Category: Innovation (technologicallly driven)

Crippling ‘synergy’

As of late, we haven’t seen too much news about failed mergers, have we or was it buried under seemingly more interesting industries’ development news ..? Like, the latter-day’s Seven Sisters on the ‘Net driving all M&A activity by grazing the startup pastures bare?
Actually, there are a couple of interdependent developments, it seems:

  • Classic mergers and take-overs (and divestments) seem to become more rare, as the importance of classical industry (primary-to-tertiary, maybe -quarternary) has diminished, in favour of, let’s say, quintary pure-information based industry/industries. I.e., beyond mere ‘service sector’ services but data-oriented everything. Hence, it’s IPOs to behemoths taking over microcompanies not mergers of (relatively) equals.
  • Classic mergers failed so pervasively in resulting net positive ROIs that no-one wants to deal with hem anymore. Including a development like this.
  • [Not all lessons learned, apparently; otherwise, these would be shared quickly and the M&A business would rebound — see (among) the following: ]
  • The new take-overs are of the obliterate-or-fleece kind; the heap of gold just being too big to resist after which the target is plucked bare for the few nuggets of worth in there, if any, then made disappear as technology integration overrides anything qua ideas that was of any value.
  • This pointing to where previous industries’ M&As failed, every time again [at least, often also for other factors of incidental and less interesting character]: Not accounting for IT. Would love to see the research that proves that the upswing of IT in business life negatively highly-correlates with merger failures.
  • Because the focus has been so much, longer-term, on ‘synergy’ — that always was in support fucntions that had to be shrunk, one plus one makes one plus less than half, or so. But this never worked, as the ‘keep as of old until integrated’ was executed so lacklusterly, Always leaving too many traces of old even when clean-slate renewal was attempted multiple times.
  • This in turn, because IT grew so much in prominence in business execution and administration — but wasn’t recognised as such; always relegated to the lowest of basement departments, that in the end the ‘integration’ [hardly ever to any measure of success off zero, almost always not associatiable with the term ‘success’ rather] of separate IT systems costs tons and resulted in … more costs, permanently, for not only the near term but -ever.
  • And, as above, this lesson haven’t been learned. As shown in this: Brexit woes

From which the questions arise:

  • Why haven’t we all (in particular, auditors of all shades that should have been the ones to have learned and warned) learned and warned that IT integration was so crucial, both in due diligence / cost estimations and in failure rates?
  • What is the content of the learned [not]; how to get good IT integration cost estimates, and what are successful methodologies for IT quality assessments ex ante and ex post?
  • Do we only learn from history that we don’t learn from history? This because two bullets don’t look right but three do.

OK, enough to consider and ponder; I want your pointers to definitive solutions in return for:
[Now there’s the resulting Simple view; Baltimore]

Behaviour is key to security — but what if it’s perfect?

When the latest news on information security points in the direction, away from reliance on technical stuff, of the humans that you still can’t get rid of (yet!), all are aboard the ‘Awareness is just the first step, you’ll need to change the actual behaviour of users‘ train. Or should be, should have been, already for a number of years.
In Case You Missed It, the Technology side of information security has so far always gobbled up the majority of your respective budgets, with all of the secondary costs to that, buried in General Expenses. And the effectivity of the spend … has been great! Not that your organisation is anywhere near as secure as it could reasonably have been, but at least the majority of attackers rightly focus not on technology (anymore – though still a major headache) but on the feckle user discipline. Oh how dumb and incompetent these users are; there will always be some d.face that falls for some social engineering scam. Sometimes an extremely clever one, when focusing at generic end users deep down in your organisation, sometimes a ridiculously simple and straightforward one when targeting your upper management – zero sophistication needed, there.

The point is, there will always be some d.face that makes an honest mistake. If you don’t want that, you’ll have to get rid of all humans and then end up overlording robots (in the AI sense, not their superfluous physical representation) that will fail because those underling users of old held all the flexibility of your organisation to external pressures and innovation challenges.
Which means you’re stuck with those no-good [i.e., good for each and every penny of your atrocious bonus payments] humans for a while.

