I have more than once noticed gell-mann amnesia (either in myself or others) about standard LessWrong takes on regulation. I think this community has a bias toward thinking regulations are stupider and responsible for more scarcity than they actually are. I would be skeptical of any particular story someone here tells you about how regulations are making things worse unless they can point to the specific rules involved.
For example: there is a persistent meme here and in sort of the rat-blogosphere that the FDA is what’s causing the food you make at home to be so much less expensive than the food you order out. But any person who has managed or owned a restaurant will tell you that the actual two biggest things making your hamburger expensive are labor and real estate, not complying with food service codes. People don’t spend as much money cooking at home because they’re getting both the kitchen and labor for free (or at least paying for it in other ways), and this would remain true even if it were legal to sell that food you’re making on the street without a license.
Another example that’s more specific and in my particular trade: Back in May, when the Crowdstrike bug happened, people were posting wild takes on Twitter and in my signal groupchats about how Crowdstrike is only used everywhere because the government regulators subject you to copious extra red tape if you try to switch to something else.
I cannot for the life of me imagine what regulators people were talking about. First of all a large portion of cybersecurity regulation, like SOC2, is self-imposed by the industry; second anyone who’s ever had to go through something unusual like ISO 27001 or FedRAMP knows that they do not give a rats ass what particular software vendor you use for anything. At most your accountant will ask if you use an endpoint defense product, and then require you to upload some sort of logfile regularly to make sure you’re using the product. Which is a different kind of regulatory failure, I suppose, but it’s not what caused the Crowdstrike bug.
But any person who has managed or owned a restaurant will tell you that the actual two biggest things making your hamburger expensive are labor and real estate, not complying with food service codes.
FWIW, this seems wrong, having run a large construction project which involved navigating various food and restaurant licenses. The food service codes are the thing that make the real estate much more expensive, and a large fraction of the labor cost gets spent complying with the food service codes.
My cousin had a small restaurant, and one of the reasons he gave up was complying with all kinds of regulations. There was always some small detail that was wrong, and he typically did not get fined, he was just told to fix it before the next review. But it took a lot of his time. It was usually some stupid thing, such as painting the walls incorrectly, or using a wrong kind of screw on the roof, i.e. not even related to the food.
Also, one of the reasons it is difficult to build small kindergartens (like for 10 kids total) is that they are required to have a kitchen, which is required to have a certain area and inventory, which at this scale becomes the most expensive part of the kindergarten. But if you invite guests to your home, cooking for 10 people in your kitchen is easy, even if would completely fail the kindergarten regulations.
Back in May, when the Crowdstrike bug happened, people were posting wild takes on Twitter and in my signal groupchats about how Crowdstrike is only used everywhere because the government regulators subject you to copious extra red tape if you try to switch to something else.
Microsoft blamed a 2009 antitrust agreement with the European Union that they said forced them to sustain low-level kernel access to third-party developers.[286][287][288] The document does not explicitly state that Microsoft has to provide kernel-level access, but says Microsoft must provide access to the same APIs used by its own security products.[287]
This seems consistent with your understanding of regulatory practices (“they do not give a rats ass what particular software vendor you use for anything”), and is consistent with the EU’s antitrust regulations being at fault—or at least Microsoft’s cautious interpretation of the regulations, which indeed is the approach you want to take here.
Well that’s at least a completely different kind of regulatory failure than the one that was proposed on Twitter. But this is probably motivated reasoning on Microsoft’s part. Kernel access is only necessary for IDS because of Microsoft’s design choices. If Microsoft wanted, they could also have exported a user API for IDS services, which is a project they are working on now. MacOS already has this! And Microsoft would never ever have done as good a job on their own if they hadn’t faced competition from other companies, which is why everyone uses CrowdStrike in the first place.
I have more than once noticed gell-mann amnesia (either in myself or others) about standard LessWrong takes on regulation. I think this community has a bias toward thinking regulations are stupider and responsible for more scarcity than they actually are. I would be skeptical of any particular story someone here tells you about how regulations are making things worse unless they can point to the specific rules involved.
For example: there is a persistent meme here and in sort of the rat-blogosphere that the FDA is what’s causing the food you make at home to be so much less expensive than the food you order out. But any person who has managed or owned a restaurant will tell you that the actual two biggest things making your hamburger expensive are labor and real estate, not complying with food service codes. People don’t spend as much money cooking at home because they’re getting both the kitchen and labor for free (or at least paying for it in other ways), and this would remain true even if it were legal to sell that food you’re making on the street without a license.
Another example that’s more specific and in my particular trade: Back in May, when the Crowdstrike bug happened, people were posting wild takes on Twitter and in my signal groupchats about how Crowdstrike is only used everywhere because the government regulators subject you to copious extra red tape if you try to switch to something else.
I cannot for the life of me imagine what regulators people were talking about. First of all a large portion of cybersecurity regulation, like SOC2, is self-imposed by the industry; second anyone who’s ever had to go through something unusual like ISO 27001 or FedRAMP knows that they do not give a rats ass what particular software vendor you use for anything. At most your accountant will ask if you use an endpoint defense product, and then require you to upload some sort of logfile regularly to make sure you’re using the product. Which is a different kind of regulatory failure, I suppose, but it’s not what caused the Crowdstrike bug.
FWIW, this seems wrong, having run a large construction project which involved navigating various food and restaurant licenses. The food service codes are the thing that make the real estate much more expensive, and a large fraction of the labor cost gets spent complying with the food service codes.
See also: https://www.lesswrong.com/posts/uBs6RJYtQbxZCRxSk/adam_scholl-s-shortform?commentId=Rumcr7vGaTAzdB4CA
My cousin had a small restaurant, and one of the reasons he gave up was complying with all kinds of regulations. There was always some small detail that was wrong, and he typically did not get fined, he was just told to fix it before the next review. But it took a lot of his time. It was usually some stupid thing, such as painting the walls incorrectly, or using a wrong kind of screw on the roof, i.e. not even related to the food.
Also, one of the reasons it is difficult to build small kindergartens (like for 10 kids total) is that they are required to have a kitchen, which is required to have a certain area and inventory, which at this scale becomes the most expensive part of the kindergarten. But if you invite guests to your home, cooking for 10 people in your kitchen is easy, even if would completely fail the kindergarten regulations.
(Not in USA. Your local regulations may differ.)
Here’s the original claim:
This seems consistent with your understanding of regulatory practices (“they do not give a rats ass what particular software vendor you use for anything”), and is consistent with the EU’s antitrust regulations being at fault—or at least Microsoft’s cautious interpretation of the regulations, which indeed is the approach you want to take here.
Well that’s at least a completely different kind of regulatory failure than the one that was proposed on Twitter. But this is probably motivated reasoning on Microsoft’s part. Kernel access is only necessary for IDS because of Microsoft’s design choices. If Microsoft wanted, they could also have exported a user API for IDS services, which is a project they are working on now. MacOS already has this! And Microsoft would never ever have done as good a job on their own if they hadn’t faced competition from other companies, which is why everyone uses CrowdStrike in the first place.