Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
2 Likes
This was a great episode.
I have some thoughts. tl;dr FTX is a way bigger problem than discussed on the show and it’s far from over.
Firstly I thought David Spark’s framing of the responsibilities of the CISO with respect to liability and risk was particularly interesting. I’ve heard it repeatedly said that “the CTO is personally responsible for the company’s technology problems” and “the CISO is at fault for the security problems”. I sympathise greatly with David’s view that this type of framing is misjudged, and that risk is not the sole burden of any particular office but rather is the burden of the business as a whole. The CTO or CISO quantify the risks and liabilities, communicate and champion them with the executive team and/or the board, and the business makes whatever decision it makes accordingly. If the business chooses to not mitigate those risks, or not provide the funding that was requested, or not prioritise important technology or security initiatives, that’s not the fault of the CTO/CISO, so I agree with David.
On facial recognition in public places by “Google Glasses” type devices Amy Webb makes a great argument for the anti-facial recognition sweater however one has to expect that surely they will just update the ML algorithm to fix this. No doubt there will be a cat and mouse game between the fashion designers and the ML developers but are people really going to update their jumpers every two weeks to keep up? There’s also the question of what happens when facial recognition becomes a societal norm and the wearing of such a sweater may become unlawful just like those car number plate obscuring polarising filters that were a hit in the ‘90s (they were transparent to people but opaque to speed cameras).
Regarding FTX. I think this was a slightly troubled discussion due in part to it still being early days and the sheer content of analysis that’s out there that people haven’t had a chance to review yet. What I would say is everyone interested should listen to the Odd Lots podcast episode with Matt Levine and SBF (from April 25, 2022). It has the now infamous and classic line from Levine (speaking to SBF): “You’ve just said we’re in the Ponzi business and business is good” without any kind of rebuttal from SBF (in fact he almost agrees with the characterisation). This comes after SBF describes tokens as a “money in a box” business model where people put money in a box; people take money out of the box; you market the box to make people to make them think “wow that’s a great box, I’ve got to put money in the box”; and you hope people keep putting money in the box. Seriously, he says this.
The story is also much more intricate than was discussed in the episode – there are close connections between SBF, Caroline the CEO of Alameda (SBF’s proprietary trading firm that was allegedly propped up using $10B of FTX client money), the lieutenants at SBF, even the parents of some of these characters that turn out to be either regulators themselves or professors of regulation & ethics at MIT. The scale and scope of the disaster is profound. SBF was the second largest political donor to the Democratic Party (but was also a very large donor to Republicans too) presumably to influence the upcoming regulations. You can be sure he wasn’t spending all this money to try and push for regulations that protect customers and that would weigh down his business. It was surely to try and legalise the whole scheme.
Governments have their fingers in their ears saying “Oh it’s crypto therefore it’s not gambling. Oh it’s crypto therefore it’s not finance”. It’s clearly both to any reasonable observer. And that’s fine! Both of those things should exist, but we have laws and regulations that cover those activities in order to protect the vulnerable and they should surely apply here.
The clash of philosophies around people taking risks with their money was really insightful and great to watch. I have conflicting views myself. On the one hand people should be allowed to do with their own money whatever they want. If they want to gamble it that should be allowed. The excuse “people don’t understand risk” isn’t really good enough. I personally don’t know about heart surgery and so I don’t do it; if you don’t understand finance or gambling or risk then it’s on you not to do it.
But on the other hand, we know gambling addictions exist. We know FOMO exists. We know celebrities (or more importantly in the case of FTX influencer endorsements) work. As Amy strenuously noted many people just don’t understand statistics, probability, or risk. They are seeing other people becoming millionaires literally overnight and trying to get in on it. FOMO makes people do irrational things. At a minimum I feel that people should have to be accredited investors or have to pass some kind of test to show they know they are playing roulette and not to put at stake money you can’t afford to lose.
