Tag Archives: LikedIn

August 8, 2024 · 12:00

How to measure success?

That is the question is was facing today. It wasn’t about my success (or lack thereof). It was about the olympics. One member (a fellow Australian) was happy because we had two additional gold members over the United Kingdom. But there was something wrong with that train of thought. It was too American. Don’t get me wrong, as I see it it is great to have more golden medals, but in my old fashioned way of life (and thinking) it is weird that the runners up get to live. I must be going soft in my old age.

You see with Australia grasping a 14-12-9 achievement and the United Kingdom holding onto 12-15-19 at present this list could go into any direction. However, this got me thinking. How do you measure success? Don’t get me wrong the gold number are nice, yet it is not a true list of achievement, is it? I have been pondering this and my mind took me to the old 1,2,3 squared allocation. So Bronze counts as 1, Silver as 4 and gold as 9. Now we get to 183 for Australia and 187 for the United Kingdom. UK won by a nose-hair as jockeys tend to say. So is this actually fair? How can medals be universally set? I don’t think that a boxer will accept equal points to an equestrian, in support, the horse will not go along with that either. Still there is a need to give some level of equality especially as the best of the best of the best in any of these disciplines are competing, yet the simple set to look at the golden medals seems wrong (possibly Canadian Summer McIntosh might agree but she just got 3 golden and one silver medal), at 17 she got (as far as I know) a tied second place with a few others all with three golden medals in the French Olympics. 

However I still ponder, is my formula the right one? It seems to be, but it might be my own shortsightedness to think so. 

Still, the question remains, how do you measure success, and not just in sports. In the 90’s I was subject KRA’s (Key Result Areas) and I accepted them as I had no knowledge on how to measure success. Even in customer care and Technical Support these numbers (when applied to the field I was in) made perfect sense. At some point you need to consider what to measure and how to measure it. Medals are a finite point of achievement, customer care is a little bit more fluidic. So how to go about it? The Olympic medallist might have kicked this off, but my brain takes into all directions. So with one movie script under my belt (for assessment with Dubai Media) am I more successful in scripting then all my friends (both of them)? They are not in that field, so how to generalise some metrics? You see we can grab Z-scores but as far as I can see that is a near obsolete approach to matters (perhaps what the people call AI use this) and now we get to the next bit and why I used Summer McIntosh as an example. These were her first Olympics, so how could there be a Z-score of her and how would it be reliable (or relatable)? Previous competitions? These were her first olympics and even in global events the pressures are different. 

And the field becomes even more complex, you see whatever they call these systems based on LLM’s and Deeper Machine Learning, it is either set by a programmer, or set by data and there the problem becomes a lot larger as both are used. Without proper verification and a number of constraints the equation becomes a GIGO rule (Garbage In Garbage Out).

I wonder how much some players consider success. Most will measure success by their ability to bring home the bonus funds. To some extent I accept that, but when you consider how they went about getting that success becomes a larger issue. In this I take the conceptual setting of Awareness versus Engagement in market research. Awareness could be shown how many impressions (or clicks) something gets, whilst engagement requires interaction with the solution. As I have always stated Engagement wins every time, but the large companies often herald views per thousand (or clicks as a secondary). So who get the price turkey at the end? Large Language Models with (Deeper) Machine Learning what some call a version of AI has issues and the world is waking up to Nvidia (not meant in a bad way). You see there is currently no AI, not yet anyway. What there is (the LLM and DML reference) is awesome and it can do great stuff, but it has issues like the legal sector recently saw. There is a lack of verification and that will be an issue in plenty of fields. 

Have a successful day.

Leave a comment

Filed under IT, Media, Science

Tagged as , , , , , , , , , , , , , , ,

October 3, 2023 · 22:10

Cutting corners

Something did not sit well with me yesterday. I have been mulling things over for most of today and it all started with Politico (at https://www.politico.com/news/2023/09/12/pentagon-cyber-command-private-companies-00115206) where we are given ‘The U.S. is getting hacked. So the Pentagon is overhauling its approach to cyber.

This setting comes in a few stages. Lets start with the given that I have no opposition to the Pentagon getting involved. But the stage is not that simple. So we start with the quote “attacks on critical U.S. companies and federal agencies, and as the Pentagon eyes Chinese hacking efforts with increasing concern.” The first issue is that I would have said “Chinese and Russian hacking efforts”, it would be more accurate. There is an additional side to all this. If American corporations had done their job BETTER, this issue would not be the critical issue it currently is. 

