Category: Innovation, economics, society at large

Mixing up the constitution

When your state secretary is mixing up all sorts of things. When at the official site, at last email (and other ‘telecomm’) is listed to be included as protected on the same footing as snail mail has always been, qua privacy protection.

Which raises the question: Does that include the right to use (uncrackable) encryption, because that is what is equivalent to a sealed envelope ..? When the same government wanted to ban that, or allow simply-crackable [i.e., with bumblinggovernment means – the most simpleton kind or ‘too hard’] encryption only?
Why would this have to be included so explicitly in the constitution no less, when just about every other tech development isn’t anywhere there, and in the past it has always been sufficient to interpret/read the constitution to automatically translate to the most modern tech without needing textual adaptation ..? [As has been the case in every civilised country, and maybe even in the US too.]
And where would GDPR impinge on this; is the rush necessitated by GDPR (with all its law-enforcement exemptions, pre-arranging the ab-use of those powers GDPR will give), or is this an attempt to pre-empt protection against Skynet overlords (pre-pre-empting GDPR protection for citizens), – recognising that anything so rushed will never be in favour of those citizens – or what?

One wonders. And:
[So many “unidentified” office buildings in NY, NY …]

Pitting the Good against the Others

When the recent rumours were, are valid that some patches were retracted — and this was because they accidentallt disables other exploits not yet outed in the stash, this would bring a new (?) tension to the surface or rather, possibly explains some deviant comms of the past:
Where some infosec researchers had been blocked from presenting their 0-day vulns / exploit-PoCs, this may not have been for protection of the general public or so, but to keep useful vulnerabilities available for the TLAs of a (variety of?) country(-ies).
Pitting the Ethical researchers against the bad and the ugly…

No “Oh-oh don’t give the bad guys valuable info and allow even more time to the s/w vendors to plug the holes” but “Dammit there go our secret backdoors!
Makes much more sense, to see the pres blocking in this light. And makes huge bug bounties by these TLAs towards soon to be a bit less ethical researchers, more possible and probable. Not as yet better known, though. Thoughts?
[Takes off tinfoil movie-plot security scenario hat]

Oh, and:
[All looks happy, but is looked upon from above …; Riga]

DNA not so Determinant; there goes another piece of Evidence

[ Commemoration of the Dead, today in the Netherlands. Never forgotten. Never forget! ]

In the series of surrealisation of proof, in courts and elsewhere, turning anything into faker news than before – a trend that was under way already for a long time, maybe centuries but now speeding up enormously – after the most recent class of proof (yes don’t complain I’m clear, qua ‘class’!) we have even old (?) evidence classes being overthrown. Like, your DNA.
Somehow, we already knew that. Where the analogue of hash collisions happened IRL, with disastrous consequences for peoples’ lives, and that of their families, et al. Really, imagine yourself in the midst of it all: Ragnarök and the collapse of the foundations of society … I’m not joking any bit.

But now, again. What Evidence classes remain? When each and every class can be planted, fabricated (signatures, pictures; untraceably), coerced (‘rat out your partner or all of your family will be killed before your eyes’), etc., indeed nothing remains. Nothing non-repudiatory…

But flipside; Skynet is here. Like before.

And:
[Either way, you lose; Zuid-As Ams]

The Secret of Innovators — “Keep on trying harder!”

Recalling all those ‘motivational’ quotes about seriously too late, ridiculously over-aged to ever still start a unicorn eleven-somethings, you having to fail for the rest of your life or you’re a failure (right? If you don’t fail, you don’t learn or whatev’), or in conclusion, you’re not failing grossly enough if you don’t succeed – or was it the other way around ..?

Suddenly I realised: If at first you don’t succeed, try, try again. Then quit. There’s no point in being a damn fool about it. (W.C. Fields)
And: The above keep-on-trying train / ship of fools, is a perfect application of The Secret to innovation.

Yes, indeed, ‘perfect’ with the pejorative tone you carry throughout the day. And The Secret being that oh so rightfully discredited piece of paper (!) waste that even today some still believe in; would you believe it?
Yes, have a fresh look at the first line above: It’s the same as the book’s content.

On a less black-and-white note: Aren’t ‘Innovators’ typified as those that naïvely believe that one just have to deny very hard that anything might not work, just put in endless effort and hey presto you’ll succeed? If you fail, you didn’t deny hard enough.
[ Or you’re outright criminally breaking the law, then complain that the law needs to be changed to allow you to reap unethically large profits for just-above cold air, like the … U know who … Why am I not allowed to be a gun for hire!? I make good money out of it and the current system doesn’t get my opponents killed fast enough! Totally ineffective! but that’s beside the main line of this post…]

Where actual Innovators that win in the end, are (what you read in Originals plus) the ones seeking the highest-risk roadblocks and undo them when possible or evade them, believing that fortune will come your way when caring against ill fortune.

So no putting your life’s all into something and hope you’ll win life’s lottery of purely accidental unicorn success, but spread your bets, cut losses, etc. Less exiting a gamble maybe but less of your life at stake.

Plus:
[Down (to) the Tube(s); for no apparent reason and no reference to ‘Samsu’ in the background either, Vienna]

Collateral (un)patching; 0+1-day

Is this a new trend? Revealing that there had been a couple of exploitables, backdoors in your s/w when you patch some other ones and then have to roll back because you p.’d off the wrong ones since you accidentally also patched or disabled some hitherto secret ones.
At least, this is what it seems like when reading this; M$ stealthily (apparently not secretly enough) patching some stuff in negative time i.e., before-zero day. When later there’s rumours about this patch(ing, possibly parts of) is retracted.

