I believe he was trying to say that this was documentation, and not an experiment. Put simply, your comparison seems inapt.
mitigate
Agreed, but thatâs why you donât trust it in the first place before you know there needs to be a certain mitigation for a bug that hasnât been discovered (by you) yet.
donât go to websites you donât trust with your phone (which is actually always good advice.)
Or a tablet with any toy OS like Android, iOS or Windows in general on it.
I think Iâm going back to a dumb phone.
I never left. An Android tablet tracking my every move is enough for me. 
The alternative is trusting whatever mega corporation who is trying to sell you units to do right⊠in secret.
I hear ya, Iâm more likely to trust an open source project than closed source from megacorps. But, open source needs to be vetted out very carefully along with adding some of oneâs own custom security sauce on top of or integrated within it.
What we really need is computers that we can program in âPlain Englishâ. No more of these secret âcodesâ!!
2 Likes
Applescript!!!
1 Like
I would agree that comparing tech and public health is inapt in general: if tech-related experiments are the appropriate basis of comparison for peer-reviewed health science, please tell me what a tech âexperimentâ might be. And on the other hand, are you suggesting that only these sorts of experiments are subjected to peer review and published in peer-reviewed journals, and that empirical documentation, reports, and analysis are not subject to peer review?
No, you can go down your rabbit hole alone today.
1 Like
OuchâŠ
if tech-related experiments are the appropriate basis of comparison for peer-reviewed health science, please tell me what a tech âexperimentâ might be.
Beta testing would be a âpeer reviewâ experiment to see what happens when code runs on varied configurations (a public sample).
Think of the code as a medicine and the various computers owned by the beta testers as the humans subjected to said medicine (executable code). People have different physiological setups very similar to different computer setups. Thatâs how bugs (complications and adverse reactions) are found.
Also, computer viruses often spread very similarly to the way human versions do. A computer with a weakened âimmune systemâ (lacking proper security protection, etc.) is more susceptible and can spread the virus to other computers with a weakened âimmune systemâ. You can inoculate⊠wait, Iâll just stop here. The fact that so many terms are used to describe both health issues and computer issues alone should show you that the comparisons are fairly valid.
For one thing, what youâre describing isnât peer review but pharma testing. Peer review is about having other professionals analyse oneâs results, findings, and analysis for errors and robustness. Now, beta testing could be the experiment to which peer-reviewed papers and publications (or code) are published, but the question of how to interpret the beta testing remains. In pharma testing the null hypothesis is pretty simple, and either the drug conforms to the null hypothesis of ineffectiveness or it has a statistically significant effect and you reject the null hypothesis (and instead conclude the drug is efficacious). The very formulation of a null hypothesis in a tech context is difficult to conceptualize, let alone how you would analyse it.
For another, beta testing already happens. It may not happen as much as you would like, but thatâs because it takes significant time and money to extensively beta test, which are two things often in short supply in the tech world.
Again, this only analogizes to pharma testing, which is only a very small portion of what peer review applies to.
Or maybe it just shows the limitations of human language and our tendency to analogize to the already known instead of creating neologisms. I mean, we still use âmiceâ and âdialâ our iPhones, and even in the case of this backdoor talk about a âmodemâ even though itâs unlikely analog signals are involved/(de)modulated at all, while computer âbugsâ are so called not because they resemble some biological pathogen but because a moth once fouled up an early computer. And donât even get me started on Trojan Horses.
But just say we do treat both kinds of viruses as equivalents, as you suggest. Are you suggesting that all computer anti-virus initiatives should be beta tested with the results subjected to peer review before being implemented, which is what would essentially happen in the public-health context?
For one thing, what youâre describing isnât peer review but pharma testing.
IMO, I think youâre the only one here looking for literal parity in word definitions. The rest of us are looking more at analogies that are going to exhibit some shades of grey. And, thatâs pretty much how most analogies work in the first place⊠and an analogy is the topic at hand you brought up.
And donât even get me started on Trojan Horses.
One word. Condoms.
