None of which has anything to do with a guy who claims to be a non-profit, can't provide the paperwork, and then expects his financial institution to launder his money without raising an eyebrow. It's not Paypal's responsibility to get into a world of shit with the federal government instead of doing their due diligence, regardless of the customer's good intentions.
His incentive is based on faith that there is a Hell, and that people are sent there because of the stock they hold in "evil companies". It's also based on faith in absolute good and evil, and in faith in the existence of an immortal human soul. This kind of faith may have a rational component, but cannot be entirely rational. Thus, it's not a rational incentive. Also, since the goal of the incentive has nothing to do with material wealth or economic good in this life, but rather the state of a person's immortal soul in the next life (an afterlife? more faith!), it's not really an economic incentive either. His irrational moral incentives may guide his economic decisions, but his goal is not an economic goal, it's a spiritual goal.
Obviously, such things must be judged on a case by case basis. Sometimes media pressure brings about good results. Sometimes, it doesn't. Which is it in this case? How do we benefit from rushing ahead on the principle that "if it worked there, it might work here", as opposed to studying the case more carefully before buying into the media frenzy?
Hey, the original poster asked for rational economic incentives. You want to suggest rational social or moral incentives, I won't complain. I won't even disagree.
Personally, I subscribe to a belief system that asserts an absolute, objective, and personal[1] morality; and that asserts that its moral incentives are the best incentives of all. In the context of this thread, though, my incentives are based on faith, and are therefore not entirely rational, and they are moral incentives, not economic ones, and therefore don't really answer the parent's question, is there a rational economic incentive?
And actually, I will disagree with one thing: If you're talking about evolution, you're talking about profits to future generations from my choices. This requires faith on my part, that future generations will exist and will profit from my actions. This strikes me as a much less rational incentive than wealth that profits me personally in my own lifetime. I am willing to accept that it is an economic incentive, by whatever definition of "economic" you feel you must use in order to fit this peg into that hole.
==========
[1]"Personal" in the sense of being a person, having a personality; not in the sense of being private to me.
Apology for what? The guy claimed to be a non-profit, but couldn't provide any of the paperwork. It's not like Paypal is supposed to sit through a money-laundering investigation from the IRS, just because one of their customers has good intentions but piss-poor business processes.
The flip side of this coin is, part of the interview may have been finding out whether or not you do due diligence when receiving a new project.
The hiring manager may not be able to train his customer base to give a complete specification, but he can always try to hire people who make a habit of getting a complete specification before they begin working. You may have lost the job because you failed to ask what kind of code the manager wanted, not because you failed to read his mind or guess his intent.
Second, from an employer's perspective, it may in the narrow self-interest of the company for such a person to go be a drain on its competitors. Where's the rational economic incentive to discourage that?
How about "I don't wish my shareholders to go to hell for owning shares in an evil company". ?
That's not a rational economic incentive; it's an irrational moral incentive, reflecting a moral belief system that may not be as effective a universal motivator as profit, plus it might not even reflect reality in any meaningful way (in that there may not be a hell, and even if there is people may not go there on account of their stock holdings).
A rational economic incentive would be something that's likely to increase the poster's material wealth, and/or the material wealth of his shareholders. Can you think of anything like that in the current scenario?
Exactly. I agree with all of this. But none of this is actually relevant to my point. Much earlier in the thread, there is a claim that software users have a right to information collected by someone else about the software. I disagree with this claim, and see no such right. At best, users have a right to truth in advertising from the vendor. But if I study a piece of software that you're using, on my own, and discover security flaws in that software, you have no right to get that information from me, any more than you have the right to compel me to gather that information against my will in the first place.
1. Software buyers are entitled to truth in advertising from software vendors.
2. Software buyers are responsible for securing their own systems, regardless of whatever lies the software vendors may have told them.
3. In fact, in the current state of networked computing, it is unreasonable to assume that a given piece of software is secure, regardless of what the vendor claims. Therefore, it is inappropriate for software buyers to blame software vendors for insecurity in the user's computers. (I had expressed this habing of shifting blame to the vendor flippantly as "pretending the problem would be solved by the vendor simply writing perfect software"; I hope this new version of the point is more clear to you).
4. Software buyers have no "right" to the information about the software they're using, if that information has been collected by an independent third party.
5. Rather, if a software buyer wants information about their software beyond what the vendor provides, they have a responsibility to gather that information themselves, at their own expense, either in-house or by contract with some trusted third party.
6. And it is only by means of such a contract that a software buyer is entitled to third-party information about the software.
