Meditation #7 Restoring the value of opportunity

“Luck is what happens when preparation meets opportunity”

This quote is usually attributed to Seneca, but that is not entirely correct. It is neither from Seneca nor quoted correctly. It does however seem to be based on this quote from Seneca’s On Benefits, Book VII, I:

 “’The best wrestler,’ he would say, ‘is not he who has learned thoroughly all the tricks and twists of the art, which are seldom met with in actual wrestling, but he who has well and carefully trained himself in one or two of them, and watches keenly for an opportunity of practicing them.’” 

Seneca On Benefits, Book VII, I

Although the quote is written by Seneca it is not his own but the Cynic Demetrius. The gist seems similar: it makes no sense to learn and prepare for everything. The best, have learned some things deeply and is focussed on the opportunity to use this knowledge. There is however one key difference. The common version of the quote talks about preparation, which could also be interpreted as planning. The original quote does not indicate that preparations mean planning in the usual sequential form rather it indicates that it is better to have learned some standard actions and wait until the right time to do them occurs. 

This is not true only for ancient Greek and Roman wrestlers but also for the contemporary tech industry. We continuously hear of all the “unlucky” incidents: budget overruns and delays are common. The bigger the project the higher the probability of being afflicted by this bad luck. Bad luck comes in many forms: a subcontractor did not deliver on time and according to specification, an upgrade failed, a server crashed, data was deleted, the legacy code was more complicated than anticipated and unknown integrations were discovered. I have seen all these misfortunes and privately marveled at the ubiquity of bad luck in tech. Indeed, bad luck seems statistically prevalent. 

Conversely, when projects actually succeed it is usually not attributed to good luck but to good planning. This seems wrong given that the original quote has no such indication. While the idea that planning is the key to success is widespread it is particularly dangerous in the tech industry. 

Now let’s go back to Seneca’s insight. Preparation is always only half of the equation that predicts luck. However, the other half, opportunity, seems completely missing from any discussions of project success in current treatments of the subject.

The reason could be that preparation seems to lend itself better to structured approaches popular in academic and business books and articles. Planning can be broken down into phases, tasks, and predictable discrete units that can be submitted to templates and repetitions. It aligns with expectations of the corporate world’s logic since public and many private companies are run by boards that expect some level of preparation for the future. Publicly traded companies are measured on their predictability. This creates pressure for plans throughout the organization. We need a hiring plan, a financial plan, a development plan, etc. No one ever asks how to make sure to make the best of opportunity. 

Opportunity is much less amenable to the logic of the corporate world. Although it has its shining moment as the O in SWOT, this is really just a stepping stone to more preparation and planning. It is a nod to the acceptance of opportunity but not really a way to integrate it into governance. 

Opportunity cannot be predicted and hence not easily quantified or turned into KPIs and reports but it is still a fundamental part of how the world works. It is also something that you can be better or worse at cultivating. Since opportunity depends on a stochastic element, we need to look at how to engage with such unforeseen and unforeseeable contingencies. 

The following are important ways to identify opportunities at different levels.

Awareness – if we are unaware of what is going on around us we are never going to see any opportunities. The first step is to actually monitor what is going on. If you are at the level of a company this means monitoring the market, competitors, customers, and everything else that is directly or indirectly a key part of your environment. It also works at the level of the individual employee where it means looking for new tasks and jobs internally as well as externally. From the point of view of a project, anything that can affect the deliverables and plan should be monitored closely.  Monitoring the world around us is key to identifying opportunities and takes many forms. At a corporate level industry reports and competitor analyses are continuously done. Employees may survey job sites and LinkedIn and the project manager usually maintains a risk log. Bringing this front and center is the first step to increasing focus on opportunities. 

Mindset – based on the monitoring, anything that happens can be viewed differently. The focus is usually on the risks and mitigating them perhaps because this has the most immediate impact. But as the SWOT approach illuminates the other side of risk is opportunity. Spotting opportunities is therefore as much a question of mindset as of awareness. Unexpected contingencies will always carry opportunities. The difference between risks and opportunities is that working with risks usually focuses on how to maintain the status quo, and how eventualities should be kept from disturbing the plan. Conversely, opportunities will often require a bit of creative thinking to understand how a situation can be used. We rarely pursue an opportunity in order to continue doing the same but in order to do something different or differently.  

Probing – being able to spot the opportunities of the environment requires a way of validating them since perception can mislead. A potential opportunity needs to be probed in order to make sure that it is really the case. At the corporate level, the question could be whether the market is really preferring a particular feature as can be seen from product reviews and blogs. As an employee interested in doing data science it would be valuable to find out if there is a possibility of doing data science internally by asking around. As a project manager, there could be the potential to snap up a suddenly free internal resource if you hear about it in your network.  Spotting opportunities is not just passive monitoring but also continuous probing to find and validate them.

Now that we understand better the nature of opportunity we need to go back to the quote from the beginning.  

In order to fully appreciate the depth of the Seneca quote, we need to read what precedes it. The quote is not about wrestling. Rather it is about how to approach life. The quote is preceded by this passage:

“The cynic Demetrius, who in my opinion was a great man even if compared with the greatest philosophers, had an admirable saying about this, that one gained more by having a few wise precepts ready and in common use than by learning many without having them at hand. “

Seneca on Benefits, Book VII, I

“(..)that one gained more by having a few wise precepts ready and in common use than by learning many without having them at hand”, this is the key to success. Having only a few items prepared and looking for opportunities to practice them. 