In pharma testing the null hypothesis is pretty simple, and either the drug conforms to the null hypothesis of ineffectiveness or it has a statistically significant effect and you reject the null hypothesis
Which is, once again, incredibly similar to alpha and beta testing executable code. If the code crashes computers, itâs going to need to be revamped or scrapped entirely if the code works flawlessly on the computers, but people donât feel that itâs practical for some reason or another. The developers will need to evolve the code or, once again, scrap it.
Drugs during pharma testing arenât always an all-or-nothing approach, either:
-
Alpha test drugs on mice.
-
Kill the mice.
-
Adjust drug.
-
Mice end up with 4 hour erections.
-
Adjust drug.
-
Beta test on humans.
-
Cue swanky blues music.
-
Profit.
it takes significant time and money to extensively beta test, which are two things often in short supply in the tech world.
Sounds a lot like big Pharma, except where you say money is in short supply for the tech world. I mean, youâve got to be kidding about tech companies having a short supply of money⊠right?
But just say we do treat both kinds of viruses as equivalents, as you suggest.
I havenât suggested that. Iâm not sure anyone here has, either. See my points on âanalogiesâ above.
Or maybe it just shows the limitations of human language and our tendency to analogize to the already known instead of creating neologisms.
Naybe. 
Sure, and all this already happens. But if this was enough, Cory wouldnât feel the need to say we need to treat tech like public health.
You think Microsoft, Apple, and Google are good representatives of your typical tech companies? How much innovation comes from them as opposed from startups (and the startups the juggernauts buy)? Do you think they would have so much cash on hand and be as innovative as they are/have been if they had to do all this additional screening/testing/peer reviewing? I mean, Appleâs always fixing security holes, which under the tech-as-science model would probably mean they are publicly releasing things way too soon. So maybe we should be on iOS 3 right now, and not iOS 7? Maybe our MacBooks shouldnât even have had webcams until this year, since the remote-activation-without-warning-light problem was just discovered this year?
You think Microsoft, Apple, and Google are good representatives of your typical tech companies?
No, but weâre comparing to big pharma. Or, at least we were until we start shifting those goal posts.
1 Like
Pharma with the ability to release FDA-approved drugs is going to be big pharma. In contrast, just about any tech company can release products with security implications. This was my whole point: the process of scientifically testing publicly-released medical products is so costly and time-consuming that only the rich can afford it. If you think this is the correct approach, then only big tech companies will be able to participate, and even they will be significantly slowed by the process.
Agreed.
Cory wouldnât feel the need to say we need to treat tech like public health.
Well, Cory is one of those silly people that factors humanity into equations.
If you think this is the correct approach, then only big tech companies will be able to participate, and even they will be significantly slowed by the process.
Smaller sized companies are tasked with a public trust already and they managed to thrive. Small business creates the most jobs, many more than large corporations do in the USA.
Sure, baking cakes that are safe to eat is slower because the small bakery has to spend time keeping the facilities clean, but thatâs an acceptable cost of business in the name of being a decent public citizen.
Small and large companies can focus more on security and thrive. Not everything in this world is simply about maximum efficiency without factoring the good of humanity into the equation.
Thatâs your analogy? How the heck does this come close to a science-based approach and things like peer review? What is the analogous (but unimplemented) tech practice to washing your hands and keeping outside contaminants at bay? Would the relative costs of implementing these analogous tech practices be as paltry as they are for bakers?
The good of humanity is part of an efficiency calculation.
How many small companies are focused on science and proceed according to the scientific process with peer review?
Thatâs your analogy?
Yes, an apt analogy that addressed your flawed point that small tech companies (small bakeries) arenât capable of implementing security (food safety, etc.) into their products (that benefits society) because they donât have vast money reserves like large tech companies (such as Hostess in the bakery analogy) do.
YOU: If you think this is the correct approach, then only big tech companies will be able to participate, and even they will be significantly slowed by the process.
COW: Sure, baking cakes that are safe to eat is slower because the small bakery has to spend time keeping the facilities clean, but thatâs an acceptable cost of business in the name of being a decent public citizen.
