Blog

Errrm, how to brick your car/office…

Though it was inevitable, this has arrived. The FourSixteen. Details and official pics here.
Which is of course all good; especially for the trickle down from the insane yet moneyed (re: the price tag) – note that I don’t mention ‘wealthy’ as that would refer to cultural development or common ethics and decency, that anyone seriously looking into this vehicle wouldn’t have – to the shop workers and onwards.

But in these Maker times … How would one go about modding one’s Prius ..? And how would one call a less-than-successful job at that? Bricking your ride..?

Anyway, totally (un)related, I’ll leave you with your mobile office:
20140917_144502[1]
[Yes it does have an office work bench for you. And wifi, once you plug in (??) a router]

Note (bank-, bankable); ICYMI

Hmmmmm… Who would be able to mine the easy pickings already, in the Bitcoin world ..? Who has sufficient resources, old-money wise and miners wise ..?

As the firsts through the gate may gain an insurmountable head start at the game of the future. Also, re this on the as yet ill-understood, hardly visible / overseeable spin-off world. DACs are just one part. When incumbent countries’ / nations’ and supra-governments find themselves competing not only with each other but also with anon societies existing virtually (non-geographically – though in the end, physical servers will have to be somewhere), will the latter be re-invented like wheels, with or without preventing the failures of history …?

Since it will be very interesting, sociologically, but still years away (I think…), this:
??????????[Guess where. Netherlands]

Balloons, for joy and instruction

Anyone having an inkling of what the Second-Biggest G is about, knows about their conferences, about their ‘magic’ quadrants (despite the debunking of late; apparently one could pay oneself to the top right…), and about their infamous Hype cycle.

DSCN6170[What one needed to fight Siegfried King of the Netherlands of Xanten]
Bam, there’s your daily pic again, not unexpectedly I hope.

Well then. About hype cycles. You know them. And maybe have a laugh. Or not, and study them for the buzzwords you didn’t know yet.
But would you believe them; would you trust the predictions inherent in them? Probably not. And would you check on the predictions of years past ..? Probably not, also.

Turns out… Yours Truly was busy doing that, collecting data all the way back to 2008, and figuring out a way to graph the data. Which didn’t work too smoothly so I wanted to revert to first analyzing the data I had.
Turns out… Someone else already did the collection part, and the analysis part, too. As in this post; recommended reading.

After which I dropped it; no need to analyse. But to synthesize, there’s still a bit on the table:

  • Why do so and how many ;-| still ‘believe’ the hype cycles, look into them, and cheer when their favourite hypes are listed, somewhat ‘faithfully’..? Probably because the visualization is so strong, capturing so much essence in one pic. And because apparently people need such guidance ..?
  • How come so many of the hypes mentioned, fall flat ..? Or is it a matter of a lot of buck shot in the air, hoping a duck may fly through it ..? Which may also not be a bad thing if this would be clearer, as a caveat. Oh; I already found part of the answer in this Tim Harford post. This one on maps, too.
  • Why can’t people pick up the hypes much faster, as there’s obvious business profit in many of them ..? In particular, when so many fall off the radar, one would expect vigilant companies to profit from such new developments falling off their competitors’ radars. Just find a way to make it all work, for which you could even take a couple of years in skunk works, and then reap the benefits. Oh … – of a first mover; which may be too little too short to recoup the ploughing-through-development investments. As first movers are so often outdone by second-and-(much-)improved movers.

And yet, stil I feel there’s much more left on the table than one would need or certainly want to leave there. Once progress is identified, it better be brought on as quickly as possible.
At the scale as things are on the hcycle. Because the ethical ramifications play at a bigger scale. Wouldn’t 2nd-biggest G be interested to make a cycle of those issues ..? Think self-driving cars, ubiquitous/ambient data collection & storage & analysis, Bitcoin-et-al’s subversion of geography-based governments. You name it. A lot to cover &nndash; maybe requiring much more research into what’s at play and how the discussions progress, but still, very much worthwhile I guess. Beyond the tech hype’lets that fall off the bandwagon so easily. Towards prediction proper of where society’/ie’s heading…

At least, you can have your PIA

Privacy Impact Assessments are treated much too much as an assumption in (new European regulations’) privacy-anything these days. Yes, PIAs are a critical step, on the very critical path towards compliance in substance. Since when they aren’t done well if at all done with any true attention and intention, your compliance effort will fail, if not formally then in practice – with equal serious break-your-business high-probability risks.

