Interesting life, or dissolution

Some lament the cease-and-desist against 23andMe’s personal DNA profiling kit. I don’t, too much.

[Of course, a picture. Belém, Portugal: Into the Great Unknown, quite possibly never to return (in the olden days; for seamen this tower statistically would very probably be the last thing they would ever see of their homeland)]

I can understand that some may want their personal genetic footprint, e.g., when one already has an inkling there may be some bad omens in them but these can be undone by (hopefully not too severe) lifestyle changes. Fair enough.

But already in the ‘not too severe’, there’s a catch.
From history (including ‘worthwhile’ history i.e. folk tale, worthwhile for its life lessons beyond data points on kings and queens that are boring and mostly irrelevant for us today) we learn only the omens that have panned out, not the maybe many more ones that lead to nothing.
So, once one knows one’s personal DNA profile, and if (not when) one would from that know the increases, however slight (sic), in probabilities of all the possible diseases that one could, statistically!, get, one could, theoretically, change one’s lifestyle so pervasively that the chance (!) of outbreak of some disease or ailment could be lowered. By what amount, one is (sic) unsure. For how long one can postpone the ‘inevitable’, same. What to do when life style changes conflict for one future disease as opposed to the other, unknown. That one will die in the end, fact.

And, what would you want from life ..? Even living in the most ‘preventative’ way may not help; one is quite completely unsure about that. What does one sacrifice ..? All life’s pleasures, all one’s freedom ..!
Of course the bigger stupidities that are so clearly unhealthy can be done without.
But where to draw the line? Because preventative behaviour also includes the little things one can do without with some effort; but bad stuff in moderation can be good against some other health risk or one would revert to living on artificial ingredients only (e.g., not wine but only the healthy particles in it; who knows what overdoses, who knows how much is still healthy – re-read the story of Job’s pancreas and that actor that got pancreas problems by Job’s fruitarian diet –, who knows whether artifical ingredients work the same as natural stuff maybe only in combination with other neutral or ‘bad’ stuff… and on and on…)
So one misses the pleasures of life and also is unsure about the benefits.

And would you want to live a miserable life, possibly a little or somewhat longer than a full and enjoyable one? Is that what life is for? Or is one to enjoy life, in moderation preventing the obvious no-no’s, and through that be much happier than otherwise – as if happiness hasn’t been demonstrated to be one darn good preventative medicine in the first place. One might actually live longer by giving everything a little (…) try!
Plus, at what age would one want to change one’s life? Does one bother one’s spouse with all the austerity (probably) implied? What if the life you had, bound you together? Get a divorce, be even more miserable, etc..? And would you force your children to life such a miserable life (certainly compared to the non-believers they play with)? Where does abuse start?

And, the fullness of life is to be cherished and enjoyed. Risks, the fundamental unknow of the future, makes it worthwhile. An angst-driven panicked effort to eradicate all risks, will never succeed. Be reasonable and embrace the risks you can bare. Death will not be a risk but a certainty, and with moderate joy in life, one circumnavigates the stupid mistakes while having a fun trip.

And if you would actually know all that is going to happen to you (otherwise, you could not predict which diseases you’d get ..! think that one through, it works out that way), why live at all? You’d be using up resources without any benefit, you will have lived your life already. Your life would dissolve ..!

So, I have quite some questions that may be answered one by one, but in the end ‘One shouldn’t count arguments, one should weigh them’ (Cicero). Genome testing: ethically limited demand.
[Written up while being generally healthy, enjoying in moderation some, not even ‘all’, pleasures of life.]

Invitation: Responsible disclosure for charities

Staking a claim, and asking for your input! (Again…)

First, a picture to brighten up your day:

[Sevilla, obviously]

There have been many rows in public discussion regarding the spend of charities. Either the moneys received haven’t been spent according to expectation (sic), or the charities’ governors have received (perceived (sic) to be) too high recompense for their efforts and/or costs.

Common denominator is of course lack of transparency upfront that could have set expectations better, and would have demonstrated due diligence and due care. This, beyond the formal bookkeeping disclosures of annual accounts, etc., that apparently are too opaque for the public to understand. Or even for the guardians of public interest; journalists.

So, the invitation is to contribute to a little research study projectlet I’m starting, on responsible disclosure for charities.
To find a model or pointers, by which charity governors may increase transparency towards the general public about the spend of money, without having to cough up all detailed private income data or having to distort sound (fund) spending strategies.
And with sufficient clarity to all, if possible even the dumb masses (not derogatory, but sometimes they appear to be…). This may be a challenge; to clarify strategy without having to cast it in stone and/or dumb it down itself into forseeable ineffectiveness.
First up: Benchmarking governor’s incomes from the charities. E.g., vis-à-vis others’ hours put into the charities, and/or hourly wages. Would that be possible? What would be the standard? (Since simple numbers would lead to a race to the bottom in governor quality!) Etc.

