Stop dads

When you read too much (ahead) into it…
By means of this court ruling. Where a father was forbidden to post pics of his (was it 2- or 3-yr old) son on Facebook or any other socmed platform, by request of the kid’s mom, since even when the father posted in quite tightly closed circles, Fubbuck has in its terms and conditions that it might use the pics for commercial purposes. Since the latter can not be ruled out and in the interest of protecting the child’s interests, the court ruled such, advising the dad to show the pics to friends op his home compu if he’d really want to.
[What need would the father have to do that? one can ask. Benign or perverted?]

From which we learn, if – very very big if – that indeed we should consider the need and purpose of posting on socmed in the first place. If it is content that one wants the world to see, it’s OK. If some part of that content, or the purpose of the post, would not be OK → get out. If the purpose of the post would be to show off (e.g., one’s cool-dadness – pityful! but see how the other 99.999% of posts anywhere are for that purpose and that alone…), really nothing may cure you (sic).

So now, what about this post …? And:
[Since it’s no longer the site banner: Rightfully and intentionally out in the open; Barça]

Loss of memory

Recently, was reminded (huh) that our memories are … maybe still better than we think, compared to the systems of record that we keep outside of our heads. Maybe not in ‘integrity’ of them, but in ‘availability’ terms. Oh, there, too, some unclarity whether availability regards the quick recall, the notice-shortness of ‘at short notice’ or the long-run thing, where the recall is ‘eventually’ – under multivariate optimisation of ‘integrity’ again. How ‘accurate’ is your memory? Have ‘we’ in information management / infosec done enough definition-savvy work to drop the inaccurately (huh) and multi- interpreted ‘integrity’ in favour of ‘accuracy’ which is a thing we actually can achieve with technical means whereas the other intention oft given of data being exactly what was intended at the outset (compare ‘correct and complete’), or do I need to finish this line that has run on for far too long now …?
Or have I used waaay too many ””s ..?

Anyway, part II of the above is the realisation that integrity is a personal thing, towards one’s web of allegiances as per this and in infosec we really need to switch to accuracy, and Part I is this XKCD:

Awaiting Asibot

All Are Ardently Awaiting – stop, semantics go over syntactic alli – the release of Asibot, as here.
Because we all need such a system. The inverse of Dragon Naturally (into Nuance, too little heard of as well!) combined with a ghost writer, as it were / is / will be. When prepped with one’s own set of texts, should be able to generate useful ground work for all those books you have been wanting to write for a long time but couldn’t get started.
Now, would such a system be able to extract hidden layers, stego-type of themes, that are in your texts that you aren’t even aware of ..? What kind of services would be interested most? Oh, that one’s answered before I finished typing; the three-letter abbrev (uh?) kind of course.

Still, would very much want to meddle with the system… Plus:

[If applicable to music, sunny Spring days in Saltzburg, too for …]

Culpably deaf

All that work for a private sector organisation who take (wrong) decisions based on false information – or, essentially, dismiss accurate, helpful information that would have steered to other decision alternative(s) – will be fired when the truth of the bad decision comes out.
Which would be helpful if applied to sectors where people’s money is so abjectly abused, too. E.g., like this one. Or this one (in English, some info here, and the whole idea of usefulness of having more and more data is debunked endlessly everywhere (you search)). Or this one, completely debunked here. The list is endless.

All of which points to a serious problem. The trouble with the world is that the stupid are cocksure and the intelligent are full of doubt (Bertrand Russell) AND the stupid (to which, ‘immensely’) seem to be masters at picking the wrong advice. Once ‘immensely’ is indeed added, one recognises the ‘politician’. Playing the role of the Fool (not the Jester), unsurpassibly perfectly.

But how now can we get those stupidestest ideas go to die, sooner rather than later ..?

The fact that an opinion has been widely held is no evidence whatever that it is not utterly absurd; indeed in view of the silliness of the majority of mankind, a widespread belief is more likely to be foolish than sensible (BR again). That’s completely true; moreover, it’s Maverisk’s motto.

