Blog

Pwds, again. And again and again. They’re 2FA-capable ..!

Why are we still so spastic re password ‘strength’ rules ..?

They have been debunked as being counterproductive outright, right? Since they are too cumbersome to deal with, and are just a gargleblaster element in some petty arms’ race with such enourmous collateral damage and ineffectiveness.

And come on, pipl! The solution has been there all along, though having been forbidden just as long …:
Write down your passphrases! The loss of control by having some paper out there, e.g., on your (Huh? Shared workspace, BYOD anyone?) monitor (Why!? Why not have the piece of paper in your wallet; most users will care for their money and those that don’t, miss some cells due to the same you wouldn’t want them at your workplace anyway) is minute, certainly compared to the immense increase in entropy gains i.e., straight-out security gains.
And … when you keep your written-down pwd to yourself (e.g., against this sort of thing), it becomes the same thing any physical token is and you created your own Two Factor Authentication without any investment other than the mere org-wide system policy setting change of requiring pwds of at least, say, 25 characters. (And promulgating this but that shouldn’t be too hard; opportunity to show to make life easier for end users, for once, and great opportunity for collateral instructions on (behavioural) infosec in general…)

What bugs me is that alreay a great string of generations have been led astray while all along the signs were on the wall – not the passwords on them, but the eventual inevitable collapse of the system, by users that demonstrated this security measure was too impractical to stick to par excellence as evidenced in the still-strong and practiced practice of writing down pwds. If people do some specific thing despite decades of instruction … might we consider the instruction to not fit the humans’ daily operations ..? so the ones seeking to Control [what pityful failures, those ones …; ed.] will have to rescind?

So, written-down passphrases it is. Plus:
[Easy sailing to new lands, beats being stuck on Ellis; NY]

No legalese please, we’re in business

Which translates to: A DPO better be an IT expert who has learnt [for clear thinking, UK English is preferred by far; ed.] the legalese of the GDPR, than a legal expert who has learnt some tidbits of IT. Despite the usual suspects exceptions, you do recognise the former and latter types in practice. And exceptions those are.
And debunking the myth that a legally schooled ‘GRC’ operative might pick up sufficient IT skills in a couple of courses or a bit of privacy practice, needn’t be necessary or you have done zero investigation re this. What a sorcerer’s apprentice of the pastiche kind do they portray. Because the mindset is inappropriate; the mindset of accidentally finding an interesting problem and for once not being dazed by those in the know, studying it extensively, how interesting this all, and then       hardly anything. Certainly (sic) no actual solution to the problem…
The IT side, so often and so extensively underestimated in its intricacies throughout the vast wide scope of it in particular qua privacy concerns even in the GDPR itself that core document around which so many circle, on the other hand is qua background focused on (actively going out and) finding problems and then creating and implementing a solution.
And at the same time, recognising that the legal stuff is not as hard as it is sometimes portrayed (instigated) to be and does not require more than a trade diploma level of intellectual development, if even that.

One could easily remain on the subject but without much gain. We retire, having made sufficient argument why DPOs have no legal basis need in their functional requirement.

Oh, and:
[Feel free to pose and shine – with pretense of superiority through some legal jargon most probably devoid of meaning; NY]

Take me out of the loop, (as I) please

Considering that there is this thing with privacy — where people are getting more and more aware that yes, they do have a legal right to not opt in to any scam’ish spam and Shallows-ing of their filter bubble [where the latter sounds soft and pleasant, pink, instead of crushingly dusty and petrifying your mind, the one thing that so far keeps you human].
Considering, too, that there is a push to have at least a human in the loop of math destruction. Which will fail if it’s a click-yes-or-be-fired job. Which it will, in the current setting and developments, be. Unless the human, and all of hes [her/his; LGBTQ-neutral] superiors all the way up to and including in particular, the Board members individually fully accountable, remain accountable for all that the click-yes leads to. They should be are or else they have to legal title to any income of any kind. But since the legal side is all set but the 0.1% is above the law, this isn’t happening.

At least then, we should aim for something similar to the cookie directive [so villified because it was such a glorious and simple idea it could work. could have.]; I propose:
The right to be left out of (statistical or other) profiling. Since the profiling follows from matching patterns that are different things from the data I providedmost probably to some party other than the one doing the profile extraction out of statistical masses – fitting me to the profile is a direct form of de-anonymisation to identification to which you have no legal right and a legal duty not to. Check your brain to see whether it is capable of the most basic functioning, which is sufficient to understand articles 11 and 12 of the Universal Declarations of Human Rights. Name one set of principles that applies more widely, globally, than that. Doing away not only with the nuisance but also with the filter bubble et al. including the atrocious downsides of false positives as per the link above.

