are only a small percentage of the petroleum market. The large majority is fuel. If you stop burning it there is plenty of supply and you're not worried about whether you can get any from Iran.

Solar actually makes a lot of sense for a significant fraction of the grid. It's specifically excellent for electrifying transportation, because most cars are stationary at an office park during the majority of sunlight hours. Install chargers there and you solve the problem of people in apartments not having them at home and you don't have to worry about the intermittency because you're literally using it to charge batteries. Solar is cheaper at the cost of intermittency, so for the things where intermittency doesn't really matter it makes obvious sense.

When it sucks is when you need reliable power in winter at night. Which is what nuclear is good at. But then... you can use both, each one for the thing it's better at.

The first is the mentally ill. Intuitively it seems desirable to say that someone undergoing treatment for e.g. depression shouldn't buy a gun. The problem here is the massive perverse incentive. If you're pretty depressed but you're not inclined to forfeit your ability to buy firearms, you now have a significant incentive to avoid seeking treatment. At which point you can still buy a gun but now your mental illness is going untreated, which is very worse than where we started.

The second is career criminals, i.e. people who have already been convicted of a crime and want to commit another one. The problem here is that career criminals... don't follow laws. If they want a gun they steal one or recruit someone without a criminal record into their gang etc., both of which are actually worse than just letting them buy one.

On top of that, when people get caught, prosecutors generally try to get them to testify against other criminals in exchange for a deal, who are then going to be pretty mad at them. Which gives them a much higher than average legitimate need to exercise their right to self-defense once they get back out. And then you get three independent bad outcomes: If they can't defend themselves they get killed for snitching, if they acquire a gun anyway so they don't then they could go back to prison even if they were otherwise trying to reform themselves, and if they think about this ahead of time or are advised of it by their lawyers then they'll be less likely to cooperate with prosecutors because the other two scenarios that are both bad for them only happen if they snitch.

Meanwhile the proposal was only ever expected to address a minority of the problem to begin with because plenty of the people who do bad things can pass the background check. And if you have a policy that doesn't even solve most of the original problem while creating several new ones, maybe it's just a bad idea?

Are you saying everyone should be allowed to have a gun?

Because that's genuinely an interesting position. My proposal came from the view that if we need gun control, we should make sure it cannot be abused into a self reinforcing loop where a completely disarmed population is the end state (and possible end goal).

I would be interested if there is research into these indirect effects you talk about. For example I'd like to know how often people actually snitch, whether there are attempts/procedures to protect info about who snitched, how often they are killed for snitching, how often having a gun helps them, etc. E.g. because if a hit can come at any time from anywhere, having a gun might only give a feeling of safety.

We can probably make an exception for people who are currently in prison.

> I would be interested if there is research into these indirect effects you talk about.

This is a political question so all of the research is performed by partisans for one side or the other. On top of that, most of this stuff is inherently hard to measure, e.g.:

> For example I'd like to know how often people actually snitch, whether there are attempts/procedures to protect info about who snitched, how often they are killed for snitching, how often having a gun helps them, etc.

The government is going to try to avoid disclosing who snitches and the criminals are going to try to find out and retaliate. But if the criminals have a way of finding out (e.g. bribe the cops) then it will be illegal and no one will want to admit it's happening, and likewise if they successfully retaliate they'll want to do it a way that doesn't catch them a murder conviction.

So now someone few people are going to notice winds up dead. If they were an informant at some point in the past, those records are closely guarded for obvious reasons, so how is someone trying to collect statistics even supposed to know that? Likewise, if their death is made to look like an accident or the killer is never caught, how do you know how often it was actually an accident or an unrelated crime?

Which then leads into this:

> E.g. because if a hit can come at any time from anywhere, having a gun might only give a feeling of safety.

Part of the premise of having a weapon is as a deterrent, which gives you another measurement problem: If a lot of the snitches are keeping weapons even though they're not allowed to and that's successfully deterring anyone from trying to kill them, neither the snitches nor their hitmen are going to admit to either one because they're both breaking the law.

The lack of anybody having good numbers also feeds into the problem itself, because then the snitches have to guess whether it will help them and a lot of them are going to regard the risk of getting killed as a bigger threat than the risk of getting caught with a gun. Or worse, the hitmen will like their chances better when the law requires their target to be unarmed. And both of those happen stochastically as a result of the inherent uncertainty regardless of your own guess for how effective the victim having a weapon is at deterring retaliation.

The first is the deterrent to reporting, both before and after a conviction. In the original case the victim now can't even report a domestic misdemeanor in the subculture where gun ownership is sacrosanct because either they themselves consider "permanently can't own a gun" too severe a penalty for the crime they were trying to report, or they know the perpetrator will and they're afraid of being booted out into the street or worse if they do it. And for someone who already has a conviction but still has a gun, now the other people in the household can't be calling the police for any reason because if the police find the gun the person keeping a roof over their head is going to prison for years. In general you want the penalties for things to be proportionate and making them disproportionate makes things worse instead of better.

