We share good ideas and conversation here.   Login, Join Us, or Take a Tour!
goobster's profile
goobster




Writer by trade. I makes da words purdy.

My #meetHubski interview is here.


stats
following: 9
followed tags: 22
followed domains: 0
badges given: 16 of 16
member for: 693 days
style: dark



comments 22

I can't wait until I can just tap my Ub-yft app, and an autonomous vehicle is waiting for me outside my house at 6:30 in the morning, every morning.

I get in, and it takes me to work, and while I am on my way I don't have to worry about assholes not paying attention to the road, etc, because I am in the Auto-Vehicle lane, reserved for autonomous vehicles only.

I can sit back, read, and drink my coffee.

Then I get out of the car at work, and it gets dispatched to its next commuter, so I don't have to park it, either.

I'd pay HUNDREDS of dollars a month for that. (No car payments. No maintenance. No insurance. God, life would be so much better!)

    "My solution, for both users and businesses, is to be way more strict about security in what kind of services they demand. To vote with their wallet and pick the more expensive, more secure option over the bargain hacked together startup solution. I think that's a much more attainable goal for security problems, even though it will never be a perfect option."

I hear ya, but this requires defensive security, which has been proven to be ineffective for centuries now.

I was hoping to open the conversation to radical new ways of thinking about data and security.

The only reason why CCs and personal data are under constant attack by hackers, is because they are broadly valuable.

A "simple" solution to that problem is to go back to having a Macy's card, and a Shell card, and an Amazon card - essentially a card-per-business - because then hacking your personal and CC data has no value to the hacker. They get ONE person's info, which can be used for ONE store, and is, in fact, already in use, so any attempt to use that data to establish a NEW account, would immediately be flagged. "That user already exists in the system."

I dunno.

It's just a different way to think about security. Remove the choke-points that hackers love to target, and suddenly hackers won't be cracking your system, because there is no big financial gain to be had.

It was just a thought experiment...

Ya gotta go where the money is.

Almost any show worth anything on NPR is supported by a small handful of foundations that can be found here: https://stateimpact.npr.org/supporters/

Each of those organizations give money to people to support their funding mission. Like the Hewlett Foundation who have given more than $144m to organizations working on environmental issues, this year alone.

Then you dig in to the organizations that they have funded. Go to their web sites. Look into what they do. What positions do they have open? Do they have internships? Job openings? Partners they work with? What about those partner orgs? Are they hiring?

---

Big picture, here, you are trying to get work in an industry that doesn't MAKE money. It SPENDS money. So you will never earn much money. Jobs will always be hard to find, because every dollar spent on your salary is a dollar not spent on furthering their mission.

And none of these jobs are gonna be in your area. Nashville is just not where the leading companies working on climate change are located.

---

Another option is to go to work for a local company that shares the environmental goals you seek to encourage. Find a sustainable coffee company. Or a landscaper that uses native plants and minimizes water usage. This type of experience will lead directly to you gaining practical, boots on the ground knowledge, that employers will look favorably on.

There is also Tennessee's own department of the environment: http://www.tennessee.gov/environment/article/efo-nashville

And even the Mayor of Nashville is pushing to make Nashville the "Greenest City in America". But the problems she faces have mostly to do with policy.

So dig into local politics. Champion issues that support the Mayor's mission. Work with local orgs to get people to vote for good policy changes, that will help the Mayor make things happen.

Climate change is a problem with a thousand facets. Creating another poorly funded think tank web site to spew a bunch of words out, is simply going to take that money from other orgs that can do that work better already.

So get out there. Get stuck in. Try and schedule a meeting with the Mayor. Follow and read ALL of the links in that article about the Mayor's plans, and get up to speed on what needs to happen in the local political scene.

Because, in the end, legislation and policies are not written from scratch. They are edited versions of other policies that were successfully implemented elsewhere. If you get a good policy passed in Nashville, you can share it with other environmental policy leaders in other cities and states, and get them to implement it as well. Bit by bit, the ship turns, and you have your hand on the tiller...

Ah. I see where I was unclear. Thanks for taking the time to explain how you read my post, because I did not mean what you read.

This isn't a problem for the USER to solve. My problem is with the BUSINESS.

It is the BUSINESS that washed their hands of the responsibility for your data, thereby endangering you in the first place.

To take my Target breach example; If Target had their own credit card that they underwrote, issued, and processed, they would be FAR more careful with your data. Because any breach hits them directly in the bottom line.

Instead, they offload the responsibility to a credit card issuer/processor (Visa, MasterCard, etc), who do not have as much skin in the game, and are therefore less interested in maintaining the highest level of security around YOUR data, because YOU are not their customer: Target is. And Target is paying them for TRANSACTIONS, not for fabulous security.

