Category: Innovation (technologicallly driven)

Nationalistic AI fuzzing

No his is not about fuzzing data. It is about accidentally giving away that you don’t understand a subject, and not the stats involved.
It is about this report. That was reacted on in various press – though not nearly enough and I don’t even have shares – by some boiler room country-by-country comparison, even without much of conclusional calls to action, for all…

Also, hardly anyone notices the gross error in it all. Which is the lack of proper definition of ‘AI’, or more expectedly, the widespread panicking brainfreezes of the interviewed.
Which, summa summarum for brevity, created such massive distortions that the figures are grey noise at best.

“Isn’t that harsh ..?” Nope. I did some asking around, for a different purpose, and when even 1% of organisations would do anything with AI yet, that 1% would be rounded up. Ppl were just too afraid to tell the interviewers / pollsters that they had (have, probably) no. single. clue., and babbled their way out of it.

So, what was this title again of the infamous Public Enemy hit ..?
And:

[A prettified prison is your ASI future; Zuid-As Ams]

Deviate for Resilience

Well there’s an imperative. Deviate for resilience. Which goes waaay beyond mere ITCM or its linkage into BCM. What I mean here, though, is a reflection from the B side into the IT side.
Once encountered when it was still supposedly somewhat ‘cool’ (as it was called in the grandpa’s days) or so to work on … can you believe it, $AAPL infra. Where the Infosec staff had carved a corner for themselves: That they’d actually need to deviate from corp policies (the devolved kind) of using M$ stuff for alibi reasons of needing in ITsec par excellence, a fall-back that would actually work when all of the M$ infra would’ve collapsed due to some class breaking glitch exploit. Yeah. That meant that you did need a substantial budget to your own discretion without much transparency towards effectiveness of spend and no gadget and toys buying, right?
Nowadays, the coolness if ever it truly was (stupid sheeple), has worn off totally and is a tell for no comprendre qua cost/benefits analysis, sufficient tech-savviness to cut it in today’s world, and forward compatibility even to the cable mess (costing you tons). Predicting which unicorns will succeed, or fail, is easy; the former are on M$, the latter on … you guessed correctly. Nevertheless, the resilience argument still holds.

Which goes beyond the mere platform choice. It goes for global/local deviations as well. IF yes that’s a big if, if done right, not for NIH purposes (both ways ..!) but for resilience purposes. It’s not efficient to the max, but if you strive for that, you’ve done so much wrong already it might be irrecoverable. E.g., mission, organisational culture, risk management (incl analysis), control choices and implementations (case in point: multiple malware scanners), etc.

But remember: When done right, you very probably do need to deviate all over the place for resilience…

Just remember that to defend yourself, OK? And:

[If telecom fails due to clock synchro errors, it’s still a sun dial (really it is); Barça]

Your security policy be like …

The theme of your security policy and how good it is (not), is of course a recurring one. The recurring one, annual cycle (Is that still frequent enough? Yes if it’s truly a policy like here) included, with an all else follows attached. But then, it’s only Bronze when only a top-10 bulleted list extracted from … ISO2700x, mostly. It’s Silver when actually compliant in all directions, which includes serious ‘local’ adaptations…
And it’s Gold, when over and above that, it looks like this.

Not even kiddin’, really. Since your information security policy, next to the other security policies …, covers all of information of any kind and medium processed anywhere in the business. Which means that the from-IT angle will very probably not suffice.
But which also means that it helps when it rocks, in ways that interests all of your audience which is all of your colleagues including all colleagues at outsourced, cloudsourced and what have you processes and lines of business. Transparency, right ..? Runs all the way down the food/supply chain.

Indeed, the maturity of a company may be gleaned from the maturity (rocks’iness) of the information security policy. Get that right, and all else need not follow since it has gone before.