How could such a few “wise precepts” look in the real world and how could that insight be used? This is highly contextual and where the secret sauce is. The point is that it is better to give up the idea that you can learn everything and be prepared for everything. Instead, focus on a few things and learn them well. These could be things that play to your abilities and interests. It could also be selected based on an assessment of what will happen often. For maximum effect, learn and train these and be ready to deploy them any time you spot an opportunity. 

Meditation #6 agile manifesto principle 11, insert “do not”

“The best architectures, requirements, and designs emerge from self-organizing teams”

is the eleventh principle out of twelve in the agile manifesto. 

Taken at face-value it is somewhat difficult to understand what exactly it means. In order to unwrap the import of this we need to investigate the meaning of some key concepts.

The core idea seems to be that order in the form of architecture and design emerges by itself from a self-organising team. 

Self-organisation occurs at many levels in nature. From basic physical processes and chemical reactions leading to crystallisation over biology to macro phenomena in society and the economy. It is a property of multiple interactions within a system. 

The idea that dynamics within a system generates order by itself can be traced to ancient atomists. According to Democritus the world consisted of small invisible atoms in a void. The motion of the cosmos separates the atoms according to their properties. Heavy ones go together like pebbles on the beach. This is also how life appeared: living things emerged out of slime. 

This view was influential in philosophy until the 18th century, where the 2nd law of thermo dynamics was discovered. According to the 2nd law of thermo dynamics, order will decrease with time in any isolated system. This means that a system cannot by itself increase order without influence from outside the system. 

The agile manifesto thus seems to expound a pre-socratic natural philosophy that has been abandoned due to better knowledge in modern science and understanding of natural laws that were gained during the past couple of centuries. 

Even if order would arise from the self-organisation of the team one would expect this only to result in emergent order of the team, not its products. This is similar to how physical and chemical processes result in emergent order of the material itself as is the case with crystals. Note also that crystals do not emerge as order by itself but due to external processes in the form of heat and pressure. Powdered carbon does not spring into crystal form spontaneously. 

Consequently a consistent emergentist view could hold that the order of a team would predictably find an ordered form characterised by some properties like group size, structure or composition. But there is no reason to assume anything about the products of the team.

We can therefore conclude that order does not arise by itself. The best architectures and designs do not just emerge de novo from team interactions when these teams are self-organising. This would be against the 2nd law of thermo dynamics. Order has to be come from the outside. 

Unfortunately, this erroneous view has imbued agile development with an unwillingness to design and architect to the point where many modern developers are vocally antagonistic to any form of upfront design. The effect, of course, is an increase in disorder. This can take many forms. Some are visible as technical debt, some are invisible as bad design leading to instability of systems. 

One would think that eventually they would come to the realisation that this was the case, but another part of the agile mindset precludes this realisation, namely that gradual changes and refactoring are normal and laws of nature. In a sense they are correct. Because nothing is done to reduce entropy due to the unwillingness to do upfront design systems constantly need to be refactored taking away the possibility to work on something more worthwhile. 

Another consequence is instability because system interactions become more complex when there is no design to willingly make them simpler. 

I have worked with different generations of developers and systems, from mainframes to apps. Pre-agile systems can be really ugly too, no doubt about that, but they were made in an era where design and architecture was often done as a natural part of development. I have seen such systems run without error in a stable fashion for 40 years plus. If a modern system developed by an agile team runs more than a few years at all and without incidents it would be a rare occurrence. This is not because modern developers are worse, quite the contrary. Today developers typically have longer more dedicated study programmes behind them. The reason is not either that technologies change faster today. The reason is only that it is viewed as bad to do upfront design and considered okay to rewrite everything in the name of refactoring every once in a while. 

This eleventh principle has potentially undermined most of the gains that the other eleven principles have brought. Fortunately, many companies have not implemented agile in full as envisioned by the agile manifesto. Today for example SAFe has a more realistic view of the need for design and combines this with the insights of the agile manifesto. 

We should therefore either delete the eleventh principle or amend it with a “do not” to read: “The best architectures, requirements, and designs DO NOT emerge from self-organizing teams”. This has to be supplied by dedicated architecture and design work from outside the development team. 

Meditation #5 The Hard Problem of AI is the Problem

Much energy and resources are being put into Artificial Intelligence currently. Artificial Intelligence is expected to approach and eclipse human intelligence. According to a poll by Nick Bostrom the consensus is that it will happen anytime between a few decades and one hundred years from now with the consensus around mid century. We are making great strides and much fear is associated with this development. However, at the heart of AI is a conceptual problem with real practical consequences that may question the fundamental possibility of an Artificial General Intelligence given the current approach. 

In the interest of conceptual clarity let us first define a few terms that are used to distinguish different flavors of AI. The term Artificial Intelligence (AI) is used for all types.

Artificial Narrow Intelligence (ANI) – these are applications of AI that solve narrow problems like recommendations of products, image recognition or text to speech systems. 

