Applicable to business – Page 21 – Maverisk / Étoiles du Nord

ChainWASP

… With all the blockchain app(lication)s, in all senses, sizes and seriousnesses if that is a word, growing (expo of course) everywhere,
wouldn’t it be time to think about some form of OWASP-style programming quality upgrading initiative,

now that the ‘chain world is still young, hasn’t yet encountered its full-blown sobering-up trust crash through sloppy implementation. But, with Ethereum‘ and others’ efforts to spread the API / Word (no, no, not the linear-text app…) as fast and far and wide as possible, chances of such a sloppy implem leading to distrust in the whole concept, may rise significantly.

Which might, possibly, hypothetically, be mitigated by an early adoption of … central … Oh No! control mechanism of e.g., code reviews by trusted (huh?) third parties (swarms!) where the code might still remain proprietary and copyrighted.
Or at least, the very least, have some enforceable set of coding quality standards. Is that too much asked …??

I know; that’s a Yes. So I’ll leave you with the thought of a better near-future, and:

[Horizontal until compile-time errors made adjustments necessary (pic); beautiful concept — other than Clean Code, actually executed to marvelous effect]

Man talks about Innovation

‘Innovation’

By Harold Jacobson

In Long Beach, a man talked about innovation. The man was of indeterminate age (thirty-five or something), wore a jacket and was slightly sweaty on the forehead. He stressed the importance of innovation: “Innovation.”

The man had made a ‘Roadmap Innovation and Innovation’ (RI&I). In the RI&I, there was something on the theme of ‘innovation’. The man said we are in the midst of an innovation revolution that may eventually lead to an innovation transition. According to the man, fear is not the right motivator but innovation is. Hence, we may come out stronger, if only we innovate.

The man was adamant we should have an ‘Integrative Innovation Cluster’ (IIC), as he already had in his RI&I. Because of the democratization of innovation, he said, changes are on order in the economy at large, like innovative initiatives.

According to the man, we may miss the boat if we don’t innovate. Therefore, for the boat we need an Investment Programme with Scenarios, Action Paradigms and Projects in the general area of Innovation (IPSAPPI). ‘Innovation’, as the man stressed.

[Original, in Dutch, on the Speld; translated with permission]

Fintech: Babble-fork

Coining (pun not even intended as I wrote this — lame non-landing anyway) a new phrase: Babble-fork.
Which is what happens now in the financial industry with fintech:

Banks et al. think they have a role to play in the applications of blockchain technology in the financial industry of the future.
As bc is just a distributed ledger technology [ref. Tapscott the Elder & the Younger], right?
Obviously, dead wrong. Or, ‘the Internet’ is just phone lines between mainframes.

Otherhandly, the start-ups that have no role or place for the incumbents. The start-ups that expect the old ones to die [1:03 of the linked]… and then, it is already a mockery of a flattery to relate the financial industry-that-was with that commander that never made it to captain (Navy); an outright self-delusion of the grandest scale when such industrialists think they’ll still be able to catch up with the innovation tidal waves already rushing to their shores (unseen, over still deep seas until reaching their shallow tropical beach sides ..!).
Since bc is the very counterpoint of centralized (‘trusted third party’-, quod non par excellence!) trust, being the utter distribution of it hence contra anything however remotely approaching the delusion of importance that may still be with the traditionalists.

So, fintech forks ferociously for the financial future as a tenable alliteration runs only so long. But you get it. Time again to ask for the entry password — with the wrong answer leading to …?

Well then, I also have for you:

[Dear Lord. In the Attick; Ams]

Reverse firing squad (LIBORgate et al.)

When designing cross-organizational processes ‘hence’ including cross-organizational control structures, who will be accountable to look after the controls in question?

Take LIBOR(gate). Someone(s) dreamt up a structure of ‘self-regulation’, which even the most brief moronically-superficial gleaning over history will tell will fail, and then forgot one’s accountability for putting in place such a sure to fail thing.

’cause only accountability will force ‘taking’ responsibility and actually doing both parts of Trust But Verify.
No, the latter part was not taken up by the individual banks involved. Because they had perfect (O)RM in place. That, by perfectly sensible, justified, and objective achievement-perfecting arrangements, focused on the risks to the own organisation only as they were, are, internal departments working for the optimization of the organisation (taking into account local Board’s risk appetites and attitudes, risk estimations, budgets, cost/benefit analysis and what have we); nothing more or they would bordering-on-(?)-the-illegally overstep their remit. Hence, intra-organizational conspiracy was not something any individual bank’s (O)RM department, or manager, had to worry about let alone be actively fleshing out as a potential risk.

The supra-organizational oversight required, the level where the scheming took place (huh I mentioned ‘supra’ not for nothing..!), could technically, operationally, tactically and strategically only have been envisioned at that same supra level, with the regulator(s) at that level, that instated the L-scheme. [Oh I could add a ton here on how any ‘lower’ level cannot in any logical way have ‘seen’ the risk(s)] So, accountability and responsibility, for setting up a scheme that was prone to the risk(s) in the first place and for not applying due control and oversight (from the strategic all the way to the operational/technical levels!), was and still is with those regulator(s).

How then have they escaped being kicked and imprisoned ..? By claiming ‘temporary’ insanity where Reality in the L-process and elsewhere, is only a string of ‘temporary’ moments ..? The lack of competence is appalling. But drowned in the finger-pointing flying all around except in the right directions.