First, this:
20140905_201502[Heaps upon Sea again indeed]

The point being; PIAs should be done with an actual interest in privacy (of stakeholders) protection. When done less than full-heartedly, the results have hardly any value. Because that would demonstrate one doesn’t understand the ethic imperatives of privacy protection in the first place. From which would follow all required (other) policies and measures would be half-hearted, ill-focused, and sloppily implemented ‘as well’. Which isn’t the stretch of reasoning you picked up on first reading this…

And then, a great many organisations don’t even start with PIAs, they just jump in at all angles and steps. With PIAs still being required, not full-heartedly carried out somewhere during or after the fact,where all the rest is implemented on assumptions that will not be met.

To which I would add: In the above, ‘you’ regards the ones in control (“governance”, to use that insult) at organisations that would have to be compliant. Not you the advisors/consultants, internally (in 2nd and 3rd LoDs) or externally, that push organisations. [Don’t! Just tell, record, and after the disaster ‘told you so’ them. There’s no use at all kicking this dead horse.]
But oh well, why am I writing this? Why am I hinting at ethics in your governance? That’s an oxymoron at your organization – do you claim to have the one or the other?

Feel free to contact if you’d like to remedy at least this part of your Privacy non-compliance…

Arms reversion (flipping); your call

Would anyone have the official name for a tactics switch leading to a collapse of an arms’ race ..?
I was triggered by this recent post about some gang(s) using low-tech but somewhat-sophisticated pencil-and-paper crypto in stead of the highest tech burner phones etc. (or did they also use those). To which many commented that probably, the code should be (very) easily crackable even if all of the many safeguards were upheld.
(But also, dropping a physical USB stick at a (physical) watering hole (or desk, or handout point, or street corner pavement) also circumvents a great many fab network entry safeguards of the firewall kind, in particular when APT technology, stamina and dedication, and tailoring is involved.)

But then, what if the codes were good enough; time-based security still can work, and the adversaries (gov’t) weren’t overly capable in this, apparently. And one can also think back of what happened to the stealth fighter-bombers that suddenly showed to be vulnerable to detection by not the highest-tech radars but the decades old low-freq stuff e.g. the ‘Soviets’ had stored one day behind the Ural.
Sort of an arms’ race that has gone to such did-did not length that in the buildup, a sudden flip to old technique and old tactics / operations may undercut the sophistication of the other in an off-guard way. Maybe not allowable per arm wrestling rules, but arms’ races are a different ball game everywhere; no honour involved, weaseling allowed and winner takes all for the time being.

How would that be called..? Flipping? Reversion ..? I’m really interested. About your thoughts, too. E.g., how can one use this to improve security (‘pentesting’ yourself against such flips / reversions), on the Internet and elsewhere. Hope to hear!
I’ll leave you with:
DSCN6729[A fordable river, at Cordoba]

Wired / Tired / Expired, October 2014 edition

DSCN6765[Ah, what a pleasant fortress! Córdoba]

Yes here’s the October edition of my Wired / Tired / Expired jargon watch overviews, a mixed bag again:

WIRED TIRED EXPIRED
Stealthy introductions Gartner Hype Cycles Apple Product (Launch) Events
Let the products speak for themselves, let them grow organically around the globe, don’t try in vein (sic) to go viral or so. Be happy with moderate growth as it will be sustainable so much, much longer. Don’t believe this hype … Will have a separate post on this in the near future. Nothing new; all hyped and epiphany only for the fast-shrinking few simpleton acolytes left…
Smart analysis integrated into regular audits Process Analysis Big Data
Like, let the process analysis take its place in the Understanding the Business part of any audit. No craze, just helpful in all sorts of directions (including early-on advisory work). For it’s own sake, no more. Not accepted, not acceptable anymore. Meh. If less than a yottabyte, not it. Tools in place, again the other 99.9999% of work to be done is human; which is not available in sufficiently intelligent, sufficiently large numbers. Hence, fails beyond the tiniest of anecdotal finds.
InfoSec groundswell / tsunami Hyping APTs, megaleaks RO(S)I, ISO, et al.
No more top-down, just bottom-up, by guerilla even if needed, but with a desperate need to improve by all (not granted) means and authorizations necessary. Doing, not waiting (not) to be allowed. Oh my! The Sky Is Falling! No more. APTs are still around, yes, vastly more than ever before; megaleaks of the data breach kind and of the Snowden kind, ditto. But nobody listens anymore so why dwell on these? Ah, the passé methods of yesteryears… Didn’t work. Didn’t fit with InfoSec, do still fit with corporate policy but who cares; if there’s no match, nothing will result. If you still try to match, also nothing (serious in InfoSec terms) will result.
3rd Platform Software Defined BYOD/CYOD
Where the first was Mainframes, the second one Client/Server. Now // Just a way to cement the bricks of your architecture. Well, there’s so much work in here if one’d want to do this right but few! the effort, I don’t want to think of this too much. Done deal. BYOD; CYOD’s not going to fly (discussed earlier, somewhere on this site; use the search, Luke!).
Ello Snapchat Whatsapp
Well, qua hype. Otherwise, very very maybe still Nice ‘n quick, but has it gained enough traction ..? Even your old, 30+ relatives use it now. If (dinosaur) Then (expired).
Ideate Empathy UX
Being creative and coming up with new ideas, needed its separate buzzword. Well, maybe. Will age quickly I guess. Yes all companies still need it, but none have a clue. Here I was wondering what all these flimsy design-types had to do with Unix. Turns out, it’s user experience – above good design, but stumbling till you accidentally hit something good, isn’t It. Has never been. But is; expired.
Don’t care about illegal downloads Chase the most petty, pityful of “illegal” downloaders only Push a U2 album
Just because your business model doesn’t depend on levying silly huge distribution costs. You know, trying to wring millions out of the poor that otherwise would not buy scrap from you, while you know the damages are 99.999% into the lawyer’s pockets only. Ah, the FAIL …! This deserves a (cultural) backlash flogging by the billions (yes) that weren’t interested…
Locally produced, biodynamic even but without the zeal Super foods Don’t Care
Yes one can eat/drink healthily but don’t need the fanatism. Just somewhat less, quite a bit healthier produced (full supply chain including externalities), and varied. Quod non; as proven over and over again. After so many, many failed attempts, don’t numbly try again; you’ll fail for sure. Eating all the preservatives and sweeteners, too much of it all, just isn’t ‘permissible’ anymore.
Decently colourful Normcore bland Grey all the way
Yes even in Fall/Autumn, there’s many colours (not colors) that fit the season and are cheerful and bright. It already looks formless, has the colours to match: Why? Duh, that was last year’s one big great miss without purpose.

OK, any suggestions for next month’s edition ..?

Postdictions 2014-III

A progress report on the Predictions 2014 I made in several posts here, at the end of Q3.
I gathered some evidence, but probably you have much more of that re the items below. Do please raise your hand / comment with links; I’ll attribute my sources ;-]

First, of course, a picture:

[Iron fist, not often seen (by tourists anyway), Pistoia]
So, there they are, with the items collected from several posts and already updated once and twice before in this:

Trust Well, there’s this, and this on the financial penalties of trusting your assurance provider…
Identity See previous re the value of certificates. Otherwise, not much news this quarter.
Things The hackability of all sorts of home appliances has already become some sort of Mehhh… And apparently, there’s a spin-off in the IoBT …?
And there’s progress in the auxiliary channels/architectures… as here and here.
Social Not much. Some Ello bits, though. And more in the AI arena, as this shows.
Mobile Has gone to the Expired phase.
Analytics Wow, this one’s moving into the Through of Disillusionment quickly! Now get it to jump out at the other hand, as quickly.
Cloud Mehhh, indeed. May be in the Through of Disillusionment, or has gone into been there, done the grit work, no-one’s interested anymore.
Demise of ERP, the Turns out it’s very hard to fill vacancies in this arena, isn’t it? Due to the boredom to death surrounding them.
InfoSec on the steep rise Even if we haven’t seen enough on this!

On APTs: Only the most interesting hack attacks get into the news these days. Turns out they’re all this kind.
On certification vulnerabilities: In hiding. Still there. Ssssht, will hit. Suddenly.
On crypto-failures, in the implementations: Not much; passé.
On quantum computing: – still not too much –
On methodological renewal; as it was: Some progress here and there, but no ✓ yet.
Deflation of TLD See second link of Trust; Fourth line didn’t work, even.
Subtotal Already, with the previous follow-ups, clearly over 80% as we speak, when discounting for some fall-back here and there.

The faint of heart wouldn’t necessarily want to speak the bold characters out loud.
See you at the end of the year ..!

Regulation Renegation Abomi nation

So, after privacy-enhancing regulations finally got some traction here and there – mentally, hardly in implementation yet – we’re getting the full bucketloads of bovine-produced fertilizer regarding adapted protection through ‘Data Use Regulation’.
Which already throws back actual regulation in intent and in the letter of it. But has many more nefarious consequences… As is in this article; couldn’t word it better.

We should be vigilant …

For now, I’ll leave you with this:
DSCN7182[A spectacle, Jerez]

Maverisk / Étoiles du Nord