Maybe instead of worrying too much about new regulation we just start using the ones we already have by just addressing the elephant in the room and accepting that crypto is finance and crypto trading and tokenomics is gambling. Done.
It should be noted that FTX was not just an unregulated offshore unregistered securities exchange, it was a full derivatives platform. Customers could use in excess of 20 times leverage and use all kinds of complex structured and packaged products and derivatives. It turns out one of the reasons FTX become so popular in Europe is that the competitor Binance was banned from offering derivatives in the EU which pushed people onto FTX. Why ban only one exchange and not others? No idea, it’s a complete mess. All the other exchanges that are doing the same thing are still out there, offering complex derivative products to anyone whether they are accredited investors or not. This is not the last problem we will see in this space.
And it seems that Michael Lewis is indeed writing a book about SBF and has already started shopping the film rights. He met SBF many times over a six-month period including visits to the Bahamas. He now has the most incredible book ending imaginable – I for one will be pre-ordering on Kindle!!
I found the discussion of crypto somewhat unsatisfactory. Amy Webb is a very smart person who does not speak without forethought. She said, “I do not think we can entirely blame the consumer.” I agree, up to a point. Our society does not expect consumers to understand finance beyond the simple day-to-day level of bank accounts and mutual fund investments. And to ensure that these are safe we require that they are audited, regulated, and (possibly) insured. With crypto finance these controls are missing and hence any money transacted with a crypto entity is a speculation not an investment.
Is it too much to expect someone to look at the volatility of the price of crypto currencies, on the one hand, and the obscurity/complexity of the instruments on the other hand, and not to have serious doubts? Further, a person who invests their savings in an instrument on the recommendation of some celebrity is probably going to be parted from those savings sooner or later.
Then there are those who fully understand that crypto is pure speculation and subscribe to the bigger fool theory. They hope to buy low and sell higher, and may use pump and dump or other methods to make that happen. No one should have any sympathy if they lose out.
A worthy society does have a responsibility to protect the unwary. We should identify and stop scams, confidence tricks, Ponzi schemes, etc. etc. And a worthy society also has a responsibility to educate its populace to recognize and avoid these as far as possible. We clearly do an inadequate job on all of this, nevertheless, we have centuries of experience that attest to the sad fact that there are always deceivers and there are always plenty of people ready to be deceived despite having red flags waved in their faces. Common sense is regrettably uncommon.
On another point, Elizabeth Holmes was prosecuted not just because she ripped off a bunch of people but because she ran a company which knowingly and deliberately gave false medical test results to real patients.
1 Like
I’ve posted this elsewhere, and on Twitter, but it keeps coming back up.
My first CEO, at the start of the 90s, gave a great piece of advice, on stage at the annual employee meeting (we were working for one of the largest IT consultancies world wide).
He said (slightly paraphrased, as I never had this is writing, just his speech), “if you regularly have to work overtime, management screwed up! Either they didn’t set realistic deadlines or they didn’t resource the project properly.”
By this he meant that a 1-2 week rush with slightly longer hours is acceptable, at the end of the project, to get it out the door. Likewise, if there is an unforeseen system failure and “all hands on deck” are required to get it back up and running, that is acceptable; you can’t plan for such a catastrophic failure and just have the staff sitting around doing nothing, waiting. Likewise, with the end of project, after 18 months or so, to come in “on time”, instead of push out the deadline by a couple of weeks, that is acceptable.
But, if you have set the deadline so tight, or planned in so few staff, that you are expecting staff to work massive amounts of overtime week-in-week-out, month-in-month-out, the management behind that project screwed up royally and should be out on their arse. He actually encouraged people working on projects where such situations were common to talk to their career managers (as we were a consultancy and being pushed from project to project, we had a career manager and usually a project manager, the latter would change regularly, as you moved from project to project, but the former stayed with over the years, to give a consistent view of how you are working) about the situation.
Working an hour here or there, or if there was a certain problem you needed to get out the way and concentrate on, if you worked 1-2 hours extra for a week, normal. If you had a major problem and you worked an extra 8 hours one night, normal. You are working more than 2 hours extra every day of the week, unacceptable.