Equifax (2017)
Marriott International (2018)
Capital One (2019)
First American (2019)
Solarwinds (2020)
Colonial Pipeline (2021)
LikedIn (2021)
Microsoft Exchange Server (2021)
Twitter (2022)

This is merely a small grasps, this grasp has millions of records online for each of these cases, In this Linked in stood out with “Personal records of over 700 million users – 92% of the user base – were scraped from the platform and put up for sale in a hacker forum. Why did this happen? Attackers found a public API without authentication and breached it to scrape content.” This case is also the larger issue (beside the fact that it was an API and I wrote about that risk in ‘A simpleminded A, B, C’ On August 30th (at https://lawlordtobe.com/2023/08/30/a-simpleminded-a-b-c/) a simple setting now out in the open. People still think I was grasping at straws? Now here we see (in the LinkedIn case) “Attackers found a public API without authentication”, as such couldn’t they do their bloody jobs? I understand the setting of the Pentagon, but there needs to be a bill for utter stupidity and a link to your data without authentication is definitely one.

Corporations have been cutting corners on cost and staff and now that the consequences are out in the open, the Pentagon needs to rescue them? Screw that!

It is nice that the Pentagon comes to the rescue, but every rescue needs to come with an audit of that company and a hefty bill for the action. Consider a pointless rescue by coast guard and Marine rescue, these people get a hefty fine, I see that someone employs an API without authentication in pretty much the same way.

Yet the article is merely the start. You see, we can all agree on “Hackers are increasingly infiltrating private companies and government agencies far outside the Pentagon’s usual purview, and the hacks are being perpetrated by cybercriminals who honed their strategies abroad before striking the United States.” OK, that is fine and the fact that the Pentagon and its digital weapon systems are brought to bear is fine, but the utter stupid setting by corporations that cut corners is part one and that is on those corporations. I am even willing to accept that it took a disgruntled employee to hand visibility to the wrong people. Yet that also implies that these corporations have a larger problem and THEY have to pay for that. 

So about Three weeks ago, we were handed the 2023 DoD Cyber Strategy guide. The PDF (see bottom) is a nice piece of work. My issue is with page 6 where we are given “The Department will continue to persistently engage U.S. adversaries in cyberspace, identifying malicious cyber activity in the early stages of planning and development. We will track the organization, capabilities, and intent of malicious cyber actors. We will leverage these insights to bolster the cyber resilience of the Nation and will coordinate with interagency partners to publicize this information as circumstances permit.” As I personally see it, it should say “The Department will continue to persistently engage U.S. adversaries in cyberspace, identifying malicious cyber activity in the early stages of planning and development. We will track the organisation, capabilities, and intent of malicious cyber actors, whilst registering corporate shortcomings. We will leverage these insights to bolster the cyber resilience of the Nation and will coordinate with interagency partners to publicise this information as circumstances permit, where corporate shortcomings will not be silenced.” In this case some will state that this is not the job of the DoD and they would be correct, but Corporate America fell short and they now want help, that shortcoming needs to be illuminated as well. You cannot have it both ways.

The document gives us a lot to think about and I agree with 99% of it all, especially when it comes to the Department of Defense Information Network. 

I created the Hub+1 intrusion solution in 2014 (or 2015). As far as I know, no one is at this time ready for that creative little caper. I got there shortly after the Sony hack. The information never added up to me and I started to wonder how it could have been done (always a nice way to find the issue by re-engineering the possibilities). And all this is long before we consider issues like non-repudiation, a simple setting I learned about in UTS (University of Technology Sydney) about 3 years before the Sony hack and corporations have been cutting corners ever since. Consider the routers of the FBI, DoD, DMV, Department of Homeland Security and the postal services. Now check EVERY router and tally the ones where the password was Cisco123. I reckon you will find close to a dozen routers. I know it is more presumption than speculation on my side, but that is the larger failure and that is BEFORE we check all the corporate routers. People in IT have been too lazy (for many obvious reasons) and most of them involve resource shortages and why should the Pentagon pay for that bill?

I see that corporate America needs to pay for their cutting corners, the Pentagon has enough issues to work through and when it needs to step in (and when shortcomings are found) that corporation needs to get billed. This is specific. Corporate players cannot shield themselves from top tier hackers, that is BS. But letting the Pentagon pay for corporate stupidity is equally stupid and that needs to be out in the open. 

So this was my rant on stupidity, enjoy the day.

2023_DOD_Cyber_Strategy_SummaryDownload

Leave a comment

Filed under IT, Media, Military, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , ,