Blog

Featured

The blog of blogs

Blanding down a message to be comforting to all potential readers, isn’t my thing. Posts here are meant to be tease from slumber, to opine for discussion and to stimulate to think. This means the language has a distinct style, being direct and unapologetic nor understated, also elliptical and/or long-winding, stopping short of using the correct ‘prolix’ since not many readers may understand the QED in this – not for simpleton readers.
Oh and pics are almost all my own – almost all unedited if you didn’t notice… – and selected to be at least slightly relevant to the post concerned. Maybe.
Have fun!

Yup, once again. Since today’s that date.

As an intermission: Would you know which is which, of the above/below …?
And then, there’s continental differences …

[Since it’s today’s date, I thought to flip it and not be original just for one day… nevertheless, the day deserves some sillyness in particular in current circumstances. See also the two previous Today’s Date posts.]

First up, the Elk:
elk-06
Servus Canadensis, the wapiti indeed. Next up, the Elk: Continue reading “Yup, once again. Since today’s that date.”

Latest physical → cyber ..?

Just when one thought that the War in the cyberzz would be fought with all the conventional tricks of wiperware and integrity corruption (i.e., dis- and mis-information, dirty patches), there pops up [yesterday] a news item about Alexander* using EW/flare pods as ‘co-payload’. As determined by e.g., GW Herbert.

Now, at what pace would we see this tactic be deployed also in cyberspace [if that exists] ..?

Why wouldn’t a payload as dropped into/onto some network, not only use legit UIDs for further reconnaissance, priv escalation et al., but also create fake ‘innocious’ accounts that would at some point be ‘found out’ and removed, only to declare the network fully safe again? So that the real payload could fly on to its target. Should be doable. May not be extremely difficult to create some new defenses against, but hey, another piece to the arsenal ..? Another piece of defense you need to build (or at least design) to be ready when certain stuff hits the fan?


[These sort of perimeter defenses will also not work. ‘Perimeter‘… Note that any army that seriously tried, did conquer England – maybe not the other parts as much.]

* As all of you are very aware, the missile ‘name’ actually is Iskander. Which is the derogatory name all the peoples conquered by The Macedonian used and use. So, either they don’t know about this and feel proud [for that’s what such missile names commonly are chosen for] for a ridiculous reason, on their way to prove the name is used by the defeated, crushed; or they do know that with the name they side with the oppressed – not reflecting current mil actions – and the name reflects their instinct of the fate that they will lose big-time.
Or, in revenge for some field trip in Asia in the area where even Alexander did fail eventually, the trip that worked out the same as those that came after [and those that came after, in the 20th C, didn’t learn a thing from their precursors; even more stupid! See this book. But then again, those that came after in the 21st C, they were the really stupid not to have learned…], they chose the name in prep for regaining control in that (wider) area with a “If you insult us (?) with that slur, it will backfire on you” weapon. I’m getting away from the main subject of this post a bit, eh?

AutoAuto’s blijven een droom

Tsja, auto’s, ‘artificial intelligence’ en security: Het is het bekende verhaal. Nog steeds … Zijn er technologische of andere ontwikkelingen de afgelopen halve eeuw waarbij security-in-brede-zin nou eens echt vanaf het begin is meegenomen, of blijven we met alle OT-dingen om ons heen doorgaan met de put dempen, security er een beetje (sic) opschroeven als het al te laat is?
Bij auto’s is dat ook het geval. Met als complicatie dat we niet alleen snel de auto omvormen tot softwareplatform op wielen1, maar gelijk ook het geheel liefst zo volledig mogelijk zelfrijdend willen maken. Zelfrijdend, in de chaotische context die het wegverkeer is. De mogelijkheden en oplossingen kennen drie grote issues, die in een drieluik van hoofdstukkenaan bod zullen komen: Wat kan de mens en wat kan de auto, potentieel; waarom pakken we het niet aan met centrale aansturing of coördinatie en; wat kunnen we dan wel – waar staan we nou eigenlijk met aai-oplossingen? Dit stuk, het zal niet verbazen, bestaat net als Gallia2 uit drie stukken.

Soort-van waarschuwing: Dit is een longread…

Deel 1: Goto HumanDriver Considered Dangerous

Hier pakken we dus de eerste vraag op. Met vooral aandacht voor een element uit het ‘system’ dat we of het nu homo ‘sapiens’ is of HAL, in de auto de functie heeft van Central Scrutiniser3: De Bestuurder. Wat kán die, hoe beslist die ..?

