3. Align incentives of the judges and the judged, reducing the pressure on metrics (ex. shared fate, belief in the cause, personal growth and fulfillment)
It isn't exactly what you have in mind, but I use `play` as well as a terminal theme color change to tell me when I'm using one or another language's keyboard layout. If you put & in front of play, you can make chords.
Here's an example:
# Define notes for major seventh chord starting on A 440
A=440
C_SHARP=554.37
E=659.25
G_SHARP=830.61
if [[ "$layout" == "Finnish" ]]; then
# Play a major seventh chord ascending
kitty +kitten themes --reload-in=all Apprentice &
play -n synth 0.2 sine $A vol -30dB &
play -n synth 0.2 sine $C_SHARP vol -30dB &
sleep 0.2
play -n synth 0.2 sine $E vol -30dB &
play -n synth 0.2 sine $G_SHARP vol -30dB &
elif [[ "$layout" == "English (US)" ]]; then
kitty +kitten themes --reload-in=all Default &
play -n synth 0.2 sine $G_SHARP vol -30dB &
play -n synth 0.2 sine $E vol -30dB &
sleep 0.2
play -n synth 0.2 sine $C_SHARP vol -30dB &
play -n synth 0.2 sine $A vol -30dB &
fi
So CrowdStrike is deployed as third party software into the critical path of mission critical systems and then left to update itself. It's easy to blame CrowdStrike but that seems too easy on both the orgs that do this but also the upstream forces that compel them to do it.
My org which does mission critical healthcare just deployed ZScaler on every computer which is now in the critical path of every computer starting up and then in the critical path of every network connection the computer makes. The risk of ZScaler being a central point of failure is not considered. But - the risk of failing the compliance checkbox it satisfies is paramount.
All over the place I'm seeing checkbox compliance being prioritised above actual real risks from how the compliance is implemented. Orgs are doing this because they are more scared of failing an audit than they are of the consequences failure of the underlying systems the audits are supposed to be protecting. So we need to hold regulatory bodies accountable as well - when they frame regulation such that organisations are cornered into this they get to be part of the culpability here too.
The solution is complete zero trust and distrusting the network in organizations. You should treat the internal network as external -- hostile. Google does this. They were the first ones to widely adopt zero trust with BeyondCorp and there has not been a Google internal organizational breach since Aurora (which made them adopt BeyondCorp, what they call zero trust).
You have completely managed endpoints, strong hardening of the endpoint and complete inventorization of all the resources in the organization. You have certificates installed onto each device. You have an ACL engine that determines whether a user should get access to a particular resource. You can use deterministic lists and also incorporate heuristics to detect anomalies (working hours, etc). All Google internal apps are internet-facing. You can open them, get redirected to the SSO portal. Come and do try to get in. You will not.
Many of these security problems are solved. You just need to implement the solutions.
In addition to knowing which bucket your salary comes from, I think it is also useful to know how your organization values building software. Because this affects your career just as much.
* Is your company selling software development hours (consulting)? I'm this car you'll be valued for client relations skills and the ability to bang out acceptable software.
* Is your company selling a software product (product company)? In this case you'll be valued for your ability to build and run software.
* Is your company selling something else that has a software component or that software enables (pretty much every other company)? In this case, you'll be valued for your ability to deliver on or below budget and you'll never be the star of the show.
Funnily enough, these seem to map well to the three categories the author mentioned. Consulting to sales/marketing, product to research and development, everyone else to maintenance.
> “We think there is a fundamental misconception about piracy. Piracy is almost always a service problem and not a pricing problem,” he said. “If a pirate offers a product anywhere in the world, 24 x 7, purchasable from the convenience of your personal computer, and the legal provider says the product is region-locked, will come to your country 3 months after the US release, and can only be purchased at a brick and mortar store, then the pirate’s service is more valuable.” -- Gabe Newell
There have been many times where I've found DRM encumbered products inferior: trying to stream anime on Crunchyroll during primetime only to experience slowdowns; trying to screenshot something for a wallpaper only to get it blacked out; trying to download offline shows with subtitles, only to find subtitles didn't get downloaded with the video. Compound that with The Streaming Wars, I can't help but feel like a lot of people will turn to piracy out of necessity. It isn't enough that there are like 10 subscriptions to get all of the content you might want. It's also that each provider reinvents the wheel and each version is slightly jagged in different ways and doesn't work like a wheel. It's like 10 inferior clones of a wheel. Piracy, much to the chagrin of all of these services, usually fixes this: an H.265 .mkv file usually "just works" without problems in your favorite media player.
