Personality May Determine Employee Engagement

Interesting insights from the HBR, like emphasizing positive personalities in the workforce can harm leadership feedback loops:

If leaders turn employee optimism and resilience into a key hiring criterion, then it becomes much harder to spot and fix leadership or cultural issues using employee feedback signals.

And then they double-down on this assessment of overly positive personality and engagement, suggesting unhappy people may be the ones you should prize the most in your hiring practices:

…the most creative people in your organization are probably more cynical, skeptical, and harder to please than the rest. Many innovators also have problems with authority and a predisposition to challenge the status quo. This makes them more likely to complain about bad management and inefficiency issues, and makes them potentially more likely to disengage. Marginalizing or screening out these people might seem like a quick win for engagement, but in most organizations these people are a significant source of creative energy and entrepreneurship, which is more difficult to get from people who are naturally happy with how things are. To some extent, all innovation is the result of people who are unhappy with the status quo — who seek ways to change it.

Innovation is the result of people who are unhappy, and seek ways to change?

That makes perfect sense, although I feel happiness in making a change is underrepresented in this context. Startups are notoriously more creative, yet also happy, places because they’ve shifted past the unhappy part about the status quo. So it seems more like a cycle is happening, engaged and happy after being unhappy and disengaging, instead of a linear line to be measured.

Question: “Why is Russia so good at getting women into technology?” Answer: Communist Propaganda

It is great to see someone is trying to drill into Russia’s technical hiring practices as some sort of example for study or exception, rather than the other way around (why does America suck at allowing women equal treatment).

She believes there are several reasons for that: girls are expected to take up computer science from an early age and perform well, and there’s no stigma associated with studying technology.

But there’s something more: “Culturally, women in Eastern Europe are characterized as having a forthright nature and this means they’re more inclined to speak up for themselves, and be hardy to rejection, which is typically needed in a male-dominated environment,” Frankland says.

“Characterized” is the operative word here. Let’s take a step back into the history of the region and from where the caricatures emanate.

Many hoped the Bolshevik Revolution one hundred years ago would usher in a new era of gender and class equality. Following the revolution, Soviet Russia declared “International Women’s Day” an official holiday, and “Marxist feminists” romanticize communism to this day. Women of the Gulag, both a remarkable book and a documentary film, highlights the disparity between the Soviet Union’s alleged gender equality and the reality of life for women under communism.

It is now popular to claim — in the New York Times no less — that Soviet women “enjoyed many rights and privileges unknown in liberal democracies at the time,” so it is worth noting some of the ways that communism tyrannized women in particular. Those who claim the Soviet Union liberated women would do well to learn the stories of the women of the Gulag.

Now, to be fair, the above opinion piece is from the Cato institute, an unabashedly extreme right-wing propaganda outlet. Cato is hoping to bash Communism for attempting gender equality and failing miserably. So let’s take a moment to acknowledge that under Communism women were characterized as equals, alleged to be equal.

That’s notable because under the Cato manifesto women aren’t even alleged to be equals and aren’t allowed to try, which objectively seems worse than trying and failing. Exceptions are made for women who use “masculinity” (I believe that’s how Marx referred to it) to adapt themselves to the capitalist machines.

After the fall of Communism we actually have seen a reversion of women’s rights and abject oppression. While we see characterization of women as equally skilled for technical roles has lasted, keep in mind Russia has been busy decriminalizing physical abuse of women.

Why Russia is about to decriminalise wife-beating. It fits with traditional values, lawmakers say

Communism had a method of setting a characterization apart from these nonsensical “traditional values”, if you will. There was a time of messaging women as equals. Propaganda or not, such messaging under Communism had a lasting impact.

Anyway, without reading two much into either the Communist or the Libertarian messaging about the role of women in society, I always try to remind people that 60% of code-breakers in Bletchley Park during WWII were women, and we see a similar percentage today in countries like Israel where merit is measured instead of masculinity for technology jobs.

Improved Ghillie Suits (IGS)

Personally I wish someone had pushed for the phrase “future update ghillie suits” (FUGS) when they were thinking about “future warfare”. Instead the US Army is talking about Improved Ghillie Suits (IGS) to address the shortcomings of past designs.

