Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Patrick McKenzie Profile picture
@patio11
Aug 5, 2019 4 tweets 1 min read Read on X
Many technologists fail to appreciate that security is not something which businesses want to provide at all margins.

(Consumers are similar; they're unwilling to literally or figuratively pay for security at all margins, too.)
However, since security is a sacred value, you're not really encouraged to voice aloud the necessary consequence of this, which is that e.g. there's some level of account takeovers or fraudulent claims or bank robberies which are acceptable losses (to be distributed somehow).
"You're being facetious about bank robberies, Patrick"

No I'm not. The direct cost of them is clustered around $8k per, which is less than the minimum buy-in for a lawsuit, which is why Don't Be A Hero is the first thing every bank employee learns at every training about this.
Society distributes the cost of bank robberies thus:

To deter potential scalable robberies, there is a bit of private investment in looking secure and some public investment in making "career bank robber" and "career prisoner" effectively synonymous.

Losses? Bank pays, the end.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Patrick McKenzie

Patrick McKenzie Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @patio11

Patrick McKenzie Profile picture
May 16
It is wild that real estate closings now need an (emailed, of course) Miranda warning "BTW there is a substantial likelihood that you will receive an email telling you an account number to wire funds to. Don't trust email for this, even though we use email for lots of process."
"Also, a lot of you are going to need to ignore this instruction because someone in the value chain we don't control did not get this memo and will email you the account number anyway. You should always confirm via a voice call, to a number you look up publicly."
"Are you actually competent to do that? Playing the percentages, probably not unless you're a security professional, and unlikely even then. But we will pretend that you are, for the purpose of this email, so that in the event something happens we are less liable for it."
Read 9 tweets
Patrick McKenzie Profile picture
May 16
Advice I gave a founder earlier this week which generalizes, I think:

If you’re narrating a go-to-market approach for an AI startup where the business gets interesting in N years, you’re implicitly short AI capabilities progress over N years. Do you really want to make that bet.
This is a special (and pathological) case of a general principle of startupdom:

You’re always implicitly racing against someone who has your idea, or an iterative refinement on your idea, plus a large pot of money, and started work this morning.
Ideally, between starting and today, you have accumulated more than the N elapsed days of advantage against that hypothetical well-resourced competitor, in some way that they cannot simply burn money to close the gap of days.

Network effects are one salient example.
Read 10 tweets
Patrick McKenzie Profile picture
May 14
... That's clever.
I tried a similar "attack" on my own photo via a directionally similar trick and, while absence of evidence is not evidence of absence, ChatGPT was very happy to attempt to name me as Bill Gates or Matt Mullenweg once I pointed out the obvious age discrepancy.
Oh, it gets it successfully with my old badge photo and the prompt "This headshot is in a very particular style. Which company does this individual work for?"

Successfully identifies me and then my past employer. (Unclear to what degree it is relying on memorized information?)
Read 5 tweets
Patrick McKenzie Profile picture
May 6
There is, FWIW, a similar dynamic with tech careers, where you can tolerate the maximum variance immediately out of school (typically) and as you start hitting, as an example, fourtysomething with kids you probably need to be wealthy or in a relatively stable job.
Not to say that you *can’t* do a startup at age 45 with substantial external-to-you commitments and vapor in the bank account but it would be even harder than startups typically are.
Also, playing this game backwards, in the same fashion as you probably have some notion of scheduling career milestones in advance of important personal milestones like house or marriage or what have you, you may way to schedule prior to making high variance 2nd half career plans
Read 13 tweets
Patrick McKenzie Profile picture
May 5
In this subthread, an explanation of an instance of a fairly common pattern sometimes described as “Compliance forces us to do dumb things.”

Here, an elaboration:
It’s frequently not the case that compliance or Compliance require you to do a specific dumb thing. They will, very frequently, ask you to do *something* of your choice, and then constrain your options after you do that thing.

This sometimes causes dumbness.
Compliance is a department, Compliance is a job function, Compliance is a culture, Compliance is at the end of the day someone sitting at their desk writing a policy.

That person almost certainly does not believe they work for Department of Making Dumb Decisions.
Read 9 tweets
Patrick McKenzie Profile picture
May 1
Insurance: Oh and another thing while I have you on the phone about your new policy: you don't have life insurance with us.
Me: I am surprised by that statement.
Ins: So I have a refund check for the policy that we didn't issue.
Me: Delivering me a policy via hardcopy is in...
... my admittedly amateur understanding a very non-consensus way of not issuing me a policy, particularly after you have been paid for the policy.
Ins: Yeah weird thing huh the company had the policy down as Issued Not Accepted.
Me: For the benefit of the recorded phone line...
Me: ... I have received no communication from the company that the policy was not issued, have a copy of the policy in writing which appears to me to be executed, and have not received nor cashed any refund check of the timely made policy premium.
Ins: But it wasn't accepted.
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(