Category: Innovation, economics, society at large

Mastodon as a grassy patch

Just one of those things, questions, that swirl into my mind every so (too) often: What if, when, Mastodon is the Woodstock of social media ..? Wouldn’t that be grand. All pick your own Hendrix in this. Suggestion: him ;-|
On the serious side; the festival itself was hardly in mainstream news at the time, but (helped) triggered major societal changes. Let’s hope Big M (not with ac but on AC/DC) does the same, in these times of need. For such change.

Oh, and:
[No, this is not doctored or otherwise edited. Zuid-As, Ams]

Progress, friends, is here. Only, not everywhere. Yet. Say ‘No’ till then?

You know that the bright new future is here, when amid the torrent (figuratively referring to the physical phenomenon, nothing to do with the on-line tool(s)) of fake news, this still makes it into a headline: ATMs now to begin to start being rolled out with Win10 ‘support’. To be completed per 2020, when support for Win7 stops. Right. 2020; probably not referring to the eyesight of the ones planning this, not being personally accountable and duly informed of the risks.

Because otherwise, wouldn’t it be smarter to come up with a clever idea to do the roll-out within a month, to prevent just about anyone to take ATM security — or is it a signpost for overall infosec’s position — seriously, as seriously as it should ..?

It’s time there comes an agency, Nationwide, worldwide, that has the authority to say NO!!! to all ill-advised (IT- which is the same these days) projects. Infosec professionals tried to ditch the Dr. No image, but it turns out, it’s needed more than ever to prevent the Stupid (Ortega y Gasset’s Masses I guess) from endangering all of us or at least squandering the billions (yes) that could have been applied against world poverty etc.etc.

Oh, and:
[The UBO ‘humanity’ seems to be lost, here; Zuid-As Ams]

Yesterday, same thing.

This is sort-of the same as yesterday’s post, put into practice, when your AGA now not only remotely slow-cooks but slow-betrays you. Slowly either does not at all or over-burns your carefully prepped meat. So the wretched short-lived lambkin died for nothing.
Would anyone know of any device out there that is duly protected against this sort of thing? Or whether (not or not) this is a generic weakness: Access from the outside, offers access from the outside to anyone, to rattle the door. And some, through persistance or imme force applied, will find the door opens. Your convenience, theirs too. Same, with ‘connected’ toys. Yes they are

Oh, and:
[May superficially look like an AGA but isn’t, not even a hacked architecture studio’s design, just purposeful – and beautiful – museum design in Toronto]

Learn you will… Recover, you might.

When your countries largest retailer (primarily F&B but non-F only recently growing as well), has finally heard about something-something-smart-fridge. And wants to do it Right and starts off with a pilot. Of, drumroll, a smart fridge magnet with a mic and barco scanner for adding stuff to your on-line grocery list (on-site self-service pick / pick-up, or delivery to follow separately). Didn’t kno that existed already.
Nice idea, to include not (only) a barco deliberate-scanner (no creepy auto-scans) but also a mic when you don’t have the product at hand (and fresh veggies wouldn’t make it; for a long time already not stickered but weighted at the (vast majority) non-selfscanned check-out).

But what security ..? For fun, e.g., putting reams of alcohol stuff on the to-pickup lists of unsuspecting meek middle-classmen that won’t understand but come home with some explanation to do (bonus for taking the stuff off the list once procured so ‘no’ trace on the shopping list). For less fun, snooping off people’s shopping habits and get rich (by ultra-focused ads or selling off the data, or by extortion-light once you get the Embarrassing Items in view). For even less fun but lulz (grow a pair) when changing the list to violate some family member’s med-dietary choices into harmful variants. And don’t forget the option to (literally) listen in on very much that is said in the vincinity of the fridge. Could be anything, but probably privacy-sensitive.
But what security? The press release point to other countries’ supermarkets already offering the Hiku sensors. Nothing is unhackable. Exploit searches must be under way. People never learn. Reputational (corp) and personal-integrity (clients) damages may or may not be recoverable, at huge expense.

