Blog – Page 111 – Maverisk / Étoiles du Nord

ID card house coming down

With the ‘eavesdropping’ or whatshallwecallit of the German Defense Minister’s fingerprint, it seems that yet another card was pulled from the infosec card house of solutions. It looks like a distant relative in infosec land, on the ID side, has faltered. Or, has shown to be not 100% perfect. Dunno if that is newsworthy; apparently is.
Though apparently, in unrelated (?) news reports, not all tools out there have (yet) been cracked by TLAs. With Tor and Truecrypt as shining examples, but haven’t vulnerabilities in the schemes of those been demonstrated (at least theoretically)? So, are the leaked documents just bait to pull in as many ‘script’/privacy kiddies into environments where they actually can be tracked? If the leaked docu are false admittance of uncrackability … who can you trust, then?

Or is it all The Return To Normalcy, where we know all and every tool and method are not 100% perfect, let alone in themselves, and we will have to return to do a risk weighing for every action we take – allowing the Other Side(s) to also be relatively lax and fetch only the clearest of wrong-doer signals. This would require:

the boys-cried-wolf to tone down a little. Maybe selling less tools, maybe achieving more by more carefully spending the budget; a Win;
the n00b and drone mob users (think @pple users and like meek followers) to raise their constant awareness; a Win;
the ‘adversaries’ to not want to be perfect Big Brothers. Hard, to admit, and to not utterly destroy human rights, but necessary and sobering; a half Win.

So, … this card house tumble may turn out to be Progress.
I’ll leave you with:
[Fragile new, sturdy old; Cologne]

Going out / in

A final note … was meant to have some celebratory spirit. But maybe it’s also a looking-back bit in a sense, if you read between the lines; of the mess we’ve made of the world.
But then, it is a view on the actual, concrete and very Urgent problems we face in the near future, from (?) the here-and-now. So… read, and revel in the prospects of real societal progress that is possible – if all of us chip in and do something. Go ahead!

[In Strasbourg, this part of a Solution was there long before the big part of the Problem was started there and in Burssels…]

Golden Oldie Pic of the Day

So, before leaving 2014 to its own devices and historians’ misinterpretations into all directions (un)thinkable, here’s this for you:

Shortie: Trickle Down

Most of you know I (dis)like Mandeville’s argument that the vices of the richest are what society lives on/off. Suddenly, the TD-effect (which may very well sound like an ugly STD) falls into place in my schemes:

Or, as in the original formulation:

Which of course at the other end looked like:

Solution

I think I have the solution to this one but unfortunately the Internet is too small to write it down.

Golden oldie pic of the day

How’zat for Open Source … (Hi #Jolla fans like @meneer …!). It’s all about balance. Take Apple, and many others. Balance. Really – because open source developers need to push a little further to get past this:

Postdictions 2014-IV and Final

A progress report on the Predictions 2014 I made in several posts here, at the end of the year. So, going for final verdicts. And quite a score and end result…
I gathered some evidence, but probably you have much more of that re the items below. Do please raise your hand / comment with links; I’ll attribute my sources ;-]

First, of course, a picture:
20141027_131258_HDR[3]
[Yes this one one more time, as the future’s the flip side of the past …]

So, there they are, with the items collected from several posts and already updated several times before hence I’ll just highlight a few things:

Trust

✓ And double-check. Maybe the issue slowed in attention over the course of the year, but… intermediate and final kickers make this one a true ✓

Identity

Hmmm, recurrent issues with strength of pwd methodologies, but for the rest… oh there’s XYZcoin with its trust-through-maximum-distribution-and-maximum-anonymity …! ✓

Things

Oh absolutely ✓ Or you’re surfing blind. Is that an expression, yet ..?

Social

Ello, Viv, etc., and for the rest, it has all been Business As Usual. Which makes it a ✓

Mobile

Has truly gone to the Expired phase when all-platform(-agnostic) design has come and gone as a hype and has turned into a basic requirement. ✓

Analytics

After the evangelists, now into the BAU lands. ✓

Cloud

Mehhh! ✓ It’s Docker that will be next year’s Thing. Note that.

Demise of ERP, the

Have almost heard nothing let alone ‘exiting’ about this. So ✓

InfoSec on the steep rise

Even if we haven’t seen enough on this!

On APTs: Almost the only interesting thing aaround, still. ✓

On certification vulnerabilities: In hiding. Still there. Ssssht, will hit. Suddenly. ✓ without you knowing it.

On crypto-failures, in the implementations: Quite some news in the underwires… you may not have noticed, but the in-crowd has. Definite ✓

On quantum computing: – still not too much – which is something of a surprise. No ✓ here. Despite this late entry.

On methodological renewal; as it was: Some progress here and there, close to a ✓

Deflation of TLD

As per ERP above. ✓ as the logical and methodological failures have prevented anyone to attach oneself to it for risk of looking dumb. Except for the ones still clinging to it, where the risk has materialized…

Subtotal

Well, let’s call it an off the cuff 95%+, being an A+ indeed.

The faint of heart wouldn’t necessarily want to speak the bold characters out loud. And my nerw predictions are out there already; see the December 9th post.
Which leaves me to a link that you may want to get for me, for ‘winning’ my own predictions contest. Thank you!

Careful times

This day and age, one cannot be too careful with one’s digital traces. To the point where normal functioning in modern society is impacted. And then, that’s not enough. Your mere existence may cause trouble by you not being the only one recording your life. As in this here piece…

Which, apart from its many manifest errors of thought on the side of the wannabe good guys that by being absolute n00b sorcerer’s apprentices at best, has this nugget of inhumanity: “The RMV itself was unsympathetic, claiming that it was the accused individual’s “burden” to clear his or her name in the event of any mistakes, and arguing that the pros of protecting the public far outweighed the inconvenience to the wrongly targeted few”. Well, if you think that, you might as well join terrorists in the Middle East; they think the same and wouldn’t be allowed to be at all, in any functioning society.

Well, I’ll stop now before suggesting the ones doing such erroneous thinking should be locked up safely in some asylum of the old kind, and leave you with a calming:
[On how life actually is]

Zippcoin to join

A short note: a new wave is coming in. To join. To rejoice.

This one:
.

Possible, hence probable means

Why did it take so long for this to surface ..?
As the <link> mentions, steganography in images is detectable and tools are around to help – how many of you already use them on a regular basis, in times when LOLcat pics are so abundant (hint(?)) – but wasn’t it too obvious that the Bad (?) Guys knew that, too, before you the pithy defenders?

So, why?
Either the tools are around but not widespread enough, or as <link> suggests, other means might work better. But the other means… are as cumbersome to deploy, continuously, costly, for the short run for the slightest of changes that anything would be leaked in such a sophisticated way whereas we’re nowhere really nowhere near similar near-water-tight deployment of tooling and methodology against much simpler leaking methods. Leaving you in blissful ignorance. ?

Leaving (sic) you with:
[Tarrega door. Shut closed.]