Hot take: ISO standards do not meaningfully matter to me, because an extremely impoverished, unbanked person cannot freely access their contents from a smartphone or library computer.
Therefore, I go out of my way to avoid referring to them or relying on them in anyway.
@soatok ISO standards are behind a fuckin paywall?
jesus christ
@ftg i hope you perform that job according to the rules. it sure would be terrible if such a standard were to end up on torrents or something.
(yeah, i know, why take that risk when nearly [or exactly] no one would even seed it. it's all so depressing.)
It is often hard to get the people that fund the making and updating of standards to also pay for publishing, maintdnance of the organisation that publishes and updates, etc.
I do comparable work, and though we would like to see that these costs are paid in advance by the funding parties, they can't go much further than a little contribution for a minimum of dissemination work.
@matildalove
Their roots are in manufacturing and constructions where the price of the standards are almost incidental compared to the costs of producing the final product.
Having said that I do still think they're often massively overpriced.
They're industrial standards. There's an underlying assumption that you're not going to be able to make use of them without massive amounts of capital equipment, and a further assumption that if you're not able to make use of them, they're probably not very interesting or relevant to you.
Maybe those assumptions are flawed. But they're at least not surprising.
@geoffl @publius @aires @matildalove @soatok You have no need to view the standard. If a product/service complies they can present you a valid certificate.
@matildalove @emilion Pretty sure a lot of the ISO nonsense I've pasted into client websites doesn't mean shit.
I didn't even know what it was (well I aorta did but also not really...) until I read this thread.
Yay. Love my job. Writing boring crap and pasting it on the internet. Whilst lying naked in bed, peeling onions with my feet.
@emilion @publius @aires @matildalove @soatok
Yeah. lol. I ain't trusting that. Also, several ISO standards are based on known faulty lookup tables that are still used because it would break consistancy to fix them. If you can't independently verify it complies to a standard and where it might deviate from expectations or other standards then it's a pathetic excuse for a standard.
And that certificate still doesn't say exactly what it's complying with.
@geoffl @publius @aires @matildalove @soatok If you have a problem with a standard's requirements, it is best to reach out to a specific working group (WG).
As for prices, shop around. I bought from evs.ee in the past.
https://openregulatory.com/articles/accessing-standards
@emilion @geoffl @publius @aires @matildalove @soatok
Contrary to popular belief we never accepted their offer of Federation
#NZisAdifferentCountryToOz
Edit: their was your
@emilion @itisiboller @geoffl @publius @aires @matildalove @soatok eh? It isn't up to the auditor to say if the scope is not acceptable. If the business has defined the scope and applicable controls (via a risk management process), then the auditor audits against that. This is why seeing the SoA is important.
The scope is on the cert, but not the controls that have been selected.
Now, the auditor could raise a non-conformity against the risk management process if it was piss-poor.
@puck @itisiboller @geoffl @publius @aires @matildalove @soatok "ISO 27001 Statements of Applicability (SOAs)—a confidential compliance report type—are available upon request."
@puck @itisiboller @geoffl @publius @aires @matildalove @soatok Such as Hetzner. If this is a deal breaker vote with your legs.
The real fun starts when you have purchased two products - both of which are certified to comply with the standard. And then you find that those two products don’t work together anyway.
If you can’t read the standard, how are you ever going to find out which of the two products is faulty?
@kasperd @soatok @geoffl @publius @aires @matildalove I am not saying this.
Interpretations and implementations of a standard can differ which may lead to interoperability problems.
Example:
"Both versions of the ISO 32000 standard define the border array using the following sentence:
“The array consists of three numbers defining the horizontal corner radius, the vertical corner radius, and border width, all in default user space units.” (ISO, 2008, ISO, 2008, p. 384; ISO, 2017, ISO, 2017, p. 465)
Accordingly, the interpretation of the standards used in PDFBox agrees with the standard; border width can be specified with a floating point number. However, the Adobe reader software expects an integer, and ignores non-integer values, such as 3.0, by treating them as having a value of zero."
(...)
"
A contributor reports in PDFBOX-3983 that Acrobat Reader fails to display some outlines and borders where the miter limit is set to a value of zero or less. The miter limit indicates how junctions between lines should be drawn. The ISO 32000-1:2008 standard states:
Parameters that are numeric values, such as the current colour, line width, and miter limit, shall be forced into valid range, if necessary. (ISO, 2008, p124)
The statement was revised in ISO 32000-2:2017 by the replacement of “forced” with “clipped” (ISO, 2017, p. 157).