So, any contribution takers …?

Was right: New boat, new database

[Because you knew there would be a picture; Casa de Música, Porto again, saturated]

Just a reminder: Some Larry Ellison guy was derided when he predicted ‘The Network is the Computer’. Look around the streets today; from a smartphone screen/interface end point, where is the computer …? It’s just an extended network, not your typical UTP/RJ45 cable anymore.
Though I don’t worship anyone (see title), we should admit someone’s past far flung prediction was in fact right.

Oracle: Larry needs a new yacht, you need a new database.
To which we should add now: No people are wrong all the time.

Control administration(s)

Before I forget: Some work has been done indeed on translating the industrial process (control) model to the administrative world. ACS’s KAD+ model (in Dutch) is an excellent example – especially the original KAD model at operational level that seems unsupported now. Maybe they are just a bit too far ahead of the curve, too clean-cut, to have found the traction they deserve.

That’s all, folks!
For now. Here’s a picture for your viewing pleasure:

[Alhambra, Granada]
Yeah, next up, some seriously long form blog again.

Control industry

First, a picture for your viewing pleasure; you’ll need it:

[Baltimore inner harbour; rec area]

As a backlogged item, I was to give a little pointer to the design of control in (process-oriented!) industry, from which ‘we’ in the administrative world have taken some clues like sorcerer’s apprentices without due and proper translation and without taking the pitfalls of our botched translation job into account.

To start with, a little overview of the basics of how an industrial process (e.g., mixing paint, or medicine) is done, at the factory floor:

In which we see the main process as a (near- or complete) mathematical function of the input vector (i.e., multiple input categories) continuously (sic) resulting in the output vector which is supposed to come as close to a desired output as possible, continuously, on the parameters that matter. The parameters that matter, and the inputs, are measured by establishing values for parameters that we can actually measure, continuously (sic). With the inputs and outputs of course including secondary and tertiary ‘products’ like waste, heat, etc., and with all elements not being picture perfect but with varying variations off set values (the measuring devices and e.g. process hardware, also will have a fluctuating noise factor).
With the input vector being measured via the feedforward loop (control before anything might deviate) and the output vector being measured through the feedback loop (control by corrective actions, either tuning the process (recipe) or, more commonly, tuning the inputs). And the control function being the (near- or complete) mathematical derivative of the transformation function.
And all measurements being seen as signals; appropriately, as they concern continuous feeds of data.

That’s all, folks. There’s nothing more to it … Unless you consider the humongous number of inputs, outputs and fluctuations possible in all that can be measured – and not. In all elements, disturbances may occur, varying in time. So, you get the typical control room pictures from e.g., oil refineries and nuclear plants.
But there’s a bit more to it. On top of the control loop, secondary (‘tactical’, compared to the ‘operational’ level of which the simple picture speaks) control loop(s) may be stacked that e.g. may ‘decide’ which recipe to use for which desired output (think fuel grades at a refinery), and tertiary (‘strategic’ ..? Or would we reserve that for discrete whole new plants ..?). And there’s the gauges, meters and alarm lights in a dizzying array and display of the complexity of the main transformation function – the transformation function can be very complex! If pictured as a flow chart, it may easily have many tens if not hundreds of all sorts of (direct or time-delayed!) feedforward and feedback loops in itself. Now picture how the internals of that are displayed by measurement instruments…

Let’s put in another picture to freshen up your wiring a little:

[Baltimore, too; part of the business district]

Now then, we seem to have taken over the principles of these control designs into the administrative realm. Which may all be good, as it would be quite appropriate re-use of stuff that has proven to work quite soundly in the industrial process world with all its (physical, quality) risks.
But as latter-day newly trade trained practitioners, we seem to have not considered that there are some fundamental differences between the industrial process world and our bookkeeping world.

One striking difference is that the industrial process world governs continuous processes, with mostly linear (or understandable non-linear) transformation and control functions. Even in the industrial world, non-linearity but also non-continuous (i.e., discrete, in the mathematical sense) signals (sic) cause trouble, runaway processes and process deviations, etc.; these push the limits of the (continuous-, duh)control abilities.
Wouldn’t it be wise, then, if we had taken better care when making a weak shadow copy of the industrial control principles into the discrete administrative world …? Discrete, because even when masses of data points are available, they’re infinitely discrete as compared to continuous signals (that they sometimes were envisaged to represent)? Where was the cross-over from administering basic process / production data to administrating the derivative control measurements, and/or the switch from continous signals captured by sampling maybe (with reconstructability of the original signal being ensured by Shannon’s and other’s theories ..!!), to just discrete sampling without even an attempt to reconstruct(ability) of the original signals?

