Blog

Not books, by Quote

Ah, some loose ends this time, quotes, not as much Books by ~ but nevertheless worthwhile, I think. Some in Dutch, but you’ll manage to understand them …?

Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly, and applying the wrong remedies (Groucho Marx)

The difference between pizza and your opinion is that I asked for pizza.

In De gezonde samenleving suggereert de Duits-Amerikaanse psycholoog en filosoof Erich Fromm (1900-1980) dat mensen zo geobsedeerd zijn door veiligheid omdat de vervreemde enkeling verlangt naar conformiteit en zich daardoor juist steeds onzekerder voelt. Volgens Fromm hebben mensen in de kapitalistische samenleving steeds meer het gevoel gekregen dat ze geen problemen, zorgen of twijfels zouden hoeven te hebben, en dat als ze geen risico’s nemen, ze zich veilig zouden moeten voelen. Hij vindt dit een dubieuze overtuiging. Net zoals actieve en betrokken mensen verdriet of pijn niet kunnen vermijden, zo moet iemand die nadenkt onzekerheid kunnen verdragen zonder in paniek te raken. (Timon Meynen, Filosofie scheurkalender 25 december 2013)

‘Heb de moed je eigen verstand te gebruiken’ (Sapere aude) is het motto van de Verlichting geworden. De uitspraak komt uit het essay Beantwoording van de vraag: Wat is Verlichting? Van Immanuel Kant (1724-1804), die een van de laatste en grootste verlichtingsfilosofen was. De Verlichting hield volgens hem in ‘dat de mens zijn door hemzelf veroorzaakte onmondigheid achter zich laat. Onmondigheid is het onvermogen je verstand te gebruiken zonder de leiding van een ander. Aan jezelf te wijten is deze onmondigheid wanneer de oorzaak ervan niet een gebrek aan verstand is, maar een gebrek aan vastberadenheid en aan moed om hier zonder andermans leiding gebruik van te maken.’ (Suzan Derksen, Filosofie scheurkalender 18 december 2013)

No look at philosopies of death would be complete without a visit to the twentieth century existentialists, who saw non-existing as a companion piece to existing – sort of like a matched set. So we’ll check in on Martin Heidegger and Jean-Paul Sartre, who tried to look unflinchingly at deadness. Heidegger claimed we actually need the anxiety of death to keep us from falling into ‘everydayness’, a state in which we’re only half alive, living with a deadening illusion. (Thomas Cathcart, Daniel Klein, Heidegger and a Hippo Walk Through Those Pearly Gates, p.6)

And a picture for your viewing pleasure:DSCN2075
[Maybe not pearly, Barça]

According to Becker, the only way most of us deal with this situation is delusion – in fact, the Big Delusion. The B.D. is the basic human drive, … and it gives rise to ‘immortality systems’, non-rational belief structures that give us a way to believe we’re immortal. There’s the ever-popular strategy of identifying ourselves with a tribe, race, or nation that lives on into the indefinite future, with us somehow a part of it. Then there’s the immortality-through-art system, in which the artist foresees her work enduring forever, and therefore herself immortalized too – in the pantheon of Great Artists or, at the very least, as a signature at the bottom of a sunset landscape propped up in a corner of her grandchildren’s attick. Then there are the top-of-the-market immortality systems enshrined in the world’s religions, ranging from living on as part of the cosmic energy in the East to sailing off to be with Jesus in the West. At a less lofty level, there is the immortality-through-wealth system. This one provides us with a nifty life goal to wake up to every morning: go get more money. That way we don’t have to think about the Final Bottom Line. (Thomas Cathcart, Daniel Klein, Heidegger and a Hippo Walk Through Those Pearly Gates, pp.14-15)

I always wanted to be somebody. Now I see that I should have been more specific. (Lily Tomlin in Thomas Cathcart, Daniel Klein, Heidegger and a Hippo Walk Through Those Pearly Gates, p.40)

Sam and Joe, two elderly gents, were talking on a park bench. Sad Sam, ‘Oy, all my life, one trouble after another. A business that went bankrupt, a sickly wife, a thief for a son. Sometimes I’d think I’d be better off dead.’ Joe: ‘I know what you mean, Sam.’ Sam: ‘Better yet, I wish I’d never been born.’ Joe: ‘Yeah, but who had such luck? Maybe one in ten thousand?’ (Thomas Cathcart, Daniel Klein, Heidegger and a Hippo Walk Through Those Pearly Gates, pp. 48-49)

Eternity is very long, especially near the end (Woody Allen)

In vele – met name Engelse – overzichten wordt het typisch Duitse onderscheid tussen lage beschaving (Zivilisation) en hoge cultuur (Kultur) aan Johann Gottfried Herder (1744-1803) toegeschreven. Maar de oudste formulering van de tegenstelling is waarschijnlijk van Immanuel Kant (1724-1804). Beschaving of civilisatie, … draait om het aanleren van goede manieren, nodig voor de dagelijkse omgang – een kwestie van uiterlijkheden. Maar cultuur draait om ‘de idee van de moraliteit’. Dan gaat het om innerlijke gerichtheid op het goede: dat wat uit overtuiging gedaan moet worden. (Jan Dirk Snel; Filosofie scheurkalender 17-9-2013)

