Yep, again, on how to make things interesting to read …?
Category: Geen categorie
Particular culture's greetings
The CyberDarwins
As we’re nearing the end of the year (Western calendar, others not spoiling the party — learning point), we draw towards the ‘people being stupid with fireworks’ scenes that are oh so similar to ‘people managing systems’ situation. The former, focusing on the most beautiful display and/or the loudest Bang, the latter the same if you think of it.
The former, with latent recognition of ‘safety’ also re bystanders and collateral injuries possibly grave or life-, liberty- and happiness-threatening. The latter, with a desperate few considering ‘security’ and ‘privacy’, a even fewer thinking of collateral damage and implicit injuries and infractions to life, liberty and happiness — if you think that’s overrated, have you ID stolen.
The former has the Darwin Awards, for those that improve the gene pool by taking themselves out of it.
The latter, none such yet.
That’s where I aim:
Shouldn’t we instate the CyberDarwin Awards (acknowledging #ditchcyber), for the most egregious (i.e., outrageous, glaring, flarant) mindlessness in information security in the widest sense that fly in the face of basic common decent thinking?
So that by their occurence, the candidates volunteer to be taken out of the connected environment which, being their oxygen, improves what’s left (the most).
I have no idea how to pull this off; there should be some sort of portal where candidates may be proposed and results be displayed for common laughter but who will build and maintain such a thing before it can become a success, advertisers will flock in droves to sponsor for ads, and I take over again to reap all the financial benefits… #helpappreciated
And:
[This has zero relevance. Toronto]
No C3PO, just PO
Section 4, article 37, 1(b) of the General Data (sic) Protection Regulation ‘of 2018’ (sic): When the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale;, the instantiation of a Functionary for Data Protection is mandatory.
Yes this includes all organisations dabbling in web analytics… No there’s no threshold (that previously was) of 250 or 500 staff minimum.
But hey, there’s arrangements to hire a Functionary — Privacy Officer works better — for less than full-time or on an (on-going) assignment basis. Come to think of it; the mandatory full independence of the PO (party commissioner, anyone?) may sit better with a hired hand/consultant than with someone on the payroll.
Still, one better study the task list for such a PO. Not a C3PO… The bumbling-through-overly-decent butler is not quite the role model you’d want. Or… you’d want the PO to be such, a harmless nuisance. But then, you waste the PO and budget, and still will be vulnerable. The common anglo-saxon (hopefully -only but doubtful) approach that if something goes wrong, you fire the sitting duck scapegoat and hey presto no more worries all are done, satisfied and no damage’s done, will not work here if it ever did. On the contrary, purposeful negligence, wrongful act, et al., may easily be construed, resulting in long-term mismanagement (still a capital offense…! Oh why can’t we jail all the white collar criminals) the misfortune of all your employees, clients etc. will fall on the Board for once… last paragraph of this applies.
To return to the positive: When arranged well, some things in business may have to change but overall, both your processing will run more smoothly (sic) and you public posture will improve (leading to improved data quality, new clients, and the world is yours, right?).
So, draft a PO Charter and hire me.
Plus:
[Back in the days before live-cams…]
Free standards
… How on earth is it possible that a great many dinosaurs still ‘issue’ standards — this, triggered by this — that are fully payd by tax money and still one would have to pay for a simple PDF download? What about the law; would one have to pay to know that, too??
Morons.
Apologies for the faint of complexity that might have been taken aback by my, of all decent people, use of that word that has some strength attached in its sparse use against common decency. But you get my drift.
And:
[Not paying for their undeserved study trip (a lie, too); Curaçao]
Is quantum computing replacing Turing Machines ..?
About scientists, and quacks.
… stayed as guests in the Ehrenfest home, they were no doubt amused by their host’s pet parrot, which had been trained to say, “But, gentlemen, that is not physics.”
But gentlemen, let’s discuss quantum computing. How can that, and its current state and moreover, its current systemic and systematic (sic the diference) difficulties be explained by taking note of actual ‘computer’ science (theoretical computing), sparse as it is, in the form of the theories surrounding Turing Machines..?
As the latter were proven mathematically (logically) to rule…. All that ever can compute anything, can be represented as a Turing Machine; logically, they’re all (can be made/translated! into) equivalent, computationally.
So, how could one arrive at “Drop all knowledge you had about computing” in the same way as “In this area, gravity no longer exists” …?
I’m really curious.
Plus:
[Yes gravity’s at work here ..! Barça]
Errors of Your / Machine Learning
Any progress on the front of Machine Learning, i.e., the comparison with how/what humans learn from various teaching formats, and how machines are better at rote learning et al, and how does the perfection of machines learning facts, reflect on what is data processing, what is intelligence, and what is wisdom ..? Where the latter is the area in which of course re retreat ever more, but without the foundation of a life long of learning and experience ..?
[Intermission: Anyone out there still holding on to the ‘you only learn from experience, which is making errors and surviving’? What was so many years of school all about; you’re still no further with calculus than 1+1 equals something more than one — the max you can learn from ‘ experience’ … How did you ‘experience’ History, Science ..? Apparently, there’s quite a base of facts to learn, even (or more?? contra The Shallows) in times of Google. Or, you’ll be the doofus that can not (sic) learn to be intelligent nor wise, and will make any and all rookie mistakes in all situations everywhere, over and over again.
