Blog

Scaling ‘security’

Availability: 99.9% (per year).
‘Security’ (the C, the I) … nothing. Or, the infeasible 100.0% XOR nothing.

We may have a major issue here…

Well, we do have OSSTMM on one hand, and the seriously innovative, very important Secrecy stuff on the other.
But can we answer the question “How secure are we“..? Indeed, OSSTMM gives us a number – for the operational and technical elements. How ’bout integrating the tactical, strategic, and non-tech stuff like hooman behaviour ..? And still make it somewhat understandable to the clueless (Csomethings and other involved in the utterly useless nonsensical area designated by the pejorative joke label ‘governance’; all with the exceptions acknowldged of course); other than the above % per year estimates that are interpreted so badly..!
Oh and things like failure rates from e.g., FMAE, as presented like ‘dam can stand a one-in-a-thousand-year flood’ also don’t work – dam can break today, and tomorrow, and the statistic may very well still be valid!

Maybe it’s key to first find how to whack the notion of “1-in-1000yrs means I don’t have to worry for another 999 years” fallacy. Psychology it is but so security should be..! As many of Bruce Schneier-et-al’s posts prove (?), FUD and other angle fail so miserably.

The time (decades) we’ll need to turn around the psychos, allow us some leeway to develop suitable Scale(s?) of Security. But let’s not wait for the end of those decades before embarking on the exploratory first steps of that. You suggestions, please, today.

[Edited ahead of posting, to add: This here piece on the (declining) half-life of secrets; definitely something to include in the above ‘metrics’. ..?]

For the eye candy:
DSCN4499
[Zurenborg again, slightly edited – who’ll do the colour corrections for me?]

The Holidays

The (…) holidays are all around us. Except maybe in that North-American corner where the 5% of world population holds out that don’t celebrate (any) of that.
How nice would it be if the rest would hold an indefinite holiday, I mean over the Cyber! Cyber! Cyber! barfing that goes around ever more it seems, lately (being the last couple of months in particular). Despite #ditchcyber so clearly being preferable.

In similar vein, please explain:
hC467CB09
[Believed not to be photoshopped but who can be sure ..?]

Stale^2

Hm, wanted for once (huh?) to not be negative, deriding but …

This here piece calls for comment. Like: Instating a quality seal for products that should be considered well-matured, almost outdated tiny point solutions; isn’t that overly stale2 ..?

Because quality seals are issued for … procedural justice of the petrifying kind. And, AV – isn’t that almost the model for grossly-insufficient-in-and-on-themselves point solutions that have no field of development/progress left ..?

Oh well, not much use kicking a dead horse.
Other than the Dakota arguments… thus turning this into a sort of Golden Oldie Pic Of The Day:
Dakota-Wisdom-Dead-Horse-Strategy-2[Source: Scott Wagner; no ‘automatic’ endorsement.]

The Future Plays At All Boards

There seems to be quite an interest in ‘the’ future, lately. As in, the last couple of tens of millennia but also the last couple of months. Recency Effect, maybe ..?

The thing is; discussions how the near and far future will/might be, are handicapped by industry and specialisation myopia.

  • IT-angehauchten discuss ANI, AGI and ASI, with neural networks resurfacing, finally, in discussions over when (soon) we’ll have the Singularity. Yes you’ve read my great many posts about that already or go in shame and still do it (impression tracker is engaged).
  • A branch of that, discusses very near future labour markets – mostly, almost exclusively, those in the furthest developed economies only.
  • Biologists and eco-nuts (are they?) are on the Global Warming / Food- and Fresh Water- Starvation / Anti-GMO paths in their discussions.
  • And there’s of course daily glocal wars going on, military/physical and refugee atrocities everywhere, and economic warfare as well. Of the latter which ‘cyber’ in all its forms (remember, #ditchcyber) is part.
  • Simple-economically, there still is the enormous divide between haves and have-nots, now being exposed (nevertheless still growing) within countries’ local economies as well due to jobless growth and the Pikettyish 1%’ers.
  • And, I probably forget some category. [Edited half a day after post release, to add: Yup, this here combi-one.]

But, … all play out on/in the same world, the one you and I inhabit [well maybe not you, alien (as physical being or just meme/information floating around over whatever physical media) listening in from the Andromeda nebula]. So, we’ll have to deal with all problems, operational, tactical and strategical, together both in people and in solutions. And as the world spins faster than ever, requiring ever more clever and ever more-dimensional solutions. Until all choke, mind-wise. Hasta La Vista, baby.

Oh well. I’m not (even) negative …
DSCN2520
[Anywhere, everywhere.]