We zijn tot vervelens toe geciviliseerd tot allerlei uitingen van maatschappelijke vleierij en fatsoen. (Immanuel Kant, Idee zu einer allgemeinen Geschichte in weltbürgerlicher Absicht, 1784)

InfoSe€€€

DSCN5667
[Infra to use, to protect]

On then, with the dream of rational (i.e., ‘cost-effective’) information security control selection. Apart from the definitions, distinctions and boundaries between operations management, information management, data management, information security, IT security, business continuity management, etc. – I don’t really care, they all end up with the same sort of ‘risk analysis’ quod non (see earlier posts, the most prominent being this one) and a sort of afterburner about weighing costs versus benefits of controls to be put in place. Nothing on all the stuff I discussed in that prominent post; the time-sensitive chances, impacts and effectivenesses of threats, vulnerabilities, controls individually and in interactions, feedforward and feedback loops, the enormity of lack of reliable data and the overwhelming noise and error this introduces into any calculation.
And nothing on how one should go about estimating the costs of controls vis-à-vis their effectiveness. Because that’s even harder to do, when one has continuous but very often hardly-quantifiable costs of controls individually let alone in conjunction with others (all with costs varying in time, again, too ..!).

Continue reading “InfoSe€€€”

Awful wareness

A shortie, once again. Through

I was triggered to add some Awwww areness sauce to my previous snippets on security. Will do. Pete Herzog’s idea in

will also get a place.
And an archi pic for your viewing pleasure:
DSCN5735
[Gran Via, what else]

Bias Time (7 of 9)

DSCN0443
[Spiritual enlightenment]

Yes, it’s bias time again. The seventh of the series of biases that you, yes you, have. Even if you are aware of these, and even if you consciously try to correct for them to be, heh, ‘objective’, as in what e.g. auditors pursue, you will fail.

Informal fallacies

  • Argument from repetition (argumentum ad nauseam): signifies that it has been discussed extensively (possibly by different people) until nobody cares to discuss it anymore
  • Appeal to ridicule: a specific type of appeal to emotion where an argument is made by presenting the opponent’s argument in a way that makes it appear ridiculous
  • Argument from ignorance (appeal to ignorance): The fallacy of assuming that something is true/false because it has not been proven false/true. For example: “The student has failed to prove that he didn’t cheat on the test, therefore he must have cheated on the test.”
  • Begging the question (petitio principii): where the conclusion of an argument is implicitly or explicitly assumed in one of the premises
  • Circular cause and consequence: where the consequence of the phenomenon is claimed to be its root cause
  • Continuum fallacy (fallacy of the beard): appears to demonstrate that two states or conditions cannot be considered distinct (or do not exist at all) because between them there exists a continuum of states. According to the fallacy, differences in quality cannot result from differences in quantity.
  • Correlation does not imply causation (cum hoc ergo propter hoc): a phrase used in the sciences and the statistics to emphasize that correlation between two variables does not imply that one causes the other
  • Demanding negative proof: attempting to avoid the burden of proof for some claim by demanding proof of the contrary from whoever questions that claim
  • Equivocation (No true Scotsman): the misleading use of a term with more than one meaning (by glossing over which meaning is intended at a particular time)
  • Etymological fallacy: which reasons that the original or historical meaning of a word or phrase is necessarily similar to its actual present-day meaning.