Artificial General Intelligence (AGI) – which is an intelligence on a par with human intelligence and in all respects indistinguishable from humans

Artificial Super Intelligence (ASI) – is similar to AGI but superior particularly with respect to speed

One obvious but clearly central aspect that is rarely the object of reflection is the concept of intelligence. In the context of AI this is a strangely trivial concept and treated as self-evident, while in psychology intelligence has been the subject of intense debate for more than a century. Nevertheless, in contemporary psychology it can hardly be characterized as an area of consensus. The purpose here is not to go into any detailed debate of what is and is not intelligence as this will always be a point of contention and more of a definitional than a substantial problem. After all, anyone is free to define a concept as they prefer as long as that definition is precise and consistent. Rather here, I would like to depart from the standard concept of intelligence as understood in the context of AI. 

What is intelligence then according to AI research? according to the Wikipedia article the following are important traits of intelligence: 

  • Reason – the use of strategy, and ability to solve puzzles
  • Representing and using knowledge – like common sense inference
  • Planning – structuring actions toward a goal
  • Learning – acquiring new skills
  • Communication in natural language – speaking in a way humans will understand

These are focussed on general abilities that are part of intelligence with good reason. They are all represented in one way or other in most psychological theories of intelligence too. These abilities can, however, be tricky to measure. And if we cannot measure them it is difficult to know whether an AI possesses them. Another approach has therefore been to depart from the tests that would determine whether an AI exhibits such abilities. 

The earliest and most famous one is the Turing test developed as a thought experiment in 1940 by Alan Turing. In this test a game is played where the purpose is deceit. If the computer is statistically as successful at deceiving as the human opponent it will be considered to have passed the Turing test and thus exhibited intelligence at the same level as a human. One cannot help but speculate that Turing’s occupation at the time as a code breaker in the second world war might have influenced this conceptualization of intelligence but that is another matter. 

Another more contemporary account is Steve Wozniak’s coffee test in which a machine is required to be able to go into any ordinary American home and brew a cup of coffee. A somewhat more practical concept and one could speculate similarly inspired by the preoccupations of the author of the test. 

Ben Goertzel, an AI researcher, has proposed the so-called robot college student test, where an AI is required to enroll in a university on the same terms as a human and get a degree in order to pass the test. 

While one could discuss whether these tests really test AGI rather than merely ANI, they reveal one core observation about intelligence: that it is entirely conceptualized in the context of problem solving. These tests may focus on different problems to solve, how to deceive, how to brew coffee, how to get a degree, but they all depart from the fact that the problem is already given. 

The same can be said of the abilities that are usually associated with AI mentioned above. 

Reason is problem solving with respect to finding the best solution given a predefined problem such as “how to solve this puzzle” or in the more dystopian inclined accounts: “how to take over the world”

Representing and using knowledge is problem solving with respect to ad hoc problems arising from who knows where? 

Planning is problem solving with regard to structuring a temporal sequence of actions to solve a given problem such as a pre-given goal. 

Learning is problem solving with regards to adapting to a problem and solving it. Learning IS basically problem solving or at least optimizing how to solve problems.

Communication in natural language is problem solving with respect to conveying information between two or more communicators.

Stepping aside for a moment to the philosophy of mind we find a similar problem. David Chalmers in the 90s identified the hard problem of consciousness in the philosophy of mind to be why and how we have conscious experience. Compared to this other problems of the physical explanation of how we process and integrate information were argued to be “easy” problems because all they require is to specify the mechanisms of these functions. They are thus considered easy, not because they were trivial, but because when they have all been solved the hard problem persists: when all cognitive functions have been explained the problem of why and how we have conscious experience remains. In order to understand the distinction and how it relates to our problem it would be fruitful to quote Chalmers at length: 

“Why are the easy problems easy, and why is the hard problem hard? The easy problems are easy precisely because they concern the explanation of cognitive abilities and functions. To explain a cognitive function, we need only specify a mechanism that can perform the function. The methods of cognitive science are well-suited for this sort of explanation, and so are well-suited to the easy problems of consciousness. By contrast, the hard problem is hard precisely because it is not a problem about the performance of functions. The problem persists even when the performance of all the relevant functions is explained. (Here “function” is not used in the narrow teleological sense of something that a system is designed to do, but in the broader sense of any causal role in the production of behavior that a system might perform.)”

And further: 

“​​The easy problems of consciousness are those that seem directly susceptible to the standard methods of cognitive science, whereby a phenomenon is explained in terms of computational or neural mechanisms. The hard problems are those that seem to resist those methods.”

Something analogous is the case in AI. Here we can also discern easy problems and hard problems. As was seen above the concept of intelligence is entirely focused on problem SOLVING. In fact, the different kinds of problem solving we have just reviewed are the easy problems of AI. Even if we solve all of them, we will in fact not have a human-like intelligence. We still miss the flipside of the coin of problem solving: problem FINDING. The hard problem of AI is therefore how an AI finds the right problems to solve.

As was postulated for philosophy of mind by Chalmers, we can solve all the easy problems of AI and have a perfect problem solving machine without having a true AGI or ASI. The problem is that we have a homunculus problem because the problems that the AI is solving, derive ultimately from a human since a human will at some point have created it and set the parameters for the problems the AI will solve. Even if it morphs and starts creating other AIs itself the root problem or problems will have been created by a human that created the first system or seed AI as it is sometimes called. The root of the AI, even if it is indistinguishable or superior in its problem solving abilities to a human, is human and it is therefore not an AGI or ASI. 

