| Random Page
Much discussion about the qualities of people tends to slide around the ViceAndVirtue
axis. Vices are the negative, the bad things that people do: serious moral failings. Virtues are the other positive side, the good side, moral excellence and righteousness.
A lot of people (especially CypherPunks), perhaps a little paranoid, worry too much about the vices. The type of person who jumps immediately to the most hard, petrified even, of HardSecurity whenever faced with a problem. The type of person who looks towards punishment and policing as the only recourse. Other people, though fewer it seems, laud the virtues of folks. They are willing, at even potential risk to themselves (or perhaps in spite of risk), to trust others. They AssumeGoodFaith naturally, and not just to limit their liability.
Perhaps this is another HighRoadLowRoad distinction? But what is the high road and what is the low road? Surely we should trust others, but lock your car doors, as is famously stated. Ultimately, we know people are neither entirely virtuous nor vicious. Also, there are BalancingForces at play here. One does not want to limit flexibility yet one does want to limit liability. Security costs freedom. Freedom costs risk. When making decisions based on ViceAndVirtue, choose how much you are willing to give up to control the other.
Perhaps the idea that characteristics can be neatly divided into either vice or virtue is a FalseDichotomy.
See also Dictionary:vice and Dictionary:virtue.
With this, I was hoping to basically explain the basic tension that is at play when we describe things like HardSecurity vs. SoftSecurity, etc. Is this good? -- SunirShah
- The problem with this approach seems to be universal relativism: Do you really want to say, some people see it this way and some people see it another way, reality is somewhere in between? Since these statements have no real "effect" I am tempted to call them "trivial" -- it doesn't matter whether the above is true or false. In such cases, it always better to name the categories and discuss individual issues, as so happens in HardSecurity vs. SoftSecurity.
- It is better to discuss the individual issues because from that, understanding on a higher level results: What regulates people? What rules do we want to enact in community X in order to regulate behaviour Y? The belief of people in ViceAndVirtue is nice to have, but it has no explanatory power. -- AlexSchroeder
It's too big a move to reduce this to trivial. While any particular philosopher may lean towards assuming vice or virtue generally (and virtue is the correct choice statistically; cf. PrincipleOfFirstTrust), when making decisions on security measures, the community leaders can do so based on whether they personally assume people are more likely to be good or bad. Moreover, this decision doesn't have to be over the general case, but only in the specific case of the behaviour they wish the regulate. For instance, I would not rely on social forces (for the most part) to protect the till of my cash register while I'm absent from the counter. -- SunirShah
- I don't think the attempt works. Good SoftSecurity does acknowledge vices. For example, Hard Security means preventing users from trashing the database. Soft security means providing a mechanism to recover from occasional trashed databases. If we thought all users were virtuous, we wouldn't need backups the same way.
- The key insight of soft security is often quantitative. If attacks are rare, if we only have to restore backups once a year, it works. If attacks are so common we have to restore backups once a day, the soft approach doesn't work. -- DaveHarris