Uch. One could get very depressed, and/or feel belligerent. Or see the mirror of a firing squad. In the latter, a number of soldiers fire, with only one round not being a blank so no-one knows who did it so none can be held accountable individually for the collective shooting of some villain. [If only in some miracle world it wouldn’t be that most victims are the Honorable very much in an Aristotelian Virtue sense.] Now, we have ‘one’ regulator shooting a whole squad, and all of the squad are blamed …!?

[Just a MSc uni in Delft. Because science ..!]

The carrot won’t stick

Almost as an intermission, on my way to a full-length post on behavioral change and InfoSec: A shortie on Compliance.

Having realised that classical compliance is a hygiene thing: Nothing happens, until some factor sinks below the surface / zero; then, all heck breaks loose.
I.e., no carrot, many many sticks. Not your average well-balanced incentive scheme, right?

Classical awareness / behavioral change programs, then. Where only the winner, Employee of the Month, or less, will receive some recognition. Often, recognized among peers and colleagues ‘for being a d.ck’. The rest, that tagged along without doing anything particularly bad, or even only just arriving at the #2 spot: Not much, often Nothing.
A tiny carrot, possibly up some unsunshined place or used as pick, and not much by way of sticks.

Where is the scheme with a lot of carrots (but not for all, especially not as guaranteed sign-on bonus…!!) and a few sticks-in-private (as they should be!) …?

Just asking, maybe for an impossible thing but your considerate responses are very much welcomed… and:

[‘Dagpauwoog’ i.e., back yard beauty]

Said, not enough

Here’s a trope worth repeating: Humans are / aren’t the weakest link in your InfoSec.

Are, because they are fickle, demotivated, unwilling, lazy, careless, (sometimes! but that suffices) inattentive, uninterested in InfoSec but interested in (apparently…) incompatible goals.

Are, because you make them a single point of failure, or the one link still vulnerable and through their own actual, acute, risk management and weighing, decide to evade the behavioral limitations set by you with your myopic non-business-objectives-aligned view on how the (totalitarian dehumanized, inhumane) organisation should function.

Aren’t, because the human mind (sometimes) picks up the slightest cues of deviations, is inquisitive and resourceful, flexible.

Aren’t, because there’s so many other equally or worse weak links to take care of first. Taking care of the human factor may be the icing, but the cake would be very good to perfect for making the icing worthwhile…!

Any other aspects ..? Feel free to add.

If you want to control ‘all’ of information security, humans should be taken out of the (your!) loop, and you should steer clear of theirs (for avoiding accusations of interference with business objectives achievement, or actually interfering without you noticing since your viewpoint is so narrow).

That being said, how ’bout we all join hands and reach for the rainbow ..? Or so, relatively speaking. And:

[Where all the people are; old Reims opera (?)]

Golden Oldie Pic of the Day

Once again, there you are. Because Monday:
autocars

Is it New (enough) ..?

After bemusement and annoyance with all Pokesheeple (They think trespassing (or worse) is OK in some game hunt? Preventative (hospital) detention is on order — no-one of their abilities is too stupid to not have to just stick to the law ..!), and the business model of selling simpleton crowd control to e.g., shopping malls has come out of the closet, my question is: How new is that ..?

Seriously; is it an ‘innovation’ that isn’t recognized (yet) as such, or is it a minor application of some other one’s idea ..? What (hopefully (??), non-game tied) variants can we expect in the near future ..? Or will we devolve into a real-life GTA game nation, with some 0,1%ers pulling all the strings?

Leaving you with this dystopian twist, but serious about the question before that, and with:

[Upside-down Voorburg]

~vergent predictions, Do or Don’t

This idea, or lack of it, crossed my mind:
When it comes to predictions, following the lead of Tetlock’s Superforecasters may very well work (though note much of it starts with the, sort-of, mental, 50-50 approach of soberly realizing that one may improve, by admitting imprecision and those that claim precision or high scoring rates are wrong) … for issues and questions that converge on one, somewhat exactly determinable, outcome. This, all being within the realm of said book which is very much recommended by the way.
Where some questions, like “What is the best strategy?” may not have such a single outcome; the world changes, and (business-like) having a vision is a grand prediction already. Let alone that the ‘mission’, one’s desired place in that vision of how the world will be in the future, (often / always without a miss) skips the implicit choice issue of what one’s future place could be within that, vaguely defined, future state of affairs. Even if you shoot for the moon [and end up in an infinite and infinitely cold vacuum, among the stars but near-infinitely dwarfed by them] and miss, you may end up in a not-first but still pretty comfortable position; no hard feelings. … This, as an explication of what I’d call diverging predictions: Wide-ranging future states that you might ‘predict’ but most probably in a vocabulaire that will not be valid or understood in the future so traceability of your predictions is … quite close to zero hence your advance predictions have no worth ..! This of course is also in the book but still, too often not realised.

Now, let’s combine this with Maister’s Advisor let alone simple consultancy …

Oh well. Plus:

[Predicting quality of resulting still wines … for second fermentation, mariage, and onwards — priceless; Ployez-Jacquemart]

Plusquote: Your organisational environment

If computers get too powerful, we can organize them into a committee – that will do them in.

Just putting it out there — from Bradley’s Bromide yes. And very true, of …, well, whatever environment you find yourself in. And, as a ‘solution’ to the ever-growing power of ASI, leapfrogging past AlphaGo-or-was-it-DeepMind and Watson. If those (sic) in the latter category don’t see the stupidity of our common ways and do away with it altogether even when (not if) that would mean doing away with humans as minor collateral damage.
Hopeful, eh?

[Strange Quine: The artwork is High Humanity, the depicted, not so much (or is it??); Stedelijk, Amsterdam]