Category: I84D

An emoticon smile of a post

Open Conspiracies

Open Conspiracies, Exhibit A: Whitewashing Sugar — Confessions of a Supply-Side Liberal:

Apparently, a large number of Americans and other people around the world believe in what I consider to be implausible secret conspiracies. A key thing that makes a conspiracy implausible is the number of people who are supposedly in on the secret and faithfully keeping that secret. Once the numbers get large, someone usually breaks ranks.

I wish those outside of law enforcement would pay less attention to the possibility of secret conspiracies and more attention to the certainty of open conspiracies: conspiracies that are not secret at all, that anyone can pierce who is motivated and properly equipped with the ability to read, digest and interpret technical material, or simply have the patience to wade through large amounts of text. Open conspiracies are still conspiracies because they aim to deceive those who are ill-equipped to interpret technical material or who don’t have time to wade through reams of documents—and who make a bad guess or bad judgment about who to trust to do that for them.

The truth in the above paragraphs is self-evident to me. I like the way it’s phrased here.

Read the article for the links to the journalism around the sugar industry, which is impressive all on its own.

Good advices

The young man of Baghdad solicits advice from a friend as his slave girl, who is adept at music, awaits, from a Tuti-nama (Tales of a Parrot): Forty-eighth Night
The Problem with Newsletter Advice — CJ Chilvers:

The good advice for business (and life) is boring and readily available.

  • Deliver value.
  • Save money automatically.
  • Diversify.
  • Strive for more agency in work and life.
  • Be kind.
  • Be generous.
  • Put family first.
  • Without your health, nothing else can happen.
  • And so on…

CJ talks about newsletters, but does a nice abstraction about the key elements of doing a successful one. Newsletters have been around for centuries.

Nothing has changed but the means of delivery. [edit mine]

Also true for life.

Published
Categorized as I84D

Twelve Golden Rules to the Art of Conversation

Conversation in Autumn 講秋圖
The Art of Conversation: Twelve Golden Rules by Josephine Turck Baker (web | index)

  1. Avoid unnecessary details.
  2. Do not ask question No. 2 until No. 1 has been answered.
  3. Do not interrupt another while they are speaking.
  4. Do not contradict another, especially when the subject under discussion is of trivial importance.
  5. Do not do all the talking; give your tired listener a chance.
  6. Be not continually the hero of your own story; and, on the other hand, do not leave your story without a hero.
  7. Choose a subject of mutual interest.
  8. Be a good listener.
  9. Make your speech in harmony with your surroundings.
  10. Do not exaggerate.
  11. Indulge occasionally in a relevant quotation, but do not garble it.
  12. Cultivate tact.
Published
Categorized as books, I84D

KR dating, contract tracing & Clubhouse

Somewhere between distance, intimacy: Love in the time of coronavirus:

Nearly 80 percent of singles aged between 25 and 49 stopped looking for romance since February last year, according to a May survey by the Korea Development Institute’s School of Public Policy and Management. About a third of them cited the coronavirus as the prime reason.

The pandemic has raised the stakes for falling in love. For one thing, it means risking one’s health.

On top of the threat of catching the disease, for Park [Sara], what prevented her from “putting herself out there” was the horror of her pre-diagnosis itinerary being alerted to all her close contacts should she get infected.

“Imagine having to explain to contact tracers you might have caught the coronavirus from a blind date or something,” she said. “I would be mortified.”

(Via Korea Herald)

Imagine, indeed. There is a different cultural dynamic in Korea, but I’m sure this would cause anxiety for singles in other places, assuming contract tracing is a prevalent as it is here.

All is not lost. Many singles are doing what I did (very successfully, I might add) last summer: hopping on dating apps. One big, surprising change to my approach:

As mingling in the real world is stunted by social distancing, virtual dating is booming, with Millennials and Gen Zers flocking from platform to platform in the hopes of finding new love. The hot app at the moment is Clubhouse [emphasis mine], according to Yeo Hyun-min, a developer in Seongnam, Gyeonggi Province, in his mid-20s.

