Filed under: Things so true they're nearly physics.
"Please stop putting a Major or Lt Col. (despite their devotion, exceptional attitude, and culture) in charge of ICAM, Zero Trust or Cloud for 1 to 4 million users when they have no previous experience in that field—we are setting up critical infrastructure to fail."
Past that, there are some other people who shouldn't ever get near cybersecurity management - legislators. Specifically the majority who are willfully clueless.
While I probably agree, why can't the Major just be the project manager and he or she consults daily with their trusted, deeply responsible technical advisor who is actually from the industry?
Because the major is unqualified to evaluate the guidance they receive. Same reason we don't randomly pick our battlefield generals from a pool of chimney sweeps.
Former USAF officer here. Part of the problem is that a Major or Lt Col does not have the rank or budget necessary to pull off a project of that scale. They are still too low on the chain, and too easy to override and then scapegoat when the project fails. Moreover, the officer system is "up or out" meaning that a field grade officer will always be incentivized to prioritize short-term paper gains over long-term strategic gains. This is a bad thing when designing critical infrastructure. A more senior officer with longer tenure and a bigger budget (i.e., a General or SES) needs to run a project intended for millions of users in a defense context.
What's stopping the PM-but-really-Major from invoking chain of command and making overriding decisions? In an org like the military I'm not sure you could just say "please act like a PM and don't make broader decisions" to someone with seniority and expect them to not exercise their authority, unless you actually revoke their authority.
Or, what's stopping the Major from installing a friendly and symbolic tech advisor? Stranger things have happened than bureaucrats hiring and building departments designed to do nothing but legitimize and push forward their own agenda.
Like safety, security is a cost centre with catastrophic penalties for getting wrong. Absolutely any attempt to run it like we run other parts of an organization is a guaranteed way to create a disaster.
P.S. “Things so true they’re nearly physics” might be my favourite line this year.
When our top lawmakers are bringing in tech CEOs to grill them on 'ending finsta' I think maybe we need a complete rethinking of how we address cybersecurity and tech in general.
Craggy Senator to HN: Tell us how you would end finsta?
HN: OMG LOL finsta's not a product GTFO
vs.
FAANG interviewer to HN Interviewee: Tell us how you would end finsta?
HN Interviewee: Preventing users from signing up with secondary, pseudonymous accounts is of course a difficult problem. However, by using the following three sets of simple and anonymized data, I believe we can not only easily automate correlation of these accounts for the vast majority of cases, but if you'll hand me the marker I'll give you the pseudocode which can be abstracted to restrict any subset of users based on any underlying...
Personally it makes me want to get into it if things fall apart for me only because American technological incompetence has never been more apparent to me. I'd Target business analysts that love just grabbing python libraries but don't know anything about coding. Because that's what corporate America gets for letting people who don't know Jack about SWE touch a damn terminal. Business analysts are the scourge of tech. I have yet to meet one that actually is competent tech wise.
Surprised that the DoD cannot contractually gag a high-level departure from sharing internal dirty laundry like this, as an issue of national security, when your typical corp would without a doubt suppress this kind of public lamentation. Does not look good for the US on the world stage.
Yeah, every corp out there would have a non-disclosure/non-disparge clause before receiving that shiny parachute being dangled in front of you on the way out the door. The problem is that with the military, that door might be 30k in the air so that 'chute might be pretty tempting!
Guess the military hasn't had much need recruiting legal minds.
One of my many issues with him is that his quotes are trite nonsense.
Not everyone is solely motivated by money, some of the most important work anywhere is in government, and there is fundamentally nothing preventing a government from getting the best workers for the job.
Reaganism is just pessimistically giving up before you even try, and when ~half of the two parties believe it without doubt, it's self-fulfilling. They believe that government cannot do anything well, and then set out to prove it.
Depends on the government. Kennedy was able to poach McGeorge Bundy and McNamara (who also recruited Daniel Ellsberg, another member of the Harvard Society of Fellows) from the private sector, as well as enough scientists and engineers to put people on the moon. McNamara had worked for the government before that during World War 2, as well as the entire team of Manhattan Project scientists. The quality of applicants to government jobs took a tumble after the Vietnam era.
Singapore's government pays well enough to compete for top talent against the private sector, and I have no doubt that China is capable of staffing high priority government projects well also.
I think this is easily refuted by large portions of our government, not least of which is our military. Even if a random Lt. Col. doesn't have enough software experience, they tend to all be damn impressive executives.
People are motivated by more than money. I certainly am, and would be far wealthier if I was only middling on career paths that use similar skills. In the end, talented people (and less talented people) have strong opinions about what they work on when given choices, and money is not the sole consideration.
it really isn't, there's plenty of very smart people in the gov and it's incredibly short sighted (just as reagan was) to assume that less money & more restrictions in how the job operates = lower quality worker
You want a government where you aren’t able to hear bad news from within the government? Companies can go out of business… governments generally don’t.