Notable issues:

  • If you dress like a tree, you may be as flammable as one (several snipers have burned to death)
  • If you dress like a woolly mammoth, you may be as heavy and hot as one (ok, that’s really two issues)
  • If your suit is singular instead of modular, the above two properties are greater

Innovation is happening in the field, by snipers working to stay alive, blend better and also function more efficiently/safely, so the textile department of the Army decided to incorporate some of these ideas.

Maj. WaiWah Ellison, assistant product manager, Durable Goods, Soldier Clothing and Individual Equipment with Program Executive Office Soldier, explained the need for the update: “The current kit is thick and heavy and comes with a lot of pieces that aren’t used.

“Soldiers are creating ghillie suits with their own materials to match their personal preference. We want to make the IGS simpler and modular so the snipers will use what is issued to them instead of relying on outside resources,” Ellison said.

While this all makes sense from a product manager view in terms of updating the suits, relying on outside resources does kinda sound more like what camouflage is all about. And you have to marvel at the fact that nobody thought forward enough to realize that a Scottish concept of a heavy and fluffy suit originating in a rainy cold climate would be hot and flammable elsewhere.

Yes, I said Scottish. Just in case you’re wondering what a Ghillie is…Scotland Magazine breaks the meaning down over the centuries:

Since the Victorians discovered their passion for stalking, the life of the ghillie has had less to do with carrying Highland chiefs across raging torrents and more to do with the management of the landscape and looking after stalkers on the hill.

Fast forward to today:

“Do I look flammable to you?” Urban warfare researchers find the Ghillie suit heavy, hot, prone to combustion and….hard to blend in

It’s nice if you don’t have to take time to gather local capabilities to blend in, but that does presume accurate and fast feedback loops reaching the top of a very large organization.

A recent IDF investigation into a failed operation gives insight into how local knowledge — required for blending into the most dangerous environments — can be very dangerous to underestimate or get wrong.

…based on interviews with Hamas officials, a picture is emerging of a carefully planned Israeli intelligence operation in which agents posing as Palestinian aid workers may have gone undetected for up to two weeks before it went awry.

Nterini – Fatoumata Diawara

In a story that I’m almost certain nobody has read (based on everyone I have asked about it)…hundreds of thousands of letters that were seized by British warships centuries ago, now are getting digitized for analysis by the Union of the German Academies of Sciences and Humanities.

Somewhere in the U.K. National Archives in London, there are 4,000 boxes containing more than 160,000 undelivered letters from ships captured by the British during the naval wars of the 17th, 18th and 19th centuries.

Now those letters — some of which are bundled in old mail bags and affixed with wax seals that have never been broken — are about to go online.

[…]

The mail, sent mostly between 1652 and 1815, is written in 19 different languages and contains songs, notebooks, packages and personal correspondence.

[…]

Many of the letters are made inherently tragic by having never reached their destination.

A series of four letters from a Madam Dupont in Quebec between 1702 and 1703 show a woman frantically trying to reach her husband, who is away on business in France, and growing increasingly despondent by his lack of response.

“These letters are full of the hazards of the flu epidemic and chicken pox in Quebec and her tone gets more and more desperate, because she doesn’t get any sign of life from her husband,” Freist said.

“She feels utterly neglected and resented and finally decides not to write anymore. In the letter she says: ‘You can’t love me anymore if you don’t answer. I will now stop writing. I give up.’ But then she writes again and she implores her husband once again to come back.”

No word yet on why the German Prize Papers Project is leading the effort for a British archive.

I almost feel like this is the German way of trying to prove again how terrible the British Empire was for global humanity.

Speaking of letters of humanity, and of messages sent but never received…the Fatoumata Diawara video Interini about migration is a must watch/listen:

Lyrics:

Cette chanson parle de la souffrance que la distance inflige aux amoureux. Mon amour et mon confident est parti loin et ne me donne pas signe de vie. Je l’aime malgré tout et il me manque nuit et jour. J’aimerai avoir des nouvelles de mon chéri, sinon je n’arrive pas à dormir.

