Category: Innovation (technologicallly driven)

Note to self: GDPR scrum with or without the r

Just to remind myself, and you for your contributions, that it’s seriously time to write up a post on Agile development methods [OK, okay, I mean Scrum, as the majority side of the house]; how one is supposed to integrate GDPR requirements into that.
Like, we’re approaching the stage where the Waterfall model      of security implementation, will be Done for most organisations. Not Well Done, rather Rare or Pittsburg Rare, at your firm [not Firm …]. But then, we’ll have to make the wholesale change to Maintenance, short-term and long-term. And meanwhile, waterfall has been ditched for a long time already in core development work, hence we have a backlog (huh; the real kind) qua security integration (sic; the bolt-on kind doesn’t work anyway) into all these Agile Development methods of which word has it everyone and their m/br-other seems to make use these latter days.

But then, the world has managed to slip security into that. Which is praiseworthy, and needs more Spread The Word.

And then, there’s the GDPR. May we suggest to include it in ‘security’ as requirements flow into the agile development processes ..?
As said, I’ll expand on this l8r.
If only later, since we need to find a way to keep the DPOs out of this; the vast majority (sic) of them, with all due [which hence may be severely limited] respect, will not understand to a profound level they’ll try to derail your development even without the most basic capability to self-assess they do it, in ways that are excruciatingly hard to pinpoint, lay your finger on.

But as written, that’s for another time. In the meantime, I’d love to see your contributions (if/when serious) overflowing my mailbox… Plus:
[Lawyers lurking next door…; Zuid-As Ams]

Emergent logic

Some time ago I posted something(s) on how the audit community could become relevant again, veering away from compliance(-only or -not even a bit by the disclaimers that destroy a rainforest on every occasion) and moving into the world of ‘ethicality audits’ on autonomous decision( system)s.
Now with the insight that until now, the humans in the loop, the big loop with many steps of analysis to be taken, were as a matter of fact complicit in drafting and applying patterns and pattern matching techniques.
Which is no news, but when we see now the automated-logic type of decision making that is no more than a black box, the question is: How can we analyse what happens inside ..? Answer: Use the tools that Big Data analysts use; extend them to cover specific cases / transactions and see how the argumentation flow was.    ..?

Still, there may be progress in this way. E.g., by the ‘decision’ or behaviour of the system, being emergent. So that we don’t focus on the bits (almost literally) of the case at hand but on the meaning of those bits. Because that’s the level that ‘conscious’ reasoning works on, seeking the nous from the lower and material levels, working on the ‘machine’ at the higher level, and then translating it back to the material outcome.
Which is similar to the analysis that is Process Analysis, if done properly.

I’ll expand, later. And:
[Aranjuez to impress; same]

The privacy-nightmare not your pseudo-dreams

Again, some serious flaw in the GDPR: Its reliance on, sponsorship for, pseudonymisation.
Which is worthless, already against break-ins.
And is worse, much worse, when you consider all the exemptions for ‘statistical use’ that are a cover for all the blatant abuse of personal data that the GDPR was originally intended to counter. And is worse, because six publicly available data points are all that is needed to identify anyone of the general public. De-anonymisation may be an art of sorts, but not a difficult one; easily demonstrated by any half-ass capable “hacker” consultant involved. [Of the Real kind]

Outside the controllers/processors conglomerates, such six points may have to be searched for – holdit; done. – but when anyone were to be able to infiltrate (why haven’t we heard of APTs for so long now? Because it was the TLAs, or is the overall picture waaayyy too scary to consider?), those six points are often found winthin one data set, if not with the IDs in some hardly-remote table.

And don’t come with the solution of homomorphic encryption, so usable for the statistical stuff. Also cracked, ever more systemically.

As if in today’s 21st century age, anyone would come forward with ‘these new developments, of motorised aeroplanes, with a “propellor” and all; they hold a promise for possible trans-atlantic flight!’ — Yet the GDPR isn’t different…

And:
[The background has much more circus than the tent before it, ifyaknowaddImean; Zuid-As Ams]

Music to AI’s ears

Will AI eventually appreciate music ..?

Not just appreciate in a sense of experiencing the quality of it — the latter having ‘technical’ perfection as its kindergarten basement’s starting level only; where the imperfections are cherishable as huge improvements, yes indeed [Perfection Is Boring!] … but moreover, music appreciation having a major element of recognition, subconsciously mostly, of memories of times almost-im-memorial.

Of course, the kindergarten perfection gauging, AI will be able to do easily. Will, or does; simple near-algorithmic A”I” can do that today.

Appreciating imperfections, the same, with a slight randomiser (-recogniser) thrown in the algo mix.

But the recollection part, even at a conscious level requires memories to be there, and as far as AI goes (today) even ASI will have different memory structures since the whole facts learning processes are different. And don’t mention the subconscious side.