Fallacies of distribution

  • Division: where one reasons logically that something true of a thing must also be true of all or some of its parts
  • Composition: where one reasons logically that something true of part of a whole must also be true of the whole
  • Ecological fallacy: inferences about the nature of specific individuals are based solely upon aggregate statistics collected for the group to which those individuals belong
  • Fallacy of many questions (complex question, fallacy of presupposition, loaded question, plurium interrogationum): someone asks a question that presupposes something that has not been proven or accepted by all the people involved. This fallacy is often used rhetorically, so that the question limits direct replies to those that serve the questioner’s agenda.
  • Fallacy of the single cause (“joint effect”, or “causal oversimplification”): occurs when it is assumed that there is one, simple cause of an outcome when in reality it may have been caused by a number of only jointly sufficient causes.
  • False attribution: occurs when an advocate appeals to an irrelevant, unqualified, unidentified, biased or fabricated source in support of an argument
  • Contextomy (Fallacy of quoting out of context): refers to the selective excerpting of words from their original linguistic context in a way that distorts the source’s intended meaning
  • False compromise/middle ground: asserts that a compromise between two positions is correct
  • Gambler’s fallacy: the incorrect belief that the likelihood of a random event can be affected by or predicted from other, independent events
  • Historian’s fallacy: occurs when one assumes that decision makers of the past viewed events from the same perspective and having the same information as those subsequently analyzing the decision. It is not to be confused with presentism, a mode of historical analysis in which present-day ideas (such as moral standards) are projected into the past.
  • Incomplete comparison: where not enough information is provided to make a complete comparison
  • Inconsistent comparison: where different methods of comparison are used, leaving one with a false impression of the whole comparison
  • Intentional fallacy: addresses the assumption that the meaning intended by the author of a literary work is of primary importance
  • Loki’s Wager: the unreasonable insistence that a concept cannot be defined, and therefore cannot be discussed.
  • Moving the goalpost (raising the bar): argument in which evidence presented in response to a specific claim is dismissed and some other (often greater) evidence is demanded
  • Perfect solution fallacy: where an argument assumes that a perfect solution exists and/or that a solution should be rejected because some part of the problem would still exist after it was implemented
  • Post hoc ergo propter hoc: also known as false cause, coincidental correlation or correlation not causation.
  • Proof by verbosity (argumentum verbosium) (proof by intimidation): submission of others to an argument too complex and verbose to reasonably deal with in all its intimate details. see also Gish Gallop and argument from authority.
  • Prosecutor’s fallacy: a low probability of false matches does not mean a low probability of some false match being found
  • Psychologist’s fallacy: occurs when an observer presupposes the objectivity of his own perspective when analyzing a behavioral event
  • Regression fallacy: ascribes cause where none exists. The flaw is failing to account for natural fluctuations. It is frequently a special kind of the post hoc fallacy.
  • Reification (hypostatization): a fallacy of ambiguity, when an abstraction (abstract belief or hypothetical construct) is treated as if it were a concrete, real event or physical entity. In other words, it is the error of treating as a “real thing” something which is not a real thing, but merely an idea.
  • Retrospective determinism (it happened so it was bound to)
  • Special pleading: where a proponent of a position attempts to cite something as an exemption to a generally accepted rule or principle without justifying the exemption
  • Suppressed correlative: an argument which tries to redefine a correlative (two mutually exclusive options) so that one alternative encompasses the other, thus making one alternative impossible
  • Well travelled road effect: estimates of elapsed time is shorter for familiar routes as compared to unfamiliar routes which are of equal or lesser duration.
  • Wrong direction: where cause and effect are reversed. The cause is said to be the effect and vice versa.

On APTs

DSCN4198
[Easy to get in. Valencia]

Suddenly, an uproar over this Mask APT that appears to have been around for seven years. Oh. Not much of an uproar. Also not over this.

Some may remember my prediction, from way back i.e. two months ago [not even going to put in links; just browse the Predictions category of posts], that 2014 would be the year of APTs, among others. Now, I almost feel that it isn’t 2014 but just January. Too bad!

Or, if you would want to shed light on this, do comment.

Hardcore, (Information) Security pieces

DSCN1599
[Meant as gateway, not closure]

Earlier, as in here, here and here, and other places apart from these, I floated the idea of redesigning the way we tackle the core of Information security. Unfortunately, I don’t have sufficient time (yet!) in lunch breaks to get it all together in one big white paper hence I’ll drop some elements here, again.

I’ll keep working on collecting loose ends, so when I find time, I can integrate it all, including your comments, of which I have received so much. Not so much. As one. Single. Comment.

Herewith, then, to start off, a picture I took from … somewhere, probably the ISACA site somewhere. I’ll work from this, structuring the story line from top to bottom, first how we do it now (kindergarten level, with the pretense, pomp and circumstance of high priests doing high art), next, how it should be done ndash; qualitatively, vaguely, massaging off the rough edges and not being able to do much more except for the hardest cores of security (Remember the pyramid I presented? Read up via the above links).
COSO_2013_ISO_31000-english

Also, I’ll drill down a bit on the design of controls, according the lines sketched earlier (yup, see links again) and using an augmented [By me; disclaimer [Huh? When it’s by me: Why …!?]: *value may not be included] anti-fraud matrix à la:
Anti-F 1
Which will have an advice that visually is something like this, of course:
Anti-F 2
which is very different from the usual “Uhhhh, dunno, do we have a Motivation or Rationalisation here, dude..? Can’t progress until we figure out.” i.e. is design and action oriented.
But then, this matrix will be overlaid (third dimension) on the SABSA matrix I guess. Though I’ll make it very clear that SABSA is all very well, but very much focused on the bottom layers of itself only, the bottom layers of the InfoSec pyramid I sketched. And, upwards, there’s much methodological confusion. In particular re its Information and Conceptual / Context / Wisdom definitions and placements.

And of course I’ll throw in a bit of ABAC referring to this.

OK. Time’s up!

Which means I welcome your comments. One may dream, right …?

A few bits of hope, a lot of redundancy

DSCN1926
[Perfectly doable, for a machine/computer, very soon. Barça harbour.]

Along flew a tweet on this insightful piece.

Providing some leftover bits of hope that there will be a humanity that can sustain itself, in various marginal ways. Glad that we don’t need to be drones (and other links) ‘anymore’… As long as we can outpace AI, which we may lose control over soon.

Exit homo sapiens sapiens. Entrat Singularity, artefactum sapiens sapiens sapiens.

Maverisk / Étoiles du Nord