And oh, did I mention that in the implementation, resilience should be built in and not only be through formal (for-) BCM practices ..? I’ll return to that tomorrow. Plus:

[Lightning (-) rocks (pavement), too; Ottawa]

Fizzle disruption

Since the whole, Original and profound, concept of Creative Destruction was latter-day transformed into something much devolved [using that in a most pejorative way; ed.] called ‘disruption’ and applied in even worse ways to outright illegal stuff that had to be allowed still for … well, for no valid reason at all, certainly not morally or ethically improving society in any way only making things worse or much, much worse for all but the 0,1%,
it deserves some attention that the major true disruptions over the past two decades… either weren’t recognised as such but were straighforward Innovations, rightly so characterised (‘Internet’, anyone ..?) or have yet to come to full fruition, in a balanced new future (profitability of ‘Amazon’, anyone ..?).

Where, also, quite some of the announced disruptions have withered into oblivion. Upstart protagonists, most certainly. But also where complete industries have either resisted the ‘attacks’ or transformed themselves just enough to withstand the onslaught, the Barbarians At The Gate.
My point being: Can the latter variants be characterised, and show predictive value, through the outset sort-of situations not only qua industry (culture) but also qua country culture that the industries were pointed-of-gravity ..? The prediction part of course being the most interesting …

Would love to receive your pointers to the stacks of scientific research done already …
And:

[Art, of old but disruption-resistant: The old stays, the new attempts but is accepted and encapsulated…; Paleis het Loo]

Shadow IT – no problem

In the upheaval of the last decade or so on the rush to the cloud (no, not that cloud though rush-related), a similar development preceded it – and still runs on. It is the spectre not only hunting Europe (and certainly the deviant [all manners? ed.] off the coast, splitting but not drifting away like an Iceberg would. should…), but everywhere else as well, the spectre depending on who you ask of Shadow IT.

Which is facilitated through XaaS (SaaS/PaaS/IaaS/…) availability. But which hardly ever is allowed… — allowed through being compliant with organisational standards. From anyone’s perspective but the IT club’s, it is not about breaking the in-house IT vendor lock-in barriers. That were breached becaused the bounds were straight-jackets. Don’t try to break those, just sneak out the back door. But it’s about the latter, seeking what wasn’t provided in-house on one’s own account, previously not having been ‘allowed’ but it was IF the solutions sourced, complied with the security (mostly) requirements set at the organisation-wide level, and set from the business side of the organisation.
Controls in or out of IT, required by IT to be implemented elsewhere, are about the particular IT solutions chosen. Solutions to the problems identified in control objectives and controls, always having alternatives in the latter. So, when through these IT-dictated controls, your preferred solution cannot be made to fit (or only near-unusably awkwardly so), they do allow you, even in a sense require you, to go for shadow IT.

Which, hence, is permitted If ad only if being (security) controlled at at least the same level of control objectives achieved. So, some department might have to re-build all of the IT department’s load of overhead qua systems management, all of ITIL or even CObIT, all of … wait, not ISO 2700x – that is an organisation-wide thing already or it is of fact a crappily implemented thing. So covers the shadow IT as well, fitting in the latter under the umbrella of the former. That’s where the battle would need to be fought, if at all since the shadow runners may very well have done a good job at running an outsourced-portfolio coordination team, neatly sheltering under the umbrella already. Showing the IT department how that’s done.
Possibly [hey I’m over-using the em-tag or what; ed.] doing it both proper and cheaper. Usually doing not the former, hardly the latter and certainly not the latter if the former is corrected. But sometimes, showing how; when IT told them that was impossible, they just did it. As good / better, and cheaper. Yes you can, to paraphrase some sorely missed leader.

In the interest of the organisation, sometimes shadow IT should be the preferred solution direction…
I’ll stop now before angering too many. And:

[The (black) details, are they essential? In a way, but could they be different or would you have chosen these in the first place …!? Prague]

Copying it bluntly, for you

Just like that, a full page of niceness and arguments to consider. Guess which one I’m switching to. So should you. Competition, leading to improvement.

Where art thou, APT ..?