If you think about the tech used in a CC transaction, there are 5 companies handling your data, and only ONE of them has any real motivation to protect you, as an individual. To all 4 of the other intermediaries, you don't even exist: you are just a packet of data within gigabytes of data they transfer every day.

The parallel I tried to draw with email is that we choose offload the responsibility to someone else, when we choose to use a service (Gmail, Hotmail, Yahoo, etc.), instead of configuring our own server. Things were a lot more secure when you had to give a shit and actually understand how all the parts and pieces fit together, from hardware to software. Now it takes 10 seconds to set up an email account, and all you need to do is come up with a 4-letter password. Offloading all the responsibility for the infrastructure and security onto a disinterested third party is the risk we decide to take.

The key place where you took my words off in a new direction, is when you moved away from my conjecture - that services are the problem - and abstracted to armies, cable companies, etc. And yeah... libertarianism to me is the domain of 13-year old keyboard jockeys who have never had to pay rent. It is stupid to its core.

The bone I want to pick is with SaaS, which, incidentally, pays my considerable wages.

Everyone is so quick to invent a new middle-man service, that streamlines a process and takes a half-a-penny per transaction... but every middle-man "service provider" is one more incredibly weak link in the chain.

From the 1500s up to about the 1920s, a business took care of itself. Everyone from the janitor to the CEO worked for the company, and all customer processes were handled in-house.

But that is expensive. Having your own Credit Department that has to research every new application for a credit card is expensive. And it SHOULD be! It is a critical, important, and delicate function of the business.

But then Johnny McStartup shows up and says that he can do all that for you for 1/10th of the price, so you fire all your skilled people and pay McStartup to do all your credit accounts.

Why does McStartup cost less? Because they are less rigorous. Or hire junior-level researchers and analysts. Or whatever. They cut corners. That cuts costs.

But McStartup's customer is the Company, not the Individual. So they keep the Company happy by providing a service that Company used to do in-house, and they do it for a fraction of the price. And hey... if they fuck it up, who cares? It isn't Company that takes the blame! And McStartup is one-step removed from you, Mr Customer, so they are insulated from you as well.

THIS is my problem with the way businesses are structured today, and why it is so easy for hackers to ALWAYS get the data they want, with little effort. There are too many middle-men, with too little respect for the data they handle, and hackers always find a way through. Hell... they don't even need tech to do it... they can just call up Customer Service and social-engineer them, to get the info they want.

Yeah. So, fuck Libertarianism.

And security is ALWAYS going to be a problem, when you create choke-points in the data stream that are lucrative to hack. If every single retailer had to issue their own credit cards, instead of using Visa or MasterCard, there would be little to no reason for hackers to target that data.

And maybe now that we have sorta unlimited bandwidth, RAM, and disk space, maybe widening the choke points is a better way to reduce the tastiness of the data to hackers...

goobster  ·  link  ·  parent  ·  post: Pubski: October 18, 2017

Hi.

I'm back from my honeymoon in the U.K.

It couldn't have been more perfect.

That is all.

I'm mostly with you on this, @veen. @rd95 and @kleinbl00 make excellent points, but I think they are trying to put the worms back in the can, at this point.

Defensive security doesn't work. We have proved this since castle sieges in the 15th century. No matter what defenses you build, the baddies will innovate a way around, and get in.

The thing is, that these security breaches happen with services.

Every single one of these data breaches have one thing in common: The user of the data has abdicated responsibility for the data to a disinterested third party.

1. Equifax. This is just an intermediary who tells you data about a person, that you are too lazy to look up yourself. You want a loan? OK. Show me what you own. Show me your bank statement and pay stubs. Ok, sure. You look like a safe bet, here is your loan/credit card.

Instead, people pay Equifax for a "rating", which is just elementary-school level math applied to the data points above. This provides the lender with plausible deniability in the event you default on your loan. "But Equifax said they were a 720!"

2. Deloitte. Covering your ass is Deloitte's entire business. You hire Deloitte to investigate data, or build a system for you. They are a consulting firm, and their entire reason for existence is that you won't spend the money to have in-house experts to do the data analysis. So you hire Deloitte (or PWC, or The Heritage Foundation, or ,or, or...) to do the analysis FOR you, so that - if it is wrong - then you can blame someone else for it.

3. Yahoo/Hotmail/Gmail. Instead of saving your email on your computer, and having to sort it, back it up, recover it if your computer dies, etc., you go to a cloud service for your email. It is YOU washing your hands of the responsibility for doing software updates, defragging your hard disks, updating your RAM, managing server loads, etc., and "paying" someone else to do it for you.

4. Target. Target's credit card data was hacked, because Target knew they were protected by the CC companies, and didn't actually issue the CCs themselves, or protect the data themselves. If they had issued their own CCs, instead of purchasing the service from a third party, they would have been much more careful.