YOU: How the heck does this come close to a science-based approach and things like peer review?
You keep moving the goal posts and then complain when I address each of your infinite regressions while misrepresenting my past points. Youâre putting this conversation into a looped rut. Please digress from digressing if you canât keep track of your own digressions.
As I said above, I was addressing your incorrect supposition (with an analogy) that only big tech companies can afford the time and expense of implementing security that can help stem the pandemic security issues the public is dealing with today.
The good of humanity is part of an efficiency calculation.
Which efficiency calculation? Thatâs a very vague assertion posing as something specific.
Smaller sized companies are tasked with a public trust already and they managed to thrive.
How many small companies are focused on science and proceed according to the scientific process with peer review?
Once again, I really donât think you get this analogies thing, but Iâll try one more timeâŠ
I used a small bakery as an analogy. They donât literally focus on science and submit bakery papers for peer review before they start baking. But, they do things that are similar. A recipe is similar to the documentation of a scientific experiment. The reaction they get from customers to their products is similar to a peer review. And, once again, keeping a sanitary shop and using best practices is similar to implementing security into code.
Life is like a box of chocolates.
No. My context has always been the context Cory provided in another post: tech security as science-based public health. If you think that the examples of public health Cory had in mind were Hostess and bakeries, I donât think you are following his analogies.[quote=âCowicide, post:39, topic:25559â]
You keep moving the goal posts and then complain when I address each of your infinite regressions while misrepresenting my past points.
[/quote]
Again, Iâm not moving the goal posts. My discussion has always been about how technology is not comparable to science-based public health, mainly because peer review and the scientific method is expensive. I said this way before you weighed in, so donât blame me if youâre too lazy and/or intellectually dishonest to actually track what has been said.
Sure. Itâs about as vague as you saying that â[n]ot everything in this world is simply about maximum efficiency without factoring the good of humanity into the equation.â
A specific example would be how Ford factored the cost of human deaths into its calculations on whether it should relocate the fuel tanks of the Pinto.
I see. So when Cory was talking about how tech should take the science-based approach of public health, he wasnât actually talking about how the health sector does actual science and real peer review, but about selling buns to customers. And the reaction from the marketplace is more or less what he meant from peer review⊠and this is an important distinction from how the tech market works, because no teach products are put on the marketplace, and tech companies certainly donât get feedback from customers. And while a recipe may be similar to the documentation of an experiment, lines of code are very different from Twinkie recipes and thus totally dissimilar to the scientific method. Gee, these analogies are great!
But all that aside, what he really meant was that programmers should do the digital equivalent of washing their hands before coding, which is obviously a useful metaphor since best practices for secure programming are just as obvious, easy, cheap, and agreed-upon as hand-washing.
No. My context has always been the context Cory provided in another post
Youâre confusing contexts and points like you confuse analogies with literal parity in word definitions.
If you think that the examples of public health Cory had in mind were Hostess and bakeries, I donât think you are following his analogies.
Once again, I was making a new analogy to address your point. Itâs laughable (and terribly ironic) that youâre now projecting that I canât follow analogies.
Again, Iâm not moving the goal posts.
Again, you did and I even quoted where you did. More on this belowâŠ
youâre too lazy and/or intellectually dishonest
Please stop projecting. Not admitting that youâve moved the goal posts is intellectually dishonest as is the goal post moving in the first place.
For example, we were comparing tech to âbig Pharmaâ businesses (you even quoted those exact words in your reply) and I replied with this chart of big Tech to show that you were wrong:
You then proceeded to blatantly shift the goal posts to small business after I proved you wrong on funding. You were also intellectually dishonest when you misrepresented my position by stating that I suggested that computer viruses and human viruses are equivalent.
Being similar enough for an analogy and being equivalent (a.k.a equal) are two different things. But, now I think weâre getting to the crux of your inability to properly absorb analogies in the first place.
I said this way before you weighed in
Right, itâs where you didnât understand the spirit of an analogy and took a self-admittedly extreme example of getting FDA approval for a drug (10 years and a billion dollars) to the âhurdlesâ of making code more secure for the public. Using extreme examples isnât compatible with analogies, it simply distracts from the big picture approach that analogies are used for in the first place.