I’m not in, on this one. No need. Plus:
[Where you can learn; Zuid-As Ams]

Full cite of important stuff

This being a complete citation of important stuff, on various subjects in one – meaning, that the brillantly brief once more applies to various trades and aspects, for your information:
With the sound off or on?
If you watch a well-directed film with the sound turned off, you’ll get a lot out of it. On the other hand, it takes practice to read a screenplay and truly understand it.
It’s worth remembering that we lived in tribes for millennia, long before we learned how to speak. Emotional connection is our default. We only added words and symbolic logic much later.
There are a few places where all that matters is the words. Where the force of logic is sufficient to change the moment.
The rest of the time, which is almost all the time, the real issues are trust, status, culture, pheromones, peer pressure, urgency and the energy in the room.
It probably pays to know which kind of discussion you’re having.

By Seth Godin, as you may have derived from the style and profundity. (As per here, which is literally the same text – told you so – but also add the Head to your daily reading list! [Noticed that Head thing, intended to refer to a List structure, is a pun when you see the image to click on his blog…].)

Which all relates to a. Privacy [yes it does, just think it through] and b. your IAM ideas, ever in renewal since … decades; plus c. the ‘GRC’ eager beavers — that at last are pushed back, softly and hardly noticably, by counterforces-undetermined that want their space to innovate back. And d. <fill in yourself and colour the pictures>.

Oh, and:
[Marketing -, or was it Design, Department at some Toronto institute]

Fake your news

So this is your future, part II:
Fake news is (to be – timeframe in question is ..?) battled by platforms that have full control over just about everything out there. By whatever algorithm these might bring to bear, most probably with a dose of ill-aligned AI creating a filter bubble of the most beneficial to the platforms kind for sure which is the most profitable one to their *paying* customers which is the ad industry which hence is by definition detrimental to the users, the global general public (sic).
Thus suppressing Original Content by users that isn’t verifiable against the ever narrowing ‘truth’ definitions that benefit the platforms.
Thus installing the most massive censorship ever dreamt of.
And despite some seemingly (!) benign user support in this

In the olden days, anything of such ubiquity that it was factually (sic) a (inter)national utility, was nationalised to bring it under direct control of the People.
May we now see the appropriation of Fb by the UN due to exactly the same reason ..?

One can hope..? Plus:
[Rosy window on the world ..? Not even that; Zuid-As Amsterdam]

Right. Without -s

So, we’re into this era of giving up control over our lives. Where we’re either dumb pay-uppers, or (also) victims. Which in turn leads to questions regarding who will have any income at all, to pay for the service of being allowed to sit as stool pigeon until shot anyway.
Because the latter is what follows from this here nifty piece; Tesla not giving your data unless they can sue you. The EU push for human-in-the-loop may need to be extended considerably, but should, must. Possibly similar to the path of the Original cookie directive, from weak opt out to strong double opt in plus all privacy requirements (purpose / functional necessity, minimalisation, etc.etc.).

Do we recognise here again the idea that though your existence creates it and would be different for every human on earth (plus orbit), your data isn’t yours ..? Quod non! When someone takes what you produced (however indirectly! – inferred and metadata and all) without payment, that is theft or worse in any legal environment.
Is there anywhere a platform where the consequences of this global delineation are more clearly discussed, between Your Data Isn’t Yours Because We Process It, versus My Data’s Mine Wherever ..?

I’d like to know. And:
[Your fragile fortress…; Barça]

Crippling ‘synergy’

As of late, we haven’t seen too much news about failed mergers, have we or was it buried under seemingly more interesting industries’ development news ..? Like, the latter-day’s Seven Sisters on the ‘Net driving all M&A activity by grazing the startup pastures bare?
Actually, there are a couple of interdependent developments, it seems:

  • Classic mergers and take-overs (and divestments) seem to become more rare, as the importance of classical industry (primary-to-tertiary, maybe -quarternary) has diminished, in favour of, let’s say, quintary pure-information based industry/industries. I.e., beyond mere ‘service sector’ services but data-oriented everything. Hence, it’s IPOs to behemoths taking over microcompanies not mergers of (relatively) equals.
  • Classic mergers failed so pervasively in resulting net positive ROIs that no-one wants to deal with hem anymore. Including a development like this.
  • [Not all lessons learned, apparently; otherwise, these would be shared quickly and the M&A business would rebound — see (among) the following: ]
  • The new take-overs are of the obliterate-or-fleece kind; the heap of gold just being too big to resist after which the target is plucked bare for the few nuggets of worth in there, if any, then made disappear as technology integration overrides anything qua ideas that was of any value.
  • This pointing to where previous industries’ M&As failed, every time again [at least, often also for other factors of incidental and less interesting character]: Not accounting for IT. Would love to see the research that proves that the upswing of IT in business life negatively highly-correlates with merger failures.
  • Because the focus has been so much, longer-term, on ‘synergy’ — that always was in support fucntions that had to be shrunk, one plus one makes one plus less than half, or so. But this never worked, as the ‘keep as of old until integrated’ was executed so lacklusterly, Always leaving too many traces of old even when clean-slate renewal was attempted multiple times.
  • This in turn, because IT grew so much in prominence in business execution and administration — but wasn’t recognised as such; always relegated to the lowest of basement departments, that in the end the ‘integration’ [hardly ever to any measure of success off zero, almost always not associatiable with the term ‘success’ rather] of separate IT systems costs tons and resulted in … more costs, permanently, for not only the near term but -ever.
  • And, as above, this lesson haven’t been learned. As shown in this: Brexit woes

From which the questions arise:

  • Why haven’t we all (in particular, auditors of all shades that should have been the ones to have learned and warned) learned and warned that IT integration was so crucial, both in due diligence / cost estimations and in failure rates?
  • What is the content of the learned [not]; how to get good IT integration cost estimates, and what are successful methodologies for IT quality assessments ex ante and ex post?
  • Do we only learn from history that we don’t learn from history? This because two bullets don’t look right but three do.

OK, enough to consider and ponder; I want your pointers to definitive solutions in return for:
[Now there’s the resulting Simple view; Baltimore]

Behaviour is key to security — but what if it’s perfect?

When the latest news on information security points in the direction, away from reliance on technical stuff, of the humans that you still can’t get rid of (yet!), all are aboard the ‘Awareness is just the first step, you’ll need to change the actual behaviour of users‘ train. Or should be, should have been, already for a number of years.
In Case You Missed It, the Technology side of information security has so far always gobbled up the majority of your respective budgets, with all of the secondary costs to that, buried in General Expenses. And the effectivity of the spend … has been great! Not that your organisation is anywhere near as secure as it could reasonably have been, but at least the majority of attackers rightly focus not on technology (anymore – though still a major headache) but on the feckle user discipline. Oh how dumb and incompetent these users are; there will always be some d.face that falls for some social engineering scam. Sometimes an extremely clever one, when focusing at generic end users deep down in your organisation, sometimes a ridiculously simple and straightforward one when targeting your upper management – zero sophistication needed, there.

The point is, there will always be some d.face that makes an honest mistake. If you don’t want that, you’ll have to get rid of all humans and then end up overlording robots (in the AI sense, not their superfluous physical representation) that will fail because those underling users of old held all the flexibility of your organisation to external pressures and innovation challenges.
Which means you’re stuck with those no-good [i.e., good for each and every penny of your atrocious bonus payments] humans for a while.

Better train them to never ever deviate from standard procedures, right?
Wrong.
Since this: Though the title may look skewed and it is, there’s much value in the easy step underpinning the argument; indeed repetitive work makes users’ innate flexibility explode in uncontrolled directions.
So, the more you coax users into compliance, the worse the deviations will get. As elucidated, e.g., here [if you care to study after the pic; study you’ll need to make something of the dense prose; ed.].

So, here too your information security efforts may go only so far; you must train your users forever, but not too much or they’ll just noncomply in possibly worse directions.

Oh well:
[Yeah, Amsterdam; you know where exactly this depicts your efforts – don’t complai about pic quality when it was taken through a tram’s window…]

Maverisk / Étoiles du Nord