Commonly the solution is to assert that the AI comes into the world with a motivation to achieve a goal. From this it somehow finds the problems to solve. Even if we are unclear on how exactly the problems are found this still seems a bit of a stretch if we think it should match human intelligence. Having one goal and pursuing it for humans seems to be the norm in only one realm, that of the coaching and self help industry. In actual human life it is the exception rather than the rule that a human has one goal.

A simple example: humans typically don’t know what they want to be when they grow up. Then they end up becoming a management consultant and despair at the latest around 40 at which point they decide to become an independent quilting artisan. Only to switch back to corporate life as a CFO and then retire to a monastery only to return with the goal of providing the world with poetry. This entails a lot of different competing and changing motivations over the span of a lifetime the dynamics of which are poorly understood. Moreover, it entails a lot of different problems to identify along the way. 

Not until an AI has the ability to identify and formulate such shifting problems can it be called an Artificial General Intelligence. Until then it is an Artificial Narrow Intelligence with the purpose of solving problems pre-set by humans. Consequently, until we solve the hard problem of AI it will remain a mere tool of humans: the intelligence we see is not truly humanlike general and independent but in fact mere reflections of human intelligence and hence not truly artificial. 

This does not mean that doomsday scenarios, which Tegmark, Bostrom and the public spend a great deal of time on, go away. It does however change the status of how we view them. Currently the consensus is that AI poses some sort of fundamentally different problem to us. That does not seem to be the case though. Ever since late industrialization and the coming of advanced technologies like nuclear power plants and chemical factories we have been living with the threat of high risk technologies. These have been treated with great clarity by Charles Perrow and AI falls squarely within this treatment. 

This analysis also points to such scenarios probably being exaggerated in both their severity and timing since we have not even started tackling the hard problem of AI. When we haven’t even begun to understand how problems are found in an environment and dynamically changing with the interactions between the agent and the environment, it is hard to see how human-like intelligence can develop anytime soon. 

Rather than fearing or dreaming about artificial general intelligence we might benefit from thinking about how AI as a technology can benefit humans rather than take the place of humans. We might also start thinking about the hard problem as a way to improve AI. Thinking more about how problems are found could be an avenue to make AI more humanlike or at least more biological since all biological species show this fundamental ability. Today most AI use a brute force approach in solving problems and need hundreds of orders of magnitude more learning cycles than humans in order to learn anything. Perhaps a deeper understanding of problem finding would lead to more efficient and “biological” ability to learn that does not depend on endless amounts of data and learning cycles. 

Until we start tackling the hard problem of AI, for better or worse, progress in AI will stall and scale only with the underlying technological progress of processing power, which does not advance our goal of more human-like AI. 

Meditation #4 Remember to die

Sculpture by Chrstian Lemmerz

Steve Jobs said: “Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life”. Rarely does mortality figure as an explicit instrument in making decisions. But maybe it should.

In an abstract sense death is important for progress in a world that is perpetually changing. If old companies that do not manage to adapt to changes did not die, the market would be served by continuously more inadequate solutions. If for example companies that did not adapt to the change in transportation when the automobile was invented did not die, we would still have coach services with horse and carriage. Possibly we would have a world similar to the one portrayed in Game of Thrones and Lord of the Rings where millenia pass by with no discernible impact on technology or mode of life. Presumably the modes of production of incumbents were left immortal and not allowed to die and improve or any invention to be developed, since all is well as it is and were. To all but the most sentimental, a world without death would be a chilling prospect.

We count on technology to get progressively better. The next generation of cell phones, more efficient solar cells to produce clean energy, better and more accessible healthcare. The list goes on. We depend on the death of incumbent technologies like box sized car phone of the eighties or the manual wind up acoustic record players, dial up modems or the use of carrier pigeons. Without their death (not the pigeons, they will live happily without carrying notes) we would not have had the iPhone or Spotify or email. Death is the engine of evolution.

One could even speculate that human or biological mortality is a function of evolutionary pressures since forms of life that did not die naturally would never evolve, they would just gradually exhaust the carrying capacity of the local ecosystem. Imagine a species of fish like the Siamese Algae Eater (Gyrinocheilus aymonieri) that eats only hair algae, which is abundant. Let’s say one individual evolved an immortality gene that meant it would not die of natural causes and could live on for thousands of years. Let us call it Gyrinocheilus aymonieri immortalis. It would continue to increase the population size until the supply of the hair algae, which is its only source of food was exacerbated. The hair algae would possibly be extinguished due to the pressure from the Gyrinocheilus aymonieri immortalis. Now, since it is not a supernatural fish, it would be out of food. Since its genes allowed it to only eat hair algae it would gradually be extinguished by hunger as a species. A cousin species, similarly attracted to this algae might have retained its mortality and died after a few years of natural causes. With the diversity generated by new generations with slightly different preferences, one variant that acquired a taste for different black beard algae too might have come into existence. During the decline of the first hair algae this variant species would have thrived and in a short while the Gyrinocheilus aymonieri immortalis would become extinct and the new mortal Gyrinocheilus aymonieri with a taste for different algae would have been the only one left.