On Friday and Saturday evenings, the social audio app brims with blind date sessions where people “check each other out” and if things work out, eventually hang out offline. The chat’s moderator plays matchmaker and invites some of the listeners as speakers. They are given about 30 seconds to introduce themselves, including what they’re like as a romantic partner.

That is a great Clubhouse use case! I wrote about my indifference to the app and lamented the lack of a killer reason for it to remain. Maybe it transitions to dating?

Where’s the SOX inverse for cybersecurity?

Cast your mind back to the late ‘90s: WorldCom & Enron imploded due to financial impropriety; government reacted; & IT was left holding the bag.

Cut to now: President Biden signed an executive order to improve government cybersecurity.

Bruce Schneier:

I’m a big fan of these sorts of measures. The US government is a big enough market that vendors will try to comply with procurement regulations, and the improvements will benefit all customers of the software.

Adam Bobrow from Just Security:

The executive order is a good first step, but it won’t stop the constant barrage of cyber incidents that has overwhelmed the United States over the last six months. Unfortunately, the insecurity of networked computer systems is simply too great for any single effort to solve the problem. Instead, the solutions lie on a distant horizon. It is not too soon to start charting a course, and Congress can help.

Both are right, but I’m not sure in what proportion. My thoughts are … drafts.

As I see it, the private sector takes one of four basic approaches to cybersecurity:

  1. Accept cybersecurity is key to doing business, and plans and funds accordingly
  2. Knows cybersecurity is important and spends with no planning (blinking lights or shotgun approach)
  3. Knows cybersecurity is important and plans for it but gets no funding (MacGuyver approach)
  4. Hopes nothing bad happens because they think that they’re not a target (magical thinking approach)

While many companies rely on US government contracts, not all do. I’d be curious to see the breakdown, if such a thing exists. Companies that fall into #4 probably aren’t dealing with government contracts at all, and #2-3 might be in varying amounts.

Back in the day the US government passed something awkwardly but accurately called Sarbaines-Oxley Act (a.k.a. SOX, “Public Company Accounting Reform and Investor Protection Act” [in the Senate] and “Corporate and Auditing Accountability, Responsibility, and Transparency Act” [in the House]). The crux of the bill IMNSHO was defining IT measures for making sure companies have it harder to commit financial fraud.

Every IT and InfoSec (it wasn’t called cybersecurity back then) manager worth their salt ran to Finance & the CFO with a budget for all sorts of things to nominally help comply with SOX. The recipients were eager to appear to embrace enforcement.

Most were pet projects that wouldn’t actually help either with SOX compliance or overall security. I saw a request for a tool for a manager to spy on his own desktop support team, one from another manager to increase the storage capacity for audit purposes (but really for his team to be able to share pirated media among themselves), another to set up shadow IT to get around SOX and other oversight (described a parallel production environment for testing purposes which would, in no way, reflect the production environment, of which we had many), and a lot of small stuff that was tangentially related to SOX compliance. There were also purchases of things that would help, but see #2 above.

BTW, the people IT was supposed to reign in were the same people who would approve their SOX budget. And the Big F accounting firms that went along with Enron and Worldcom and the others got to rebrand, keep selling their services, and add a new line of business – SOX auditor.

This was a massive amount of effort and money put into the wrong area with maybe ok intentions. And remember, the stuff that triggered SOC wasn’t impacting most companies bottom line.

Maybe it’s time for a reverse SOX that places the onus on CEOs and CFOs to take responsibility for cybersecurity since it is impacting the bottom line. I’m thinking:

  • Security reports to a CSO equal to the CIO and COO, never reporting through the CIO or CFO
  • Legal and Risk are executive sponsors

Big think for sure, but such a requirement by the US or EU government would mean that security wouldn’t be limited by the conflicts of interest these other entities have in an organization.

Keen observers will note that I do not describe where money should go or even how much. It will vary by any number of variables for each company. Those that do not know what to do or how to do it should seek out consulting to help.

※ I worked on Enron and WorldCom when I was employed at EDS in the 90’s.