Maybe the online ad markets would crash. Report has it that they already do; imploding under their own emptiness. There is no inherent reason any market should exist per se. The world would a. continue to prosper, so infinitely more so than before when ad markets would crumble; b. be a better place and who could be against that?

So after this bombshell of an idea, I leave you with:
[Peace of mind; at a borgho just North of Siena]

Obviously for tomorrow: a rerun of Elk, Moose, Reindeer, Wapiti, Caribou, Deer

As an intermission: Would you know which is which, of the above/below …?
And then, there’s continental differences …
First up, the Elk:
elk-06
Servus Canadensis, the wapiti indeed. Next up, the Elk:
130673480_moose_463656c
know as such in Eurasia including those tinny pebbles off the coast called the British Isles. Looks suspiciously like the Alces Alces that is the Canadian (oh well, and US, yes, whiners) Moose, doesn’t it?
Because it is…! But you moose’ent confuse the two with each other nor with the reindeer a.k.a. caribou:
reindeeris5
Rangifer Tarandus, since this one’s for Saami and Santa.

Are you feeling elky now ..? Or move to the Caribouan; you’ll never have problems with the above there … Oh deer we’re in seriousness-trouble here…

Your unbody double

So, there now is a thing being Artificially Intelligent 3-D Avatars. As per here. How nice.
And then you realise time travel may be possible once you don’t have the physical duplication problem anymore. Though we still would have the other problems; bummer.

But still, one of the problems has been solved. The others, actually … may need re-study. Because, there may now be differences in travelling forward (possibility approaching, when ‘time’ in your physical life needs to stay synchronised in some form or another with others, and your AI3DAvatar can speed up ..?) but then, returning to Now might (creation of possibility here) be equivalent or the same [which aren’t] to travelling back in time. Duh. Too bad it’s still so hard to reason (positive-)logically and consistently about this.

And, it will make the ‘need’ to have dirty, planet-soiling flesh-and-blood humans around, much less. There’s no such thing required anymore as people being trapped in The Matrix and then wanting blue or red pills, but rather it’s the attachment of AI3DAvatars to the Singularity Machine; their subsumption into it (removing duplicate or false/inconsistent memories – that will be there IF the AI3DAvatar’s anything like you) leading to their disappearance — all they ever (in the future) were, had already been included (thought out on its own) by the SingMach.

For now, we’re still here; individually. And:
[“Tape”copies of the views from up there, will be loaded to your AI3dAvatar in a millisec; no need for that either; CNN Tower, Toronto]

FOMO as FOYA gone bad

The enslavement to socmed seems to be a generation- … less thing: Unfortunately, all too many seem to need to be connected — mistakenly, just liking things will not lead to a true connection; how many are there that actually grow into such? Only on apps that are specifically aimed to that –swipe-left– otherwise, not so much. Or hardly. Most socmed like-affiliations are a. for sheeple attaching themselves to some brand(s), indicating their lack of self-esteem by submitting themselves as consumer-onlies, b. for lack of dare to actually do something for a Good Cause but wanting to be associated with Successful-in-life people [i.e., actual do-somethings] nevertheless. No c. to think of, qua ‘most’.

What remains, is a hard to miss impression of the truth, being that socmed attachments (mostly to the worst-on-ethics corp behemoths rather than anything) are panicked FOMO symptoms to the world, signalling a much deeper problematic psyche, being the Fear Of Youself As-is; FOYA.
That’s right. Individualism having gone so far as to drive all those that subconsciously cling to group belonging much more than is societally acceptable ( or so it seems!), i.e., the vast majority (of Like-serfs), to seek ways to still attach to something that can slurp up their feeling of insecurity (on their own) and return a pat on the back for group support.

You get it. Can ramble on, but have little time. And:
[An affiliation choice!; Amsterdam]

Leaking profiles

Got an attention raiser during an off-the-cuff discussion on data leakage. Qua, like, not getting the first thing about what privacy has been since Warren&Brandeis’ eloquent definition, and subsequent codification in pretty hard-core, straightforward laws.
The problem being, that no theory of firm (incl public) allows subsumption of employees into slavery, of mind or otherwise. Think Universal Declaration of Human Rights, article 12. Hence, tracking and tracing every keystroke of employees, i.e., treating them as suspect of e.g., data leakage before one has any a priori clue about everyone individually actually doing anything wrong, not having been granted any rights of surveillance in this jurisdiction, is a crime in itself.
And no, the comparison with street cameras that bother no-one and make everyone safer, is a lie on two counts. And, in many countries (the civilised ones; a criterion in reverse), such (total or partial) surveillance isn’t outlawed without reason.
So, your data leakage prevention by tracing everyone is an illegal act. Don’t.

