This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
This is how we get hundred billion dollar black holes, massive financial crises, wars that go nowhere based on pure fantasy and defiance of reality, 20 years of barking up the wrong tree on Alzheimers research due to fraud...
I believe in regular punishment for regular incompetence but this was above and beyond anything normal. Just doing as you're told isn't good enough for critical infrastructure like this. Any normal person tests updates before releasing them. And in the case of egregious failures where the whole organization has gone badly off the rails, why should anyone trust that they'd do a proper post-mortem? Any investigation should be run by outsiders, that's the most basic step.
Furthermore, punishment enhances public trust that everyone is in it together. The leadership class enjoys prestige and great wealth, they should also accept great penalties if they make massive negligent errors.
Where did you read that take? It's not clear to me whether you mean Marc Tessier-Lavigne or Sylvain Lesne, but in both cases it's a huge overstatement. Both were peripheral to the main story of beta-amyloid plaques which originated before either author, had strong evidence in favor of it, and (I would argue) have strong evidence in favor of the plaque hypothesis being false at this point. But the enormous research and clinical efforts on beta-amyloid plaques would have happened even in the absence of either fraud.
I'll note that of the people in the field I've spoken with, most still believe in the plaque hypothesis and think we just aren't treating patients early enough or some other excuse.
More options
Context Copy link
No, we get that by rewarding incompetence (there's that sign tap again...). We don't need to overcorrect to fix that, we just need to actually punish those people instead of promoting them or whatever.
This isn't critical infrastructure, come on. It's freaking antivirus. It's not the only one, nor is it ubiquitous. It's just another software product.
I'm willing to bet you that the technical people did want to test updates. Maybe their direct managers did too, although that I'm less certain about. But at the end of the day, when your boss says "do this or else", very few people are willing to take the "or else" option. That's not unreasonable of them.
Because they did.
We're gonna have to agree to disagree on this one. I don't think it helps.
@RandomRanger's point is that if you are rewarded for recklessness (or punished for prudence) a lot of the time and only punished for recklessness when something goes wrong, the punishment when something goes wrong needs to be large to outweigh the benefit and thus provide a net disincentive.
I hear that it's basically required in a bunch of fields for regulatory compliance purposes; is that not so? Also, uh, I can't get any hard numbers but I'm guessing a bunch of people died due to hospitals getting hit. When you're playing the government-contracts game, there are responsibilities attached to that.
Usually when "do this" has massive negative externalities, you want a) to have the boss get in trouble for saying that, b) to have the civil/criminal penalty for "do this" be larger than the corporate penalty for "or else". Basic game theory; you want "do this" to never be picked, so you need to make sure those picking never have an incentive to pick it regardless of what other shenanigans are going on.
Losing your job is already a pretty big disincentive (assuming no golden parachute shenanigans). I don't think it needs to be bigger than that necessarily. On top of that, there's every reason to believe that the company is going to struggle financially as customers bail - this is further disincentive at the company level, and will affect the decision making at the individual level.
Crowdstrike is not required, security measures are required. It's up to the regulated organization to choose how to implement that requirement. I don't think that they become critical infrastructure just because critical infrastructure orgs choose to make use of them.
More options
Context Copy link
Government happens on such a large scale that anything nontrivial which is less than perfect will lead to people dying. Never mind hospitals, you can calculate statistical loss of lives just based on the economic impact. And then you can follow up by calculating statistical loss of lives based on something that has only economic impact. If we don't allow for mistakes resulting in deaths, we can't have government at all.
Our personal intuitions don't scale up here. You on your own can only cause deaths by being malicious or by being so careless that you could reasonably be expected to not be so. But if something is large scale enough, even ordinary human imperfection is enough to cause deaths. A standard which says that you should never cause deaths there is unworkable; causing deaths is inevitable.
This doesn't work when the chance of the negative externality happening is small. Past a certain point, increasing the punishment won't cause any more deterrence.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link