Category: Innovation (technologicallly driven)

No more cat, up P ..?

OK, we’re now something like a month after the launch of Meerkat. Do we still remember or even use, or was it wiped off the MAU market by Periscope ..?
How fast some things go. Having to be vigilant on a 24/7 basis. Maybe DACs might best take over in the end, indeed, so we can get some sleep. Or, no, … in what way would that work? Users consumers sheeple may be needed to generate content that has more than machine interest otherwise ads won’t work.

But do DACs even innovate ..? Or just develop, possibly prosper (go beyond hockey stick investment recovery), and wither ..?

More importantly, how do the two not point out the futility to move innovation into its limits in just this one direction ..? B/c it doesn’t really contribute to the diversity of communicative expression, does it ..? It’s just Me, Me, Me I Am Totally Awesome Posting This Clip Ermagerd all over again.

Let’s not get too negative. Sometimes, true Innovation goes by little steps. As, here, microsteps. And not really helping humanity in any useful way. Hence, I’ll leave you with:
DSCN2198
[Ludwig dreamin’, static at Barça]

VoteChain

A short question: Would anyone have pointers to info on how to use blockchain methodology to have (physical-world) voting on the ‘Net but with integrity, secrecy and (non-)repudiation everywhere, from eligibility registration to tallying and publication ..?

Because I’d say there’s possibilities with said technology ( / process / methodology / application ?).
E.g., what was it again with that Swiss canton that did three votes per voter and newspaper publication of codes, and other such schemes ..?

Otherwise, this:
[youtube https://www.youtube.com/watch?v=PLIVVDmDjDI]
Will return on this subject. For now:
DSCN7683
[Not seen so oft; for no (?) reason; FLlW near Baltimore]

Here, First

Integrity at any level is the Yggdrasil of any CIA or other quality of the layers on top of it.

I.e., if at the platforms level the integrity of software (à la Turing, engine/programs and data) cannot be fully 100,000…% be guaranteed, no extreme of measures op top of it can restore the missing percentage, only (somewhat) limit further deterioration of the stack on top.

Okay, this being a bit abstract, a somewhat more simple and extensive explanation will follow.
Till then:
DSCN6859
[No base, no glory; Sevilla]

Th Ei(ght hours overtime) Team

When one has the luck to be selected and present [see below…] for the 8-i.org challenge, Dutch division, one learns.

It started when my wife, volunteer for the Stichting Babyspullen, happened to get a slot at the March 28th Utrecht session. And couldn’t find a fellow volunteer to be present all 18:00-04:00h so I chipped in (also for the ride home as public transport would be a night-mare).
It continued with all sorts of small lessons learned throughout the evening, regarding (event) management and content.

But the one thing that stood out was: How, per charity, the volunteer creatives that lend their time, were hand-selected to form as (age-)diverse teams as possible, and with a definite eye for some but optimised not maximised team competence diversity as well.

You probably get it already: Why don’t all businesses work that way ..!? Why would any buiness that wants to think of itself as Creative or Innovative or Open to Change or just We Don’t Want To Acknowledge We’re Boring As Heck, follow this model, too? Usually, almost always, the safe route, the Our Kind Of People incestuous groupthink wins out. Yes, even in creative circles, anyone not fitting the wannabe-hipster mold would be outcast, not allowed in.

So, @8_iOrg won the day, and saved it (for me, for this already), by deliberately changing common ways and demonstrating that when results are wanted (i.e., the specific objective(s) for the charities helped for free) where any level of creativity is required, one best goes for team diversity.

Now you all go out there and spread this word in your organisations. Not by babble but by actual action. For now:
??????????
[Where would be the reason to build something standard?
 Why need a reason to be creative?
 Hopefully, all will move to standard-only-where-actually-needed…;
 Cala at Hoofddorp]

Golden Oldie Pic Of The Day

Just like that, as you’ve become to know ’em:
funny-kids-6
Of course, contra all these ‘tests’ (quod non) of ‘intelligence’ (quod non) on, e.g., LinkedIn. Because they’re so trolling’ly playing on the gullibility of viewers for Order. That there may not be. Similar to the above, in numerical form most sequences are just (usually, strictly) monotonically increasing, sometimes decreasing – less often so, as the intuitive approach of zero may remind some of Bottom too much, hence too frightening, to consider negative numbers: Even the restriction to (almost always strictly positive, or plain positive) Natural numbers is just an implicit assumption – why wouldn’t rational, real or even complex numbers do ..?
And where all these assumptions are implicit, they can NOT apply. Only the sequence definitions that are explicit, are valid. The rest are thought into it, and hence have no value. ‘Intelligence’ is not seeing patterns that happen to appear non-random …!

Progress (cont’d)

In the series of updates on where actual rpogress is, beyond (or in undertow of) the hype, herewith another shining example: This. [Huh that ‘typo’ was on purpose]
Good to see that there’s more to exo than plain mil or med applications – b/c now, the ocean between the two may be explored iso falling back to these sectors every time when some new idea comes along.
OK, for now:
DSCN1252
[Meanwhile, static, old London]

IoTA mutiplication; old style, is the new new

Apart from the previously established focus on Integrity, in particular to have Data plane integrity from which actual Information could be derived, through integrity in the Control plane, there’s of course a need for other aspects as well, like Confidentiality, Availability, and Effectiveness and Efficiency.
[Oh that previous Integrity signal is here.]
Though the latter two, we’ll diss straight away as most secondary, at best, along with the even further irrelevant Auditability et al. That take a devastatingly distant back seat to ensuring the first three objectives are met; not to interfere by mention, even.