So we’re left with vastly un- or very sloppily controlled administrative ‘processes’, with major parts of ‘our’ processes being out of our scope of control (as is witnessed by the financial industry’s meltdown of 2007– ..!), non-linear, non-continuous, debilitatingly complex, erroneously governed/controlled (in fact, quod non) in haphazard fashion by all sorts of partial controller (groups) all with their own objectives, varying overwhelming lack of actual ‘process’ knowledge, etc.

Just sayin’. If you would have a usable (!) pointer to literature where the industrial control loop principles were carefully (sic) paradigm-transformed for use in administrative processes, I would be very grateful to hear from you.
And otherwise, I’d like to hear from you, too, for I fear it’ll be a silent time…

The Waning Age of Compliance

[Madrid; danger exites even if quite balanced, safety kills with boredom]

All raise your hands; who thinks we have reached the end of the Age of Compliance …?
Hmmm, not too many hands. Must be because you’re a totalitarian-bureaucratic lot with the illusion that your underling creeping back into the corner approach is equal to being powerful. Ah, power, the one thing you craved so much, out of uncertainty and frustration!

To be true, the Age of Compliance, in ascendance since before the turn of the Millennium and having had such a nice boost from an utter misreading of completely unnecessary (if not for common law) SOx legislation, has refined itself into all sorts of directions and common cultures in a way that Ortega y Gasset wouldn’t have dreamt of.
Which is how the 1% of power wanted it (read Seth Godin’s blog on Bullies). To subdue the 96% of drones. To corner the 3% of Defectors (read Bruce Schneier’s book Liars and Outliers). To enlist the ethically corrupt that follow orders without thinking, to suppress freedom. To standardize, to capture in process and procedure, to choose the open labor camp over the wilderness of freedom.

Now I’m ranting. But not by too much.

Luckily, like any empire so the empire of top-down control will subside, crumble, deteriorate, degenerate in its corner of bureacratic stall and standstill. The ones that escape(d), the ones that are on their own way to actual newness and developemnt, innovation, will build their next thing.

Yes, the Age of Compliance is waning. Some utopian new societal structure will appear. We still have a chance to let it build alongside the Old without the need for violence and revolution, but it’s a difficult route to navigate between Scylla and Charibdis. Will we manage? Only if we pay attention, to content and development-as-a-project of this New.

Hey, would anyone know of a research institute or research program that keeps track of this all, from a sociological perspective ..?

Interlude: Sing ularity / along

The thought just popped up: What if we’re all already beyond the singularity point, and the transient intelligence of human life has already taken over ..?
No-one is capable of changing the world’s affairs anymore, and it would take all people together to get that done, but getting all people together (including motivating them to band together, to their advantage) will result in all people just doing what they already do.
Since the first 90% of human behaviour is already determined by ultimately (!) self-interest, uncosciously deciding what’s best as fits with the world’s turning as it is today, and the last 10% would then also be captured in conscious deliberation towards rational contribution towards whatever purpose the world’s turning leaves us – which is exactly the play room that the autonomous transient intelligence would leave us.
Just look at how we behave in society; following rules that put us down, queueing up in traffic, standing in line at the shops, working in offices, etc., all tagging along stuck in a rut.
Now, we let algorithms take over the boring work stuff, leaving ever less for us to do or excel in. Even ‘creative’ work is cornered by developments of understanding creativity and shrinking it ever more.

[Ronda, Spain]

So, the current world can already be interpreted as going along its own course and direction, only leaving some wiggle room for the sully us. At least there we have a semi-happy scenario for past the Singularity – but the transient intelligence might improve itself unnoticably to a state where humans are no longer required and (as they already are: l’enfer, c’est les autres; les humains) a nuisance to be gotten rid of. Be warned. Be creative or offed.

The P (part 1, too)

Now then, for the grand Part 1 of the People of Information Security. À la the triangle I posted on earlier (see somewhere below) where the People aspect floats around the triangle like a dense cloud; obscuring your clear view and posing a foggy unclarity threat.
To jot down, there are many aspects of People that we have to deal with, but let’s start with some random unstructured angles:
[Generalife, Granada]

People are a Threat. Externally, they are the actors, not random Acts of nature. No, they, they! the people, the masses (even in Ortega y Gasset style), they exist only to attack us!
How nice if you believe such, how nice to all those that have a sense of community and either don’t care to attack you even if it could be to their (risk-weighted) profit, or even help you, tacitly or visibly, explicitly. How hard do you work to alienate all those, too? Notwithstanding that there are indeed some out there that want to attack you: Have you ever stepped into their shoes to figure out why ..? If (very big if) you really stepped into their mindset, wouldn’t you do the same because by their reasoning, you ‘deserved’ it?