Accordingly, one interpretation might be that a compliant PDF reader would be able to display a document correctly regardless of the value of the miter limit recorded because it would automatically correct the value. However, Adobe implementations appear not to correct the value."
https://www.sciencedirect.com/science/article/pii/S0164121219302262#bib0069
@kasperd @soatok @emilion @geoffl @publius @aires @matildalove Regulatory compliance. Efficiency and cost reduction. Consumer confidence and trust. Safety and risk reduction. Consistency.
I feel like the role of standards specifically in software, where interoperability is a frequent priority, have eaten people's brains such that they think it's the ONLY reason for a standard to exist. It's not.
@peterb @kasperd @soatok @emilion @geoffl @publius @aires @matildalove "Consumer, our product complies with this relevant standard. Are you not confident and reassured?"
"Where can I read the standard so I know what properties of your product to be reassured about?"
"You cannot"
"No I am not particularly reassured"
I don’t feel any of the reasons you give really provide a good argument in favor of secret ISO standards. Let me address each individually:
Regulatory compliance
If you already have regulations, you don’t need an ISO standard to repeat the same thing. What you have to comply with is the regulation and not what the ISO standard says. Besides in any reasonable system the words of the regulations are there for the public to read.
Efficiency and cost reduction
Regulations and cost reduction do not directly provide either of those, quite the contrary. The more rules you have to comply with, the higher the cost. However interoperability can help introducing more competition, which can drive down consumer costs.
Consumer confidence and trust
I am not sure how much trust you gain by mentioning an ISO standard which consumers don’t understand anyway. Regulations and oversight with compliance can help build consumer trust. And delivering products which are good, safe, and interopperable can also help build consumer trust. Standards may be useful as an intermediate step to reach that goal.
Safety and risk reduction
This is something regulations are supposed to achieve. If regulations are lacking and the industry voluntarily introduces standards to address that, I will say that could be a sign of an industry worthy of trust. But if this is the purpose of the standard, then I find it immoral to be keeping the contents of the standard secret.
Consistency
Any reasonable definition of that would imply interoperability.
@kasperd @soatok @geoffl @dragonfrog @publius @peterb @aires @matildalove Not that I want to continue this particular thread but let's address some of your claims.
"secret standards" - ISO standards are not secret, and are available to everyone, for a fee. I do not understand why you claim they are secret.
*regulatory compliance - regulations often call out 'best industry practices' - which mean international standards. Lawmakers are rarely experts, standardisation bodies usually include such experts. Also updating standards does not require a legislative process.
*cost reduction - you don't have to reinvent the wheel and fall into pitfalls your predecessors fell into in the past.
*consumer confidence - easy to explain. You go to a shop to buy bolts and you know they will have standard threads - e.g. M5, not tied to each manufacturer's "innovation" in this area. Would we expect legislation/regulation in this area?
*safety - ISO 24801 discusses requirements for scuba divers. Do you find it worthy of legislative efforts to regulate?
@emilion @kasperd
A few of your examples point to my own biggest objection to this situation.
It is essential in a democracy that everyone be able to know what the laws are - both those that apply to them, so they can avoid breaking them, and those that apply to others for their own protection, so they can have recourse to them.
*Everyone* - not everyone with a few thousand extra dollars lying around.
@emilion @kasperd I think it's legit for legislators to include standards into regulation by reference. But then those standards become law, and must be freely available to all. If that means the government has to buy out the copyright, or provide some funding in lieu of the revenue the standards body is losing, so be it.
But a law that costs money to read is effectively a secret law to those whom democracy has the greatest duty to serve.
@pmevzek Anyone can publish the list of country codes. The number of people who need the actual written text of the standard is vanishingly small (and mostly confined to the Maintenance Agency responsible for assigning the codes). The ISO 3166 MA publishes a free newsletter with new assignments, withdrawals, changes to names, etc.
Similarly, anyone can publish the dimensions of A4 paper. Only stationery makers and printer company quality departments need the actual ISO 216 standard.
@pmevzek The list of country codes is not the standard. The standard is the *process of maintaining* the list of country codes (which also included the initial list, once upon a time). This is different from, e.g., ISO/IEC 9945 where the content of the standard specifies the syntax and semantics of the Bourne shell language.
I committed FreeBSD's copy of the country-code data (/usr/share/misc/iso3166) 29 years ago, and it was readily available from other sources then.
Soatok Dreamseeker
Matilda Love
Jim Easterbrook
Aires
ftg
Samantaz Fox
Möph
Marco van Burgsteden 🍋
César Pallares 
halcy 
schrotthaufen
InsertUser
publius
groff
Emilion
Secret Slutty S African
Raglan Niall 
Martin Boller 🇬🇱 🇺🇦 
Andrew
kasperd
dragonfrog
peterb
Otte Homan - remember Geordie
Jonas
Patrick Mevzek
Garrett Wollman
solo