Category: Information Risk Management

No pride, just the same

When you need a book to explain, or enthrall, some unexpected readers into believing Hygge were something exceptional — the Dutch have had Gezelligheid already for ages, without considering it something so special that it would need any investigation; just smile as tourists discover it to their surprise. Certainly not treat it as if it were something that defines the national mood…
No, the English Wikipedia page is wrong on this. The Dutch one is correct period

Whatev’; and:
DSCN1420
[This, beating Legoland; Toronto]

A parachute to your Dutch granny budget

If you have no clue about the title, read on.
It’s about a Dutch ‘granny bike’. And about your bosses’ golden parachutes. And how to get budget for the playthings bare minimum tools you require.

First off: the biker part. Note that this has unsurpassably been written up here. On how crappy banger bikes, are locked with supremo but ridiculously expensive gear and how this out-of-all-proportion control-cost still makes sense. Reading is believing.
Second: These days, FUD is Real; à la the “Either you’ve been hacked or will be, soon” line and including the ever bigger transparency in the press. With a warning of impeding disaster for all your remotely involved (even if by negligence — wait did I write ‘if’ ..?) bosses and their tenure, as these days, too, a great many including CEOs get fired / are forced to quit / commit seppuko almost, when <youknowwhat> hits the fan and always runs downstream, hence getting a lot of you superiors their golden parachute. Their mileage may vary, but the threat finally (…!) is a believable one. Either they believe (wrongly) to be able to escape the gauntlet anyway but should then, officially, care about the parachutes’ cost to the company and take that as a clue about the (tenfold++) reputational damage to the company, or … they aim to take the money and run and go on disastering elsewhere, leaving said reputational damage and parachute costs to the laggerds left behind — you inform the odd superior here and there that their colleagues/peers are about to pull their leg and leave the sweeping up of the damage to the stayers.
Summing up to: At the cost side, the rationale is such that the ceiling of any of your proposals takes off to, at last, suitable levels. At the benefits side (cost-avoidance), suddenly the decision makers’ personal interest is there.

Combined, this should as written suffice to finally get sufficient budget for the playthings bare minimum tools you require. Or what.

I tell you what: The above even now may still not make sense to the … [expletive censored] bosses above you. Plus:
DSCN0770
[Harmless sea beggars on the Dutch coast; Bloemendaal]

Cozy versus Anti-cozy

Once more reaching back to last Wednesday’s post: Opposing sides may have to recognise the very existence of the other one.

When anti-bureaucracy force battle the eternal struggle against complacency et al., they better take into account that 60% of people (any mass), is of Type B, and hence will diligently work 9-to-5 and not complain too much. And, by their majority and no moral objection to hence realised mob rule, will (try to) encapsulate the Other 40% Type A’s. Whereas if all the Type A’s were contra their nature to band together in some loose-form cooperation, this could very easily deteriorate into B big time.
And, in a world that’s overly complex, even when subsets of the complexity may be institutionalised, B may be the only feasible organisational form — IF one’d want to organise it all. Which one would, if out of fear typical of the 60% …

So we’ll sine-weave from side to side, and:
DSCN1053
[The displaced after Romans’ Franks primordial fear of disappearance leading to ultra-centralism as core quality of the (leading socio-cultural-economic elites of) the nation, sometimes leads to something pleasing the eye; e.g., La Défense Paris]

Angst is not temporary

Struck me while going through, near the finish, Graeber’s Utopia of Rules, that the fear for the Unknown What to be Feared that keeps so many captured in Bureaucratia and will defend it and stupidify themselves to such utter stooping levels just by being harrassed into Fear of Anything Else,

is in the end a reason par excellence to venture forth with contracted staff.

rzpcz
Not the other way around, where one still hires unknown qualities, with similar or ex ante already less excellent staff [the truly excellent trust their qualities to survive whereas those shooting for perm contracts, don’t by definition] and then you’re stuck with them.

But straightforward, with staff that has the balls (F/M/~) to do the job, needs no fall-back security through the layoff premiums [hey, if you’d want to fire the perms, you can but at a modest cost], and moves away when they see their talent better deployed elsewhere [hm, a risk to you, to lose your best hires — or you keep them motivated…] or you both do that.

When put into a cost-benefit analysis , it plays out just as well.
Hiring costs: Better on the Temp side; Management/oversight/control/coordination costs: Better on the Temp side (! they’ll manage themselves thank you); Straight paycheck costs: Better on the Temp side! Yes indeed, when compared to fully-loaded super-grossed Perm rates that include all social benefits, schooling, &c. &c.

Just ditch the middle extortionist men.

So, follow your Angst and hire me… Plus:

DSC_0202
[Changing the views, improves them…; question: Where?]

DoS Internals

No, no typo. Not DOS Internals or so. Rather, internal DoS attacks.

Are they tractable? [Uhh, that may sound like they’d be positive things to be able to do — sorry, just hinting at “technical feasibility” here]

Yes they are. Stuxnet was the prime example. Something similar would be tractable once one is (somewhat) on the inside, I guess. Like, an APT exploring the internal networks for topology, infecting routers along the way, and then blowing them up all, all at once, with megazillion tons of traffic, internally generated. Denying (internal) network services to all. Or even bricking routers with e.g., flash-ROM attacks. Feasible.

The same, with surreptitious tweaks of kernel scheduling processes, Stux style. Or, there, too, diving deep into and under the virtualisation layers and bricking the core BOISsen and other Level 0 / 1 server software. Overflowing disks with random data (be sure to buffer tons, so restarts / re-mounts will not help too easily).

Hmmm, once one starts thinking about it, the possibilities are huge. Maybe some nationstate party/ies has some arsenal out there in the wild already. Think yesterday’s post; on its own or in combo with Elections, whose interests where?