Anyway, this premise can be extrapolated to just about any "service" out there. They are monetizing the transaction, and therefore interested solely in transmission. WHAT they are transmitting in immaterial, and of no real interest or value to them. And that's why the hackers target service providers, because it is a choke point, where the orgs are not motivated to protect the data, only enable the transaction.

What's the alternative?

Figure it out. Go back to base principles: Do it in-house. Hire the skills and talent you need to deliver your product, rather than outsourcing to the lowest bidder.

We KNOW that defending from attackers doesn't work in the long run.

So maybe we need some radical new thinking about the entire system.

If your Target data is only useful for getting you a Target credit card, then it has no value to a hacker. Because you already have a Target credit card, and if another one gets created, then flags go off. Or the creation of a second one is simply impossible.

If a bank uses their own internal logic to determine who is worthy of a home loan, then all the data can be public. It has no value to a hacker, because they can't use that data for other systems. (Broadly speaking.)

Remove the service providers, and suddenly security looks very very different.

goobster  ·  link  ·  parent  ·  post: Pubski: September 27, 2017

Really, the sad thing is to think like Twitter.

People consume data in discrete chunks. This is true conceptually, biologically, and physically.

Blinking is actually us cutting up our experience into discrete chunks, so our brain can process and store all the data. (That's an incomplete description of blinking, but accurate enough for the point.)

So give them a fact, and a moment to process it. Stack another fact on top of that one. Give them a moment. Stack another one. Then stand back and have a general description for what you have built. Let them process that.

So place a brick, place a brick, place a brick, then stand back and say, "pyramid!"

Leave out the details.

Be general. Get the broad strokes right. Point them in the right direction, but don't give them GPS coordinates.

Then, stand back and let them ask questions. THAT's where you give them the detail.

People learn better when THEY drive the process of inquiry. So if you give them waypoints on a map, and then let them ask "Hey, how do we cross this river between points C and D?", two things happen:

1. You are no longer the "presenter". You are having a conversation, with another person, about a topic you know VERY well. This will make you more natural, less stressed, and more interesting, all while standing on that (normally) terrifying stage.

2. The person actually learns more, and respects you more, because you were able to provide the answer to the question that they couldn't work out on their own.

People try to present an excess of data, to prove their point, and all they do is bury the audience in confusing minutiae. Let them tease out the details with their questions. You can also use their questions as talking points, if they truly need further explanation, and the crowd is interested.

Ideally, if you have a 15-minute slot, give them a 5-minute presentation and then answer questions for 10 minutes.

You will have the highest rated talk of the day.

goobster  ·  link  ·  parent  ·  post: Your Memories Aren't Your Memories

Maybe I was being too careless in my wording.

Our impression of what memories are, is wrong.

Your memory of a situation is actually a re-enactment of that situation, that you are undergoing now.

When you remember that situation again in the future, you are re-enacting the last re-enactment, not going back to the "original memory" and remembering it again.

.... and thinking about that just makes me want to write some Philip K. Dick sci-fi...

goobster  ·  link  ·  parent  ·  post: Pubski: September 27, 2017

EXCELLENT start!

Use no font smaller than 20 points, and stay with 30pt if you want people to actually read something. (Projectors and displays are hard enough to read, as is.)

Use "builds". Every word you put on the screen will be read by everyone in the room, faster than you can say it. Do not read the words. Hit the button, let the words display, count to 3 seconds, and then ADD to the words that are on the screen by speaking about the point shown on screen.

----

Reading what is on the screen is annoying to the audience, and makes them feel like you are treating them like children.

----

Give people a moment to read and digest your words. Then add something material to the idea. So sentences can be short, and even incomplete. Questions also work.

For example, the bullet point on screen says: Traffic heat maps provide one valuable data vector

Then you follow up with: "I also found it was important to map this data in conjunction with the size and number of floors of the buildings found at the "hottest" points in my map..."

click to show next graph/data plot

"Because a 20-story office building is obviously going to have heavier traffic than a 2-story one."

---

Most people would present this as a couple of sentences and a big graphic of a heat map. But then you have to leave the audience time to read all the text, grok the image, re-read the text, and then re-assess the meaning of the heat map in light of the text.

Yeah, my method can seem like you are spoon-feeding them, but there is a fine line here, and the end result is that you want them to take away 2 or 3 key things.

So give them something valuable first. Then INCREASE the value of that information with more detail, or surrounding data. That gets people to the "a-ha!" moment faster, than if you wait for them to figure it out themselves.

You can then refer to this a-ha moment in your conclusion, to remind them of this little discovery in your wrap up.