Better train them to never ever deviate from standard procedures, right?
Wrong.
Since this: Though the title may look skewed and it is, there’s much value in the easy step underpinning the argument; indeed repetitive work makes users’ innate flexibility explode in uncontrolled directions.
So, the more you coax users into compliance, the worse the deviations will get. As elucidated, e.g., here [if you care to study after the pic; study you’ll need to make something of the dense prose; ed.].

So, here too your information security efforts may go only so far; you must train your users forever, but not too much or they’ll just noncomply in possibly worse directions.

Oh well:
[Yeah, Amsterdam; you know where exactly this depicts your efforts – don’t complai about pic quality when it was taken through a tram’s window…]

Pwds, again. And again and again. They’re 2FA-capable ..!

Why are we still so spastic re password ‘strength’ rules ..?

They have been debunked as being counterproductive outright, right? Since they are too cumbersome to deal with, and are just a gargleblaster element in some petty arms’ race with such enourmous collateral damage and ineffectiveness.

And come on, pipl! The solution has been there all along, though having been forbidden just as long …:
Write down your passphrases! The loss of control by having some paper out there, e.g., on your (Huh? Shared workspace, BYOD anyone?) monitor (Why!? Why not have the piece of paper in your wallet; most users will care for their money and those that don’t, miss some cells due to the same you wouldn’t want them at your workplace anyway) is minute, certainly compared to the immense increase in entropy gains i.e., straight-out security gains.
And … when you keep your written-down pwd to yourself (e.g., against this sort of thing), it becomes the same thing any physical token is and you created your own Two Factor Authentication without any investment other than the mere org-wide system policy setting change of requiring pwds of at least, say, 25 characters. (And promulgating this but that shouldn’t be too hard; opportunity to show to make life easier for end users, for once, and great opportunity for collateral instructions on (behavioural) infosec in general…)

What bugs me is that alreay a great string of generations have been led astray while all along the signs were on the wall – not the passwords on them, but the eventual inevitable collapse of the system, by users that demonstrated this security measure was too impractical to stick to par excellence as evidenced in the still-strong and practiced practice of writing down pwds. If people do some specific thing despite decades of instruction … might we consider the instruction to not fit the humans’ daily operations ..? so the ones seeking to Control [what pityful failures, those ones …; ed.] will have to rescind?

So, written-down passphrases it is. Plus:
[Easy sailing to new lands, beats being stuck on Ellis; NY]

No legalese please, we’re in business

Which translates to: A DPO better be an IT expert who has learnt [for clear thinking, UK English is preferred by far; ed.] the legalese of the GDPR, than a legal expert who has learnt some tidbits of IT. Despite the usual suspects exceptions, you do recognise the former and latter types in practice. And exceptions those are.
And debunking the myth that a legally schooled ‘GRC’ operative might pick up sufficient IT skills in a couple of courses or a bit of privacy practice, needn’t be necessary or you have done zero investigation re this. What a sorcerer’s apprentice of the pastiche kind do they portray. Because the mindset is inappropriate; the mindset of accidentally finding an interesting problem and for once not being dazed by those in the know, studying it extensively, how interesting this all, and then       hardly anything. Certainly (sic) no actual solution to the problem…
The IT side, so often and so extensively underestimated in its intricacies throughout the vast wide scope of it in particular qua privacy concerns even in the GDPR itself that core document around which so many circle, on the other hand is qua background focused on (actively going out and) finding problems and then creating and implementing a solution.
And at the same time, recognising that the legal stuff is not as hard as it is sometimes portrayed (instigated) to be and does not require more than a trade diploma level of intellectual development, if even that.

One could easily remain on the subject but without much gain. We retire, having made sufficient argument why DPOs have no legal basis need in their functional requirement.

Oh, and:
[Feel free to pose and shine – with pretense of superiority through some legal jargon most probably devoid of meaning; NY]

Take me out of the loop, (as I) please

Considering that there is this thing with privacy — where people are getting more and more aware that yes, they do have a legal right to not opt in to any scam’ish spam and Shallows-ing of their filter bubble [where the latter sounds soft and pleasant, pink, instead of crushingly dusty and petrifying your mind, the one thing that so far keeps you human].
Considering, too, that there is a push to have at least a human in the loop of math destruction. Which will fail if it’s a click-yes-or-be-fired job. Which it will, in the current setting and developments, be. Unless the human, and all of hes [her/his; LGBTQ-neutral] superiors all the way up to and including in particular, the Board members individually fully accountable, remain accountable for all that the click-yes leads to. They should be are or else they have to legal title to any income of any kind. But since the legal side is all set but the 0.1% is above the law, this isn’t happening.