In line with some previous posts, about e.g., the Maker Movement, I’d like to ask if anyone knows the whereabouts of all those pesky APTs that were around a couple of years ago. Oh, yes I do know they’re in your infra everywhere all the time, but qua publicity, qua countermeasures ..?
I would like to hope that in this case, more contrary to its nature you can’t get, it would indeed bebecause (sic) of having been dealt with sufficiently in the past. Or the whole APT thing turned out to be a [any country’s] TLA move – of a side with ample publicity-suppressive powers everywhere.
But that would be day-dreaming. So, I’d like to ask your insights…

And:

[[Fuzzyfied] Oh, just some storage room in my house. Or, somewhat more, at the Royal palace, Dam, Amsterdam]

Tech-brittle society

Anyone already studied the brittleness of society re technology ..? Of course, we all do know there’s a lot of ‘critical infrastructure’ out there. But do we realise enough, that it’s not only those somewhat-well-defined (not) industries that might suffer from any form of e-attack (incl EMP; what was it with those old low-band radars that the Russian had stacked behind the Ural and were found to be very effective in picking up F-117s because the latter had never been back-tested so far ..? Same, here ..?), and society as a whole might be blown into disfunctionality when some, not critical-industry-confined but ‘class break’-like attack were to be attempted ..?
I’d think not. The more complex society becomes and (hence !) the more interdependencies there are that already work with ever slimming margins, the more brittle our society becomes, the more it is like a giant house of cards, ever more critically stable before one wind collapses the whole shazam. And the less people there will be, that remember from long times ago how one would run a society in a much less complex way… If anyone still uses ‘shazam’.

Plus:

[Even those were, are complex machines to operate. And what if your coal is delivered just-in-time by some networked drone delivery in the ‘chain cloud or so and none of that still exists ..? Utrecht]

No confidence voting

Why would it surprise anyone that these here results came out of the Defcon 25 Voting Machine Hacking Village ..?
More importantly, where is the true side-by-side comparison of trraditional paper-only voting against all safeguards thinkable by today’s voting protocol science ..? (As here and here, to name a very few of the tons out there)

And, where can blockchain fundamentals be applied to ‘vote’ more equally and/or provide a graceful degradation or (hacked to breach to skew) error correction mechanism ..? Preferably with two-round- and/or multicameral (2+) systems tweakability; that would be grand.

All else that would need to be arranged, would be … [similar to encryption in general practice…] error-free, tampering-boobytrapped implementations… Good luck with that. And:

[Museum of tamper-free hence ?? abandoned voting system ..? No. But a museum, Lissabon/Belém]

A philosophical one: Polynesian time

When one considers Einstein’s profound maxim Time is that not everything happens at once, is one lost for causation and/or free will ..?
The former excluding the latter, if taken to its utter consequences. The latter, presupposing the former or how else can one’s decisions turn into actions turn into something chosen among alternatives that can only exist when alternatives are potentially there, excluding ultimate-causation theories. With the apparent-free philosophies in the middle.

But that’s not my point. My point is: The thought of Polynesian navigation crossed my mind. Not in a literal sense, but in a cultural sense where (the Original) Polynesians, as lore has it but there’s nothing against believability, would not actually sail to another island but the world would rotate underneath them. The traveller would remain in place, with everything else shifting.
Is this how we all travel through time, individually? We all staying in the (Here and) Now, with the Past slipping by us, behind us, and the Future just rotates to under us?
Is this impacting on causation and/or free will ..? Will have to think this one through; awkwardly hard.
Where would the ‘everything in the universe is not matter or natural laws or Energy but Information’ or ‘All energy is Information’ school(s) fit in ..?

I sense there is a link between the Indivudual Time / Universal Time dichotomy, if that’s not refuted by Einsteinian / -adepts’ time relativity theory. Another one to think through.

Qua individual time nevertheless, it’s comforting. Time-wise, we are where we are. No need to ‘be in the moment’, we already always are. No worries about the past or the future; those are, already, somewhere (in time). [Apart from having to care for one’s mortgage…]

Oh well, the head spins (+1/-1 ;-| ) when thinking too hard… Hence:

[Into the distance… Belém]

Maverisk / Étoiles du Nord