Mon amour est parti loin
Et ne va peut-être plus revenir
Mon chéri est parti loin de la famille
Et ne reviendra peut-être plus
Il était mon ami, mon confident, comment va t-il?
Je veux juste savoir si tu vas bien?
Il est parti dans une contrée lointaine
Il me manque beaucoup
Toi qui as toujours été mon guide
Je t’aime de tout mon cœur

Mon amour a pris son envol
Qui sait quand est-ce qu’il va revenir?
Dites-moi, mon chéri est parti loin
Et ne va peut-être plus revenir

Il est parti s’installer dans un pays lointain
Et ne m’a rien dit
Ce n’était pas le temps du matin qui m’empêchait de le voir
Ni la chaleur de la journée

This song speaks of the suffering that distance inflicts on lovers. My love and my confidant have gone away and do not give me any sign of life. I love him despite everything and he misses me night and day. I would like to hear from my darling, otherwise I can not sleep.

My love is gone away
And maybe not coming back
My darling left the family
And may not come back again
He was my friend, my confidant, how is he?
I just want to know if you’re fine?
He left for a distant country
I miss him a lot
You who have always been my guide
I love you with all my heart

My love took flight
Who knows when will he come back?
Tell me, my darling is gone away
And maybe not going back

He moved to a distant country
And did not tell me
It was not the morning time that prevented me from seeing him
Neither the heat of the day

Insurance Companies Say NotPetya Means War (And Therefore No Coverage)

Add cyberwar to the long list of reasons for why insurance companies will deny claims

Essentially, Zurich’s position is that NotPetya was a “hostile or warlike action” by a “government or sovereign power.” In fact, NotPetya is widely viewed as a state-sponsored Russian cyber attack masquerading as ransomware that was designed to target Ukraine but inadvertently spread globally. Russia denies these allegations.

According to Mondelez, even Zurich had doubts about denying coverage and at one point, rescinded its denial and committed to advancing $10,000,000 partial payment towards Mondelez’s insurance claim. But, for some reason, Zurich changed its tune and reasserted the declination of coverage.

For me this story is less about what is cyberwar, and more about why insurance companies are so good about self-declaring reasons to refuse coverage.

I recently had an insurance company executive tell me they were in the healthcare industry. So I asked if they provide care, to which they replied “no, we know more than anyone, even doctors, about health and we want to encourage people to make smaller and fewer claims.”

That’s not healthcare. That’s finance. Fewer claims (of care) means more margin.

The NotPetya-based denial of claim means the insurance company has assigned themselves the fun burden of proving that a “government or sovereign power” has committed a “hostile or warlike action”. Presumably they think the cost of that proof is less than $10,000,000

Google Lights $1M on Fire to Protest Separation of Test and Production

Advertising news sources are saying that it was an accident.

On Tuesday at about 7 p.m. ET, many publishers both in the U.S. and Australia saw many–if not all–of their ad slots filled with display ads featuring nothing but the color yellow. They were up for 45 minutes.

The costly mistake occurred during a Google training program when an employee accidentally purchased the 300×250 ad units, the sources said. Publishers who checked their logs saw the advertisements came from theiconic.au.com, an Australian retailer.

Estimates are upwards of $1m burned in just hours. Google made an official statement, confirming both payments and that the protest didn’t encounter any resistance.

We will honor payments to publishers for any ads purchased and are working hard to put safeguards in place to ensure this doesn’t happen again

“Top 10 Security Disasters in ML: How Laurel and Yanny Replaced Alice and Bob”: 2019 RSAC SF Presentation

I’ll be presenting again at the RSA Conference in SF, discussing how the information security industry shifted fundamentally after 2014 from ongoing confidentiality to growing integrity concerns.

SESSION ID: MASH-F02

TITLE: Top 10 Security Disasters in ML: How Laurel and Yanny Replaced Alice and Bob

SCHEDULED SESSION DAY AND TIME: Friday, Mar 08, 9:50 AM

ROOM: Moscone West 2007

LENGTH: 50 minutes

ABSTRACT: A seismic shift is upon us. Integrity flaws stand looming and untamed despite the security industry making great progress in availability and confidentiality awareness and control. Now a crisis of trust is developing as developers rush into “machine learning” with integrity a paramount risk. This talk will expose keys of past breaches of integrity to help attendees prepare to control ones just ahead.

QUICK ABSTRACT: If you thought confidentiality breaches were a crisis, are you ready to detect and prevent integrity failures at machine speed?

