On Friday, December 15, 2017 at 3:08:32 PM UTC-6, Ryan Sleevi wrote: > Respectfully, this is the tiger-repelling rock. We can't show that any > tigers attacked, therefore, we should keep telling users they need > tiger-repelling rocks. And oh, by the way, they take away attention from > solutions that do actually repel or repatriate the tigers. >
In actuality, given a sufficient number of human - tiger encounters, with the essential discernible variable in those encounters being: Did an attack result? -and- Was a tiger-repelling rock held by human? Where a non-zero "Did an attack result" is true in a material portion of the encounters AND where "Did an attack result" is zero in all those encounters for which the "Was a tiger-repelling rock held by human" is true -- and I reemphasize given a large enough set of encounters normalized for other variables -- a strong statistical case can be made -- not directly that "Tiger-repelling rocks actually work!" but rather that some non-obvious consequence of the tiger-repelling rock or of the human holding the tiger-repelling work does apparently dissuade the tiger from attacking. This is true even if the actual underlying cause is merely that it amuses the tigers as a collective to perpetuate their rather successful troll: that we believe the tiger-repelling rocks work. Major insurers rely on logic and the sorts of statistical models alluded to above in their day to day business. As we've arrived at tiger-repelling rocks, I am content to rest in this discussion. I think I've at least raised some alternate perspectives as well as provided some support for those. In closing, I would say that I find the notion of "ascribing responsibility to the user" is entirely appropriate sometimes. Especially when the user wants to be more involved in the risk calculus and would like some extra data points upon which to judge the risks. Except most of the people who feel that way would probably use language like "enabling responsibility by the user". _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