No one is suggesting that code should require a decadeâs worth of testing and a billion dollars in funding to add security to it. Thatâs using a ridiculous extreme to form a false argument.
http://www.don-lindsay-archive.org/skeptic/arguments.html#straw
http://www.don-lindsay-archive.org/skeptic/arguments.html#middle
http://www.agileproductdesign.com/blog/dont_know_what_i_want.html
Sure. Itâs about as vague as you saying that â[n]ot everything in this world is simply about maximum efficiency without factoring the good of humanity into the equation.â
Touché.
COW: Small and large companies can focus more on security and thrive. Not everything in this world is simply about maximum efficiency without factoring the good of humanity into the equation.
YOU: The good of humanity is part of an efficiency calculation.
COW: Which efficiency calculation? Thatâs a very vague assertion posing as something specific.
YOU: A specific example would be how Ford factored the cost of human deaths into its calculations on whether it should relocate the fuel tanks of the Pinto.
I think we both went into a tangent here, so Iâll try to bring it back a little. None of your points take away from the fact that both small and large companies can focus more on security and still thrive.
I would refer back to my analogy, but I honestly donât think youâre wired to understand them very well. Which is fine, we all have our strengths and weaknesses and I can see that you have many intelligent strengths (and, I do mean that as a sincere compliment), but understanding how analogies work and applying them to a bigger picture with proper perspective isnât one of them for you.
I see. So when Cory was talking about how tech should take the science-based approach of public health, he wasnât actually talking about how the health sector does actual science and real peer review, but about selling buns to customers. ⊠secure programming are just as obvious, easy, cheap, and agreed-upon as hand-washing.
Sigh⊠case and point. See my response above and below on how analogies work.
and this is an important distinction from how the tech market works, because no teach [sic] products are put on the marketplace, and tech companies certainly donât get feedback from customers.
Um, what? Youâre losing me here.
lines of code are very different from Twinkie recipes
Youâre changing the goal posts again. I didnât say a recipe is like lines of code, I said it was similar to the documentation of a scientific experiment (Iâd quote that entire part of our conversation above, but Iâm getting sick of doing that every time you move the goal posts).
I referred to a scientific experiment because you said, âHow many small companies are focused on science and proceed according to the scientific process with peer review?â
But, for one last time, Iâll follow you down your goal-post-moving rabbit holeâŠ
With proper analogies, they also have similarities. For example, a business like Hostess may keep some of their ingredients in their recipe a secret in the name (or guise) of protecting their intellectual properly. The disadvantage is people outside of the corporation may not be properly informed of the health effects (security issues) of said recipe. This would be similar to some of the disadvantages to closed source code like Adobe Flash, etc.
You also have similar issues in those situations where many people (in the beginning) didnât realize how unhealthy Hostess products were until they started getting disease (obesity, lowered immune system, etc.). Thatâs similar to how many people didnât realize in the beginning how unsafe Adobe Flash was until they started getting their computerâs compromised (sick). Thatâs why many people shun both Hostess products and Adobe Flash, because they are considered âtoxicâ. The informed who care about security will only use Flash in moderation (with browser extensions like âClickToFlashâ) similar to how informed people will only eat Twinkies in moderation.
You also didnât get the part of the analogy where I was comparing it to the bigger picture (as, once again, people do with analogies). I said a recipe is similar to the documentation of a scientific experiment. And, please, donât once again misrepresent that Iâm stating they are equivalents. If you canât acknowledge the similarities between a food recipe and documentation for an experiment, then weâre just simply at an impasse.
Which, once again, is fine. You have your absolutist way of interpreting analogies and most of the rest of society has ours. I want to be clear, Iâm not saying youâre unintelligent, because you most certainly are, but we all have our strengths weaknesses. I know my weaknesses outweigh many of my positives, but I ramble on nonetheless where I shouldnât.
Now, if you have any more analogy interpretations you want to debate, Iâll refer you to here.
