In large part because non-manifested risks, or not fully manifested risks tend to be dismissed or belittled, most especially when that denial is presently remunerative. Vaccination and non-pharmaceutical interventions against global pandemics, an economy based on massive surveillance by states / enterprises / other actors, global warming, CFCs and ozone depletion, use of lead (in fuels, paint, glazes, toys, and other materials), asbestos, tobacco, car and highway safety, racism and ethnic favouritism, industrial safety, mercury use, plastics, unoderised natural gas, mine safety, electrical codes, fire codes in buildings, ...
In the infosec / cybersecurity world we've at least the advantage of being able to provide proofs of concept which move a given risk from the theoretical to the manifest. Even then, effective reduction or mitigation takes far too long.
If there's a correction, I'd suggest that the onus be placed not on the advocates but the deniers. A marked penalty for advocating a position which turns out to be untrue with credible basis for knowing that it is untrue is one possibility that's occurred to me. How that would play out I'm unsure, but I'd be willing to explore the question.
Sorry, your entire argument hinges on your own opinion . "history suggests" and "tends to be" is your own subjective criterion and not something that I am interested in arguing over.
I'm proposing ethical ways, wishing harm on others is unethical. You're free to make your own choice.
You're arguing against the messenger and their delivery. Not the facts themselves. Based on an appeal to emotions.
I've already stated my case as clearly as I can, and why my preferred choice would be. Your response indicates that's insufficient to convey my intended meaning to you. Which is an interesting case of communications failure itself, come to think of it.
Again, PoC is the widely-accepted alternative to general catastrophe. Even that is very often insufficient. In a "less harm* calculus, an exploit in the wild which demonstrates risk whilst minimising consequence (not a PoC, but an actual exploit) if that results in action to address the risk would actually be preferable to the ineffective pleading alternative which results in greater harms.
Reality is the domain of pragmatic choices and hard trade-offs.
The notion of regulations being written in blood is well-established. I'd strongly recommend the work of Charles Perrow, Normal Accidents and The Next Catastrophe in particular.
I understand your point very well. The harm is real. I've seen first-hand old people being scammed out of their savings because someone hacked into their PC and tricked them. But its a 'net benefit to society', its 'for the greater good', are just terms used to distance oneself from the underlying moral question. So lets make it more unpleasant and graphic. Keeping the same phrasing, let me re-write the original comment that I replied to.
"Can't wait till 20 women get raped on the streets, which will finally force the city to police the streets more."
I defer to your best judgement to see if this is something you can get behind. I don't see any way around the ethical issues. Physical/emotional harm and trauma is on equal footing to economic harm and trauma. In any case, I think this thread of conversation has run its course so I will just let you have the last word.
Again, I'm saying "this is how it has functioned" (with numerous citations). NOT "this is what I want".
For some reason, despite my repeatedly telling you that your interepretation is incorrect, you persist in the false interpretation.
Perhaps I need to find more effective nonverbal means of persuasion....
Though for now I'll point you to HN guidelines:
Be kind. Don't be snarky. Have curious conversation; don't cross-examine. Please don't fulminate. Please don't sneer, including at the rest of the community.
Comments should get more thoughtful and substantive, not less, as a topic gets more divisive.
When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.
Eschew flamebait. Avoid unrelated controversies and generic tangents.
Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something.
Please don't use Hacker News for political or ideological battle. It tramples curiosity.
Seems you're transgressing all of these, if not also others.
The goal I seek is a world of far more responsible addressing of risks. The most downtrodden don't even make good victims, in the sense of society, governments, and regulators addressing their conscerns. If there is to be hurt felt, it should be far nearer centres of power and wealth, not further.
Where, if ever, have you seen the approach you advocate work? Even in, say, the case of reforms in child labour, workplace safety, an public health, it has only ever been in transferring pain to the privileged oligarchy, whether through strikes, lawsuits, protest, or open rebellion, that progress seems to be made. People are remarkably insensitive to the pains of others. I very much wish it weren't so, but wishing does nothing.
This extends well beyond software.
Next time you smell "gas", give a thought to the 300 souls of the New London School.
https://en.wikipedia.org/wiki/New_London_School_explosion
Safety standards are written in blood.