Blog

Coining an answer; Bit-passports

The answer to the final question (“… why the governments didn’t invent this sooner,” he says. “I came up with this over a weekend in my spare time, why didn’t they? …”) in this here very interesting piece, is easy: Enrollment Problem Plus Risk Management.

But still, the idea of using Bitcoin crypto style solutions to the ‘international’ passport problem is useful, and might work. In some way. Not this self-certification one. If you’re aware of how long PGP has been around, you should be aware of all the failures of any form of tribal-cred-branching-out IDs.
And, a great many governments may just not have a sufficiently pressing need for a new passport scheme. The risks of the current model, are known and (again: apparently) manageable.

So I’ll leave you with:
DSCN1415[Apologising calmly. And frequently.]

Hiding or in plain sight (IoT dev’t)

In IoT development, there seems to be a disconnect between the hype and the underlying developments. By which I mean that of course, the hype will not play out according to itself, but according “We overestimate short-term impacts and underestimate the longer-term ones”. But moreover, I also mean that there’s a variety of development speeds for IoT. Since there is various types, categories of IoT developing.
As in this here one of my previous posts.

Oh right away:
DSCN8649
[Your office ‘life’, Zuid-As again]

So… what we’re seeing, is certain differences in speeds:

  • B-inhouse IoT develops rapidly; after some decades of slow introduction of robot-driven factories, we’re on the verge of a breakthrough at less than light speed where the same factories will be linked up to form semi-small, mid-size ‘local’ 3D printing warehouses. Maybe. But certainly, the factories will go the way of data centers, that can be anywhere around the world with only rump staffing locally and control being … anywhere else around the world. With the premise that in the ‘Western’ world, there will be sufficient sufficiently educated staff to control the factories elsewhere. So that ‘manufacturing’ may ‘return’ to the West its origination (Industrial Revolution and since). Nearness of production cutting the costly transport now that labour costs become less relevant, and leaving the most pollutive production where locals still don’t have the economic power to fight the externalities. Short-changing economic development in many places where it had barely started in earnest (no ‘trickle down’ yet). Unbalancing global power developments. We’ll see… Or not; these ‘secret’ in-house developments (in particular, within large conglomerates that can pilot) may not be too visible before their join-or-die breakthrough.
  • B2B IoT: Same, somewhat. Moving ahead with cutting out the middle men, DACcing all around. Pure economics (power play by big corp’s; ROI et al.) will determine speed(s) here. Join-or-die aspects play here, too; less in outright competition but more in missing out in cooperation, being left in the dust.
  • C2B IoT: Out in the open, where all the hype is. No concern – as for secrecy of developments; heaps of concerns re e.g. privacy ..!! Critical Mass (as defined in Yours Truly’s seminal graduation thesis of, already, 1990 (on office automation incl e-mail, where it played then) yes a great many years before it was to be called) Network Effect, or – Tipping Point may be the key point for development fits and starts in this one; in publicity, actual adoption and fruitful use.
  • C-internal: Same. Slower due to legacy. I.e., houses already out there. Some have been around for centuries. Massive update ..? [Edited to add: this here toytoolset seems helpful in this area]

We’ll see…

Still around

Just happy to see that these are still for sale. Would be a reason to go back to Windy City, just to get them at “Marshall Field’s” …!
[Edited to add: the link seems to work properly only if the shipping address is set to the US, on the target site… just search for frango after that… Great show Macy’s for taking the fun out of good memories…]

There, for reference:
DSCN0457[Obviously, would shop there, too]

Flavours of IoT

In my on-going attempts to get a grip on IoT, I recently developed a first, for me … Being a broadest of classification of IoT deployment, with characteristics yet to work on:

  • B-internal; the ever more intelligent, ever more (visually) surroundings-aware robots in factories, replacing extorted laborers thus taking away the last options to life they had. On the other hand, freeing humanity of toils at last ..? If not when there’s a Hegelian end…
  • B2B; having near-AI ‘machines’ as the new middlemen, if at all or incorporated on the sell- or buy-side.
  • C2B; as with most lifelogging e.g., through wearables. You didn’t really think your health data was for your private consumption, did you!? If so, only as a weak collateral product of insurer’s ever better reasons to turn you down the more you need them. No escape.
  • C-internal; maybe, here and there, with domotics. And with this; will already a blend with the previous, probably.

To which I would then add some form of mapping to the various layers of discourse (as in:
blog-iot-security11
but then, much more stacked with OSI-like layers and elements performing various functions like collection, aggregation, abstraction. Seems relevant to do a risk analysis on all those levels and points/connections.
Yes, it’s rather vague, still. But will work on this; to see whether the classification can shed some light on various speeds of adoption, and where privacy concerns et al. may be worst. Your comments, additions and extensions are much welcomed.

I’ll leave you for now, with:
Photo21b[From an old analog to digital time, still SciFi ..?]

Your info – value

Wanted to post something on the value of information. Then, this came out a couple of weeks ago. By way of some sort of outside-in determinant of the value of (some) information… [Oh and this here, too, even more enlightening but for another discussion]

who-has-your-back-copyright-trademark-header
Which appears to be an updated but much shortened version of what I posted earlier. Players disappeared or doesn’t anyone care anymore about the ones dropped out ..?
Anyway.