People are Vulnerabilities, on the inside. They are frail, failing their duty-above-all to follow your procedures, excuse me the word F.ck the contributions to the organizational success; your procedures are sacred of course?

People are Means in information security. That’s actually what they are in the People, Process, Technology trio. Vulnerability, and Threat by the way, if they deviate from how you wanted to deploy the resource, but they can also be very powerful ‘allies’ as resource to deploy in information security, information safety [nice idea, to defuse the old phrase], information asset protection. People are the thing (sic) that might follow Process using Technology to achieve protection. People are the ones to task doing to safeguard your information assets. They may not be perfect, but they will for a long time to come be the actual actors and re-actors.

People are psychological constructs acting in sociological environments. I cannot write this often enough: Read and re-read Bruce Schneier’s Liars and Outliers, to understand how these People may operate in your artificial society called organization (oh the wishful thinking in that word…).

People then, will have to be included in security design in the prominent role they have not as an afterthough. They will have to take center stage indeed, as alpha and omega of information security organization.
We’ll have to find ways to really start with People and see how their work may be structured, and how their work may be supported (not the other way around!!) by Process and Technology. Process as a little handy tool, not as the raison d’être – an uphill struggle it will indeed be, but also sign of the times already! Totalitarian bureaucrats beware; the Age of Compliance is waning. See a future blog. Technology as a little handy tool (in big plural), not as the first to arrive and to bolt a bit of Process and very maybe even People onto here and there.
But we haven’t explored such a design direction at all, yet! We have no clue, no metholodogy, no vocabulary, to describe such a ‘design’ …

That’s where you come in; through your comments I propose to crowdsource such a methodology. Be part of it!

No standards

[Looks like legend, but simply (?) is Segovia, Spain]
Hm, the title may read to some like this post would be about (finding) a temporary SO with low moral standards, but that wasn’t my intention.

For the more serious:
One should have standards, but have them for oneself. Imposing one’s standards on others, will not work. Self-dicipline trumps external discipline. The latter will compress the former, or make it explode through some hair crack into any unwanted direction(s). Because that former will always be present, in one way or another. Dormant, maybe, but there.

Hence standards must allow flexibility, or tie down to calcifying rigor that in the end will crumble into nothingness.
Because standards (try to) coerce subjects into conformity, standardization, uniformity, exactly-the-sameness. Death by lack of diversity. Because whatever is stamp pressed into a mold, will have to be something that must function in a variable, varying, diverse, diversifying, changed, changing environment. After the Information Explosion, ever more. To survive, diversity must be restored wherever possible. Compliance with simple standards will not cut it.

Standards must become compliant themselves, with flexibility requirements…

First Predictions 2014

[Unfamiliarly, from the West]

What’s up, 2014?

The end is nigh, of 2013. Can we predict what the big business / infosec hype of 2014 will be ..?
No. There’s no predicting the unknown. The somewhat-known will not stand out enough. The known… boring!

The knows are the fall of Fubbuck, maybe Tvitter (both to be replaced by the WeChat’s and hopefully Tumblr’s of this world; will Vine and Snapchat take over?), cloud, BYOD/flexwork, etc.
SMAC: Social, Mobile, Analytics, Cloud. ViNT by Sogeti adds a T of Things.

The Things part, I’m unsure about. Yes, for the long run (i.e., 2-5 years) we will definitely see an explosion. But next year already? It’s the infancy of a sine wave, taking off slowly.

So, my prediction is that the thing we’ll all be talking about as the next thing in 2014, would be … People versus Algorithms.
This was pointed out by some #Coney guy(s), with some lead links elsewhere. But algorithms will not conquer the world in one swallow. Rather, we will see both an increase in the use of algorithms for partial (at most!) data analytics, to support TLA-style use of ‘big’ data both in public and private environments – but also a major development of the People component in tha analysis, a wave of development of specialized functions, methodology and tools, re the human pattern detection and interpretation parts of analytics.

Plus, then a more clear picture of how people and algorithms fit together, as function, profession(s), etc., with spin-off everywhere e.g., the development of a better understanding of how the brain works, how humans work (produce / operate), how to describe the purpose of life. On our way to the Singularity, and Beyond!