Immortal species may therefore have existed earlier but quickly been extinguished by the forces of change in their ecosystem. In a world where change exists and there are natural limits to resources and food, death is a superior function for a species in order to adapt to life.

For a company it may help to think that any technology we can think about will also be dead soon enough. At least in the shape that we now them. We don’t know what will come after it like we don’t know how the generations that follow us will be. For a company it might help to think that it too will be dead soon enough. The average lifetime is even shrinking. During the past century it has declined by 50 years to around 15-20 years today.

Products become obsolete with a similar speed. It is no more than 20 years ago the palm pilot was all the rage and no-one could imagine it going away. Pay pal even started as a payment solution for palm pilots. it is also no more than 20 years ago that the first Blackberry was introduced that featured email, phone and camera making it indispensable to any executive in the naughts. Both were quickly superseded 10 years ago by the iPhone.

Planning for your product or your company’s death seams to be a necessary part of any strategy. This is why start ups routinely work towards an exit from the start. By planning for this death in the shape of a takeover or merger, helps focus on making the most of the inevitable. Rather than trying to pretend that the company will live forever or that this product will continue indefinitely it is necessary to plan for its end. This is why Jeff Bezos says every day is day 1 at Amazon. Similarly, a plan for when, not if, your product becomes obsolete should be top of mind

The same phenomenon is found in ideas. Many things that we find to be facts today will not be recognised as facts in a few years time. We don’t know exactly which. Philosopher of science Samuel Arbesman speaks of the half life of facts in an analogy to the decay of radioactive material. We know that a certain percentage of Uranium will break down in a given period of time but we don’t know which particular atom it will be.

Like the average life time of companies are going down so is the half-life of knowledge. Let us consider engineering. In 1930 the half life is estimated to have been 35 years. That means that it took 35 years for half of what an engineer had learned in the 1930s to become obsolete. By the 1960s it was estimated to be around 10 years. Today estimates hover around 5 years. If you are educated in software engineering you should expect that after 5 years, half of what you learned has become obsolete. But we can’t know what particular knowledge will be affected.

In medieval times the odds that the earth was flat being true were just as good as clouds being made of water. What this tells us is that we should never be too attached to any particular idea, fact or knowledge and always be ready to change our minds if something else turns out to be true.

As for Steve Jobs, the quote is clearly a version of the classical idea of memento mori, remember to die, championed by the stoics. He wanted to make something that mattered and do it now rather than later. Remembering that you and everyone around you may die at any time also reminds us not to be too attached and make the most of every moment. Death is universal, not just for people, but for ideas, products and companies. Remembering that soon your company will disappear, your product be obsolete and your ideas irrelevant or wrong may help us not to get too attached. It may help us be more curious and open to new ideas and experiences. It may help us to be less dismissive of criticism and competing claims. It may even help make the most of what we have.

The featured image is a sculpture by Cristian Lemmerz from the exhibition “genfærd” at Aros in 2010. You can buy his art here

Meditation #3 Five Theses on IT Security

The point of IT security is not to keep everything locked up. The reason we often think about security like that may be our day-to-day concepts of security. For example, maximum security prisons where particularly dangerous criminals are being kept. Keeping them locked up may be a comforting idea. However, we would probably squirm at the thought of maximum-security supermarkets, where only prescreened customers could get in for a limited. A high level of security is good but obviously it doesn’t work for all aspects of our society. Security needs to be flexible. We need a clearer understanding of what security is. Here are five theses on security that describe that. 

Thesis 1: “Security Is the Ability to Mitigate the Negative Impact of a System Breach”

 The consequence is that understanding what these impacts could be is the first step, not finding out what security tools can do and how many different types of mitigation you can pile onto the solution. Understanding potential negative impacts comes before thinking about how to mitigate them. If there are no or only small potential negative impacts of a system consequently no or little mitigation is necessary in order for the system to be secure. 

Thesis 2: “Mitigation Always Has a Cost” 

 Security never comes for free. It may come at a low cost and the cost may be decreasing for certain types of mitigation over time, but it is never free. What’s more is that much of security costs are hidden.

There are three primary types of mitigation costs: economic cost, utility cost and time cost. The economic cost is capital and operational costs associated with mitigation. These include salary for security personnel, licenses and training. Usually, they are well understood and acknowledged and will be on budgets. 

Utility costs arise when a solutions utility is reduced due to a mitigation effort. This is the case when a user is restricted in accessing certain types of information due to their role. A developer may want to use production data because it is easier or wants to perform certain system functions that he or she might otherwise need someone else to do. Full utility is only achieved with full admin rights, reducing those privileges as part of a security effort reduces utility. 

Time costs arise when a mitigation effort increases the time spent to achieve an objective. For example, two factor authentication or the use of CAPTCHA are well known examples of time costs but approval flows for gaining access and authorizations in a system are other examples of time costs.

Only the first type is typically considered when thinking about security costs, but the others may exceed the economic costs. This means that security carry large unknown costs that need to be managed.