Yes, ASI can have a subconscious, of which we aren’t aware of even able to be aware [Note to self: to cover in audit philosophy development]. But when we don’t hear of this, was there a tree that fell in the forest?

I’m off some tangent direction.

What I started out to discuss is: At what point does music appreciation through the old(est) memories recall, become an element of ‘intelligence’ ..?

With the accompanying question, on my priority list when discussing AxI: Is it, for humans ..?

And a bonus question: Do you really think that AI would prefer, or learn earlier about the excellence, of Kraftwerk or Springsteen? Alas, your first response was wrong; Kraftwerk’s the kind of subtle intelligent hint-laden apparently-simple stuff that is very complex and also deeply human — which you perceive only when listening carefully over and over again till you get the richness and all the emotions (there they are!) and yearning for the days gone by when the world was a better place. Springsteen, raw and Original-Forceful on the surface — but quickly showing a (rational-level) algorithmics play with not as much depth; even the variations and off-prefection bits are well thought-out, leaving you with much less relatable memories if at all.

Your thoughts are appreciated. And:
[Appropriately seemingly transparent but completely opaque; some EU parliament (?), Strassbourg]

Nutty cryptofails

Considering the vengeance with which cryptobackdoors, or other forms of regulation into tautological-fail limitations, are pursued over and over again (case in point: The soon luckily carved out surrender (to Monay) monkeys [case in point: anyone who has seriously tried an invasion, succeeded handsomely]), it may be worthwhile to re-consider what the current situation is. As depicted in the following:

In which D is what governments et al can’t stand. Yes, it’s that big; pushing all other categories into corners.
Where C is also small, and probably shrinking fast. And B is known; maybe not empty but through its character and the knowledge of it as cracked-all-around part, hardly used if ever, by n00bs only.
And A is what governments want for themselves, but know they can’t have or it will quickly move to B — probably without governments’ knowing of this shift…

And all, vulnerable to the XKCD ‘hack’:

Against which no backdoor-for-governments-only policy will help.
I’ll rest.

Glee because of support

All the mavericks of the world rejoice (and Maverisk among them, of course, already); finally there’s new [howzat for a typifying contradictio..?] evidence-of-sorts that the below that had popped into my mind a couple of days ago, is still, more, valid than ever. Being, related but in an angled/vector-transposed way, not about rebels but about other mischievings in general business management culture(s).

[Should I note that the ‘evidence’ already is worth much study and implementation? Yes I should.]
[Edited to add: Be ware of the other side, too; too many mediocre men just drift upwards by lack of weight: here.]
[Yup that’s a re-post from yesteryears, like, 12 March 2015 …]

Two points to make:
* Middle management will be.
* Secretaries should be.

The discussion regarding middle managers being superfluous or not had a slight uptick the past couple of months. With the latter voice having been a bit too quiet. Yes, middle management is under threat. It has always been; only the (history-)ignorant will have missed that. And Yes, all the Disruption things and similar empty barrel half-baked air by a lot of folks who have hands-on experience in the slim to none bin with (real) management altogether let alone this kind, have predicted over and over again that the disruption by Server-with-algorithm-app-that-schedules-day-laborers will make middle management redundant, as the believed task was only that.

Quod non. And as if just an algorithm will capture the full complexity (and incoherence, inconsistency, internally and externally contradictory ..!) of the requirements and work of the middle manager.

OK, we’re not discussing the drone administrative clerk that has Manager on his card (huh?) and sits in an office passing top-down orders and bottom-up reports back and forth. We’re talking the real, 24/7 problem firefighter here. The coordinator of chaos. The translator of lofty (other would say, ‘airhead’) ‘governance’ (quod non) mumbo jumbo into actual work structure and tasks, and translatereporting back. That survives and in doing so, shows great performance. The other ones, will be weeded out anyway, every time there’s an economic cycle downturn. [If the right ones would be kept, and the wrong ones ‘given growth opportunities elsewhere’. Seldomly the case; offing is by the fte numbers, and the wrong ones have being glued to their seats as their core competence, through sucking up or otherwise.]
So, the middle manager stays for a long time to come as (s)he does the kind of non-predictable work that will remain longest. If start-ups don’t have them, see them grow: They will.

Secretaries deserve a come-back. In similar vein as above, the vast majority of managers office clerks (from the shop floor (even if of knowledge workers…) all the way to near the top) these days have to do their own typing, scheduling, and setting up socializing things. Whereas before, economies of scale were many, and there were additional benefits because the good (sic, again) secretaries would e.g., know the best, unrenown restaurants all around and could get you a table even when they would be fully booked, and they would manage (massage away) some internal friction as well, often very discreetly and efficiently. Now, vastly more expensive (by hourly rate, productivity (think switching costs in the managers minds …, and utilisation), cost of ineffectiveness (sic again) and opportunity costs re their actual objectives (if these would be achieved; good/bad manager discussion again)) managers must manage their way around. An impoverished world it is indeed.

