Cyberprevention

Just a signal, of a new movement. Which isn’t.

  • For one, the -prevention — doomed from the [ word Go | – part ]. Which becomes less and less valid. Yes, some deterrent actions may help, but one better focus on the fact of future break-ins… And act accordingly — much more efficient for almost all. Take the 1st graph of this, and weep / go / the rest of it, too.
  • For two, ‘cyber’ … #ditchcyber nails it, in the Manifesto.

Yes that’ll be all for today, including:
5a3dfc86-471d-49dd-b133-7a262a6d5ae5-medium
[So, you can #ditchcyber, too]

Oops, there it is! (now you don’t, see it)

Suddenly, there it is, almost as if it’s something new … Malware using stego, as if it might still surprise anyone whereas of course there already was this, and this, and this and this.

What next? Even smarter ad blockers ..? Will not work, as the latter are only in use with the smarter part of the bunch. And smarter ad blockers will be installed by even fewer, as the pay-off is less visible (timely enough).

No, what’s next is first an armageddon [Warning: cultural notion; propose to use the more profound Ragnarök] — of which the result hopefully … is that ads will be marginalised. A great many a socmed platform (looking at you, $FB and other (sic) unicorns) may (signifying possibility and hope) go asunder as ads are their value period

Then, hopefully, Yggdrasil will grow again. E.g., with truly egalitarian platforms; truly global (though that aspect may not have been sunk in the great flood) and free, meaning that also, the trolls can be captured and ring-fenced and not destroy some or many or the platforms / -ideas.

How philosophical one can get in dreams/dreaming, how far off today is the better-than-today’s-should-have-been.

Plus:
DSCN0241

[All sorts of meta-info (‘nothing to protect here just move on’/ Í can see you but you can’t see me’ et al); Segovia or what was it]

The CyberDarwins

As we’re nearing the end of the year (Western calendar, others not spoiling the party — learning point), we draw towards the ‘people being stupid with fireworks’ scenes that are oh so similar to ‘people managing systems’ situation. The former, focusing on the most beautiful display and/or the loudest Bang, the latter the same if you think of it.
The former, with latent recognition of ‘safety’ also re bystanders and collateral injuries possibly grave or life-, liberty- and happiness-threatening. The latter, with a desperate few considering ‘security’ and ‘privacy’, a even fewer thinking of collateral damage and implicit injuries and infractions to life, liberty and happiness — if you think that’s overrated, have you ID stolen.

The former has the Darwin Awards, for those that improve the gene pool by taking themselves out of it.
The latter, none such yet.

That’s where I aim:
Shouldn’t we instate the CyberDarwin Awards (acknowledging #ditchcyber), for the most egregious (i.e., outrageous, glaring, flarant) mindlessness in information security in the widest sense that fly in the face of basic common decent thinking?
So that by their occurence, the candidates volunteer to be taken out of the connected environment which, being their oxygen, improves what’s left (the most).

I have no idea how to pull this off; there should be some sort of portal where candidates may be proposed and results be displayed for common laughter but who will build and maintain such a thing before it can become a success, advertisers will flock in droves to sponsor for ads, and I take over again to reap all the financial benefits… #helpappreciated

And:
DSCN3684
[This has zero relevance. Toronto]

No C3PO, just PO

Section 4, article 37, 1(b) of the General Data (sic) Protection Regulation ‘of 2018’ (sic): When the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale;, the instantiation of a Functionary for Data Protection is mandatory.
Yes this includes all organisations dabbling in web analytics… No there’s no threshold (that previously was) of 250 or 500 staff minimum.
But hey, there’s arrangements to hire a Functionary — Privacy Officer works better — for less than full-time or on an (on-going) assignment basis. Come to think of it; the mandatory full independence of the PO (party commissioner, anyone?) may sit better with a hired hand/consultant than with someone on the payroll.
Still, one better study the task list for such a PO. Not a C3PO… The bumbling-through-overly-decent butler is not quite the role model you’d want. Or… you’d want the PO to be such, a harmless nuisance. But then, you waste the PO and budget, and still will be vulnerable. The common anglo-saxon (hopefully -only but doubtful) approach that if something goes wrong, you fire the sitting duck scapegoat and hey presto no more worries all are done, satisfied and no damage’s done, will not work here if it ever did. On the contrary, purposeful negligence, wrongful act, et al., may easily be construed, resulting in long-term mismanagement (still a capital offense…! Oh why can’t we jail all the white collar criminals) the misfortune of all your employees, clients etc. will fall on the Board for once… last paragraph of this applies.

To return to the positive: When arranged well, some things in business may have to change but overall, both your processing will run more smoothly (sic) and you public posture will improve (leading to improved data quality, new clients, and the world is yours, right?).
So, draft a PO Charter and hire me.