> Surprised that the DoD cannot contractually gag a high-level departure from sharing internal dirty laundry like this, as an issue of national security,
Why waste your time on a civil contract when you can classify something and put the departure in prison for a very long time for disclosing classified information?
That’s crazy, he is a public employee of a government whose legitimacy is supposedly derived from the consent of the people. He absolutely should share with the public what he sees as the shortcomings of his office.
In principle that’s ideal and commendable, when all is well; this is unfortunately a detrimental symptom of a high-functioning democracy in a declining empire.
That is one of the most interesting comment threads I've ever read on this website. It's like an in-house DoD drama played out in real time here on HN.
> In only 3 years, we were able to bring Kubernetes on weapon systems, including jets and space systems, where we demonstrated that containerization was not only possible but game-changing on Real-Time OS and legacy hardware.
Docker on fighter jets. Now all we need is NodeJS on nuclear submarines.
> Please stop putting a Major or Lt Col. (despite their devotion, exceptional attitude, and culture) in charge of ICAM, Zero Trust or Cloud for 1 to 4 million users when they have no previous experience in that field—we are setting up critical infrastructure to fail. We would not put a pilot in the cockpit without extensive flight training; why would we expect someone with no IT experience to be close to successful?
This is very interesting. It is the 2 sides of the same coin. I have seem many IT projects deteriorate into a convoluted technical mess which solves none of the organizations or stakeholder requirements. However I have also seen top down management from business people destroy projects by their lack of knowledge, and understanding of IT.
IT does not live in a bubble, it has a purpose and those whom manage it should also understand its attributes.
43 comments
[ 1.6 ms ] story [ 102 ms ] thread"Please stop putting a Major or Lt Col. (despite their devotion, exceptional attitude, and culture) in charge of ICAM, Zero Trust or Cloud for 1 to 4 million users when they have no previous experience in that field—we are setting up critical infrastructure to fail."
Past that, there are some other people who shouldn't ever get near cybersecurity management - legislators. Specifically the majority who are willfully clueless.
What's stopping the PM-but-really-Major from invoking chain of command and making overriding decisions? In an org like the military I'm not sure you could just say "please act like a PM and don't make broader decisions" to someone with seniority and expect them to not exercise their authority, unless you actually revoke their authority.
Or, what's stopping the Major from installing a friendly and symbolic tech advisor? Stranger things have happened than bureaucrats hiring and building departments designed to do nothing but legitimize and push forward their own agenda.
https://www.bbc.com/news/technology-46222026
P.S. “Things so true they’re nearly physics” might be my favourite line this year.
The main problem is that this cost center does generate any revenue. Try to explain this to a CFO.
HN: OMG LOL finsta's not a product GTFO
vs.
FAANG interviewer to HN Interviewee: Tell us how you would end finsta?
HN Interviewee: Preventing users from signing up with secondary, pseudonymous accounts is of course a difficult problem. However, by using the following three sets of simple and anonymized data, I believe we can not only easily automate correlation of these accounts for the vast majority of cases, but if you'll hand me the marker I'll give you the pseudocode which can be abstracted to restrict any subset of users based on any underlying...
Guess the military hasn't had much need recruiting legal minds.
I've got a lot of issues with him, but this quote is spot on.
Not everyone is solely motivated by money, some of the most important work anywhere is in government, and there is fundamentally nothing preventing a government from getting the best workers for the job.
Reaganism is just pessimistically giving up before you even try, and when ~half of the two parties believe it without doubt, it's self-fulfilling. They believe that government cannot do anything well, and then set out to prove it.
Singapore's government pays well enough to compete for top talent against the private sector, and I have no doubt that China is capable of staffing high priority government projects well also.
People are motivated by more than money. I certainly am, and would be far wealthier if I was only middling on career paths that use similar skills. In the end, talented people (and less talented people) have strong opinions about what they work on when given choices, and money is not the sole consideration.
"I don't care about anything as much as money, so I know no one else does either."
Why waste your time on a civil contract when you can classify something and put the departure in prison for a very long time for disclosing classified information?
https://news.ycombinator.com/item?id=28408399
Probably not cleared any more.
Link to CSOs resignation post the article is referencing https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-ch...
Docker on fighter jets. Now all we need is NodeJS on nuclear submarines.
We have electron/NodeJS on spacecrafts. Close enough.
This is very interesting. It is the 2 sides of the same coin. I have seem many IT projects deteriorate into a convoluted technical mess which solves none of the organizations or stakeholder requirements. However I have also seen top down management from business people destroy projects by their lack of knowledge, and understanding of IT.
IT does not live in a bubble, it has a purpose and those whom manage it should also understand its attributes.