Conclusion: If I discover an exploit in a piece of software, nobody else in the world has any right to that information software, nor do they have any authority to compel me to disclose that information, unless they've contracted with me to acquire that information, on whatever terms I choose.
In short, I'm flatly contradicting the parent post, which claims that all parties have a right to security information about software discovered through the independent efforts of one party.
The point I was trying to get at is that software users do not have a right to the information discovered by other people, regarding the security of the software they're using. Rather, software users have a responsibility to gather their own information, either by investing in information-gathering activities in-house (my idea), or by formally contracting with a third party, and investing resources that way (your idea).
Either way, I think my basic point still stands: if you want information about the software you're using, you have a responsibility to gather that information yourself, at your own expense (either in-house or through a trusted third party). You are not entitled to anybody else's information about the software you're using.
It would've been a happy-go-lucky wild west free-for-all for a couple years, until somebody got the uppper hand and exploited the lack of regulation to form a cartel and destroy or absorb their competition.
Anyway, I think reasonable people can agree that some amount of regulation is part of a healthy economy, and that both over- and under-regulation bring additional problems that are best avoided if at all possible.
There's a difference between "regulation" and "over-regulation".
And without regulation, Napster would've replaced one cartel with another long ago. It's not like Napster was the magic bullet that solves human nature.
"To avoid networking except with known good components"
And how do they know that they are using good components of no one can tell them otherwise?
By accepting the responsibility to test the components themselves, or else admit that they can't reasonably expect the components to be secure.
" to develop their own software in-house so that they can better control the vulnerability testing and patching process"
Ahh, so anyone who uses a computer need to write their own OS and applications? Has to ahve complet understranding of software and hardware engineering?
Yes; or else admit that they can't reasonably expect the software to be secure.
" to conduct their own testing to their own standards on third-party software; "
And be a master of QA as well I guess.
Now you're getting it.
"and to not pretend that all their security problems are the responsibility of the third-party software vendor, "
sxcept that if a pice of software calls itself secure, then it should be secure. If it is not, it should not be labels as secure.
I agree with you here, but truth in advertising isn't what I'm talking about. I'm talking about the consumer's responsibility not to accept the advertiser's claims at face value while irresponsibly ignoring the known history of networked computing.
"... easily solved by the vendor simply writing perfect software." No one believes that, they just want to know when someone finds a problem with the tool.
Of course they want to know when someone finds a problem with the tool. What I'm saying is, they don't have a right to be told when someone else finds a problem. Instead, they have a responsibility to find the problems themselves (or contract with a third party, which would give them an entitlement to know what the third party found).
And of course they don't believe that the problem would be solved by the vendor simply writing perfect software. Rather, they pretend to believe this, in order to shift the blame for their own ignorance and complacency.
In order to make good decsions to be responsible, people need good information.
True. All I'm saying is, if you want a job done right...
You would try ti fix bad driving by making people have to built there own cars from scratch.
Actually, I would try to fix bad driving by teaching people about their responsibility to drive defensively. Which, coincidentally, happens to be the actual driver education policy in this country.
But computing is a unique enough thing that I would mostly avoid using analogies at all, in favor of simply discussing the nature of the thing itself.
people who are using the software have a right to know that it is vulnerable.
I think such a "right" (I would call it an "entitlement", actually) really only makes sense if there's a reasonable expectation that general purpose computing in a networked context is safe and secure to begin with.
Given the true nature of computer networking today, far from having "rights", I'd say that software consumers have responsibilities: To avoid networking except with known good components; to develop their own software in-house so that they can better control the vulnerability testing and patching process, to conduct their own testing to their own standards on third-party software; and to not pretend that all their security problems are the responsibility of the third-party software vendor, easily solved by the vendor simply writing perfect software.
I surely hope that this review will help you figure out whether or not this book suits your purposes.
You'd probably be better off asking your management team to look into what the Wikipedia people have to say about their project directly. Cut out the middleman, so to speak, and get the actual experiences and lessons learned straight from the principals.
Re:Blurb Translation:
on
Wikinomics
·
· Score: 2, Funny
Given your low user number, I'd suspect I'm simply a dim echo of your greatness. I shall now go and grok the fullness of your like-minded sentiments.
Blurb Translation:
on
Wikinomics
·
· Score: 4, Funny
"If you're SLANG by the BUZZWORD BUZZWORD FAD, FAD, BUZZWORD and other BUZZWORD SLANG, you'll be pleased to know that the new book FADBUZZWORD is a great gift for that TOOL, DUPE, or IGNORAUMUS who doesn't quite TIRED CLICHE it yet. The only SLANG hidden in this statement is that much of what is wonderful in this book is wonderful because it's a book printed on pulp and written by two and only two authors. That is, the book is good because it's not a FAD."
I think it's accurate enough for the purpose of a headline.
Also, your use of English, while good overall, contains several clues that you may not understand as much about how words are used in English as you think.
Slashdot Mirror
None of which has anything to do with a guy who claims to be a non-profit, can't provide the paperwork, and then expects his financial institution to launder his money without raising an eyebrow. It's not Paypal's responsibility to get into a world of shit with the federal government instead of doing their due diligence, regardless of the customer's good intentions.
His incentive is based on faith that there is a Hell, and that people are sent there because of the stock they hold in "evil companies". It's also based on faith in absolute good and evil, and in faith in the existence of an immortal human soul. This kind of faith may have a rational component, but cannot be entirely rational. Thus, it's not a rational incentive. Also, since the goal of the incentive has nothing to do with material wealth or economic good in this life, but rather the state of a person's immortal soul in the next life (an afterlife? more faith!), it's not really an economic incentive either. His irrational moral incentives may guide his economic decisions, but his goal is not an economic goal, it's a spiritual goal.
Obviously, such things must be judged on a case by case basis. Sometimes media pressure brings about good results. Sometimes, it doesn't. Which is it in this case? How do we benefit from rushing ahead on the principle that "if it worked there, it might work here", as opposed to studying the case more carefully before buying into the media frenzy?
Hey, the original poster asked for rational economic incentives. You want to suggest rational social or moral incentives, I won't complain. I won't even disagree.
Personally, I subscribe to a belief system that asserts an absolute, objective, and personal[1] morality; and that asserts that its moral incentives are the best incentives of all. In the context of this thread, though, my incentives are based on faith, and are therefore not entirely rational, and they are moral incentives, not economic ones, and therefore don't really answer the parent's question, is there a rational economic incentive?
And actually, I will disagree with one thing: If you're talking about evolution, you're talking about profits to future generations from my choices. This requires faith on my part, that future generations will exist and will profit from my actions. This strikes me as a much less rational incentive than wealth that profits me personally in my own lifetime. I am willing to accept that it is an economic incentive, by whatever definition of "economic" you feel you must use in order to fit this peg into that hole.
==========
[1]"Personal" in the sense of being a person, having a personality; not in the sense of being private to me.
See, that's a rational incentive, but a social one, not an economic one. Still, it seems like a good incentive to me.
Apology for what? The guy claimed to be a non-profit, but couldn't provide any of the paperwork. It's not like Paypal is supposed to sit through a money-laundering investigation from the IRS, just because one of their customers has good intentions but piss-poor business processes.
The flip side of this coin is, part of the interview may have been finding out whether or not you do due diligence when receiving a new project.
The hiring manager may not be able to train his customer base to give a complete specification, but he can always try to hire people who make a habit of getting a complete specification before they begin working. You may have lost the job because you failed to ask what kind of code the manager wanted, not because you failed to read his mind or guess his intent.
That's not a rational economic incentive; it's an irrational moral incentive, reflecting a moral belief system that may not be as effective a universal motivator as profit, plus it might not even reflect reality in any meaningful way (in that there may not be a hell, and even if there is people may not go there on account of their stock holdings).
A rational economic incentive would be something that's likely to increase the poster's material wealth, and/or the material wealth of his shareholders. Can you think of anything like that in the current scenario?
On the other hand, there's nothing like a media frenzy to prompt a company to appease the masses rather than taking the time do get it right.
Exactly. I agree with all of this. But none of this is actually relevant to my point. Much earlier in the thread, there is a claim that software users have a right to information collected by someone else about the software. I disagree with this claim, and see no such right. At best, users have a right to truth in advertising from the vendor. But if I study a piece of software that you're using, on my own, and discover security flaws in that software, you have no right to get that information from me, any more than you have the right to compel me to gather that information against my will in the first place.
Let me sum up my argument:
1. Software buyers are entitled to truth in advertising from software vendors.
2. Software buyers are responsible for securing their own systems, regardless of whatever lies the software vendors may have told them.
3. In fact, in the current state of networked computing, it is unreasonable to assume that a given piece of software is secure, regardless of what the vendor claims. Therefore, it is inappropriate for software buyers to blame software vendors for insecurity in the user's computers. (I had expressed this habing of shifting blame to the vendor flippantly as "pretending the problem would be solved by the vendor simply writing perfect software"; I hope this new version of the point is more clear to you).
4. Software buyers have no "right" to the information about the software they're using, if that information has been collected by an independent third party.
5. Rather, if a software buyer wants information about their software beyond what the vendor provides, they have a responsibility to gather that information themselves, at their own expense, either in-house or by contract with some trusted third party.
6. And it is only by means of such a contract that a software buyer is entitled to third-party information about the software.
Conclusion: If I discover an exploit in a piece of software, nobody else in the world has any right to that information software, nor do they have any authority to compel me to disclose that information, unless they've contracted with me to acquire that information, on whatever terms I choose.
In short, I'm flatly contradicting the parent post, which claims that all parties have a right to security information about software discovered through the independent efforts of one party.
What you say makes sense to me.
The point I was trying to get at is that software users do not have a right to the information discovered by other people, regarding the security of the software they're using. Rather, software users have a responsibility to gather their own information, either by investing in information-gathering activities in-house (my idea), or by formally contracting with a third party, and investing resources that way (your idea).
Either way, I think my basic point still stands: if you want information about the software you're using, you have a responsibility to gather that information yourself, at your own expense (either in-house or through a trusted third party). You are not entitled to anybody else's information about the software you're using.
It would've been a happy-go-lucky wild west free-for-all for a couple years, until somebody got the uppper hand and exploited the lack of regulation to form a cartel and destroy or absorb their competition.
Anyway, I think reasonable people can agree that some amount of regulation is part of a healthy economy, and that both over- and under-regulation bring additional problems that are best avoided if at all possible.
There's a difference between "regulation" and "over-regulation".
And without regulation, Napster would've replaced one cartel with another long ago. It's not like Napster was the magic bullet that solves human nature.
By accepting the responsibility to test the components themselves, or else admit that they can't reasonably expect the components to be secure.
Yes; or else admit that they can't reasonably expect the software to be secure.
Now you're getting it.
I agree with you here, but truth in advertising isn't what I'm talking about. I'm talking about the consumer's responsibility not to accept the advertiser's claims at face value while irresponsibly ignoring the known history of networked computing.
Of course they want to know when someone finds a problem with the tool. What I'm saying is, they don't have a right to be told when someone else finds a problem. Instead, they have a responsibility to find the problems themselves (or contract with a third party, which would give them an entitlement to know what the third party found).
And of course they don't believe that the problem would be solved by the vendor simply writing perfect software. Rather, they pretend to believe this, in order to shift the blame for their own ignorance and complacency.
True. All I'm saying is, if you want a job done right...
Actually, I would try to fix bad driving by teaching people about their responsibility to drive defensively. Which, coincidentally, happens to be the actual driver education policy in this country.
But computing is a unique enough thing that I would mostly avoid using analogies at all, in favor of simply discussing the nature of the thing itself.
The simple, serious, answer to all your questions is "Seoul".
Until you understand this, you have no business saying anything at all about any policy towards North Korea.
I think such a "right" (I would call it an "entitlement", actually) really only makes sense if there's a reasonable expectation that general purpose computing in a networked context is safe and secure to begin with.
Given the true nature of computer networking today, far from having "rights", I'd say that software consumers have responsibilities: To avoid networking except with known good components; to develop their own software in-house so that they can better control the vulnerability testing and patching process, to conduct their own testing to their own standards on third-party software; and to not pretend that all their security problems are the responsibility of the third-party software vendor, easily solved by the vendor simply writing perfect software.
I'm pretty sure there's a large-scale experiment underway right now... in orbit around Saturn.
I surely hope that this review will help you figure out whether or not this book suits your purposes.
You'd probably be better off asking your management team to look into what the Wikipedia people have to say about their project directly. Cut out the middleman, so to speak, and get the actual experiences and lessons learned straight from the principals.
Given your low user number, I'd suspect I'm simply a dim echo of your greatness. I shall now go and grok the fullness of your like-minded sentiments.
"If you're SLANG by the BUZZWORD BUZZWORD FAD, FAD, BUZZWORD and other BUZZWORD SLANG, you'll be pleased to know that the new book FADBUZZWORD is a great gift for that TOOL, DUPE, or IGNORAUMUS who doesn't quite TIRED CLICHE it yet. The only SLANG hidden in this statement is that much of what is wonderful in this book is wonderful because it's a book printed on pulp and written by two and only two authors. That is, the book is good because it's not a FAD."
I think it's accurate enough for the purpose of a headline.
Also, your use of English, while good overall, contains several clues that you may not understand as much about how words are used in English as you think.
And most of the POWs in the Pacific Theater during WWII weren't cannibalized by their Japanese POW camp commanders.
What's your point?
Public Relations, actually. Marketing is the people who constantly mistake me for a target demographic that cares.
Study says most bosses honest.