Schmobol

With the current uptick in interest in the ageing population … of the handful still capable of hardcore manual programming of COBOL, as e.g., here, I wondered:

  • Is the code base still so enormously biased to COBOL(-based! software)?
     
  • Why haven’t COBOL-to-e.g., C, or others converters, not caught on widely so the ‘problem’ doesn’t exist anymore ..?

Especially the latter; especially since we still have tons, too many (?), programmers available to tackle C- and more modern-language scrutiny and optimisation jobs. Jobs; high-pay jobs. And automatic testers to compare absolute 1-to-1 identity of the functionality or tractable lists of boundary conditions (possibly differing).
But with so many more (modern) code/functionality maintenance tools and capabilities available. And with integration/migration to (even) newer integrated platforms available.
And, when things get tough, AI that should be easily trainable to get to the hard, core bugs (higher abstraction sense) before/after the translation(s).

So, what’s the deal? The only deal there is, is (and was, having lost a long time) the lack of forward-looking maintenance to have already started early on modernisation. Yes, of course, there’s Not On My Watch and Après Nous Le Déluge. But real leaders would cut through that; that’s what distinguishes them from mere shopkeeper ‘managers’.

All right. Leaving you with:
DSCN3028
[Impossible to guess I guess. Where?]

Waves of IoT

Tinkering with the great many (unknown) unknowns of the IoTsphere, it occurred to me that there are various intermediate phases to deal with before we can consider ourselves comprehensively outdone after the Singularity (dystopian with P(X)=1).

By which I mean the following ‘growth’ model:

  • Current-day operations: Factory ‘robots’ or process plants being (factory-)centrally controlled from e.g., typical classical (?) control rooms. And ATMs, the robots without arms!
  • IoT in its four distinct forms. With ‘robots’ moving out of their prothesis confines, as e.g., here. Possibly with some ANI.

    Both these levels can be regarded to have operational level problems; ethical, security/privacy, industry-disruptions and comprehensively new business and labour models, etc.etc. but relatively definitely operational, to be solved.

  • At a tactical level, there’s AGI stuff to be figured out.
    Ethics, ‘robots’ like self-driving/autonomous cars [yes, yes, I know those two are very much not the same!] as proxies for humans, with all the rights and duties including how to enforce those, and Privacy on a much larger, impactful scale. Including also, all problems you thought to have solved in the previous rounds, now coming back to haunt you and be very much harder to solve.
  • The Strategic level, with ASI all around. To repeat, including also, all problems you thought to have solved in the previous rounds, now coming back to haunt you and be very much harder to solve.

This, as just a briefest of summaries of all sorts of dilemmas to be figured out. Sonner rather than later, or bingo (points of nu return) will have been passed sooner than you realise. I’ll try to help out with a post here and there, or course ;-]

For now:
DSCN8357
[At what stage will AI understand the genius of this design ..?]

Seth’s maybe slightly too positive

In one of his, almost always delightful and insightful blog posts, Seth Godin recently almost pulled me along into (yet another) “Yes indeed completely so” response.
But then I realised Truth might just tilt the picture a bit.

Well, first read said post: here. Then:

The point is: It is a common human error (e.g., by Hegel in particular (see below), and many others with better insights) to consider oneself or one’s generation(s) as being the pinnacle of human development; no generation or time before had seen such beauty of humanity’s glory in masterty of the universe.
But others agree less. Yes, there’s something that seems to be progress, but fallbacks are just as common throughout history, on all fronts. Yes, also in technology, as we even today haven’t quite figured out how pyramids were built, etc. – one source here of which I have no clue about the veracity of argument, but others having more (or less) of that, are widely available. But certainly in terms of general human condition and human peace and quiet, and possibly a piece of the rock.
So the resulting picture is maybe sawtooth (ratchet) shaped, around a horizontal line… Usually, I think for this area, too, some punctuated equilibrium kind of random (sic) or even silly walk figure is better representative.

Oh, and regarding Hegel’s eternal march towards Ratio glory, here (read past the pic please…) and here. No belief on authority.

For your patience:
DSCN8709
[Free shipping (no) Porto … from another than the usual angle]
[Yes, yes, technically hardly Porto but Villanova de Gaia. Meh.]

Before it disappears: Told you so

Oh, before it returns to oblivion; re the Hacker Team hackback: I’ll just join the endless queue of Told You So’ers with reference to this.
Noting that there is a confusing connection to the illegalise-encryption-cum-mandated-government-backdoors stupidity that keeps coming back like whack-a-mole, to put it very, very friendly.

OK, leaving you with:
DSCN4521
[Antwerp beauty, untiltshifted]

Maverisk / Étoiles du Nord