Generally agree, I mean, companies don't need to make their own steel beams, cars, and teacups, Cloud gives the lower parts of the stack over to the specialists, who can industrialise their skill with a massive production line.

But what's kinda interesting is that there's still industries where lots of small players are needed, like housing construction and maintenance. We don't all live in an IKEA like mass produced kit house. There's huge variety of small custom house designs and arrangements, ad-hoc pieces, as every house is different.

I guess the question is whether an org's IT is going to fit and benefit more from the mass production line model or the custom local one.

Holy cow!

Was there no agency you could have tipped off about it?

But does it have a Yoda mode?

Are you sure about that? I heard MBS through a Canadian wealth management firm.

Cool :) I must try to reread that again one day.

I was hoping for other proxies, but yes I too see that's a good method. I wouldn't rate my own coding skills, but when I've had chance to speak to people, and ask questions like, so the pentest revealed this bug two years ago, which you fixed back then, but now the latest test this year, reveals the same class of bug again, so what happened, did this code not exist back then? And they say, oh yes it existed. And I'm like, so didn't it occur to you back then to search your code for the same class of bug in other parts of your code where it might be likely to be present, not just where the pentest found it, given you know what your app does? No, we didn't. And then they start complaining about their managers not giving them enough time.

The kinds of common errors which the article suggests shouldn't be happening. Like the 2023 MOVEit snafu.

So the simple version of quality, not the Zen and the Art of Motorcycle Maintenance version.

We have a massive demand for software, but very few programmers are actually competent.

Interesting. Do you have advice on how to judge the quality of a piece of software, without seeing the source code, but being able to ask other questions?

Sigh, true, I guess the future needs to become decentralised?

Ah, cunning.

“The finest trick of the devil is to persuade you that he does not exist.”

It's maddening, and also, kinda fascinating what, the reasons why they insist on this, could be.

I asked ChatGPT to speculate in a psychologically informed way, on what the reasons could be. Naturally your point about control came up a lot (many people think at a concrete level and so can't understand having a team which they can't "see").

I'll quote this last reason it churned out, which is again about capacity for perception:

Truly post-conventional thinkers can hold paradox: that productivity can increase and control decrease; that structure can evolve and culture endure. Leaders operating below that level may feel forced to choose one side (“We can’t have both”), leading to simplistic, binary decisions like “Everyone must come back.”

Thanks for sharing what is probably one of the best feel-good stories of the month. Seriously, we're always hearing about how the system is grinding everyone down. It's easy to get really depressed and believe it all.

As someone who wrote a book on totalitarianism said, the antidote is to show that there's at least one voice that is different. One voice that can stand apart from the crowd. One voice that makes everyone rethink, hey, there are options and possibilities. So, thank you.

Sounds very awkward to deal with.

And as a thought experiment, if forcing every employee to wear an ankle tag solved the problem, would that justify forcing every employee to wear an ankle tag?

So I just wonder if a soft PC location logger feature is proportionate.

I guess there's already reasons for suspicion, so would this additional data collection be excessive?

I'd agree generally, but I wonder that in the end, it's actually irrelevant whether security is quantifiable. Sure, we could estimate the cost of a breach, estimating the risk of it happening, and even make a very credible job of it, but those numbers will often get the security dept people nowhere.

Why? Leaders think they are lucky and that they will get away with it.

If they were pessimistic scared pedantic types, they wouldn't be leaders.

And the technology is fragile. So it isn't really their fault. They have to succeed in the market whilst dependent on inherently fragile technology. Their only reasonable bet in that situation is to hope they stay lucky.

And by inherently fragile I mean, you buy it and it should just work, not this, hire an army of people to perform rituals and sacrifices to try to stop the company's crown jewels suddenly leaking out of the hole in the bottom of your coffee machine's waste basket.

Why the tech is so fundamentally fragile, despite many brilliant people creating it, is an exercise for the reader.

Sounds hyperbolic.

Now, where did I leave my car keys...