To bring back some joy:
DSCN8592[Some colour, but it’s down there… Zuid-As]

What you said, doesn’t matter anymore

Yet another proof class busted: Voice being (allegedly) so pretty perfectly synthesizable, that it loses its value as proof (of identity). Because beyond reasonable doubt isn’t beyond anymore, and anyone venturing to bring voice-based evidence, will not be able to prove (beyond…) that the sound heard, isn’t tampered with i.e. generated. Under the precept of “whoever posits, proofs”, the mere remark that no madam Judge we honestly did not doctor this evidence, is insufficient and there can be no requirement for positive disproof for dismissal from the defense as that side is not the one doing the positing. What about entrapment, et al.?

So, technological progress brings us closer to chaos. “Things don’t move so fast”-believers must be disbarred for their demonstrated gross incapacity — things have moved fast and will do so, ever faster. Or what ..?

Well, or Privacy. Must the above ‘innovator’ be sanctioned severely for violation of privacy of original-content-sound producers ..? Their (end) product(s) is sold/leased to generate false identity or doctored proof, either for or against the subject at hand, <whatever> party would profit thereof. Like an equipment maker whose products are targeted at burglars, or worse e.g., guns. Wouldn’t these be seriously curfewed, handcuffed ..?

[Edited to add, after drafting this five days ago: Already, Bruce is onto this, too. Thanks. (Not my perspective, but still)]

Oh, or:
[Apparently so secure(d), ‘stormed’ and taken practically overnight (read the story of); Casa Loma, Toronto]

Mixing up the constitution

When your state secretary is mixing up all sorts of things. When at the official site, at last email (and other ‘telecomm’) is listed to be included as protected on the same footing as snail mail has always been, qua privacy protection.

Which raises the question: Does that include the right to use (uncrackable) encryption, because that is what is equivalent to a sealed envelope ..? When the same government wanted to ban that, or allow simply-crackable [i.e., with bumblinggovernment means – the most simpleton kind or ‘too hard’] encryption only?
Why would this have to be included so explicitly in the constitution no less, when just about every other tech development isn’t anywhere there, and in the past it has always been sufficient to interpret/read the constitution to automatically translate to the most modern tech without needing textual adaptation ..? [As has been the case in every civilised country, and maybe even in the US too.]
And where would GDPR impinge on this; is the rush necessitated by GDPR (with all its law-enforcement exemptions, pre-arranging the ab-use of those powers GDPR will give), or is this an attempt to pre-empt protection against Skynet overlords (pre-pre-empting GDPR protection for citizens), – recognising that anything so rushed will never be in favour of those citizens – or what?

One wonders. And:
[So many “unidentified” office buildings in NY, NY …]

Pitting the Good against the Others

When the recent rumours were, are valid that some patches were retracted — and this was because they accidentallt disables other exploits not yet outed in the stash, this would bring a new (?) tension to the surface or rather, possibly explains some deviant comms of the past:
Where some infosec researchers had been blocked from presenting their 0-day vulns / exploit-PoCs, this may not have been for protection of the general public or so, but to keep useful vulnerabilities available for the TLAs of a (variety of?) country(-ies).
Pitting the Ethical researchers against the bad and the ugly…

No “Oh-oh don’t give the bad guys valuable info and allow even more time to the s/w vendors to plug the holes” but “Dammit there go our secret backdoors!
Makes much more sense, to see the pres blocking in this light. And makes huge bug bounties by these TLAs towards soon to be a bit less ethical researchers, more possible and probable. Not as yet better known, though. Thoughts?
[Takes off tinfoil movie-plot security scenario hat]

Oh, and:
[All looks happy, but is looked upon from above …; Riga]

DNA not so Determinant; there goes another piece of Evidence

[ Commemoration of the Dead, today in the Netherlands. Never forgotten. Never forget! ]

In the series of surrealisation of proof, in courts and elsewhere, turning anything into faker news than before – a trend that was under way already for a long time, maybe centuries but now speeding up enormously – after the most recent class of proof (yes don’t complain I’m clear, qua ‘class’!) we have even old (?) evidence classes being overthrown. Like, your DNA.
Somehow, we already knew that. Where the analogue of hash collisions happened IRL, with disastrous consequences for peoples’ lives, and that of their families, et al. Really, imagine yourself in the midst of it all: Ragnarök and the collapse of the foundations of society … I’m not joking any bit.

But now, again. What Evidence classes remain? When each and every class can be planted, fabricated (signatures, pictures; untraceably), coerced (‘rat out your partner or all of your family will be killed before your eyes’), etc., indeed nothing remains. Nothing non-repudiatory…

But flipside; Skynet is here. Like before.

And:
[Either way, you lose; Zuid-As Ams]

Maverisk / Étoiles du Nord