Apple Alert: SSD Data Loss in 13-inch Macbook Pro

In an awkwardly worded statement, the laptop manufacturer has alerted owners of its 13-inch Macbook Pro that SSD firmware flaws are causing serious data corruption and even complete failure.

Apple has determined that a limited number of 128GB and 256GB solid-state drives (SSD) used in 13-inch MacBook Pro (non Touch Bar) units have an issue that may result in data loss and failure of the drive. 13-inch MacBook Pro units with affected drives were sold between June 2017 and June 2018.

Apple or an Apple Authorized Service Provider (AASP) will service affected drives, free of charge. Apple recommends having your drive serviced as soon as possible.

A few things stand out here:

  1. The firmware update means an Apple “technician will run a utility”
  2. The repair process is to backup your data, update the SSD firmware in a destructive manner, and then restore all your data from backup. And this begs the question why someone can’t do the update themselves if it means restoring a backup to a fresh OS install. Apple ought not be worried about data loss or failure in the process as that’s a guaranteed outcome. Are they concerned the firmware update would brick the laptop, or that the utility would grant too much authority to the end user?
  3. Data already destroyed by the faulty SSD can not be recovered
  4. Anyone who already paid for this service can get a refund. Although at the same time, it only “covers affected MacBook Pro models for 3 years after the first retail sale of the unit”. The repair will not be free if your SSD has faults beyond 3 years…

2018 Ebola Crisis Worsens as US Regime Denies Aid

Here’s a pithy comment by Peter Salama, head of the new Health Emergencies Program at the World Health Organization, about factors leading to Ebola crisis unfolding this year in DRC:

These viruses manage to exploit social vulnerabilities and fault lines. That’s what we’re seeing in this Ebola outbreak starkly.

And even more to the point:

In the last two years since I have been here, 80 percent of our major outbreaks have been in conflict-affected areas. This is the issue of the future.

The issue of urban outbreaks of high-threat pathogens is really an issue of our generation. I don’t think we’ve fully grappled with that. Now with yellow fever, plague, with Ebola, we are starting to see these patterns. All bets are off [in terms of] thinking we know about the transmission of diseases because of what happened in rural outbreaks in the past. It’s completely different now.

Ok, so you have this data showing conflict-affected areas are where the major outbreaks occur, and that is “the issue of the future”. Consider this in terms of infected drones easily deployed over/under/around barriers into urban areas, and then rapid lateral transmission.

I’m not trying to think out of the box here. This is an ancient security worry, for those familiar with the history of siege weaponry.

Who (pun not intended) can guess the current US regime’s response to the outbreak of a high-threat pathogen in the place most expected? Perhaps the title of this post gave away the answer.

Vox reporter Julia Belluz asks Salama the following:

The US pulled its Centers of Disease Control and Prevention workers out of Beni, the outbreak epicenter. They decided it was too dangerous for America’s best Ebola experts to be there — and it sounds like they are not coming back anytime soon. […] But I understand Canada, the UK, even nonprofits with US personnel, are sending people, and you have hundreds of WHO officials deployed. Is the US government an outlier?

This makes the American leadership appear weak and feckless; and Salama replies very diplomatically:

The US government is the main country that has had constraints.

Insecurity of US Regime Impacts Trade

China has downgraded the rating of US ability to partner or deliver goods, and is distancing itself from the instability of a white nationalist White House.

…the economic relationship between the U.S. and China has been permanently altered.

[…]

The president’s abrupt return to brinkmanship…underscored U.S. unpredictability.

[…]

…imposition of tariffs on more than $250 billion in Chinese goods already has prompted China to [buy] soybeans from Brazil rather than Indiana or Iowa.

[…]

Xi has personally directed a campaign to promote “self-reliance,” with public tours of China’s modern industries in the south and its traditional Rust Belt region in the northeast.

“The turn away from reliance on the U.S. for agricultural and industrial inputs will accelerate,” Charles W. Freeman Jr., a former U.S. diplomat said in an email.

This really isn’t about China or America, though. Anyone familiar with the erratic performance and quick failure of a certain steakhouse, casino, airline…probably wouldn’t want to hitch their wagon to a horse unwilling to pull its own weight let alone help anyone else.

the poetry of information security