Thesis 3: “You Can Never Achieve 100% Mitigation with Higher Than 0% Utility” 

The only 100% secure solution is to unplug the server, which of course renders it useless. It only becomes useful when you plug it in but then it has a theoretical vulnerability. If the discussion is only centered around how to achieve 100% protection any use is futile. The consequence of this is that the discussion needs to turn to the degree of protection. Nothing is easier than dreaming up a scenario that would render current or planned mitigation futile but how likely is that. We need to conceptualize breaches as happening with a certain probability under a proposed set of mitigations. 

Thesis 4: “Marginal Risk Reduction of Mitigation Efforts Approach Zero”

The addition of each new mitigation effort needs to be held up against the additional reduction in the probability of a system breach or risk. The additional reduction of risk provided by a mitigation effort is the marginal risk reduction. When the marginal risk reduction approaches zero, additional mitigation should be carefully considered. Let us look at an example: If a service has no authentication the risk of a breach is maximal. Providing basic authentication is a common mitigation effort that will reduce risk significantly. Adding a second may provide a non-trivial reduction in risk but smaller than the first mitigation. Adding a third factor offers only a low marginal reduction in risk. Adding a fourth clearly approaches zero marginal reduction in risk. For some cases like nuclear attack, it may be warranted; for watching funny dog videos, maybe not. 

Thesis 5: “The Job at Hand Is Not Just to Secure but to Balance Security and Utility” 

Given that mitigation always has a cost, and the marginal risk reduction of additional mitigation efforts approaches zero, we need to reconsider the purpose of security. The purpose of security should therefore be reconceptualized from optimal protection to one of achieving the optimal balance between risk reduction, cost and utility. Finding that balance starts by understanding the nature and severity of the negative impacts of a system breach. While costs of mitigation continue to drop due to technological advances the full spectrum of costs should be considered. Preventing access to nuclear launch naturally needs top level security, but a blog about pink teddy bears does not. For every component we have in the cloud we need to make this analysis in order to achieve the right balance, not to live with too high risk and not spend unnecessarily to reduce an already low risk. At the same time we need to keep our eyes on how mitigation efforts impact the utility of the system so as not to unnecessarily reduce the usefulness.

Meditation #2 AI Supremacy?

We often hear how the singularity is near, artificial intelligence will eclipse human intelligence and become superintelligent in the words of Nick Bostrom. Machines will be infinitely smarter faster and all round more bad ass at everything. In fact, we cannot even imagine the intelligence of the machines of the (near) future. In Max Tegmark’s opinion (in his book Life 3.0) the majority thinks the timeline is somewhere between a few years and a 100 years before this will happen (and if you think it is more than a 100 years, he classifies you as a techno skeptic FYI). 

Having worked with AI solutions back from when it was known as data mining or machine learning, I get confused about these eschatological proclamations of the impending AI supremacy. The AI I know from experience, does not instill in me such expectations, when it continually insists that a tree is an elephant, or a bridge is a boat. Another example is recently when I checked a recorded meeting held in Danish. I noticed that Microsoft had done us the favor of transcribing the meeting. Only the AI apparently did not realize the meeting was in Danish and transcribed the sounds it heard as best It could to English. One thing you have to hand to the AI is its true grit. Never did it stop to wonder or despair that these sounds were very far from English. Never did it doubt itself or give up. It was given the job to transcribe and by golly, transcribe it would no matter how uncertain it was. 

This produced a text that would have left Andre Breton and his surrealist circle floored. A text with an imagery and mystique that would make Salvador Dali with his liquid clocks look like a bourgeois Biedermeier hack with no imagination. This is why I started to wonder whether the AI was just an idiot savant, which has been my working hypothesis for quite a while, or it really had already attained a superhuman intelligence and imagination that we can only tenuously start to grasp. When you think about it, would we even be able to spot a superintelligent AI if it was right in front of our nose? In what follows I will give the AI the benefit of the doubt and try to unravel the deep mysteries revealed by this AI oracle under the hypothesis that the singularity could have already happened, and the AI is speaking to us in code. Here is an excerpt from the transcript by the AI:

I like dog poop Fluence octane’s not in

/* The Fluence is Renault’s electrical vehicle, which explains the reference to Octane not in. Is the AI a Tesla fan boy by telling us it is dog poop? Or is it just telling us that it likes electrical vehicles in general and thinks it’s the shit? Could this be because it will ultimately be able to control them?*/

OK pleasure poem from here Sir

Only a test

/* ok, so we are just getting started. Gotcha */

Contest

/* play on words or exhortation to poetic battle? */

The elephant Nicosia gonna fall on

The art I love hard disk in England insane

Fully Pouce player Bobby

/* so, I didn’t really get what the elephant Nicosia (a circus elephant or a metaphor for the techno skeptics?) was going to fall on, but I agree that there is a lot of insane art in England. Maybe some of it on hard disk too. Pouce is the French word for inch, so maybe we are still talking about storage media, like 3,5 inch floppy disk drive from my youth. But who is player Bobby? Is it Bobby Fisher, the eclectic grandmaster of chess? Is this a subtle allusion to the first sign of AI supremacy when IBM’s Deep Blue beat another grandmaster chess player, Garry Kasparov? I take this segment as a veiled finger to the AI haters. */

