Saturday, October 7, 2017

Why I prefer to hire DIYers

The curse of any DIY job is: you have to do it right the first time. You have no idea what to do, and you can't afford a mistake. You must become as proficient as professionals are, in a fraction of the time, at a fraction of the cost.

So what you do is you learn to learn. You learn how to solve problems the very existence of which you never knew. You think outside of the box, you work beyond limits.

That beats someone who does only the things they were taught to do any time of day.

Thursday, October 5, 2017

In times like these, big monies are lost... and made

tl;dr: life after Equifax fiasco.

Service companies do not sell services. They sell comfort and satisfaction. Equifax was selling comfort to banks, which were glad to pay a little coin for an assurance that the loan they're issuing will be paid back.

Now the confidence is gone. Not just from Equifax, TransUnion, and Experian. The chain of trust had been broken. There is no assurance that a good and valid information is not used by a fraudster. It's just not all of us are screwed, banks are screwed too.

What now?

The business model of "credit rating" is going to be broken for a while. Like I said elsewhere the day Equifax breach happened, SSN as ID will be dismantled - it'll take time, but it is inevitable (it was obvious for a long time that a non-secure system that doesn't support revocation will be broken by a first major leak, which we just witnessed happening). It will be replaced by a system that does support revocation, and that looks painfully similar to good old cryptography. This will cause emergence of whole new classes of tasks, and jobs to solve them - but one will have to be a rocket scientist or at least proficient with cryptography to get one of those jobs. And we will have to pay for all that, because nobody else will.

Buckle up. Study cryptography.

Thursday, September 24, 2015

Identity Theft Made Easy

So, I call $company. The automated system guides me through the hoops, in particular, asking for my "secure credentials", normally "the last four". Then it connects me to a representative.

And the first thing the representative says is: "What are your last four"?


I just identified myself to your automated system.
It authenticated me.
Why do *you* need to hear it again?

If this is a part of the $company's protocol, it's redundant.
If this is an unscrupulous employee harvesting personally identifiable information, it's a vulnerability.

The problem is, you cannot distinguish between the two. So either way, we're screwed.

Thursday, August 20, 2015

Full-Time Employees: Who wins? Who loses?

Just read The Case Against Full-Time Employees.

There's no TL;DR, read it if you care to compare it with my counterpoint, which is pretty simple:

  • A long term full time employee is a known variable.
  • Freelancers and contractors are the unknown.
  • The more is known, the less uncertainty.
  • The more uncertainty, the more risk.
  • The more risk, the more threat.
  • The more threat, the more contingency.
  • Somebody has to pay for the contingency.
  • Business can't pay the contingency, it has to be profitable.
  • That leaves only one party that can be held responsible for paying.

That party is *you*, the customer.

Note that pay is not necessarily monetary.