De meesten van u zullen het wel hebben meegekregen; het resultaat van een groot onderzoek van MIT4 over beslissingen die een Moral Machine zou moeten nemen om aan te sluiten bij wat wij mensen moreel handelen vinden. Nou ja, het ging eigenlijk alleen over een klein, bekend onderdeeltje van moreel redeneren, het trolley problem. Waarin de keuze moet worden gemaakt om een of meerdere mensen om te brengen, om een of (nog-)meerdere anderen te redden. Een besluit is verplicht, nietsdoen is een keuze voor een van beide alternatieven. [Al is onduidelijk wat de default instelling is in dit experiment…]

Uit het onderzoek kwam van alles naar voren – dat er over de wereld gezien culturele verschillen zijn in de statistisch ‘ideale’ keuzes. Dat het nogal uitmaakt wat er precies aan binaire alternatieven voorhanden is. Dat het uitmaakt wie je het vraagt; ja man/vrouw, jong/oud dat geeft allerlei verschillende maar moeilijk voorspelbare antwoorden. Dat was nog enigszins voorspelbaar. En dat de resultaten desondanks een zware bias hebben doordat de deelnemerspopulatie stevig leunde naar man, hoger opgeleid, welvarend en dus waarschijnlijk meer kosmopolitisch (en dus mogelijk minder religieus), en sowieso deelnemend. Dat soort beperkingen aan de representativiteit worden wel vermeld maar de impact op de resultaten niet (voldoende). Waarmee we dus niet weten of de resultaten bij voldoende biascorrectie wellicht grijs middelmatig vlees noch vis zouden zijn5. Zoals bij de debatten onder ethici over dit soort zaken: Er wordt fraai gedebatteerd en wat was het een interessante uitwisseling van argumenten en filosofische uitgangspunten – maar een eenduidige, snel beslisbare oplossing komt daar nooit uit. Als het probleem in de praktijk zo Onbeslisbaar6 lijkt, dan kunnen we misschien beter ophouden.

Morele Auto’s
Dat het onderzoek beperkt was (is) tot het trolley problem, maakt de resultaten nou ook niet bepaald geschikt voor praktijkgebruik bij bijvoorbeeld zelfrijdende Auto’s7. Die Auto’s zullen heus in veel situaties terechtkomen waar wel meer dan twee alternatieve wegen voorwaarts zijn. Dat er wordt geleerd van de praktijk, is niet noodzakelijkerwijs een oplossing, of beter. Neem het geval van de overstekende voetganger met fiets aan de hand – de Auto herkende dit te laat (als obstakel) om nog rustig te kunnen remmen. De Auto had geleerd om vooral niet te gemakkelijk tot remmen te beslissen omdat bumperklevers al zo vaak schade gaven aan de achterbumper; dan maar liever gewaagd om door te rijden tot het echt niet anders kan oftewel het te laat is voor een noodstop. Exit voetganger. Tsja, economische argumenten gaan nu eenmaal voor.

Dat was eigenlijk al duidelijk toen bleek dat Auto’s veel defensiever reden dan mensen; er was kennelijk nogal wat te processen aan informatie en better be safe than sorry – voor de Auto’s en de verzekeringsmaatschappij … Hetgeen overigens de ruimte schiep (schept?) voor fervente Automobilisten om dan nog veel meer plezier te beleven aan hun hobby, maar dat terzijde8. Post scriptum: De Auto’s zullen dus langzaam rijden, ook al om een andere reden9 – zie ook 75.
Continue reading “AutoAuto’s blijven een droom”

Eindeloos projectfalen

[English version below]
U vergat te leren. Dus ging uw project de mist in.

[Dit is een repost-plus-een-beetje van 2018. Omdat er kennelijk niets, naar boven afgerond nul [uitzonderingen daargelaten; oprechte felicitaties] veranderd is in de loop der jaren. Decennia. Hoewel er met ‘Agile’ wel ietsje voortgang is bereikt, hier en daar daar sprints [sprintjes; geen manier om een marathon van een infrastructuurvernieuwing te bereiken, overigens] als micro-projectjes kunnen gelden.]
[Merk tevens op dat waar ‘project’ wordt genoemd, ook ‘programma’ kan worden gelezen.]

Aan alle project-gerelateerde functionarissen: Deed u wel de Evaluatie aan het eind van uw vorige project? Serieus?? Uitgebreid en diepgaand genoeg om potentieel nuttige informatie over ups en downs en near-misses en hoe die laatste twee te voorkomen te hebben voor toekomstige projecten? Echt? In al uw vorige projecten?
‘Ja’ is nogal ongeloofwaardig.