Intermission:
DSCN5611
[Onto itself, good enough; Papendorp]

And, we’ll square the three foremost information/data/systems/elements quality aspects with the great many objects one can outline in the IoT sphere. Leading to very interesting new combinations of various corners and angles of objects and aspects in all sorts of abstraction levels – multiple, not necessarily constant, consistent or complete when studying for certain overall audit objectives.

And, let’s not forget, we do have OSSTMM for more traditional objects, and may (have to) enhance that to incorporate the ‘new’ more technically oriented objects of sensors and actuators (including a need to understand and probe them, e.g., at the AD/DA-converter and pure signals levels).
But we also need to incorporate the vast blue (rather, muddely grey) ocean of People, as controls and to be controlled elements.
Only then, can we have a full systems view on the to be controlled and to be audited phenomena.

But we dreadnought and fear not; for we have a number of building blocks bricks, even if at Lego size. Like the security suites springing up and spreading, Splunk et al and al. of the proprietary hardware-vendor types.

To Be Continued in extenso, including including these vendors their security-management-first approach which helps a lot, through logging/reporting availability and some security control, and including including the generic risk management approach that is at the limit of what common auditors’ associations seem to have as vanguard developments in lieu of actual understanding of the vast terrain to cover.

All in all, together in order

Ah. Actually, I needed a well-ordered list of the subset of my posts re All Against All. Because searches don’t pony up the rightly ordered results, herewith for future reference:

So… Done. For you:
DSCN4588
[Well-calculated dare, Madrid]

SwDIoT

Recently, there was yet another exepelainificationing of ‘software defined networking’, along the lines of separation of the control plane from the data/content plane (here).
Which ties into a core problem, with IoT the subject of this post: Integrity.
Yes, confidentiality may be an issue, but singular raw data points themselves often are too granular to actually steal any information from. And Availability is of course also of the essence, especially in ‘critical’ systems. But te main point of concern is with Integrity, of the system in a wider sense, but also in the smallest sense.

Take Stux … Integrity breach as the vector space, spanned along a great number of dimensions.
Objective: Degradation of the information value; increasing the variance to a level where noise overwhelms the R2 of the signal (however far from log2(n), big if you understand), through degradation of the (well, original) software integrity.
Path: Introduction of intentionally-faulty (?) software. With use of of, probably, penny-wise correct IAM, being pound-foolish at the medium level. I mean, the level where human and other actors are unwitting accomplices in planting da bomb. That’s what you get by simpleton top-down compliance with just about every thinkable rule: To do any work, underlings will devise ways to circumvent them. And, adversaries will find, see, avenues (that wide) for riding on the backs of the faithfully compliant to still achieve the objective.

But OK, back to … separating the control plane from the data plane. Bringing a shift in efforts to disrupt (no, not of the mehhhh!! destructive, economy-impoverishing kind but in the actual signal degradation kind) from just-about any attack plane down to, mostly, the control plane. That may seem like an improvement, de-messing the picture. But it also means shifting from a general, overall view of vulnerabilities to the core, and a core which is less tested or understood, and harder to monitor and correct, than previously. Or is it ..?

So, if we take this Software Defined to IoT, we’ll have to be careful, very careful. But yes, IoT is constructed that way … With signals to actuators that will result in altered sensor data feedback. Know the actuator signals, and the actuator-to-sensor formulas (!), and you’re good to go towards full control, with good or bad (take-over) intent. Know either (or how to get into the sensor data stream), and at least you can destroy integrity and hence reliability. [DoS-blowing the signal away in total blockade or grey noise wipe-out, and your cover is blown as well. Is a single-shot or semi; you may want to have full-auto with the best silencer available…]

Hm, the above from the tinkering with the grand IoTAuditing framework promised… To turn this all into a risk managed approach. Well, for now I’ll leave you with:
DSCN3214
[It has a glass floor up in there, you know. Blue Jays territory, ON – and yes, a very much sufficiently true and fair horizontal/vertical view picture, according to accountants]

Morozov’s no joke

Just a vey few:

“The fear of appearing inauthentic, of being a fake, has propelled nearly as much technological innovation as pornography.”

“But Adorno does have a point: authentic things are not necessarily morally good, and morally good things are not necessarily authentic.”

“In this, the authenticity rhetoric of Facebook is strikingly similar to the public debates in 1950s America over whether uniformity (everyone living in mass society is essentially the same) was a greater sin than conformity (some people adopt ideas, habits, and beliefs only to get along). The latter, the conformists,were seen as phonies who chose to be someone else; the former, those who were uniform by design, were seen as the real phonies – as people who thought they were making choices and being their unique selves, when in fact they were anything but.”

Worrying about usability – the chief concern of many designers today – is like counting calories on the sinking Titanic.”

The goal of privacy is not to protect some stable self from erosion but to create boundaries where this self can emerge, mutate, and stabilize.”
“Digital technology has greatly expanded the windows and doors of our own little rooms for self-experimentation – but we are now at a point where those rooms are on the verge of turning into glass houses.”

“Given the complexity of the self, trying to reduce the privacy concept to a purely utilitarian framework is like steamrolling a statue to capture its essence in the simpler space of the two-dimensional plane.”

Oh how many more such insights are there, to Learn. And weep. For that:
DSCN5410
[Yes, Gettysburg battlefield. Ominously.]

Maverisk / Étoiles du Nord