When significant functionality and backwards compatibility is required and money is limited, I'll happily work for red team, when brick is a valid solution, I will happily work for blue team.
The US carefully developed its cyber security plan during the word press macro era. Let's send the FBI to foreign countries in the hopes of arresting teenagers who learned how to cut and paste, genius.
Unfortunately, it forgets how to do this if the country is Israel instead of the Philippines.
Is there some solution in that to making sure 100% of possible red team members are more aligned with the profit interests of the US' strategic private companies than the US strategic partners in running illegal conspiracies?
I'm baffled as to what utopia of a profession has global tool collaboration and consequences, but somehow manages to deal with 230 groups of nationalists, thousands of sects, and embargo's on any one group paying people across all of these to provide a regulatory framework for safe and human benefiting tools in their category with no edge cases. If such a regulatory framework existed maybe it would shut down these mobile phone companies over behavioral harm?
Personal responsibility is where this starts. Not with the US, not with Israel or the Philippines. It starts with us, the technical people that do these things.
That makes no sense. A whole bunch of Americans won't do anything in this area because the US legal system is whimsical. But some nationalist professor was going to agree to make StuxNet, and maybe they were right, we certainly aren't going to all get to reach them to debate. So what is achieved?
Would Apple being totally incompetent at security and fighting exploits from NK prison labor, eventually with about the same fail rate, be a better world?
Export control on thoughts didn't work, so total disarmament on thoughts won't work. Prioritize security, cut out some of the entertainment and useless features through regulation because brain candy always wins in an unregulated market.
I'm not in the US. I don't work for Apple. And yet I can guarantee you that my work - assuming I'd be that capable in the first place - is used to reduce the security of various platforms through 'research' that leads to the existence of more zero days. You won't find me on anybody's red team.
So personal responsibility is where it starts and there isn't a fig leaf large enough that would allow you to pretend otherwise.
While I believe selling zero days to NSO group is significantly worse than working for Google or building surveillance capitalism software - we are mercenaries. Like 60% of software work is vehemently anti-middle class. Almost all of us have either contributed to some spying apparatus (analytics platforms), build some automation that replaced several humans, or developed something that contributed to the environmental destruction of our planet.
Let's be clear though, I'm not saying tech is bad. We'd all be doing manual labor on a a farm without it. I do think our demographic (including myself) has completely set aside any consideration for our impact in the name of optimization or a fat paycheck.
You can't simply ignore the base rate, even if you don't know it.
In a purely random world, 5% of experiments are false positives, at p=0.05. None are true positives.
In a well ordered world with brilliant hypotheses, there are no false positives.
If more than 5% of experiments show positive results at p=0.05, some of them are probably true, so you can try to replicate them with lower p.
p=0.05 is a filter for "worth trying to replicate" (but even that is modulated by cost of replication vs value of result).
The crisis in science is largely that people confuse "publishable" with "probably true". Anything "probably better then random guessing" is publishable to help other researchers, but that doesn't mean it's probably true.
> p=0.05 is a filter for "worth trying to replicate"
Yes, I think that is an excellent way to put it.
> The crisis in science is largely that people confuse "publishable" with "probably true".
I would put it slightly differently: people conflate "published in a top-tier peer-reviewed journal" with "true beyond reasonable dispute". They also conflate "not published in a top-tier peer-reviewed journal" with "almost certainly false."
That's defined by the phenomenon you're investigating.
In the case of six-sided dice, there are precisely six categories, ideally with even odds of occurrence. With the lottery jackpot given, there are eight categories, with highly asymmetric probabilities and values.
In real-world cases, you might be trying to distinguish two cases (treatment and control in a medical experiment), between multiple particles or isotopes (say, with physics or chemistry), amongst different political divisions (countries, states or provinces, counties, cities, or other), between political parties or candidates (which raises interesting questions over which and/or how many to include in consideration, in turn dependent on voting procedures, overall popularity, and impacts of non-winning candidates or parties on others), on multiple products, or on different behavioural characteristics in some domain (e.g., highly-active, occasionally-active, and lurking participants in online fora).
There are times when categories are well and unambiguously defined. Others in which where you choose to draw divisions (say, in generational groups, or wealth or income brackets) is highly arbitrary. Even where there are a large number of potential categories, choosing some limited number for specific analysis (2, 3, 5, 10, etc.) and lumping the remaining into "other" may provide clearer insights and fewer distractions than choosing a large number of divisions.[1] In other cases, a very small number of individuals may account for an overwhelming majority of activity or outcome. I'd strongly argue that in this case, the analysis might be somewhat poorly focused, and that activities and outcomes rather than individuals are of greater interest.[2]
What's key is to match your sampling and sample sizes to the phenomenon being studied.
________________________________
Notes:
1. Power law distribution / Zipf functions often mean that a very small number of participants has highly disproportionate impact or significance.
2. This is often the flip side of power law distributions. If we look at all book titles, there are a huge number of individual items to consider; there are roughly 300k annual English-language "traditional" publications, and over 1 million "nontraditional" (self-published, or publish-on-demand) titles. But if your focus is instead titles by percentage of revenue or number of sales, a top-n analysis (5, 10, 20, etc.) often captures much of the activity, frequently well over half. This is typical of any informational good: music, cinema, blogs, social media posts, etc.
I don't see it as deceptive. More like dumbed down by removing all technical jargon.
How would you describe the issue briefly to someone who doesn't know what machine learning is? Sure, a lot of people know about it now, but I think much of the general public still has only the vaguest idea, and that was much more true a couple years ago.