En, waar eindigde die informatie in projecten die u later deed?

Nergenshuizen, ongetwijfeld. Alleen in de projectmanagementtechnieken en -methoden die in de opzet- en planningsfase extreem veel detail vragen (deze is daarbij het lezen, stukbestuderen waard) komt het nog weleens voor.
Daar lezen we soms (niet eens altijd) nog wel eens een vage notie van het meenemen van het geleerde uit vorige projecten (een beetje zoals hier).
Maar dat zijn uitzonderingen. In standaarden met tonnen aan detail. En dan wordt lessen meenemen alleen aangeduid in de inleiding. Als u dat al volgt.

Gewoonlijk – weest eerlijk! – … zelfs dat niet echt. Pino of NePino. Tsja maar dan…:

Lessons will be repeated until they are learned.

Jawel, zelfs indien (sic; als niet wanneer) auditors uw project management aan de start van een project checken om te bepalen of de opzet succes überhaupt mogelijk laat – en ze mee blijven lopen met de projectuitvoering om passend risicomanagement en -control in het project aangaande project governance [don’t get me started], voortgang, en de andere helft van het auditwerk: de kwaliteit van de deliverables richting de oorspronkelijke doelstellingen,
zelfs dan wordt daarbij ooit achtgeslagen op toezicht dat de juiste en toepasselijke lessen die uit vorige projecten zouden moeten zijn geleerd, worden meegenomen. Dus zowel de voorkoombare fouten, vergissingen en onachtzaamheden als de succesvolle risicoreducerende acties. Als u auditors dat wel deden en doen: mijn hoogachting.

Simpele conclusie: Om uw toekomstige projecten een kansje te geven succesvol te zijn, zijn de lessen uit het verleden verplicht te worden meegenomen aan en vanaf de start.

En eis dan ook van auditors dat ze daar toezicht op houden; mede bijvoorbeeld door auditors de schuld te geven van projectfalen als ze risico’s en voorkoombare fouten niet tijdig [dus aan en vanaf de start] signaleren en laten oplossen.
[Waarbij terzijde dat de ooit niet zo serieus genomen Gateway Reviews bij overheidsprogramma’s in potentie invulling gaven aan zulk toezicht. Wellicht niet juist gericht en met niet de volle omvang en diepgang, maar toch.]

Nu dan, om u op te vrolijken:

[Is ook een visie; Porto]

Eternal project failure

You failed to learn. You’ll fail your projects.

[This, as a repost from 2018. Since nothing seems to have changed; exceptions excepted [true congrats]. Though with ‘Agile’ [the schmagile; more on that in later posts] things have improved just a little, here and there, as sprints might be considered micro-projects..?]
[Note, too, that wherever ‘project’ is mentioned, ‘program’ certainly applies as well.]

To all project management related types: Did you do your Lessons learned session at the end of your last project? In earnest? Extensively and deep enough to be potentially useful in future projects? Seriously? In all your previous projects?
Experience and statistics don’t agree with any Yes.

And, where did the lessons learned show up in the projects you did later?

Nowhere, I guess. Only where project set-up standards require the most excruciating detail in planning and activities – the kind that no-one will follow in practice (this is strongly recommended to be studies to pieces, as illumination). There, we sometimes (not even always) encounter some vague reference to do include past projects’ learnings (bit like this).
But that’s the exception. In the full-detail standards. Qua guideline at the outset.

Common practice (be honest) … not so much. Pino or NePino. Well, …

Lessons will be repeated until they are learned.

Yes, even if (sic) auditors check on your project management at the start, to see that the project is well set up to achieve the objectives – and auditors stick along with project execution to track proper risk control in the project re project governance, progress, and the other half of audit work the deliverables – hardly ever does that cover checking that all the right and applicable (…) lessons learned from past projects (both the preventable errors/slip-ups and the successful risk mitigation actions) are in fact included in this new project under study. If you auditor did do this, than congrats and hats off to you!

Simple conclusion: To greatly enhance your future projects’ chance of success, include past learnings in earnests.
And require auditors to do the same when they audit projects, e.g., by putting the blame on auditors when projects fail at known, mitigatable risks, for their lack of due and timely advice.

[Edited to add: Which may tie in easily with the ‘required’ (by me) project pre-mortem analysis as per this.

