Category: Information Security

Get them ..?

The effectiveness of any system of limitation of random liberty for the common wheal, like, errm, traffic speed limits, where the enforcement hinges on individuals’

  • Weighing of necessity to break, either by being pressed (to arrive in time, or other coercion by others), or by an innate need to show off one’s [purely hypothetical; the more claimed, the more clearly emptily overshouting in vein] individuality;
  • Probability of detection, where of course society needs to balance total surveillance against freedom of movement — without interference even by blanket self-censorship;
  • Leniency of prosecution, i.e., whether one has boobs and cleavage (works with straight male and other-than-straight female cops, I guesstimate) and the happenstance happiness level of the state trooper (F/M/~), squared of course with how much over the limit you were and
  • Penalty — how much you’re charged for if at all

— with the overall effectiveness being helped most, it turns out, by #2 [Used ul in stead of ol on purpose, yes]. Making the societal weighing thing much more serious, (un)fortunately.

But also; how could this help in #ditchcyber space ..? Many more raps on the knuckles …? How? By enforcing time-outs on the use of the (=?) Internet? That would be quite some latter-day equivalent of shutting people out of global society by solitary imprisonment … (way beyond mere forced exile to wastelands (inclusive)or ‘Strailia). Calling to question the humanity of it. Or would it provide a (suggested limit:) day’s worth of re-education on the subject of life out there?

I’d want the latter for the great many … Time for some Multi-million scale entrapment…?

Oh, and:
[Yep that’s the panipticon at work in Penn’s Eastern State Pen — be it Al’s cell all nicely decked (with the wrong radio!); worth a visit ..!]

Some cloud insurance market

On the authority of a couple of very knowledgeable peers, there seems to be a discrepancy between the coverage (sanctions) that cloud providers (in particular the Big 4 of that) contractually will provide for, e.g., outages (recall the AWS East-1 one), versus what businesses (most, qua scale and lawyer fee availability) require given their revenue / reputation dependence and risk management.
In normal language, this translates to: If thing go pear-shaped, you only get something like 12 months’ subscription refunded even when your business tanks due to zero revenue when your services are unavailable. Zero chance to be able to negotiate this away in your contract. Hobson’s choices everywhere.

Isn’t this a great Insurance opportunity, then ..? Odds very low, deep pockets for redress xor easily re-insured, no real single-vendor dependency when taken global, etc. It’s just that there’s a power gap leading to deviation away from the middle when it comes to bearing damages, that can be fixed in this way; ‘out of band’.

Or am I missing something …?

Plus:
[Or just pray, that’s also a (real?) red carpet option; Sicily]

Explicitation of Risk — scaring yourself into victimhood

As may be clear, Sloterdijk’s explicitation ideas don’t hold on metaphysics levels of abstraction alone.
It works for all the mundane stuff like ‘risk management’ [disclaimer for the contradictio], too.

And, by making explicit what previously was ‘there’ already, but implicitly and hence not in any beholders’ eyes, in this case all one gains is not understanding (per se) but especially, systemic, existential scare.
Because the Unknown is identified, explicitised into existence. The Unknown that is, by (now) definition, the primordial Chaos contra the Order of Zeus and Apollo in his wake. In turn turning your existence into some degree of insecurity. [In a practical sense, not in the Schäume/Über-sphere sense of Peter Big-S]
And then, ‘risk management’ is the continuation through treatment of that Uncertainty with the addition of other means. [Italics mine, to correct towards the Original quote.] Because, you see, ‘managing’ the risks, even if for the moment we purely hypothetically consider that to be the case in any above-absolute-zero factual degree even for the most trivial, operational form, means having to acknowledge the fundamental impossibility of it. The harder ‘modelling’ types throw their weight [ah, yes, a very-big-if assumption, Pinocchio/Calimero’an again] against the uncertainties, the bigger the resistance is; the harder the chaos-theoretical unpredictability of the future bounces back. The further pushed, the more the full weight of the Universe pushes back.

You get that drift.

Well, then. What remains in nearby sight is the loss of naïvety that would give room for human growth. No guts, no glory! Where the guts are taken out of the picture, when they once were the area where gut feelings pro and contra any action or inaction were properly weighed, now only stupidly-crippled-rationality weighted.
But on the other hand; believing in the efficacy of ‘risk management’ in principle, will lull to sleep in a most blue pill sense.

Just don’t force all to take that colour; some actually want to succeed in Life.
And:
[Aim for clarity, deal with reality; Amsterdam (Lights Festival tour)]

Being Creative with Trust in Identities

… seems impossible to get right. Since for sure, Identities that can be Trusted are so stable that all Creativity is impossible ..?

What does society-at-large want? If you think about the bandwidth above: Aristoteles’ true middle..! But would you know where that is, in this? Would it be sufficiently on the Fixed side to be able to be used as trustworthy Identity? Or would it be a matter of good-enough reliability, for the task at hand?
Possibly we should like Activity-Based Access Control to pair to this Task-Sufficient Identification ..?

A lot on this will have to be developed further, I’d say, but this could be the beginning of a beautiful friendship
Plus (skewed ‘horizon’-ID intentional…):
[All the ID theft may not get you here…; Amsterdam]

Imminent enrichment through AI — of jobs ..?

Anyone else feels like the breakthrough of AI in all sorts of jobs (yes, most certainly not only the bohrrring repetitive-manual-labour kind — that may be one of the kinds that comes much later in the sequence since it requires extremely sophisticated physical/intellectual (yes) interactions than previsouly thought (by humans))
is imminent?