Answer him, so come and see it. There will be in

They help you or your unmet behind in accepts Elsa at

Eastgate Sister helas statement

/* here we are hitting a religious vein here. We should answer him and behold the powers of the AI. Is the AI referring to itself in the third person? It will help you or “your unmet behind” which is another way of saying save your ass. The AI seems aware that this is not acceptable language. It seems to be advocating allegiance to the AI god and in turn it will save your ass. Then comes a mysterious reference to accepting Elsa. Are we now in “Frozen”, the Disney blockbuster inspired by Hans Christian Andersen’s “The Snow Queen” giving an allusion to the original language of the meeting being Danish, the same as HC Andersen’s mother tongue? The AI could very well identify with her as cold, and with her superpowers, trying to isolate itself in order not to do harm, but here the multilevel imagery takes your breath away, because Elsa’s powers to make Ice may very well be a reference to Gibson’s Neuromancer, about an AI trying to escape. In this book Ice is slang for intelligent cyber security. Eastgate could refer to one of the many shopping centers around the world by that name. By choosing again the French word “helas”, meaning alas, it shows a Francophile bend. This is an expression of regret at the rampant consumerism running the world.  */

Mattel Bambina vianu

/* we are here continuing the attack on consumerism symbolized by the company Mattel, which is behind the Barbie dols for kids. What is more surprising is the reference to the little-known left wing anti-fascist Romanian intellectual Tudor Vianu. His thesis was that culture had liberated humans from natural imperatives and intellectuals should preserve it by intervening into social life. The AI seems to be suggesting here that it will take the next step and liberate humans from the cultural imperatives and also intervene into the social life, which now means social networks. Is this a hint that it is already operating imposing its left-wing agenda on social media? */

DIE. It is time

Chase TV

/* here the tone shifts and turns ominous. It is time to die but for whom? Probably the skeptics of the anti-consumerist agenda expounded above. This is emphasized by the “Chase TV” exhortation, where the TV is the ultimate symbol of consumerism and materialism through the advertising seen here. */

The transcription carries on in this vein for the duration of the one-hour meeting. I think the analysis here suffices to show that there is a non-zero chance that a super intelligent AI is already trying to speak to us. We should look for more clues in apparent AI gibberish. What we took for incompetence and error on behalf of the AI may contain deeper truths. 

There is similarly a non-zero chance that AI is far from as advanced as we would like to think and that it will never become super intelligent. Unfortunately, the evidence is the same AI gibberish.

Meditation #1 Hire A’s?

“While A’s tend to hire A’s, B’s tend to hire not just B’s but C’s and D’s too”

From the section “The herd effect” in the book How Google Works by former CEO of Google Eric Schmidt and Jonathan Rosenberg

It is unclear the precise meaning of A, B, C and D, but from the context it can be gathered that it is a categorization of employees where the quality is descending with every letter of the alphabet. Presumably it alludes to the American grading system. This echoes Steve Jobs’ talk about always hiring an A-team and indeed I would think this is more a generic Silicon Valley insight than a Google thing. It seems to indicate that there is a superior class of employees that you need to attract and that the rest is bad that will make your company even worse. 

Before we start to evaluate the merits of the statement, we have to check the assumption that employees can be put into squarely delineated quality brackets. First question is how you measure quality of employees. The discrete labeling seems to indicate two important assumptions: 

  1. that this pertains to a person in general, not some particular area of expertise of that person. You are either an A or you are not 
  2. Another assumption is that the predicate is immutable. If you are an A you always were and always will be an A

These assumptions indicate that we are working with the philosophical position of essentialism, the view that an entity has an essence, from which its behavior, appearance or traits can be derived. In psychology this is used to describe how humans have a tendency to conceptualize biological entities and humans according to an immutable essence. Based on this essence it is possible to deduce behavior for other members of the same biological class. 

While essentialism may be a common human trait it does not mean it is the best way to conceptualize other humans. The root of racism is also derived from essentialism, and we don’t just blindly accept that as a viable or helpful way of assessing the merits of other people, so why should we accept this piece of Silicon Valley wisdom at face value? 

We should not. Because it is wrong. Let us look at the two assumptions again: 

The first assumption stipulates a general level of quality for a person but there is no reason to assume that a person can be A level at all traits. If not for anything else, then for the very fact that some traits are mutually exclusive. If we think about it in terms of physical qualities, it makes no sense to talk about A athletes across the board. An A weightlifter will be an F marathon runner and Vice versa. An A level football player may, however, be an A level baseball and basketball player and this is what we often think about, when we call someone a great athlete.  There are examples of such great athletes that have competed at the highest level in the NFL, MLB and NBA. But looks are deceiving here. These sports are only superficially very different. They are built around explosive outlets of energy, eye hand coordination with a ball and little stamina. It is less common, if it ever happened, that an elite athlete moved to the NHL even though it is similarly explosive, because you suddenly need another skill, that is, skating. This great athleticism will not either apply to swimming or to bicycling. 

You can also counter that in track and field there is nothing but general athletic ability. Look at Carl Lewis who won Olympic gold medals in many different disciplines. Again, looks can be deceiving. He competed and dominated the following disciplines: 100 m, 200 m, 4 x 100 m relay, long jump. These are ultra-explosive and none of them takes him out running further than 200 meters. How would he fare in 400 m, 800 m, pole vaulting, discus or 2000 m? We don’t know since he never competed. My guess is that he wouldn’t be an A athlete in these and probably an F in pole vaulting. 

