A different take on fireworks

Yes dear people it may be unbelievable to some but there’s some local areas, like the EU, where in some spots/countries, fireworks are still allowed to be lit by just about anyone [age limits for buying, much more overeasily circumvented than e.g., alcohol sales], on Dec 31 – and no-one seems to care about earlier (days in advance) occasional severity-max hindrance to the elderly, dogs, and generally phobic/gravely-disturbed-by-fireworks public. “Tolerance” never seems to go the way of the Meek.
But, when societal discussions go to maybe possibly impinge on these ridiculously-lax liberties, there’s hope. Of a replacement of sorts. Not (only) by means of public fireworks displays – that are, admit it, always much more beautiful then your own, and just noise doesn’t impress anyone but prepuerile boys – but also by, tadaaa:
This here idea of Drone-on-Drone contests. Should be fun! If only we could attach the equivalent of reactive stuff, just for the light show effects.

That was all, folks. Out on a bang with:
[Hey those things are still quite prevalent in Knightsbridge; are they anti-drone security devices or how backward can one be ..? Good riddance from the EU ..?]

Perception

The Doors to Which, you understood.
hat were delivered by all the other posts of this here blog you’re on.
T hough here, I meant it to refer to the cliché that recently rose up again from the dullness of repeat, being stated as “If a door closes before you, there will be another door open to go through” or something similar.

Which of course is very wrong.

When a door closes before you, you open it again. That’s how doors work.

Somewhat different, eh? Even when you’d have to kick it in. Or, reality being too complex to capture is such a short bon mot, indeed you take another door; (but only) when you’re tired of kicking. Whatever your perception of reality, the choice is still yours. Either take any flimsy, tiny hair of a threshold as an excuse to run away (from difficulty that you’ll find eve-ry-where, in particular when you run away so easily – ever more easily, ever less easily overcome), or you stand for what you set out to achieve.

On that festive note, I’ll leave you with:

[Dropped the true idea of Christmas, being thankful for having survived another year and with a glimmer of hope that next year might be a sliver better, now just called Winter Wonderland and being the worst (or over-the-top) consumerist-commercialised dump of rubbish packaged as Christmas market. With stalls from everywhere, in particular Germany, Belgium, Hollund. With merchandise from eveywhere though mostly from China. Now in Hyde Park]

Now you read me, now you don’t

As a pointer to what this is about…
You know, like the oldest tricks in the book, still going strong when all the world’s (worlds’?) arms’ races are going nowhere. As predicted. Where the title of course doesn’t reference a major part of the sec controls, stego.

But that’s a finesse point. Let’s be happy that research into faster horses continues, with results.

CU!
[Stylish; what’s hiding here ..? Even when you know where]

Toepasselijke infosec

Hoe is ook anders te verwachten van een museale aangelegenheid, dan dat deze als wachtwoord minimaal 6 characters waarvan 1 hoofdletter en 1 special character eist, in tijden dat al tijden duidelijk is dat dit a. onder het vroegere, ooit-eens regime al irrelevant zwak was b. door de NIST-paper(s?) allang achterhaald is. En mijn passphrase is er natuurlijk nevernooit in te vrotten – de werkelijk veilige manier van wachtwoordgebruik is te modern ..? Hoe lang moet iets achterhaald, verouderd, dysfunctioneel zijn voor de museumclub dat oppikt en in depot neemt, niet aan de voordeur laat staan?

Ach. En:
[Wachtwoord: MVSEVM]

Gee… DPR on Profiling

This again about that pesky new legislation that just won’t go away not even before it will be legally-effectively enforced [as you know, the thing has been around already for a year and a half, but will only be enforceable, in pure theory, per upcoming May 25th but your mileage may (huh) vary greatly – when Risk = Impact x Chance [don’t get me started on the idiocy of that, as here of 2013, Dec 5th – Gift time!] the chance is Low of Low and Impact can be easily managed down, legally yes don’t FUD me that will be the truth, the whole and nothing but it. So it will be legally effective but not in any other sense let alone practically].