Seems like the base of learning, grows steadily — exponentially…]
Notwithstanding the road (path) to wisdom is through experience … which would ever less be available when machines start to take over the simple, the foundations (qua operationality of work-as-labour), and then the next stage, etc. (since none will be experienced enough to succeed pensionados that still have that subsequent level of understanding). Leaving the abstract thinkers ever more loose in the sky. Hey that’s what’s happening with accountancy, if the industry doesn’t move fast. And will happen everywhere.
But back to the main point: Has Watson-class learning (AlphaGo/Deepmind/Brain (sic), … no not Siri you m.r.n) learned us anything about learning, and/or have we changed learning since machines took over parts of rote learning? Have we changed our view on learing, intelligence, wisdom?
To the disappointed, apologies go; nothing here on how machine learning could lead to the unethics of Computer Says No… Too much of a mer à boire qua research — see here.
Plus:
[Steep, to enlightenment; Girona]
Retrofitting IoT Security
Pitch before I did the idea that for a while be with us will Legacy IoT be, here.
But what about stubbing around it? Developing cheap and easy (necessary since/for backwards compatible, by definition) security solutions that can be plugged onto old IoT stuff.
What ya’reckon, are we too far gone with old IoT and economically-having to keep that alive, or is there sufficiently much more recent stuff to attempt such a thing (and ring-fence the real cr.p)..?
I’m not completely sure how one would approach this thing, technically, but cannot imagine that there aren’t solution models around like, potentially, some form of hardened (lean and mean and armour-coated) enterprise IoT bus thing, possibly with security zones, et al., similar to the obvious and hopefully ubiquitous separation of office automation (why isn’t SAP dead yet? This, some time ago. Oh, might be useful to set up separate mandates to ‘run’ factories yes, which was its original purpose, right; what did E-R-P stand for ..?) from Process Automation, and within the latter, Supervisory Control from operational (close-in) control, engineering-wise, but then with subsets for safe/unsafe hardware.
The isolation stubs could then act as gatekeepers between zones, between potentially-safe and the legacy-most-probably-unsafe.
Though I suspect that the ‘zones’ will have to ‘air’gap at many network layers, including towards the physical end of OSI — meaning that higher up, the connection will have wider gaps, not less why is this so often overlooked ..?
On a separate end note: Where are the wares that should have followed the scares, i.e., we have had a couple of years (yes) now of IoT scares; have the vendors truly stepped in or was it just window dressing e.g., dole out some monitoring tools and good luck with it..?
Progress… and:
[See? Engineering is beautiful; Brussels]
Temporary Awareness
A call for poignant pointers.
You may be aware that research is on-going (among other, by Yours Truly) in the area of sustained ‘security awareness’ — a misnomer for security habit change. Which is driven by psychological stuff like everyone’s individuality, everyone’s individual circumstances (not only at work, not only formal short/medium term) and everyone’s learning and operations style and preferences. And hence, habit change would also have to cater for all these differences. One-time ‘awareness training’ (sic), yeah, right on.
Still, such would be a somewhat valid approach … for perm staff.
Not for infrequent visitors, like your garden variety (IS) auditor, that would drop in every now and then and till have access to sensitive data; on purpose or not, benign or malign leakage or not.
Not for temps, interns et al., that are around too short for true awareness to sink to the back of the head, for instinct reflexes (oh ideal). Or the induction program would be a grilling drill; conter-productive.
Not, and this is where my problem is mostly, with third party staff, that primarily work for the vendor and have other KPIs than client security — at least, higher on their agendas. They come in (physically or remotely), do their thing that hooks quite deep into your operational processes (physically like cleaners and installers, logically through e.g., software and parameter updates) almost always at arms’ length control with still their other KPIs first, and then leave you possibly vulnerable or robbed, and ith full accountability without grip on actual operations taken place.
Apart from the platitudes of requiring transparent compliance with all your security policies (purely hypothetically, IF you’d be able to find and collect them, they’d be sorely outdated, and 50% or more wouldn’t be applicable but which 50% you have no clue), what about the above-mentioned change to the good sufficient habits ..?
Your input would be much appreciated…
Also:
[Temp attention, eternal bliss; Syracuse]
Nocial Media
… How did yesterday’s post know about what I type here now ..?
Too easy. Now for something real:
Nocial Media.
Which is about the distribution of socmed interactions.
Because, the best we have so far is stratified data, by country, age group / gender. Which totally misses that, my guess [hence: fact], a great many relations, either current/frequent or distant/loose, are distributed over a different set of classes. Like, a chunk will be global among peers of any sort (or several of such groups), but also the other chunk will be local, traditional, geo- or socially close like (well, F2F peers but they’re an in-between group) family, IRL colleagues, and association co-members.
Now, would any of you have data on such, probably exponential-in-many-directions, distributions ..? I’d love to hear, TIA.
Oh and on a side note; maybe worthwhile to have some sociology expert elucidate on this: What-how is our future when ‘kids these days’ use /Insta…/Snapch… etc. that leave so little trail; how will your future self be able to browse through old youth pics …? [Advertisers will … Be very sure of that…]
Plus:
[What bin you’re in — Zuid-As Amsterdam]