For this, there appear (again) to be two possible reasons:
a. You flunked the patch and it kills some Important peoples’ system(s);
b. You ‘flunked’ the patch and you did right, but the patch effectively killed some still-not-revealed (in the stash) backdoors that the Important peoples (TLAs) still had some use for and were double-secretly requested to put back in place.

I’m in a Movie Plot mood (come to think of it, for no reason; ed.) and go for the second option. Because reasons (contradictory; ed.). Your 2¢ please.

Oh, and:
[So crowded and you’re still much less than a stone’s throw from a Da Vinci Code (was it?) big secret — I may have the pic elsewhere on my blog…; Barça]

What should also be in the GDPR

At least, as an idea: Foreign countries that interfere with privacy in the EU, should be included in the penalisation stuff. Same levels, like; 4% of GDP for e.g., registering political opinions of citizens of the EU even when they’re also citizens of that foreign, alien, enemy country, without explicit opt-in consent. [This happened, happens..!] For every transgression. Then enforce via trade sanctions and import taxes [after checking the trade balance will effect the ‘payment’ of the fines; won’t be stupid].

Oh, and:
[Or the supreme leader goes to jail for a long, long time and is struck by lightning; unrelated, Ottawa]

Common(s) as privacy and vice versa ..?

Remember from your econ class that concept of The Commons, and how problematic it was? Is?
There was this intriguing post recently, on how Free Speech might be considered and deliberated in terms of the commons being exhausted by undue over-use (abuse) — for its use alone ( → ). Leading to aversity of the concept not of the abuser or his (sic) apparent locally recognised but globally not, ‘valid’ reason(s) for over-use.

Which, as is my wont of the moment, driven by personal business interests, I took to be applicable to Privacy as well. Maybe not in the same way, but … This will need quite some discussion between me on the one hand, and peers and others on the other who would actually know what they’re talking about. Throwing in a bit of anglo-american data-isn’t-yours versus European (‘continental’ — will brexit – which starts to sound like a lame Benny Hill kind of joke ever more – change that ..??) data-is-datasubject’s-always divides, and some more factors here and there. Complicating matters, but hey life’s not perfect.

Waddayathink? In for a discussion ..? Let’s start!

And:
[Not so very common-s; Toronto]

Authentic means work, you see?

Recalling the recent spat about passwords again (and elsewhere), and some intriguing, recent but also not so recent news (you get it when you study it), it seems only fair to the uninitiated to clarify some bits:
Authentication goes by something you know, something you have or something you are. Password(s), tokens or biometrics, in short. All three have their drawbacks.

But that’s not the point. The point is that authentication is about making the authentication unspoofable by anyone but the designated driver owner.
That is why you shouldn’t dole out your passwords (see the above first link) e.g., by writing them on a post-it™ whereas writing a full long passphrase on just one slip of paper that you keep to yourself more zealously than your money, will work.
That is why tokens shouldn’t be stolen. Which you might not discover until it’s too late; and tokens have a tendency to be physical stuff that can be replayed, copied, etc. just like a too-short password. Maybe not as simply, but nevertheless.
Same with biometrics. When made simple enough for the generic user (fingerprints, ever so smudgy!) also easily copyable, off a lot of surfaces. Other biometrics, maybe more secure i.e. harder to copy but not impossible. And opening possibilities for hijacks et al., focus on breaking into the systems in the login/authentication chain, et al.
Which brings attention to yet more vulnerabilities of Have and Are: Both need quite a lot of additional equipment, comms, subsystems, to operate and work from the physical to the logical (back) to the IS/IT levels. Weakest-link chains they are ..!

So, the strength of authentication covaries with the non-leakability of the key, since both correlate to the source determinant in-one-hand-ity close to the actual person whose identification-as-provided (by that person, or by anyone else posturing) needs to be authenticated. By which I mean that ensuring one item of authentication, closely glued to the person and with the simplest, least-link connection chain to the goal system(s), is best. The latter, clearly, is the written-down-verylongpassword method.

Just think about it. And:
[They’re called locks. Discuss (10pts); Ottawa]

Ben still has all the Ayes

There is no end to the need to repeat the, somewhat but simply never sufficiently, quote by the Ben you know best:
Those who surrender freedom for security will not have, nor do they deserve, either one.

How valid today. How utterly moronic in comparison all that would allow crypto-backdoors (for other reasons, too), and covert catch-all dragnet surveillance. Etc.   Etc…

Oh and for the few that are still interested in the United States Constitution, they shall refer to article 1, section 7, clause 2 , that has not ayes and nays but yeas and Nays. Just wanted that off my plate.

Leaving you with:
[You’ll be naked and that will not be pretty; Barça]

All fine, for whom?

Just to be clear: Where do all the fines that will rain like hail from heck once GDPR comes into force, go to ..? Yes the supervisory authority may levy the fines, but it isn’t clear to whom the payment should go. Certainly leading to huge differences in compliance chasing: When the auth may keep them for themselves, they’re a. richer than the king since b. sure to penalise each and every futile infringement to the max; when the money goes to government’s coffers, that chasing not so much because who’d care?
You don’t believe me, right? Just wait and see. And weep.

Plus:
[Where the coffers are kept ..? Segovia]

Maverisk / Étoiles du Nord