For those interested, there’s this piece on Profiling. That has, on p.16 last full para (‘systems‘ that audit ..!?), p.19 3rd para from the bottom “Controllers need to introduce robust measures to verify and ensure on an ongoing basis that data reused or obtained indirectly is accurate and up to date.“, p.30 in full and many other places, pointers towards … tadaaa,

Auditing AI

with here, AI as systems that process data – as close to ‘systems’ in the cybernetic sense as one may get even when needing the full-swing wormhole-distance turn of the universe consisting not of energy but of information to abstract from the difference between info and data.

Where I am developing that auditing of AI systems as a methodologically sound thing. And do invite you to join me, and bring forward your materials and ideas on how to go about that. Yes, I do have a clue already, just not the time yet to write it all up. Will do soon [contra Fermat’s marginal remark].

Oh and then there’s the tons of materials on how anyone (incl corporate persons) will have to be able to explain in no complex terms (i.e., addressing the average or even less clever) how your AI system works…

So, inviting you, and leaving you with:
[What corks are good for, well after having preserved good wine – decoration. Recycle raw materials, don’t re-use data! Ribeauville]

Aïe! Missing the Point

Yet again, some seem to not understand what they’re talking about when it comes to transparency in AI…
Like, here. Worse, this person seems to be a rapporteur to the European Economic and Social Comittee advising the European Committee. If that sounds vague – yes it does even for Europeans.

For the ‘worse’ part: The umpteenth Error, to consider that the secrecy of algorithms is the only thing that would need to change to get transparency about the fuctioning of a complete system.
1. The algorithm is just a part of the system, and the behaviour of the system is not determined in anything close to any majority part by the algorithm – the data fed to it, and the intransparent patterns learned by it, are. The transparency needs to be about the algorithm but much more about the eventual parameters as learned throughout the training time and the training/tuning after that. [Update before press release: There seems to be an erroneous assumption by some way too deep into EC affairs that the parameters are part of the ‘algorithm’ which is Newspeak at its worst, and counterproductive certainly here, and hence dangerous.]
2. The algorithm can just be printed out … If anyone would need that. One can just as easily run an AI code analyser (how good would that be? They exist already, exponentially increasing their quality, savvyness) over the source- or decompiled code.
3. The eventual parameters … not so much; they’re just there in a live system; unsure how well they are written out into any file or so (should be, for backup purposes – when not if AI systems will get legal personhood eventually (excepting the latter-day hoaxes re that), will a power switch-off be the same as attempted murder, and/or what would the status of a backup AI ‘person’ be ..?).
4. Bias, etc. will be in the parameters. The algorithms, mostly-almost-exclusively will be blank slates. No-one yet knows how to tackle that sufficiently robustly since even if the system is programmed (algorithm..!) to cough up parameters, the cleverer systems will know (?) how to produce innocent-looking parameters instead of the possibly culpable actual ones. Leads into this trickery by AI systems, have been demonstrated to develop (unintentionally) in actual tests.
5. How to trick AI pattern recognition systems … the newest of class breaks have just been demonstrated in practice – their theoretical viability had been proven long before – e.g., in this here piece as pointed out only yesterday [qua release; scheduled last week ;-]. Class break = systemically unrepairable … [ ? | ! ].

Let’s hope the EC could get irrelevant just that little less quickly by providing it with sound advice. Not the bumbling litlle boys’ and girls’ type of happythepreppy too-dim-wits. [Pejorative, yes, but not degrading: should, maybe not could, have known better ..!]

Oh, and:
[Already at a slight distance, it gets hazy what goes on there; from the Cathédrale]

Loss of memory

Recently, was reminded (huh) that our memories are … maybe still better than we think, compared to the systems of record that we keep outside of our heads. Maybe not in ‘integrity’ of them, but in ‘availability’ terms. Oh, there, too, some unclarity whether availability regards the quick recall, the notice-shortness of ‘at short notice’ or the long-run thing, where the recall is ‘eventually’ – under multivariate optimisation of ‘integrity’ again. How ‘accurate’ is your memory? Have ‘we’ in information management / infosec done enough definition-savvy work to drop the inaccurately (huh) and multi- interpreted ‘integrity’ in favour of ‘accuracy’ which is a thing we actually can achieve with technical means whereas the other intention oft given of data being exactly what was intended at the outset (compare ‘correct and complete’), or do I need to finish this line that has run on for far too long now …?
Or have I used waaay too many ””s ..?

