|
|
|
|
|
|
by yxwvut
791 days ago
|
|
|
I'd go further to say that rules without any verification aren't really rules. You don't make a rule without the suspicion that it'd be more efficient to break them, and if you're not verifying their adherence to those rules, your rule is meaningless. This is the iterated game that morally bankrupt manufacturers (IE the vast majority) play to insulate themselves in these sort of scandals:
- First, they get caught doing A,B,C, so they pass rules about A,B,C
- Then they outsource to someone who is willing to do A,B,C, then they get caught outsourcing to violators
- Then, they impose rules about A,B,C on these firms, but do no verification of the firms adherence to those rules.
It insulates them of liability without ever increasing costs (because the firms still get to break the rules and the company gets to say "I'm Shocked! I told you not to do that!") |
|
|
The verification process is exceptionally difficult. We're on HN and I think it should be rather common knowledge that attackers almost always beat defenders because the game is asymmetric. Attackers only need to find a single flaw while defenders need to find a large number of defenses. There is a huge difference in the resource expenditures between these two groups. This is related to the reasons why one single person can fuck shit up (e.g. a bad driver can impact tens of thousands of other drivers) but it is difficult for a single person to fix things. It is the nature of unstable equilibria.
A society, of any form, depends on trust. Like it or not, there are no trustless systems available to us. Certainly not at any meaningful scale.
This does not mean one should be negligent, but rather I'm saying that it isn't easy and the best intentioned can still be taken advantage of. We should recognize this and accommodate this fact when approaching solutions or we will end up with many undesired results.