Oh, and:

[To defend the Truth; Châteauneuf not the -du-‘ish or so]

The dullness of infosec ..?

And you thought fraud detection was about bank transactions or even counterfeiting physical stuff. Boh-ring, when you read this. Takes it to another level, eh?
Which brings me to an important issue: Are we not still studying and practising infosec from the wrong angle, doing a middle-out sort of development in many directions but starting at a very mundane ‘CIA’ sort of point. Which is of course core, but there is so much to cover that some outside-onto view(point) might be beneficial. We’re in the thick of the fight, and no matter in which direction you go, when you wade through the thicket with your control measures machete, you achieve little – when you then turn around to try to clear some area in another direction, all has grown dense with state-of-the-art arms’ race bush again already.
And yes, of course one can educate, etc. in some form of hierarchical approach, top-down. But that leaves us with many, all too many that float comfortably on the canopy where the view … isn’t that great as one’s very certainly in thick fog of the monsoon rain. And nothing is being directed (ugch) deeper down. Or controlled (?). Just more, most partial world views unconnected and behaving erratically.

The e.g. in this is that link above. A tiny subset of situational scenario. Not solved pervasively, once and for all. Now think about the hugely, vastly, enormously wider scope of ‘all’ of infosec that would need to be covered to a. arrive at sub-universes of control, b. overview.

The latter remains Open.
Me not happy.

Solutions, anyone ..?

Oh, plus:
[Ah! The days when this sort of ‘defence’ was enough to conquer! Alésie of course]

Less than containerload shipping

When one would be interested to keep up with what’s happening, and where future class breaks might be, a nice intro would be this little book. Like, when virtual machines came to the fore, it was declared that this would be a solution because of course the VMs would be impenetrable. By the utterly clueless, since it was the stupidest thing possible in infosec to say that. Though it cost some time to show the real value (positive) net of the risks (that indeed showed up…). With this subject, the same will happen. Future fact.

Oh and the post title just refers to shipping single pallets across the big pond, e.g., for these. Groupage, degroupage, forwarders, stewards, you know. The old, still there. And:
[Pro question: Beaune or Dyon ..?]

Almost but more than three bodies, still

Which is about this. Which is also about this, and others…
But wait; you’ve been misled, the above link is not about a ‘solution’ – it’s about an expansion of the problem… So, we’ll remain in doubt over the eventual logical possibility of generalisation of any solution to n bodies where n ≥ 3. Leaving the aggregation from (sub)particle physics to the Universe (and, well, how was ‘a bit onwards’ better phrased?), end up in a statistical grey noise chaos.

Too bad. Hence:
[Considerable boringly bland ..? Girona]

OM als tooltje

Wat ik me bij deze link nou afvraag:

  • Het genoemde risico van concurrentie-pesten / uitschakelen (het Internet vergeet niets, en daar kan heel de rijksoverheid of wie dan ook geheel niets aan doen) is levensgroot, ondanks de minieme en volledig transparante schaamlap van eigen beslissing die bij de betaaldiensten wordt gelegd – die zullen zich zeker (ontkenning diskwalificeert van handelingsbekwaamheid) verschuilen achter het OM. Wat gaat het OM daartegen doen?
  • Zoals in het commentaar bij bovenstaande link; de ‘bewijslast’ is een aanfluiting en treft de kleinere webwinkels veel zwaarder dan de grotere die veel meer middelen hebben om hun ‘onschuld’ (juist daar: quod non!) te ‘bewijzen’ afgezien van hun marktmacht richting betaaldiensten. Drie klachten voor de grotere, drieduizend voor de kleinere wellicht ..?;
  • Als het OM informatie doorgeeft waarvan volslagen duidelijk is dat doorgifte disproportioneel is (hoeveel aangiftes van véél kwalijker zaken werden/worden ook alweer geseponeerd omdat dozijnen ambtenaren gewoon geen zin hebben om hun werk te doen?), zijn zij mede aansprakelijk voor de gevolgen. Gemiste omzet, gederfde levensvreugde (juist bij de kleinere webshops die door de groten aan de kant zullen worden geschoven – dát zijn pas onoirbare praktijken, maar ja die groten hebben de willoze lendepop het OM in hun zak – zal een blokkering wegens de minste aantijging van ongeoorloofd gedrag, hoe onterecht later ook zal blijken, al snel tot volledige sluiting leiden, met alle faillisementskosten en afwikkeling op privévermogens van dien – het leven van de eigenaar zal nooit meer hetzelfde zijn. De aanzet die eerst blokkeren, dan uitzoeken inhoudt, is een regelrechte omkering van de bewijslast, en treft zéér onevenredig veel onschuldigen (valselijk beschuldigd, onevenredige en onherstelbare schade) terwijl de schuldigen gewoon verder zullen shoppen; die hebben de plan-B betaaldiensten allang opgelijnd.
  • Het OM legt dit betreffend onderdeel van haar taak naast zich neer, derhalve dient het evenredig te worden gekort op het budget. Ad infinitsimum. Het OM laat zich willens en wetens als ‘conduit’ misbruiken door de grotere webshops, en verspeelt daarmee haar gezag en rechtsgrond van optreden. Sluiten die tent dus ..?

Het is duidelijk: Als dit wordt doorgezet, failleert het OM zichzelf. Toch ..?
[Van bastion tot ruïne; Cardona]

Arms / race coming to an end ..?

When this is still necessary and (counter)x-measures will continu to be developed, for sure, how will this little nugget of WP29 change things?
Because it has power. That may lead to a throwback. For how long? The harder the throwback, the longer to recover. But the more powerful will be that rebound ..? We’ll see. For now, canvas blockers are still the way forward, so implement them, right?

This post was brought to you as a public service announcement from the sanity of browsing for information security and privacy blog you’re reading.
But seriously, why is there so little analysis of the WP29-on-Profiling stuff ..!? And:

It doesn’t matter

A great many before me have discussed the merits pro and contra using contractors instead of perm contracted staff.
I will still give it one more go. Since lately, there has been some back and forth again about motivational issues and how certain is one in one legal contract situation compared to the other hence how motivated can one be and why the need to cater to so different audiences as ‘manager’.
The thing is
It doesn’t matter:

When investigating the differential motivators, one invariably ends up with the same motivators, and much the same demotivators (nicely depicted here of course still going strong, since tout a continué).
This, coupled with:

  • Financially, you’ll have to pay for income taxes (buy side yes), holidays, sick days, etc.etc. (welcome to Europe!) and all of the administration surrounding that when you hire someone on a perm contract. If you hire a contractor, not so much; all costs are for the contractor
  • You’ll also have to pay for continued education and a company car for perm contracters. For contractors, not so much; all costs are for the contractor
  • Add in a ton for pension contributions (we’re still in Europe). For contractors: Nope.
  • How about severance packages? (Oh, shouldn’t differ much…)
  • Going through the calculation motions, it is little wonder that fully loaded costwise, a perm contractor will cost you 2,5-to-3,5 times per hour what a contractor bills you
  • And your perm contractor is scientific reasearch confirmed actually productive for four (upper bound) to two (lower bound) of any eight-hour working day. Your contractor can only bill you for two hours slippage per day, at most
  • You can even expect to pay more for the above motivators when dealing with perm staff. Contractors behave more mature and don’t need as much of everything

clearly leads in one direction. Isn’t there a catch ..? No, only if you’re Mr Tax Man; then, you’re the one losing out. Otherwise, you as an employer can gain seriously even when paying out ‘huge’ hourly rates to contractors.

Remember that.

Your comments, please.

Maverisk / Étoiles du Nord