Oh whatever … plus:

DSCN7411

[A hole in your servers’/routers’ “floatation” capabilities will sink your infra; Baltimore]

Did / Did Not (Know Who Did)

Anyone still have an overview of where we (?) stand qua attribution of “cyber” attacks [ #ditchcyber, of course ] ..?? Apart from this

There’s so much development in attribution with or without proof, e.g., about hacking elections in some outer corner of the world’s population; was it truly hacks, was it some nation state, was it some scapegoat hackster, was it all a set-up, where are Wikileaks, Anonymous, [fill in your favourite Four Horsemen party and colour the pictures] … the possibilities are endless.

But there are indeed flashes like this and this, which spark some controversy whilst blurring the overall picture. And we’d want unblurred pics of hotel room showers oh wait not I.
And what with all the tools out there (remember, the FBI’s stash stolen and now on fire sale for 99% off the previous list price, right?), planting others’ fingerprints and DNA, so to speak (no, literally ..!), and have pictures and videos even that are near-indistinguishable from proof; what evidence if any is still admissible in courts? None …!? So, what attribution …!?

When others talk about “controlling the cyber battlefield” (no, not the FBI but the extraterritorial agency), isn’t there a protracted “cyber” [ #ditchcyber ] world war under way already ..? Just not as hot as the previous one, more like the Cold one, schlepping on ..?

Just accept all Peace For Our Time‘s … and:

hC467CB09

[The SocMed approach: Look! Moose babies!]

Ad Lib / Logic

About some ‘logic’ in an @bookingcom ad.

Where this, commonly well-regarded, travel site sent some spam: “Umbrella in hand, J, it’s raining deals!”
Which may or may not be true, but

  • If it’s deals that it’s raining, I wouldn’t necessarily want to shrug them off with an umbrella
  • If it’s deals, why associate them with bad weather which I may want to escape, through the deals
  • Can’t the deals be collected on some company web site or so; why should it rain into my Inbox?

So, methinks the ad is a wide-net phishing run. Right ..?

Oh, and:
000003 (8)
[Old analog pic; now there‘s deal weather …! Martinique — once was business travel location 😉 ]

Walking away from your desk

This, re yesterday’s post that was in some vincinity (though with quite some distance to spare…) of ranting about bureaucratic stupidity being a pleonasm.
By means of a pic, with:

  • A Bureacrat certainly designed this. The ejection seat would to a bureaucrat mean the danger of you escaping from the post you were supposed to hold no matter what — since in the bureacratic only thinkable scenario, nothing would ever happen or you’re unfortunate collateral loss but hey, the System continues to perform.
  • For all others (the handful, the few good men), the ejection seat is apparently surrounded by just that danger, and to be used to escape from from that immediate and urgent, life-threatening danger of death by utter boredom, by sitting still. Noting that the rig that the sign is on, invariably is one made for dangerous action, not for danger evasion… Ships are safe in harbour but that’s not what ships are for; kites [your check] so much, much less so!

Which side are you on; the sit-stillers’ or the Action Men’s ..?
danger-eject-svg

Two's a Charming Bureaucratic Voilence

First, two (yes) quotes:

To put it crudely: it is not so much that bureaucratic procedures are inherently stupid, or even that they tend to produce behaviour that they themselves define as stupid — though they do do that — but rather, that they are invariably ways of managing social situations that are already stupid because they are founded on structural voilence. (p.57) [ Where structural voilence is … look it up in your sociology study’s notes. Implicit or even explicit threats with disciplinary boards (however pastiche) and ostracism certainly gives you the right idea; ed. ]

At the same time, if one accepts Jean Piaget’s famous definition of mature intelligence as the ability to coordinate between multiple perspectives (or possible perspectives) one can see, here, precisely how bureaucratic power, at the moment it turns to violence, becomes literally a form of infantile stupidity. (pp. 80-81) [ Emphasis mine; ed. ]

This being from Graeber’s Utopia of Rules of course.

Now, apply this to the obviously receptive [what is the opposite side from ‘applicable’?] situation at some petty association that aggrandised itself and use the introduction of ‘quality control’ — not over itself but over parts of its member base — in a criminal way [since the legal and (self- and external) regulatory arguments were and are simply invalid, and procedures at points illegal outright] to force them into obedience to Kafkaesk procedures that wouldn’t and still don’t apply to those in power at the association. Gollum “the ring is mine!”.

My point being the conclusion of infantile stupidity. Charming for its tragicomedy. A disaster at many fronts for those affected by it…

Oh well:
DSC_0196
[To swat a completely imagined fly; Edinburgh]

Hoodies are off

Truly, we have arrived in a distopian world when crime fighters go after the petty ‘criminals’ only — if there were any bigger catches, the headlines would be flooded and as we hardly ever see that, this is the best for the fighters that they can brag about ..?
I mean, have a look at <link>; a real Cyberrr! (#ditchcyber) criminal was caught! How incredibly clever he was! Being traceable by his ‘own’ IP address and own bank account. So certain of his own greatness that he didn’t even seem to have worn a hoodie — you know, the device that keeps all ‘hackers’ [Dammit! Learn the difference between hacking and cracking!!! or remain a stool forever] completely anonymous. And in Russia. Or did I say R I meant China, when it’s about nation-state retaliation (sic!).

Where in Lucky Luke and Billy the Kid was it that the quote passes “Yes yes be silent dear little boy we do know you’re a really grow-up thug.” ..?
Time to hold this to the Police …?

Oh, and:
DSCN9971
[Surely, no-one would dare to attack here? Surely, this is just a decoy and nothing of value would be inside ..? — Well, the value’s not only in the hotel facilities but much more in the wine cellars … next door; Castello Gabbiano]

Maverisk / Étoiles du Nord