At least then, we should aim for something similar to the cookie directive [so villified because it was such a glorious and simple idea it could work. could have.]; I propose:
The right to be left out of (statistical or other) profiling. Since the profiling follows from matching patterns that are different things from the data I providedmost probably to some party other than the one doing the profile extraction out of statistical masses – fitting me to the profile is a direct form of de-anonymisation to identification to which you have no legal right and a legal duty not to. Check your brain to see whether it is capable of the most basic functioning, which is sufficient to understand articles 11 and 12 of the Universal Declarations of Human Rights. Name one set of principles that applies more widely, globally, than that. Doing away not only with the nuisance but also with the filter bubble et al. including the atrocious downsides of false positives as per the link above.

Maybe the online ad markets would crash. Report has it that they already do; imploding under their own emptiness. There is no inherent reason any market should exist per se. The world would a. continue to prosper, so infinitely more so than before when ad markets would crumble; b. be a better place and who could be against that?

So after this bombshell of an idea, I leave you with:
[Peace of mind; at a borgho just North of Siena]

Your unbody double

So, there now is a thing being Artificially Intelligent 3-D Avatars. As per here. How nice.
And then you realise time travel may be possible once you don’t have the physical duplication problem anymore. Though we still would have the other problems; bummer.

But still, one of the problems has been solved. The others, actually … may need re-study. Because, there may now be differences in travelling forward (possibility approaching, when ‘time’ in your physical life needs to stay synchronised in some form or another with others, and your AI3DAvatar can speed up ..?) but then, returning to Now might (creation of possibility here) be equivalent or the same [which aren’t] to travelling back in time. Duh. Too bad it’s still so hard to reason (positive-)logically and consistently about this.

And, it will make the ‘need’ to have dirty, planet-soiling flesh-and-blood humans around, much less. There’s no such thing required anymore as people being trapped in The Matrix and then wanting blue or red pills, but rather it’s the attachment of AI3DAvatars to the Singularity Machine; their subsumption into it (removing duplicate or false/inconsistent memories – that will be there IF the AI3DAvatar’s anything like you) leading to their disappearance — all they ever (in the future) were, had already been included (thought out on its own) by the SingMach.

For now, we’re still here; individually. And:
[“Tape”copies of the views from up there, will be loaded to your AI3dAvatar in a millisec; no need for that either; CNN Tower, Toronto]

FOMO as FOYA gone bad

The enslavement to socmed seems to be a generation- … less thing: Unfortunately, all too many seem to need to be connected — mistakenly, just liking things will not lead to a true connection; how many are there that actually grow into such? Only on apps that are specifically aimed to that –swipe-left– otherwise, not so much. Or hardly. Most socmed like-affiliations are a. for sheeple attaching themselves to some brand(s), indicating their lack of self-esteem by submitting themselves as consumer-onlies, b. for lack of dare to actually do something for a Good Cause but wanting to be associated with Successful-in-life people [i.e., actual do-somethings] nevertheless. No c. to think of, qua ‘most’.

What remains, is a hard to miss impression of the truth, being that socmed attachments (mostly to the worst-on-ethics corp behemoths rather than anything) are panicked FOMO symptoms to the world, signalling a much deeper problematic psyche, being the Fear Of Youself As-is; FOYA.
That’s right. Individualism having gone so far as to drive all those that subconsciously cling to group belonging much more than is societally acceptable ( or so it seems!), i.e., the vast majority (of Like-serfs), to seek ways to still attach to something that can slurp up their feeling of insecurity (on their own) and return a pat on the back for group support.

