Ok, it's only because I assume people skim rather than bother reading whole paragraphs. I can paragraphs, honest.

I think one of the greatest advances of the Western Enlightenment was a kind of realization that it's really, really difficult to know something.

It's not just about personal biases, and it's not just about cultural biases. It goes way beyond that -- it's the systems we live in and depend upon.

When we were living in tribal times, you could probably find out through direct experience most of everything you needed to know. And anything beyond that was just magic. How to find food, how to make relationships, and the consequences of various strategies. The tribe was local and could learn and retain that direct tribal experience.

Today we live in an incredibly complex global system which is not only 8 billion people, but they are all agents who are part of systems, of systems, of systems.

We're all dependent on and using systems which we have no idea how they're actually made or how they're connected or what they even do.

We have this problem when you listen to what your doctor thinks is wrong with you, what legal advice you might be given, which foods are being promoted as healthy, which morals and ethical views are being enforced, which laws are being made, which things are taught in education, as well as the wider opinions around which side are the good guys in any particular conflict.

And so on and so on.

We seem to be living in a system that is far more complex than we can understand.

If the internet and now AI are to save us from this bizarre place of being both incredibly interdependent and nobody really understanding what the heck is going on, that tech has to give us exquisitely transparent and clear feedback loops.

When someone in some position of authority or influence, like a politician or a company manager, makes a decision, we have no idea what's really going on and why they really made that decision. Yet it can affect many and in unanticipated ways.

And that's even before we get into the fact that 99% of the brain is unconscious.

We are in the kinda Forbidden Planet scenario where we built an incredibly powerful system yet none of us understand the implications, and by the time the feedback loop completes, it'll be too late.

Generally agree, I mean, companies don't need to make their own steel beams, cars, and teacups, Cloud gives the lower parts of the stack over to the specialists, who can industrialise their skill with a massive production line.

But what's kinda interesting is that there's still industries where lots of small players are needed, like housing construction and maintenance. We don't all live in an IKEA like mass produced kit house. There's huge variety of small custom house designs and arrangements, ad-hoc pieces, as every house is different.

I guess the question is whether an org's IT is going to fit and benefit more from the mass production line model or the custom local one.

Holy cow!

Was there no agency you could have tipped off about it?

But does it have a Yoda mode?

Cool :) I must try to reread that again one day.

I was hoping for other proxies, but yes I too see that's a good method. I wouldn't rate my own coding skills, but when I've had chance to speak to people, and ask questions like, so the pentest revealed this bug two years ago, which you fixed back then, but now the latest test this year, reveals the same class of bug again, so what happened, did this code not exist back then? And they say, oh yes it existed. And I'm like, so didn't it occur to you back then to search your code for the same class of bug in other parts of your code where it might be likely to be present, not just where the pentest found it, given you know what your app does? No, we didn't. And then they start complaining about their managers not giving them enough time.

The kinds of common errors which the article suggests shouldn't be happening. Like the 2023 MOVEit snafu.

So the simple version of quality, not the Zen and the Art of Motorcycle Maintenance version.

We have a massive demand for software, but very few programmers are actually competent.

Interesting. Do you have advice on how to judge the quality of a piece of software, without seeing the source code, but being able to ask other questions?

Sigh, true, I guess the future needs to become decentralised?

Ah, cunning.

“The finest trick of the devil is to persuade you that he does not exist.”

It's maddening, and also, kinda fascinating what, the reasons why they insist on this, could be.

I asked ChatGPT to speculate in a psychologically informed way, on what the reasons could be. Naturally your point about control came up a lot (many people think at a concrete level and so can't understand having a team which they can't "see").

I'll quote this last reason it churned out, which is again about capacity for perception:

Truly post-conventional thinkers can hold paradox: that productivity can increase and control decrease; that structure can evolve and culture endure. Leaders operating below that level may feel forced to choose one side (“We can’t have both”), leading to simplistic, binary decisions like “Everyone must come back.”

Thanks for sharing what is probably one of the best feel-good stories of the month. Seriously, we're always hearing about how the system is grinding everyone down. It's easy to get really depressed and believe it all.

As someone who wrote a book on totalitarianism said, the antidote is to show that there's at least one voice that is different. One voice that can stand apart from the crowd. One voice that makes everyone rethink, hey, there are options and possibilities. So, thank you.

Sounds very awkward to deal with.

And as a thought experiment, if forcing every employee to wear an ankle tag solved the problem, would that justify forcing every employee to wear an ankle tag?

So I just wonder if a soft PC location logger feature is proportionate.

I guess there's already reasons for suspicion, so would this additional data collection be excessive?

I'd agree generally, but I wonder that in the end, it's actually irrelevant whether security is quantifiable. Sure, we could estimate the cost of a breach, estimating the risk of it happening, and even make a very credible job of it, but those numbers will often get the security dept people nowhere.

Why? Leaders think they are lucky and that they will get away with it.

If they were pessimistic scared pedantic types, they wouldn't be leaders.

And the technology is fragile. So it isn't really their fault. They have to succeed in the market whilst dependent on inherently fragile technology. Their only reasonable bet in that situation is to hope they stay lucky.

And by inherently fragile I mean, you buy it and it should just work, not this, hire an army of people to perform rituals and sacrifices to try to stop the company's crown jewels suddenly leaking out of the hole in the bottom of your coffee machine's waste basket.

Why the tech is so fundamentally fragile, despite many brilliant people creating it, is an exercise for the reader.