Looking for Input

4•tigydavid•3mo ago

How would you architect and secure a platform where virtue determines access and governance, not popularity or money? Looking for: security opinions, stack suggestions, critiques, and threat modeling. If anyone is interested in collaboration on this premise please let me know.

Comments

masking•3mo ago

Interested. Background is in software and devops.

Follow up..

access and governance are two separate things: Authentication and Authorization. Each might have a different answer.

The “thing” accessed.. is it user created, community owned, or institutionally owned? I would imagine that has a bearing on the process.

EDIT 2:

Stack Overflow immediately comes to mind.

This answer might be more philosophic than useful, but how acceptable is a violation of the virtue or trust? Say a virtuous person abuses the trust in an unquestionable way.. say they used community funds to buy narcotics for children. Is it “ok” to base a system on past virtue when future virtue is highly consequential?

tigydavid•3mo ago

I would say institutionalized but created with input from the community to guard against bias. Preferably, the system would reach “competence” and the virtue index would be sufficiently successful in predicting future outcomes, as well as current moral position. I have some docs that lay out principles if you want to see them. The main challenge is the accuracy and repeatability of virtue authentication, as this would enable a new paradigm of consciousness.

tigydavid•3mo ago

I want to add that, given neither fatalism nor nihilism, but something more like partial-determinism in that destiny (past action requiring debt to be paid) and current/future free will co-operate, how would you go about these problems? It is so elusively difficult

nacozarina•3mo ago

have seen RBAC implemented via internally-managed x.509 certs; endpoint identity is enriched with Org, OU0, OU1, …, params; a custom REST service provides authorization services after initial authentication. Nothing special about the certs themselves. Hard part is defining the authorization services, how you register apps, granularity of perms, etc. The coding is tedious but straightforward; getting prerequisite agreements around policy is hard.

"Compiled" Specs

The Next Big Language (2007) by Steve Yegge

Open-Weight Models Are Getting Serious: GLM 4.7 vs. MiniMax M2.1

Using AI for Code Reviews: What Works, What Doesn't, and Why

Show HN: Solnix – an early-stage experimental programming language

DoNotNotify is now Open Source

The British Empire's Brothels

What rare disease AI teaches us about longitudinal health

The Brand Savior Complex and the New Age of Self Censorship

Show HN: A Prompting Framework for Non-Vibe-Coders

Kilroy is a local-first "software factory" CLI

Mathscapes – Jan 2026 [pdf]

80386 Barrel Shifter

Training Foundation Models Directly on Human Brain Data

Web Speech API on HN Threads

ArtisanForge: Learn Laravel through a gamified RPG adventure – 100% free

Your phone edits all your photos with AI – is it changing your view of reality?

DStack, a small Bash tool for managing Docker Compose projects

Hop – Fast SSH connection manager with TUI dashboard

Turning books to courses using AI

Top #1 AI Video Agent: Free All in One AI Video and Image Agent by Vidzoo AI

Ask HN: How would you design an LLM-unfriendly language?

Show HN: MuxPod – A mobile tmux client for monitoring AI agents on the go

March for Billionaires

Turn Claude Code/OpenClaw into Your Local Lovart – AI Design MCP Server

An Nginx Engineer Took over AI's Benchmark Tool

Use fn-keys as fn-keys for chosen apps in OS X

Sir/SIEN: A communication protocol for production outages

Show HN: OpenCode for Meetings

The chaos in the US is affecting open source software and its developers