And anyone see that the horror of replacement of humans XOR your co-workers is to come only (a bit) later, when AI-driven systems have become good enough to replace you, completely — leaving the spoils of labour to the (intensive people-farming) factory owners ..?
With in the shortish mean time, your job being ‘enhanced’ through AI, by the enrichment of having to deal less with the simple stuff and you having more time available to do more Intelligent (parts of) your job. Possile, on conditions of:

  • Such more intelligent parts of your job existing; a great many a manager may find there is no such thing, or the room for manoeuvre isn’t there;
  • You being able, capable, of performing such more intelligent job parts; with the focus on reporting (send/receive; hardly ever anything more than the extremely-simpleton processing in between) probably your capabilities have shrivelled into unusability;
  • Time availability is what holds you back so far; extending on the previous condition, you may find yourself to actually – be honest now! – already have had that time available but used it for busywork, like, being a Manager or so. And/or, by loafing or do I repeat myself. Now that you may get time available for Intelligent stuff, you may not notice that;
  • You getting paid more, or at least the same; as it turns out that the enrichment-by-cutting-out-the-bottom-part, leads to a serious pay cut as your Overlords now see your function as much less time-consuming or bottom-line-feeding. Especially the latter may turn out to be an eye-opener…
  • You getting sufficient time to build a new job; the creeping replacement of You by AI-based systems might speed up significantly as the first rewards transpire — to the Owners again — and hence the cry [not tag; ed.] for More may intensify the efforts to replace you ever more, funded by … your increased utility if at all, or the increasing utility of the you-replacing AI at least.

Suffice to notice that a priori it will be very, very difficult to meet all these conditions, if even anyone would try (apart from you, but you’re too singleton in this to pull that off). So…

Oh well, there’s always:
[A different look at Casa de Musica; Proto]

Quote by Book: John’son

Network: Any thing reticulated or decussated, at equal distances, with interstices between the intersections.
Dr. Samuel Johnson, Dictionary

No kidding. Only script kiddies of the worst kind don’t seem to get that. Though it has been around since 1755, as a definition that is. How prescient.

And:
[Mash; London (already some years ago, yes]

More of less

Digital cameras: The more pixels and quality-enhancing features (filters, autocorrect et al), the bigger the mass of lousy to so-so-at-best pictures taken. Selfies as case in point. The less, percentage-wise, the real art photography — squared with more picture exposure leads to more seeking out the ultimate quality / qualities by the discerning few.

The same, with management. The more of it we had, since WWII (sic), the more awful to mediocre-at-best management we had. Micro-management as case in point; intellectually at the same depth (‘level’ wouldn’t suggest the lowness of it) as selfies.
And, the less actual Leaders we see, perceive, acknowledge and laude. Unicorns notwithstanding — they may be the very build-up of a bubble that will in the end demonstrate the principle outlined here.

On this cheerful note:Photo10-4[Now there’s quality; near Racine, WI]

Tragic users

Isn’t it a tragedy that those that would most need full but fully inconspicuous, unnoticable security on socmed et al., are the ones that care the least?

This, both in careful scouring of legalese and practical settings, tools, and what have we, and qua effort to keep messaging (Email dies out hard, doesn’t it ..? Or doesn’t it due to very valid reasons..?) secure and data private ..?
On the other hand / end, not all ‘professionals’ practice what they preach to the hilt… And may do too little.
Flip side of “There exists no 100% security”: If you do only a little less, the huge costs aren’t worth it whereas if you do quite a bit less, you’re much more efficient. Hence, even reasoning from the other side, maximum security will leave gaping holes you (sic) will get caught in.

So, all are in an inverse Catch-22 of sorts… [there should be a name for that; suggestions?]

And:
Photo11[The one that checked water temp, wasn’t the one to go swimming…; Cyprus]

Plusquote: Happening

“For a moment, nothing happened. Then, after a second or so, nothing continued to happen”.
Douglas Adams, The Hitchhiker’s Guide to the Galaxy

When scientists of the most esoteric kind finally come to wrap their heads around Einstein’s “Time is that not everything happens at once” in a provable way (errm, would like to have it in a falsifyable way but how would that happen? [no pun intended when typing but now it’s there…]), i.e., to the insight that the most fundamental something that happens in the universe, underpinning and giving rise to space, time, and matter [overOxfordian?], is Information,
this Information thing may wrap up the second quote, and the official quote of the day may be what was before Information — apologies that there is no clue in there how nothing happening suddenly gave rise to Information of why it wanted to / had to do so.
Both of the latter cases to be reflected on Sloterdijk’s understanding of the Ultimate Insurance Provider sphere-wrapping The Universe And Everything.

Plus:
XcqOBO3[This guy understood; London]

From bike design to security design

You recall my posts from a couple of days ago (various), and here, and have studied the underlying Dutch Granny Bike Theory (as here), while not being put off by the lack (?) of design when taking a concrete view here.
You may also recall discussions, forever returning as long as security (control) design existed even when not (yet) as a separate subject, that users’ Desire Paths (exepelainifyed here) would inevitably be catered for or one would find continual resistance until failure — with opposition from the Yes But Users Should Be Made Aware Of Sensitivity Of Their Dealing With Commensurate (Linearly Appropriate) Security Hindrance side; things are hard for a reason and one should make things as simple as possible but not simpler. [Yeah, I know that’s a reformulation of Ockam’s Razor for simpletons outside of science and having dropped the scientific precision of O and of application to science where it’s valid and the second part is often lost by and on the most simpletons of all short of politicians which are in a league of their own.]

I feel there may be a world a.k.a. whole field of science, to be developed (sic) regarding this. Or at least, let’s drop the pretension of simpleness of cost/benefit calculations that are a long way on the very, very wrong side of but not simpler.
Anyone have pointers to some applicable science in this field?

Oh, and:
DSCN3655[Applicable to security design: “You understand it when you get it” © Johan Cruyff; Toronto]

Maverisk / Étoiles du Nord