Now, to cheer up:

[Use your Vision; Porto]

Decryptoners: Please chip in

[Since I don’t have the appropriate tools at hand…]
Remember I posted this, about two major historic Question Marks that are still out to be solved and how maybe the ‘AI’ community could reach out and prove their worth?

There’s more. Like, here:
+ Voynich [Isn’t this a class?]
+ Oxyrhynchus 90 [Guess there’s a great many others, too]
+ Charley and Hetty [Not the CSI one, … on second thought might be the same (age)]
+ Dorabella
+ Pigeon NURP 40 TW 194 [Deserves a better name, ‘Nurpy’ ..?]
And this list may be augmented. Any suggestions ..?

Yes this is again a call for humanity-serving research by aspiring [is the key word] young [of mind!!] intelligence/crypto analysts that want to become Prominent through an [I think] extensive combo of straight-on crypto analysis with not much to work on and no cleartext, history with scant [operational-detail level] evidence to paint [autonotsocorrect turned that into Paint but that’s quite another Nobel Prize worthy invention] a context, and multi-method evidence gathering and multifaceted analysis methods. A bit like real analysts’ life. Pascal’s Wager on the existence of the latter.
Would love to see e.g., stego analysis, too. ‘No milk traces ..?’

Or just use it as generic analyst training assignments and see what they come up with. If nothin: whatev’, they’ve learned to try and not succeed: a valuable lesson. If by any chance they’d find something: great!!
Though I doubt whether I’d want to live in a world where every unknown gets known. Too disenchanting. Luckily, politician’s brains are/create ever more unfathomable mystery qua ways of not being sane. I’ll stop now. You start cracking!

In the mean time, for your viewing pleasure:

[Unedited; suitable agencies and their students not too far off from here, right?]

NAIvier-Stokes’y solutions

Haven’t studied it yet, but it seems that this has finally been ‘done’, in this
Navier-Stokes, one of the ones that was apparently unsolvable [in a final form type of way], now has “AI” solutions.

Yeay!

And

[Would make an ideal remote-office; just North of Siena]

Straight-Through-RPA ..?

Correct me if I’m wrong [… dear reader, if there is any one] – I seem to have missed in the brief on RPA:

  • It generates human position (fte-replacing) point solutions for workflow automation for transactions that can be interpolated in the training set(s), doing very little in the full stretch of Straight-Through Processing (yes I happened to have been around in the ’90s/’00s) or at max taking it step by step;
  • It does nothing for ‘outliers’ outside the training set(s) as these are doomed to be mistreated;
  • Happenstance circumstances may fill the training set(s) but clarity re seasonal patterns, specific (marketing et al.) actions, etc., is missing;
  • Clarity re the correctness of transactions (often screen-scraped) for the training set(s) is lacking;
  • When taken in a series of sub-implementations, may help in STP;
  • RPAAI (Unassisted RPA, with (only now?) an ‘AI’ component) may go just a little further but not much [as per above].

Not a problem, if one is a consultant selling this stuff. A problem,

  • When not if one is to be replaced (in total, or for a major part of one’s job) by some API contraption
  • OR when one’s dependent on less-than-perfect implementation and hence outcomes for one’s free life (the AI bias issue again, buried / token/scapegoat human)
  • OR when one’s a concerned member of society seeing already waaay too much sh<third-person pronoun> being automated with too little reason compared to the crippling (to be) dependence on brittle automation. Because it’s brittle by design, being designed by humans to be optimal for the situation in the blip of the moment that it was [designed].

Shall we pull this and this out of the bag, maybe?
Oh, and this:

[Oh really; Salz’ again ..?]

Not wasting a good crisis in BCM

There seems to (have) be(en) something of a crisis of late, or a pandemic or what had we. All of the world was disrupted, either through the course or – much more often – through the countermeasures taken.

Considering that in fact, apart from the industries (still) locked down for various reasons (regardless of the validity), all seem to have coped quite well, this would for the BCM community out there, or in your organization, … quite bad.
Since the overriding argument now is: “Hey even in an all-out global pandemic when we didn’t have anything near the sketchiest sketch of a proper Plan B for this scenario[1], things worked out just fine..! Even some Boaty McBoatface in the Suez Canal was worse.” Good luck using the pandemic as an argument for more budget.

Or …
Have you already figured out how to not let this good crisis go to waste for once?
And even then it’ll still be hard: “Yes, it turned out that a global pandemic we manage easily, but for something one to three scales less big that might in theory hit us only, we’ll need mucho more budget.” – You may be good a BCM, but less so at Sales… I’d advise to pick up ransomware as an argument. Not the cause(s), but the effects that can have many other causes as well. Since you don’t care what the cause might be but want to fight the consequences, right?