No, your security concerns are not valid. Not the slightest, compared to the means you want to deploy. Stego to files of all kinds, when all are aware of its implementation, may help much better. And supplies you with the trace you want; not to your employee that you (but no-one else) suggest is rogue – (s)he knows about the traceabilitry so will be self-censored (ugch) into compliance – but to the third party that spilled the beans. Since stego-cleansing tools may exist, your mileage may vary. Encryption then, the destruction of content accessibility for those not authorised (through holding a password/token/~), will fail when anything you send out, might have to be read off a screen; the PrtScn disabling being undone by good ol’ cameras as present in your good ol’ S8 or P900 (though this at 0:50+ is probably the typical TLA stakeout vid/result).

Conclusion: Excepting very, very rare occasions, your data leakage prevention by employee surveillance will land you in prison. Other methods, might be legal but fail. Your thoughts now on outbound traffic keyword monitoring. [Extra credit when including European ‘human in the loop’ initiatives.]

And:
[No privacy in your prayers, or ..?? Baltimore Cathedral]

Ninety percent

Not in any economic sense you may have thought, given the attention oft given to, e.g., the 1% or 99% (We Are-; Occupy-style) where now the 90% might be the disappeared middle class in the US that extended from the bottom 10% – that was around even in the best of times – all the way to the top — excepting the 0.01% that was in charge all the time …
Here, it’s about a quote slash truism:

90% of everything is crap

Have ever truer things been said. This, of course you knew since prep school, being Sturgeon’s Law.

Just putting it there. See the link for a ‘proof’. Or look around you; physically (co-workers), mentally (in your head, and feel free to assume the others’ heads are not necessarily better…), qua your pay check, your significant other [hey here I can testify I’m lucky with a not-90% specimen par excellence; no she’s not reading this], etc.

Leaving you with:
[In the 10%, definitely. Even when it rains, this one. Baltimore]

Summer’s approaching

Sixteen steps to build a campfire [Because there’s not enough attention, or contention, to make it to the List of Lists you’d want to be on]:

  1. Split dead limb into fragments and shave one fragment into slivers;
  2. Bandage left thumb;
  3. Chop other fragments into smaller fragments;
  4. Bandage left foot;
  5. Make structure of slivers (include those embedded in hand);
  6. Light match;
  7. Light match;
  8. Repeat “a Scout is cheerful” and light match;
  9. Apply match to slivers, add wood fragments, and blow gently into base of fire;
  10. Apply burn ointment to nose;
  11. When fire is burning, collect more wood;
  12. Upon discovering that fire has gone out while out searching for more wood, soak wood from can labeled “kerosene”;
  13. Treat face and arms for second-degree burns;
  14. Re-label can to read “gasoline”;
  15. When fire is burning well, add all remaining firewood;
  16. When thunder storm has passed, repeat steps 1 – 15

    17. Oh, and:
    [Feels like a slide; to follow the above link, please do; NY/NY]

Get them ..?

The effectiveness of any system of limitation of random liberty for the common wheal, like, errm, traffic speed limits, where the enforcement hinges on individuals’

  • Weighing of necessity to break, either by being pressed (to arrive in time, or other coercion by others), or by an innate need to show off one’s [purely hypothetical; the more claimed, the more clearly emptily overshouting in vein] individuality;
  • Probability of detection, where of course society needs to balance total surveillance against freedom of movement — without interference even by blanket self-censorship;
  • Leniency of prosecution, i.e., whether one has boobs and cleavage (works with straight male and other-than-straight female cops, I guesstimate) and the happenstance happiness level of the state trooper (F/M/~), squared of course with how much over the limit you were and
  • Penalty — how much you’re charged for if at all

— with the overall effectiveness being helped most, it turns out, by #2 [Used ul in stead of ol on purpose, yes]. Making the societal weighing thing much more serious, (un)fortunately.

But also; how could this help in #ditchcyber space ..? Many more raps on the knuckles …? How? By enforcing time-outs on the use of the (=?) Internet? That would be quite some latter-day equivalent of shutting people out of global society by solitary imprisonment … (way beyond mere forced exile to wastelands (inclusive)or ‘Strailia). Calling to question the humanity of it. Or would it provide a (suggested limit:) day’s worth of re-education on the subject of life out there?

I’d want the latter for the great many … Time for some Multi-million scale entrapment…?

Oh, and:
[Yep that’s the panipticon at work in Penn’s Eastern State Pen — be it Al’s cell all nicely decked (with the wrong radio!); worth a visit ..!]

Maverisk / Étoiles du Nord