The second is that the victim, or any future victims, are living in the same household as the perpetrator, and then how do you answer this question: Is the victim now prohibited from having a firearm? You're screwed either way, because if you say no you're denying the innocent victim's right to self-defense but if you say yes the perpetrator now has an excuse to have them in the house.

Then these things combine poorly because the overconfident drunk who wants a gun is willing to bet they can convince anyone it belongs to their sweetheart but the sweetheart is nowhere near as confident they can control what happens if they call the police.

FWIW, this is why i said "anti-social" and not criminals in my original post. I think with many habitual abusers, the warning signs are there for a long time (often from childhood) before they break the law and before they are convicted.

> "permanently can't own a gun"

This points to other issues with the current system of punishments. OOH you have people claiming prison is meant for rehabilitation and released prisoners are to be considered fully rehabilitated, having paid their debt (which they argue is to society and not the victim) and not longer a threat to society. OTOH you have the reality that many people are repeat offenders and that also some people can genuinely change (or at least maintain the facade of internal change for the rest of their life).

Maybe what we need is a post-prison evaluation to determine which case we're dealing with and whether restrictions (if any) should be temporary or permanent.

---

FWIW regarding domestic violence, I think any target of it would be crazy to stay with the aggressor in the same household. People who commit it are often deeply and inherently anti-social without a way to treat them. Instead, as a society, we should be looking for ways to ease the process of their targets separating from them permanently. Case studies of what this kind of abuse looks like should be part of primary education, the abuser should be required to pay for housing for a reasonable period of time so the target can move away, etc.

But then what are you proposing to do? Tell people they lose a right based on vibes even though they've never been convicted of anything?

> Maybe what we need is a post-prison evaluation to determine which case we're dealing with and whether restrictions (if any) should be temporary or permanent.

Maybe we should reorient prisons into places that actually rehabilitate prisoners and then release the ones that are actually rehabilitated.

> FWIW regarding domestic violence, I think any target of it would be crazy to stay with the aggressor in the same household.

This is one of the things which is hard for the system to tell from the outside. There are legitimate predators with no record because they have the right friends. Then there are alcoholics who are violent drunks and therefore have a record, but haven't had a drink in ten years and then everything seems fine until they have a relapse. Or the exact same thing except that they stay clean and then everything actually is fine.

There are also people who live with an occasionally violent partner because the alternative was their relentlessly violent parents. I find it hard to judge people who have only bad options and then pick one of them.

> the abuser should be required to pay for housing for a reasonable period of time so the target can move away, etc.

The situation commonly happens to begin with because they're both poor and can only stay above water by sharing accommodations. If you want shelters then build shelters; we don't need things that would only work when the perpetrator has enough money to lawyer their way out of it anyway.

Yep. The issue becomes what do to with those who are not or cannot be rehabilitated. But maybe it would be politically tenable, after all, some places have "three strike laws" which are essentially a heavy handed way to get a similar effect.

> they lose a right based on vibes > hard for the system to tell from the outside

Same issue. The people close to the person know but are hard to prove to outsiders. BTW I wouldn't call it vibes. It's vibes if you've seen it the first time and haven't had any education about cluster B disorders. When you have seen a few people with them and know the names and patterns, you can have a fact based discussion about what drives the person to do what they do and what the probabilities of harmful acts are.

For example, if somebody has a documented pattern of bullying others, especially from childhood, it should reduce their rights unless they prove they have undergone successful treatment. It's common to give child offenders more leeway but I think it should be the opposite. Those who offend from childhood do so because they haven't yet learned to hide their nature and abusers are who they really are internally.

> There are also people who live with an occasionally violent partner because the alternative was their relentlessly violent parents

Maybe the real problem here is housing. The second problem here is that violent (physically or emotionally) people get to keep their property instead of the target, especially when they clearly use the property as leverage against the target.

> enough money to lawyer their way out of it

Yes another systemic issue. We should do studies about the effects of layers on the outcome of cases. Maybe they happen but I haven't heard about any. We should redefine laws to close loopholes and make them as simple as possible so the need for lawyers is reduced as much as possible - I think the need for layers is a symptom/metric of the system not working. We could also cap the allowed spending on layers.

convicted in any court of a crime punishable by imprisonment for a term exceeding one year;

who is a fugitive from justice;

who is an unlawful user of or addicted to any controlled substance (as defined in section 102 of the Controlled Substances Act, codified at 21 U.S.C. § 802);

who has been adjudicated as a mental defective or has been committed to any mental institution;

who is an illegal alien;

who has been discharged from the Armed Forces under dishonorable conditions;

who has renounced his or her United States citizenship;

who is subject to a court order restraining the person from harassing, stalking, or threatening an intimate partner or child of the intimate partner;

or who has been convicted of a misdemeanor crime of domestic violence.

Nitpick but violence is not wrong on its own. Self defense is also violence and should not prevent your from having a gun for next time. Defense of others or reasonable defense of property likewise.

Forcibly removing a person from power who has gained or maintained that power without consent of those he has power over is also violence and even most current states allow us to celebrate it (usually as long as we don't argue it should be repeated against the current government).