Anyway, part II of the above is the realisation that integrity is a personal thing, towards one’s web of allegiances as per this and in infosec we really need to switch to accuracy, and Part I is this XKCD:

The dullness of infosec ..?

And you thought fraud detection was about bank transactions or even counterfeiting physical stuff. Boh-ring, when you read this. Takes it to another level, eh?
Which brings me to an important issue: Are we not still studying and practising infosec from the wrong angle, doing a middle-out sort of development in many directions but starting at a very mundane ‘CIA’ sort of point. Which is of course core, but there is so much to cover that some outside-onto view(point) might be beneficial. We’re in the thick of the fight, and no matter in which direction you go, when you wade through the thicket with your control measures machete, you achieve little – when you then turn around to try to clear some area in another direction, all has grown dense with state-of-the-art arms’ race bush again already.
And yes, of course one can educate, etc. in some form of hierarchical approach, top-down. But that leaves us with many, all too many that float comfortably on the canopy where the view … isn’t that great as one’s very certainly in thick fog of the monsoon rain. And nothing is being directed (ugch) deeper down. Or controlled (?). Just more, most partial world views unconnected and behaving erratically.

The e.g. in this is that link above. A tiny subset of situational scenario. Not solved pervasively, once and for all. Now think about the hugely, vastly, enormously wider scope of ‘all’ of infosec that would need to be covered to a. arrive at sub-universes of control, b. overview.

The latter remains Open.
Me not happy.

Solutions, anyone ..?

Oh, plus:
[Ah! The days when this sort of ‘defence’ was enough to conquer! Alésie of course]

Less than containerload shipping

When one would be interested to keep up with what’s happening, and where future class breaks might be, a nice intro would be this little book. Like, when virtual machines came to the fore, it was declared that this would be a solution because of course the VMs would be impenetrable. By the utterly clueless, since it was the stupidest thing possible in infosec to say that. Though it cost some time to show the real value (positive) net of the risks (that indeed showed up…). With this subject, the same will happen. Future fact.

Oh and the post title just refers to shipping single pallets across the big pond, e.g., for these. Groupage, degroupage, forwarders, stewards, you know. The old, still there. And:
[Pro question: Beaune or Dyon ..?]

Trust ⊻ Verify

You get that. Since Verify → ¬Trust. When you verify, you engender the loss of trust. And since Trust is a two-way street (either both sides trust each other, or one will loose initial trust and both will end up in distrust), verification leads to distrust all around – linked to individualism and experience [we’re on the slope to less-than-formal-logic semantics here] this will result in fear all around. And Michael Porter’s two books, not to mention Ulrich Beck in his important one. So, if you’d still come across any type that hoots ‘Trust, but verify’, you know you’ve met him.

Since the above is so dense I’ll lighten up a bit with:
Part of the $10 million I spent on gambling, part on booze and part on women. The rest I spent foolishly. (George Raft)

Which is exactly the sort of response we need against the totalitarian bureaucracy (i.e., complete dehumanisation of totalitarian control – which approaches a pleonasm) that the world is sliding into. Where previously, humanity had escapes, like emigrating to lands far far away, but that option is no more. Hopefully, ASI will come in time to not be coopted by the One Superpower but then, two avenues remain: a. ASI itself is worse, and undoes humanity for its stubborn stupidity and malevolence (the latter two being a fact); b. ASI will bring the eternal Elyseum.
Why would it b. ..?
And if it doesn’t arrive in time, a. will prevail since the inner circle will shrink asymptotically which is unsustainable biologically.

Anyway, on this bleak note I’ll leave you with:

[Escape from the bureacrats; you-know-where]