Good luck with your presentation!!

goobster  ·  link  ·  parent  ·  post: Pubski: September 27, 2017

I've been a really good public speaker for a long time. It came pretty naturally to me. And it turns out that the same skills make me a good teacher. So one of the things I could always do when my marketing business was slow, was set up a couple of classes and teach people public speaking skills.

Really, the key thing to do is Bring Fewer Notes.

People like to write out what they are going to say, and then read off the cards. This is bad. Most people are not actors, and suck at reading lines. In addition, written English is much different than spoken English, and if you write something down, and then speak it, it is going to sound weird. To both you, and your audience.

The best thing to do is to give yourself bullet points you want to hit. The 3 or 4 points you want people to remember when they walk out of the room.

Take a single blank sheet of paper. Write the name of your talk at the top. Write the names of people/orgs you want to thank.

Write a two-sentence intro that you will practice, and repeat verbatim in front of the crowd.

Write your 3 or 4 key points in big sharpie, spaced evenly down the page, with many lines in between each of them. Leave two inches at the bottom of the page.

In a lighter pen, make notes of key phrases or ideas you want to hit in between each bullet point, to tie them together. So your page should look like this:

------

INTRO

(A brief, 2 sentence description of what people are going to leave with today. Work on this phrasing. Write it carefully. Rewrite it. Remove jargon. Make it simple.) "Thank you to Dr. Smith, and the School of Herbology for the opportunity to speak to you all today. My work over the last two years has been focused on hybridizing oranges with grapes, to make an edible orange peel."

- pause -

Topic 1: Hybrids attempt to bring the good traits of two different things together, into a single, hybrid thing.

- Dr. Karlsen's research from Instituit de van Voors.

- Tangelos. Pluots.

- Topic 2: Problems with hybridization.

- Johnathan the capybara/penguin.

- Time.

- Monetization/Research funding

Topic 3: Cellular hybridization with CRISPR

- blah blah blah

- blah

Closing

(This 2-3 sentence ending should wrap up the three things you want people to remember from your talk, your name, and thank the people who invited you to speak.) "Thank you again to Dr. Smith, the school of Herbology, and to you all, for your attention. In closing, my name is Professor Blackbootz of Quirm, and I am enthusiastic about Orange/Grape hybridization; a win/win for the market, and for Herbology, and the underlying techniques will allow us to create new foods that defend against climate, pest, and other environmental problems. Thank you. I will now take any questions..."

------

This model works for a couple of reasons: You already KNOW what you are talking about. You talk about it every single day. Without notes. So writing ALL of your words/talk down on paper simply gives you several other things to worry about, than your message. Am I reading too fast? Did I pronounce that right? Woah... those words sound weird together. Wait... did I already read that line? Aren't I supposed to make eye contact? Oh crap... where was I?

The bullet points help you present a story with a beginning, middle, and end, without a lot of extra fluff and distraction. Hit the points. Stitch them together with a couple of sentences to move from one thought to the next one, down the page, until you get to the bottom.

Writing out the Intro helps alleviate the butterflies and nervousness that ALL of us get when we walk up to the microphone. You know this part by heart. You have repeated it in the mirror at home, and in your head, over and over, for a couple of weeks. You KNOW this. And it is WRITTEN RIGHT THERE, so if you clutch up, just read what you wrote down.

Presentation-wise, over time you will know how long to spend on each section of the talk, as well. So if you have a clock or watch, you can check to make sure you aren't going over, by simply getting to the middle of the page, and checking to see how much time you have left. "I'm half way down the page, and half way through my time. Perfect."

Finally, don't go in to detail! This is a presentation, not a lab. Give them the highlights. Then, at the end, give them time to ask questions. EVERYONE is better at answering questions about what they do, than they are at presentations. So keep the "presenting" part short, and the Q&A section longer.

This way, you also engage the crowd. They aren't just tuned out and not listening. They are actively participating, which makes YOU feel good, as the presenter.

I hope those suggestions help you out with your next presentation!!

(PS - I can also help make your PowerPoint presentation interesting, and not suck.)

I found this true when I worked in the fashion (menswear) industry, as well.

Graduates from the Art Institute were dippy blonde girls driving daddy's Escalade, who went to school to learn to draw. Badly. These people became wives of Microsoft employees.

Graduates from the International Academy of Design and Technology (my school) were able to design amazing one-off garments that broke existing clothing expectations. Couture designers.

Graduates from Seattle Central could make any piece of clothing quickly, and fit it perfectly (tailoring). Manufacturing pros.

Then, when I ran my own clothing company, I threw away resumes from the Art Institute, and I fawned over the amazing and clever stuff the IADT graduates showed me. But I hired people from Seattle Central. Every single one of them that applied. Because they knew how to handle fabric, they knew garment construction techniques, and they could make things fit real human beings.

posts and shares 1/0