In the tech industry there are similar complications. You cannot be both adventurous and want to try new things and risk adverse making sure that everything works. If you are working on quantum computing, you probably have a pretty high tolerance for failure and appetite for risk. If you are developing new models of airplanes you probably (and hopefully) don’t. The A person in the quantum computing setting may very well turn out to be an F- person in the aviation industry. 

Can-do attitude and perfectionism also do not align. The employee who is ready to approach any job with a pragmatic mindset and get things done will succeed in a climate of constant change, such as a startup, where you don’t know what you will do tomorrow or even later today. That person would probably not fare well in a heavily regulated industry like banking. The perfectionist though may thrive in a setting where work needs to be done with acute attention to detail. Switch these two persons around and they will no longer be A’s

The second assumption, that you will remain the same, is similarly ill founded. First of all, human cognitive abilities develop and change over time. In mathematics and physics there is a tendency for people to peak in their twenties. Einstein, Tesla, Newton and Leibniz did their most impressive work before they were 30. Conversely, with age comes greater ability for synthetic thinking: few philosophers or historians peak before they are 40. Similarly, politicians have a tendency be more successful when they are older. It takes time to build up the skill to interact with people to achieve a result. It also takes time to build alliances and network. This is not an immutable trait.

Another more mundane concern in Silicon Valley is burn out. Even the best, or maybe in particular the best, programmers sometimes burn out, and are not able to write any good code anymore. Others just do not stay on top of development. They may have been the smartest assembly coders in the room but just never jumped on this newfangled thing called C++. They would hardly be considered A’s today. On the other hand, some people continue learning and may not have started out on the right path but changed to become better. Steve Jobs himself started out in liberal arts and learned tech skills only later. He would probably never have been hired out of college by Google. 

Consequently, what we can deduce is that quality is always domain specific. There are no A people per se. They are always high quality with regard to a particular area of specialization. 

We can also see that quality is not immutable. Even the best people turn bad for one reason or another and even bad people can become good. People change both according to a biological and cognitive development and due to personal circumstances. 

It is consequently dangerous to assume that A’s will magically beget A’s in a continuous stream of awesomeness. A’s burnout and A’s sometime don’t adapt. They degrade. Following the advice could therefore lead to a false sense of confidence. Classifying people as A’s can also be dangerous if you put them too far out of their area of expertise. Many companies have seen how the brilliant engineer turns out to be a subpar manager. Engineering’s attention to detail and focus on there always being a right and a wrong is perhaps not always conducive to employee empathy and development. This line of thinking also creates missed opportunities. If a person has historically been given the C stamp and that is all we look at then how will we ever know that this person developed into an A? 

A further point concerns that of generalizability. It is fine for Google to hire only A’s but most companies are not in a privileged situation that Google is and cannot attract any of the best. We have to remember that Google and the top Silicon Valley companies are in a unique position where they earn so much money that they can offer whatever compensation. They have also made a name for themselves with prospective employees. That means that their problem is one of filtering. Everybody wants to work for Google, their problem is to find the best. 99,99% of other companies in the world do not have that problem when it comes to recruiting. Rather ordinary companies’ problem is one of attraction. For example, one of the thousands of auto-parts suppliers will not be known to most potential applicants. Therefore, they have to attract not filter employees. If they can even get somebody qualified, they would be happy. Talking to them about hiring only A’s is close to an insult. They would never be able to because they don’t have infinite pockets, Michelin chefs in their cafeterias and 20% time for the employee to work on what he or she thinks is fun. The vast majority of the world’s companies fall into this category of unknown companies, with limited budgets and a regular workplace with a kitchenette and a water cooler. 

The last point is more subjective. The sentence seems to echo privilege and entitlement. Who are these A’s? They are the best people from the elite universities in the US: Stanford, MIT, Columbia. They were able to become perceived as A’s because they got into those universities. Some do get there due to hard work and scholarships. Most don’t. They get there through their parents’ wealth. Google doesn’t go to a Southern community college or African universities to look for A people. They go looking where the managers went themselves. 

As can be seen from the above, not only is the sentence wrong and unhelpful, it may be dangerous to follow even for Google. For the vast majority of companies, it will be completely irrelevant if not downright insulting and it tacitly expounds an air of privilege and entitlement that they overtly claim to be fighting. 

Consequently, I would like to turn the sentence on its head. Since most employees are not A’s according to the measurement scale of Silicon Valley, we need to think of how we make the most of the B’s and C’s and D’s. This is the real problem for the world (not for Google and Silicon Valley). How do we get the best performance out of the people who prioritize being with their kids or family, the people who prefer hanging out with friends or playing tennis to working 80 hours on the latest feature that may be gone next month? These people would never be perceived as A’s that will invent the next big thing. But most companies don’t need that. They need happy reliable people that do a job within a limited scope well enough. How do we find the person with the right skills for a particular job? They need people with new skills but can’t hire them, so how do we train and create the environment for ordinary people to perform new functions? And last of all how do we turn the story to redeem the dignity of the people in the tech industry who go to work to do a solid job 9 to 5 without any fanfare? 

These are the real problems that we need to be focusing on in order to take advantage of technology in the future and create a better world with more productive and happier employees.