You get it. Can ramble on, but have little time. And:
[An affiliation choice!; Amsterdam]

Leaking profiles

Got an attention raiser during an off-the-cuff discussion on data leakage. Qua, like, not getting the first thing about what privacy has been since Warren&Brandeis’ eloquent definition, and subsequent codification in pretty hard-core, straightforward laws.
The problem being, that no theory of firm (incl public) allows subsumption of employees into slavery, of mind or otherwise. Think Universal Declaration of Human Rights, article 12. Hence, tracking and tracing every keystroke of employees, i.e., treating them as suspect of e.g., data leakage before one has any a priori clue about everyone individually actually doing anything wrong, not having been granted any rights of surveillance in this jurisdiction, is a crime in itself.
And no, the comparison with street cameras that bother no-one and make everyone safer, is a lie on two counts. And, in many countries (the civilised ones; a criterion in reverse), such (total or partial) surveillance isn’t outlawed without reason.
So, your data leakage prevention by tracing everyone is an illegal act. Don’t.

No, your security concerns are not valid. Not the slightest, compared to the means you want to deploy. Stego to files of all kinds, when all are aware of its implementation, may help much better. And supplies you with the trace you want; not to your employee that you (but no-one else) suggest is rogue – (s)he knows about the traceabilitry so will be self-censored (ugch) into compliance – but to the third party that spilled the beans. Since stego-cleansing tools may exist, your mileage may vary. Encryption then, the destruction of content accessibility for those not authorised (through holding a password/token/~), will fail when anything you send out, might have to be read off a screen; the PrtScn disabling being undone by good ol’ cameras as present in your good ol’ S8 or P900 (though this at 0:50+ is probably the typical TLA stakeout vid/result).

Conclusion: Excepting very, very rare occasions, your data leakage prevention by employee surveillance will land you in prison. Other methods, might be legal but fail. Your thoughts now on outbound traffic keyword monitoring. [Extra credit when including European ‘human in the loop’ initiatives.]

And:
[No privacy in your prayers, or ..?? Baltimore Cathedral]

Get them ..?

The effectiveness of any system of limitation of random liberty for the common wheal, like, errm, traffic speed limits, where the enforcement hinges on individuals’

  • Weighing of necessity to break, either by being pressed (to arrive in time, or other coercion by others), or by an innate need to show off one’s [purely hypothetical; the more claimed, the more clearly emptily overshouting in vein] individuality;
  • Probability of detection, where of course society needs to balance total surveillance against freedom of movement — without interference even by blanket self-censorship;
  • Leniency of prosecution, i.e., whether one has boobs and cleavage (works with straight male and other-than-straight female cops, I guesstimate) and the happenstance happiness level of the state trooper (F/M/~), squared of course with how much over the limit you were and
  • Penalty — how much you’re charged for if at all

— with the overall effectiveness being helped most, it turns out, by #2 [Used ul in stead of ol on purpose, yes]. Making the societal weighing thing much more serious, (un)fortunately.

But also; how could this help in #ditchcyber space ..? Many more raps on the knuckles …? How? By enforcing time-outs on the use of the (=?) Internet? That would be quite some latter-day equivalent of shutting people out of global society by solitary imprisonment … (way beyond mere forced exile to wastelands (inclusive)or ‘Strailia). Calling to question the humanity of it. Or would it provide a (suggested limit:) day’s worth of re-education on the subject of life out there?

I’d want the latter for the great many … Time for some Multi-million scale entrapment…?

Oh, and:
[Yep that’s the panipticon at work in Penn’s Eastern State Pen — be it Al’s cell all nicely decked (with the wrong radio!); worth a visit ..!]

Some cloud insurance market

On the authority of a couple of very knowledgeable peers, there seems to be a discrepancy between the coverage (sanctions) that cloud providers (in particular the Big 4 of that) contractually will provide for, e.g., outages (recall the AWS East-1 one), versus what businesses (most, qua scale and lawyer fee availability) require given their revenue / reputation dependence and risk management.
In normal language, this translates to: If thing go pear-shaped, you only get something like 12 months’ subscription refunded even when your business tanks due to zero revenue when your services are unavailable. Zero chance to be able to negotiate this away in your contract. Hobson’s choices everywhere.

Isn’t this a great Insurance opportunity, then ..? Odds very low, deep pockets for redress xor easily re-insured, no real single-vendor dependency when taken global, etc. It’s just that there’s a power gap leading to deviation away from the middle when it comes to bearing damages, that can be fixed in this way; ‘out of band’.

Or am I missing something …?

Plus:
[Or just pray, that’s also a (real?) red carpet option; Sicily]

Maverisk / Étoiles du Nord