Also … anti-fragile:
On a second note, qua BCM: Did you take sufficient notice that over the past couple of years, the trend and hence executive expectation is shifting from ‘mere’ fall-back and struggling on till some distant future restore to the old (sic) ‘normal’, towards actual resilience, robustness, losing not much in Plan B mode, even ending in anti-fragility as defined by Taleb (as being better off by using the crisis as crowbar to change for the better e.g., your business processes or even make strategic turns)?
[You now deserve a short sentence since the last one was way too long]

This will require a Plan B at systems level. Not per element like the old IT-type ‘system’ definition but overall; have a totally different ‘business canvas’ if the old way of working is defective vis-à-vis circumstances. Like restaurants during the last crisis: Some (upper end of market hence quality critical) of them successfully switched to home delivery with only parts of the kitchen processes remaining as they were. Sometimes doing as before or even better, financially. Though they opened up again as soon as they could; they’re in that business of delivering fine dining at their (high-service orientedly staffed and appropriately decorated) place(s), not UberEats. The unsuccessful ones stayed too close to how they did things before, and suffered.
The same, for schools of the upper tiers qua pretension of academic elevation. Some switched to the closest they could remain to classroom (even blackboard) broadcasting, losing many essential educational experiences; e.g., physical closeness – it’s not all about knowledge but much more about social development and physical … education; and a proper (sic) ability to field questions and discuss among many (sic).

Others, the (will show to be) successful ones, evaluated the concept of education and how to deliver it, and rightly concluded that the core is not served by moving onto Zoom or, the horror, Teams, but by integrating non-classroom education in a broader perspective – which will mean devastatingly lower tuition fee levying possibilities but a better all-round educated body of alumni. And quite some efficiencies, serving globally instead of just the previous infinitesimal fraction of the (quality / pre-educated) potential enrolment. With nice tie-ins for highly efficient (for the institution! reasonable income over minimal outlays) graduation sprints.

Your call
What will you focus on: What to do when yesterday’s Problems hit, or do that on the fly when planning for the jumps forward and the repivots (at full-enterprise scale) to be done when under pressure everything becomes fluid..?
Given that grave (by impact) variance in any organisation[2], its uncountably many foreseeable or black swan variables in the environment that all have such second-order variance in magnitudes and frequencies (sometimes in covariance either positive or negative, sometimes not), and too much lapidary heaping of qualifiers is in this sentence already and it’s getting too long, we better improve BCM by … not dreaming up just a enormous number of new scenarios to run through, paper-based, and devise solution sketches for. We’d better do better.

Like, take one step more back, and get the helicopter view over what the business is for. The mission that’s in the vision (as here, not as it is commonly mistaken). Then, you’ll see far better alternatives for the way business has operated so far.
This mode and details of operation may be quite OK so far now it has grown from some past situation to the current one, just like evolution can in organisms (the things that grow out of compounds of ‘organs’ all too similar to your body, unless you’re a bot) grow new solutions but only from the base case that went before and with some resilience (I now realise) from the past optimal organisation. But in case of shock, much more variation may be required. Yes, many more individual organisms/sations may not make the phenotypical transition and go to ashes, to dust.

But if you had prepared yourself for something on this scale – and had taken as cost of doing business / staying in business / cushion, the submaximalisation of profits that were and are the flip side of building reserves and reserve change capacity ..!! – you’ll be the ones to survive, either through survival of the fattest (retained dividends…) or survival of the quickest[3].
So, I’d suggest you start that ‘governance’ level awareness training with all stakeholders to dream about the actual future not just the rosy-case scenarios. Which is fun I can tell you, and may lead to more mature investments, by the attendants too towards their personal finances …

Hey, ‘crisis’ is a neutral term, pointing at a situation which is decisive for some future direction..! Comp. ‘critical condition’ in medicine: could go wrong, could go right, it’s in the balance. Go push for the positive!

And for your viewing pleasure:

[Dat 70s architecture; Les Menuires]
[1] Excepting those that had something old Avian Flu-like plans buried somewhere in annex Z of their BCPs; probably didn’t think of the massive work-from-home that was pulled off now.
[2] Don’t try to correct me; this is the original UK English we’re talking.
[3] In the sense of ‘the quick and the dead’; quick as in quicksilver’y agile [not Agile which is <Calcified Bureaucracy>^3].