Plus:
DSCN0610
[Back in the days before live-cams…]

Free standards

… How on earth is it possible that a great many dinosaurs still ‘issue’ standards — this, triggered by this — that are fully payd by tax money and still one would have to pay for a simple PDF download? What about the law; would one have to pay to know that, too??

Morons.

Apologies for the faint of complexity that might have been taken aback by my, of all decent people, use of that word that has some strength attached in its sparse use against common decency. But you get my drift.
And:
000013 (17)
[Not paying for their undeserved study trip (a lie, too); Curaçao]

Is quantum computing replacing Turing Machines ..?

About scientists, and quacks.

… stayed as guests in the Ehrenfest home, they were no doubt amused by their host’s pet parrot, which had been trained to say, “But, gentlemen, that is not physics.”

But gentlemen, let’s discuss quantum computing. How can that, and its current state and moreover, its current systemic and systematic (sic the diference) difficulties be explained by taking note of actual ‘computer’ science (theoretical computing), sparse as it is, in the form of the theories surrounding Turing Machines..?
As the latter were proven mathematically (logically) to rule…. All that ever can compute anything, can be represented as a Turing Machine; logically, they’re all (can be made/translated! into) equivalent, computationally.

So, how could one arrive at “Drop all knowledge you had about computing” in the same way as “In this area, gravity no longer exists” …?
I’m really curious.

Plus:
DSCN4588
[Yes gravity’s at work here ..! Barça]

Errors of Your / Machine Learning

Any progress on the front of Machine Learning, i.e., the comparison with how/what humans learn from various teaching formats, and how machines are better at rote learning et al, and how does the perfection of machines learning facts, reflect on what is data processing, what is intelligence, and what is wisdom ..? Where the latter is the area in which of course re retreat ever more, but without the foundation of a life long of learning and experience ..?

[Intermission: Anyone out there still holding on to the ‘you only learn from experience, which is making errors and surviving’? What was so many years of school all about; you’re still no further with calculus than 1+1 equals something more than one — the max you can learn from ‘ experience’ … How did you ‘experience’ History, Science ..? Apparently, there’s quite a base of facts to learn, even (or more?? contra The Shallows) in times of Google. Or, you’ll be the doofus that can not (sic) learn to be intelligent nor wise, and will make any and all rookie mistakes in all situations everywhere, over and over again.
Seems like the base of learning, grows steadily — exponentially…]

Notwithstanding the road (path) to wisdom is through experience … which would ever less be available when machines start to take over the simple, the foundations (qua operationality of work-as-labour), and then the next stage, etc. (since none will be experienced enough to succeed pensionados that still have that subsequent level of understanding). Leaving the abstract thinkers ever more loose in the sky. Hey that’s what’s happening with accountancy, if the industry doesn’t move fast. And will happen everywhere.

But back to the main point: Has Watson-class learning (AlphaGo/Deepmind/Brain (sic), … no not Siri you m.r.n) learned us anything about learning, and/or have we changed learning since machines took over parts of rote learning? Have we changed our view on learing, intelligence, wisdom?

To the disappointed, apologies go; nothing here on how machine learning could lead to the unethics of Computer Says No… Too much of a mer à boire qua research — see here.

Plus:
DSCN1270
[Steep, to enlightenment; Girona]

Retrofitting IoT Security

Pitch before I did the idea that for a while be with us will Legacy IoT be, here.
But what about stubbing around it? Developing cheap and easy (necessary since/for backwards compatible, by definition) security solutions that can be plugged onto old IoT stuff.
What ya’reckon, are we too far gone with old IoT and economically-having to keep that alive, or is there sufficiently much more recent stuff to attempt such a thing (and ring-fence the real cr.p)..?

I’m not completely sure how one would approach this thing, technically, but cannot imagine that there aren’t solution models around like, potentially, some form of hardened (lean and mean and armour-coated) enterprise IoT bus thing, possibly with security zones, et al., similar to the obvious and hopefully ubiquitous separation of office automation (why isn’t SAP dead yet? This, some time ago. Oh, might be useful to set up separate mandates to ‘run’ factories yes, which was its original purpose, right; what did E-R-P stand for ..?) from Process Automation, and within the latter, Supervisory Control from operational (close-in) control, engineering-wise, but then with subsets for safe/unsafe hardware.
The isolation stubs could then act as gatekeepers between zones, between potentially-safe and the legacy-most-probably-unsafe.

Though I suspect that the ‘zones’ will have to ‘air’gap at many network layers, including towards the physical end of OSI — meaning that higher up, the connection will have wider gaps, not less why is this so often overlooked ..?

On a separate end note: Where are the wares that should have followed the scares, i.e., we have had a couple of years (yes) now of IoT scares; have the vendors truly stepped in or was it just window dressing e.g., dole out some monitoring tools and good luck with it..?

Progress… and:
DSCN1834
[See? Engineering is beautiful; Brussels]

Maverisk / Étoiles du Nord