Yes I wasn’t done. Wanted to add something about information value within ‘regular’ organisations, i.e., not the ones that live off ripping off people of their personal data for profit as their only purpose with collateral damage functionality to lure everyone, would value the information that they thrive on, by looking inside not circling around the perimeter.
I could see that being established via two routes:

  • The indirect avenue, being the re-build costs; what it would cost to acquire the info from scratch. Advantage: It seems somewhat tractable. Drawback: Much info would be missed out on, in particular the unstructured and intangibly stored. Employee experience …!?
  • The direct alley. Not too blind. But still, hard to go through safely. To take stock of all info, to locate it, tag it, among other things, with some form of revenue-increase value. Advantage: Bottom-up, a lot of fte’s to profit from the Augean labor (Hercules’ fifth). Drawback: the same.

OK, moving on. Will come back to this, later.

Short note: Your fridge complains

This here piece is an excellent intro into the next steps for IoT in the C-internal (see the post of the day after tomorrow – negative time now; here it is) market re domotics.
Yes, may have warranted a full repost if it were available in such a format I mean html code…

Anyway, after the read, you may appreciate:
DSCN5466
[For no apparent or other reason. DC, yes.]

Not yet one IoTA; Auditing ‘technology’

[Apologies for the date/time stamp; couldn’t pass.]
First, a pic:
20140226_113554
[Classy classic industrial; Binckhorst]

Recently, I was triggered by an old friend about some speaking engagement of mine a number of years back. As in this deck (in Dutch…).
The point being; we have hardly progressed past the point I mentioned in that, being that ‘we’ auditors, also IT/IS auditors!, didn’t fully adapt to the, then, Stuxnet kind of threats. (Not adopt, adapt; I will be a grammar and semantics n.z. on that.)
As we dwelled in our Administrative view of how to control the world, and commonly though not fully comprehensively, had never learned that the control paradigms there, were but sloppy copies of the control paradigms that Industry had known for a long time already, effectively in the environment of use there. As in this post of mine. Etc.

But guess what – now many years later, we still as a profession haven’t moved past the administrative borders yet. Hence, herewith

A declaration of intent to develop an audit framework for the IoT world.

Yes, there’s a lot of ground to cover. All the way from classification of sensors and networks, up to discussions about privacy, ethics and optimistic/pessimistic (dystopian) views of the Singularity. And all in between that auditors, the right kind, IS auditors with core binary skills and understanding of supra-supra-governance issues, might have to tackle. Can tackle, when with the right methodologies, tools, attitude, and marketing to be able to make a living.

Hm, there’s so much to cover. Will first re-cover, then cover, step by step. All your comments are welcomed already.
[Edited to add: Apparently, at least Checkpoint (of firewall fame oh yes don’t complain I know you do a lot more than that yesterday’s stuff; as here) has some offerings for SCADA security. And so does Netop (here). And of course, Splunk). But admit; that’s not many.]

Meet no more, continuously, and excel

I posted before on the atrocities of current-day meeting practices. And on the changing role of the Document, here.
The latter, provided some thought towards predicting the demise of the former: When we’re connected (at the information level, not mere technically) constantly and continuously, wouldn’t all the errors of meetings be resolved (resolvable) by not having them anymore, or at least, re-styling them in a wholesale manner?
First, a picture:
[Reflections of – the way life used to be (lyrics)]

I mean, all the meeting errors have been allowed to play out because the in-charge’s liked them, for the display of faux leadership caricature they provided. But with the change towards always-on mesh communications, which is do-or-die, the very reasons to have meetings diminishes. Social advantages of meeting F2F, that were collateral ‘damage’, may still be around but in the form of having drinks. Who’d need more? and now recognize the benefits outright, without the formal hassle and hilarious chair and topper pomp.

Though I treasure the value of the Document, if, very big if, it is in itself an attempt to Masterpiece. Which it sometimes is, in organisations, but then, so desperately few would survive public muster. Yes, there’s a trend towards deployment of Narratives everywhere. But that’s not what I mean here. I mean stuff like Books, nuggets of Culture carried through the ages. Where mere documents, even, let alone casual socmed conversations, will leave no (! storage re-use needs, TLA?) trace of your existence. As the Greek Hell beyond the underworld: In the underworld, even the villains were still known by name. But beyond that, in Hell, wailed the spirits of the Forgotten, the nameless. That truly was as bad as hell could get. And, of course, true heroes would attach to the pantheon, become stars and constellations. Do you strive for that, when filling out the TPS report at Initech? If you had to look that up, you’re on the naïve side of young…

Well then, to summarise: Meeting mania is curable, and Documents sharpen our skills. What a blunt conclusion. But don’t blame me when your greatness takes off.

Clustering the future

Was clustering my themes for the future of this blog. Came up with:
Future trend subjects[Sizes, colours, or text sizes not very reflective of the attention the various subjects will get]
Low sophistication tool, eh? Never mind. Do mind, to comment. On the various things that would need to be added. As yes I know, I have left much out of the picture, for brevity purposes. But will want to hear whether I missed major things before I miss them, in next year’s posts. Thank you!
And, for the latter,
DSCN0924[Bah-t’yó! indeed]

Maverisk / Étoiles du Nord