Now, we have Elno and he comes along and sacks half the staff and expects the remaining staff to do 2 weeks work every week? What sort of idiotic situation is that? If you are working a 16 hour day, you can do that for maybe a week, before your productivity drops off massively, after 2-3 weeks, you are a walking corpse, you aren’t making sane decisions, you can’t really concentrate on your work, you are not working optimally, things are going to slip past you.
After 2-3 weeks, he is going to have staff doing 2 weeks worth of hours every week and probably generating about half a weeks worth of output, due to them being too exhausted to think clearly.
I have worked those sorts of hours on a project in the past, 16 hour days, plus 3 hours travel to and from work, working weekends. After a month, I really couldn’t think straight. We managed to finish the project, somehow. My manager sent me home, forced time off. I actually slept 36 hours straight. It took me a couple of weeks to get back to my old self and be at the same levels of productivity as before the rush just. (And, to be clear, this was not under the CEO mentioned above.)
3 Likes
Absolutely. I’ve been in that situation, I’ve managed an IT team, before CISOs were a thing, pointed out inadequacies in the technology we were using, pointing out security holes in systems, pointing out where we needed new kit and more staff. All of which were ignored, no time allowed to fix the problems, no budget to replacing dangerous old kit (a 10 year old firewall with no support, for example - the Board’s reaction, “it’s a firewall, it doesn’t need support of patching, it isn’t like it is a computer”!), only when it finally failed & we lost over 100 VPN connections to customer systems & we couldn’t provide support, did they sit up and take notice! It was actually replaced by a redundant system, with support & patching!
Heck, they were shipping turn-key client systems in 2014 using a version of SUSE Linux from 2000, they only finally switched to a more modern software base, when they were unable to source any more SCSI cards that would work with that old OS! “It is Linux, it is secure, it doesn’t need patching!”
1 Like
Your former CEO’s advice seems quite sound i.e., the occasional “crunch” is fine in nearly any firm.
Longer term under resourcing and the rest? Not clear that’s a good thing generally.
The worry I have is the reception of all this within the wider tech exec community – it does feel at times that there is a motivation to try and copy enigmatic CEOs and their iconoclastic behaviours. A tech sector full of this behaviour is not one I think we should be encouraging, normalising, or enabling. I’m as big a fan of innovation as the next guy but wow we’ve got to be able to do better than this.
Ultimately I find it all tragic and I have enormous empathy for the employees (current and recently former) stuck between a rock and a hard place as many will not have the ability to just up and quit (or refuse to return) for any myriad of personal reasons.
Anyway perhaps all we can do is watch from the sidelines, hope things work out well in the end, and offer any and all support for the hard working employees that we can…
1 Like
An astonishing and riveting take on FTX. Also Twitter. (Matt Levine)
https://www.bloomberg.com/opinion/articles/2022-11-14/ftx-s-balance-sheet-was-bad
Very well put @russell1066
I feel the mainstream media narrative needs a little bit of work.
I just watched a segment from a TV broadcaster in the UK targeted at the general public and they featured three Bitcoin success stories and three financial experts. The success stories were glorified and the experts downplayed and made to seem like harbingers of doom for explaining finance 101
Plus crypto ads are all over the busses and the tube here.
Is it any wonder the average consumer is flummoxed.
Regarding privacy, a lot of people really did care about it 12 years ago. Among my friends, it was always a big topic and none of them were badly about tracking.
I have blocked most of the tracking from Google for well over a decade. The same with other companies. It is one of the reasons why I never use Chrome on the desktop and replaced it on my Android phone with Firefox or Brave, and spent hours de-Googling my phones, when I first got them. The same with Facebook and Meta, I tried Facebook for about 6 months, then deleted my account in 2010. I had to open a new account at one company I worked for, to manage their DB home page, but only use it for that.
1 Like