Mostly cybersecurity strugles. If you invest millons in a castle with a gigantic lock and a pit full of piranas, would you leave the service entrance open and give everyone in town the key? Yeah, more commom than not.
But an IT audit is only necessary if your company goes public or is the owner wants it, maybe if you are a tech company.
I do other audits, mostly safety and environmental, and my big question is usually “nobody made you write this, why would you write this down if you don’t want to do it?”
For most regulations, the laws and rules say something like “companies must ensure X doesn’t happen”, and the companies themselves have to come up with a way to do that.
Let’s say the law says “companies that transport apples must be able to show which batch went where”.
Company A says “to comply with the law, whenever we move a shipment, we store the shipping order on our computers”
Company B says “to comply with the law, the truckdriver will film the place they left, count the apples when leaving, then email the entire dashcam trip, and count the apples on arrival”.
Neither process is wrong, they both follow the law. But when I go to Company B, I promise you they’re going to fail the audit. They’re (probably) not doing anything illegal, but they’re going to fail their audit because no truckdriver is going to count a truck full of apples.
They made that rule, and they really didn’t have to.
there are 2 types of rules, or controls as we call it: Legal requirements and internal policies. The first one is clear there are legal requirements in place and you have to be in compliance with. The second one is where I get the most wtfs. Internal policies are rules the company itself crated and said had to be followed. For example let’s say you are the IT manager of your company and you discover that everyones password to you system is 1234. You go out and look for market best practices and create a policy saying “All passwords must contain 6 numbers and 2 letters”. For this to be official you write it down and “publish” it internally.
Now, me as an auditor go there, look at the rule you created and check if it’s really in place or if you just wrote because. A lot of times it’s not. The company creates the rule but forgets or just postpone implementing it
Probably not the most complex, but in programming, the salesman problem: intuitive for humans, really tough for programming. It highlights how sophisticated our brains are with certain tasks, and what we take for granted.
I once accidentally worked myself into trying to solve the traveling salesman problem. I was doing some work on a very specific problem, and I got to a point where I couldn’t figure out a way to efficiently link up a bunch of points. The funny thing is that I knew about the TSP, but I just didn’t realize that the problem I was trying to solve was a case of the TSP. After a couple of days trying to figure it out, I realized what it was, and that it was futile.
It was a good lesson to always try to find the most abstracted version of the problem you are trying to solve cause someone smarter has either tried and failed or tried and succeeded.
Trying to prevent bacteria from developing antimicrobial resistance. At these rates in 30 years antimicrobial resistant bacteria are projected to kill more people than cancer.
I’ve been around the AMR space for a while, but only as a collaborator. Have helped do some bacterial assemblies and help find methods of detecting ICE. I’m a bioinformatician so I get to jump onto a bunch of different projects.
AMR is scary and not really in the public knowledge of upcoming issues. I think about it every time my son had an infection while he was very young and hope he didn’t get a resistant strain.
How much of this resistance is down to feeding livestock antibiotics compared to doctors over-prescribing to people, or what is the cause do you know? Is there any way to slow down the rate?
The level of AB use in livestock in various countries is astonishing.
Most european nations have to keep a very strict log of which antibiotics are used, and for what reason.
Meanwhile, until recently India was using Colistin as a growth promoter.
Given the search summary of that one is “an antibiotic medication used as a last-resort treatment for multidrug-resistant Gram-negative infections”, that sounds very bad.
I think there are so many new and great ideas in this space but you have to consider how science is funded. Funding bodies and reviewers want incremental research that is safe. This has led to our current situation. Phage therapy has been around for so long but is only in the last 10 years gained creditability and treated as a path to take. Ultimately, antimicrobial resistance is incredibly solvable even at a policy level and definitely across many scientific levels. But it requires more cooperation than farms, pharmacies, hospitals, states and countries can muster.
I’m in the building sciences. The biggest unanswered question we come up against almost daily is “what the fuck was the last guy thinking?”. And we avoid, daily, admitting we were the last guy somewhere else.
Isn’t it proof enough? Using the Sudoku example: there are certainly different levels of difficulties, depending on how many numbers are set in the beginning and other parameters. Checking if the solved answer is correct, is always the same “difficulty” - thus there is no correlation between the difficulty of the puzzle at the beginning and checking the Correctness. Some people might not be able to solve it, but they certainly can check if the solution is right
Unfortunately no. The question is a simplification of the P versus NP problem.
The problem lies in having to prove that no method exists that is easy. How do you prove that no matter what method you use to solve the sudoku, it can never be done easily? You’ll need to somehow prove that no such method exists, but that is rather hard. In principle, it could be that there is some undiscovered easy way to solve sudokus that we don’t know about yet.
I’m using sudokus as an example here, but it could be a generic problem. There’s also a certain formalism about what “easy” means but I won’t get into it further, it is a rather complicated area.
Interestingly, it involves formal languages a lot, which is funny as you wouldn’t think computer science and linguistics have a lot in common, but they do in a lot of ways actually.
Well it just so happens that the definition of “easy” in the actual problem is essentially “fast”. So under that definition, checking every single possible solution is not an “easy” method.
What if the sudoku is 1 milllion lines by 1 million lines? How about a trillion by a trillion? The answer is still easy to check, but it takes exponentially longer to solve the board as the board gets larger. That’s the jist of the problem: Is there a universal solution to a problem like this that can solve any size sudoku before the heat death of the universe?
For the purposes of OPs problem (P v NP), it considers not particular solutions, but general algorithmic approaches. Thus, we consider things as either Hard (exponential time, by size of input), or Easy (only polynomial time, by size of input).
A number of important problems fall into this general class of Hard problems: Sudoku, Traveling Salesman, Bin Packing, etc. These all have initial setups where solving them takes exponential time.
On the other hand, as an example of an easy problem, consider sorting a list of numbers. It’s really easy to determine if a lost is sorted, and it’s always relatively fast/easy to sort the list, no matter what setup it had initially.
Well, there’s counterfactual examples of this, so it must not be true.
In pretty much every single relationship worldwide, one person can very easily determine if the recommendation from the other for where to eat or what to watch is correct or not.
And yet successfully figuring out where to eat or what to watch is nigh impossible.
Most people would probably intuitively answer “no”, and most computer scientists agree, but this has still not been proven, so we actually don’t know.
I disagree, I think most computer scientists believe that P != NP, at least when it comes to classical computers. If we believed that P = NP, then why would we bother with encryption?
I think you’ve misunderstood 😅. Answering “no” to that question corresponds to P != NP (there are problems that are easy to verify but not easy to solve), while “yes” means P = NP (if a solution is easy to check, the problem must be easy to solve). So I am saying most people and most scientists believe P != NP exactly as you say.
I’m only a professional scientist in the loosest sense of the term but for years we’ve tried to figure out why Joe can’t leave the break room to fart and who the fuck does he think he is?