Tag: Applicable to business

Fog(gy) definitions, mist(y) standards

If you thought that containers were only something to ship wine in, by the pallet, you a. would be right, b. would maybe have overslept on the new concept, c. would not mind I introduce the next thing, being fog computing. I’m not making this up as a part, or extension, of low-hanging cloud computing.
You think I’m kidding, right? Or, that I should have called it mist computing which is a thing already but only a somewhat different thing… You’re still with me?

Then it’s time to read up. And weep. Over this here piece that sets the standard, quite literally.

There. You see ..? Indeed low-hanging, as in the stack … That wasn’t so hard. But implementation will be, if required to be secure. Have fun, will TLS. Or so.

OK, this post was as it stated just an introduction to the IoThing – I was serious though about the Go Study part. Plus:
[Cloudy top cover, smiley backside of a place of worship; Ronchamps FR]

Modern democracies – are they party-less ..?

It seems that we’re in Transition times… When there hardly is a country’s election anywhere (where they’re relatively Free), where the parties of old still hold. Sway, that is, as in determining unchallenged the outcome of the elections and party lines to follow. Even when the result is a failed-from-the-start dangerous president, or just a continuation of bland (colourless) neutrality in ‘policy’ pursued.
Despite the previous fears of breakthroughs of ultra-right parties and ‘strongmen’ (not so much; it’s rather pathetic (mix of embarressingly silly and punishing for loudness)) – and notice that those parties have gained in strength and depth of followership, maybe not ‘won’ but there to dominate from the shady (!) backgrounds in many situations – everywhere what we see more, is that ‘traditional’ parties have crumbled, qua lead over the others, qua dominance in cabinet formations, et al., and/or are prone to in-fighting and scism tendencies (because of that, or were on the path to anyway; cause and effect running in circles).

What is left, is countries with impotent mixes of parties, party fractions and -factions, when these countries are affluent to an over-the-hill kind of rapid collapse in some near future. Or countries that weren’t affluent / aren’t-affluent-because-of, being lead by strong men with suppressed expression of political fracticide. The vast majority of presidents around the world are the perfect example of why republics collapse, and are at best equal but often worse off than kingdoms with their long-term views (when the king/majesty represents the nation, accidentally also in one person).

We digress.
When party politics (internal/external) are thus rendered impotent by their own doings, and parliamentary representative democracy is through that dragged down (in)to the muddy levels of shamefulness, what chance would blockchain-based societies, notion-of-nation-unhinged geographic regions, etc., have to be reconsidered as alternatives, e.g., the Heineken Map ..?

3D of the nudging to simplest infosec behaviour

Before you’re put off by the title its complexity … [Oh. You clicked. Wave function collapsed long before; ed.] This post is about improving the People part of infosec. Beyond the mere ‘awareness’ that begets you … a couple of days’ attention, then slippage into muchlessofthesame.

Two roads away from the dead end you were in, open up:

  • Nudging. Which is about small, inobtrusive and non too brainwashing incentives and disincentives, rewarding and penalising the good and bad so that ‘users’/people choose to do right without having to rationalise through all sorts of intricate, overly (sic) complex lines of reason why some shimmy is better than another twist. Just gently guide, don’t Law and Forbid. [Edited to add: This post was drafted and schedules for release weeks ago, before that Nobel Laureate was awarded his medal for this very method…]
  • Secure simplest option. Like the great many traffic controls; no traffic lights but roundabouts – the former, can be run through at high speeds in the middle of the night (and other times); the latter, require slowdown or you’re thrown off the road. The secure solution being the obviously simplest – the simplest solution being the secure one. People will take the simple road in stead of the difficult one. Better make the simplest one the safest. Not require the user to jump all sorts of complex hoops for safe behaviour! Like password complexity rules: The more you make them ever more difficult, the harder it is for users to resist finding loopholes and escape vents like writing them up (which isn’t a bad solution per se, but …). And in the end, you’ll loose the arms’ race against skillful attackers anyway; at the point where their smartness is hardly less than benign users need to get into your systems, you’ll have to revert to some other way anyway (re: dead end roads).
  • Ah, I’m not one for counting all that simple…
    Smart trickery. This of course being a perfect example … a 3D zebra (road-crossing). Many great, very-marketable other such solutions may exist, to your (image’s!) advantage.

Now that you’ve read the above, how would you change your infosec ‘controls’ throughout …? Like, filling out the last matrix of this, in a smart way and changed to general infosec …?
For an additional bonus, outline how you apply this to your GDPR-compliance efforts… And:
[Advertising the trust you can have in this Insurance co.; Madrid]

Top 2000++ of 2017 – before the herd

Because all sorts of hoi polloi pundits are out there, ‘polling’ (quod non, just repeating the meh mediocrity) for the Top 2000 of 2017 on the ray-the-ohw and elsewhere, herewith the real deal Top 2000.
Which of course isn’t; it’s the Top 2276 for one thing and Definitive is slightly understating it. If you hadn’t guessed, #14 is about me.
And yes, it is downloadable in plain Excel, for your own tinker and play, in this file; checked and clean (no subversive content).
Next, a few little notes (repeated from last year):

  • “That’s odd! The usual numbers 1 to 50 aren’t where they’re ‘supposed’ to be by common standards!” Correct. Because I‘m ‘Rekt. The list is mine; why put the Mehhh songs high up there? They’re in there somewhere, but its my list, my preferences..! yes I do like some almost-forgotten songs better, sometimes much, much better, than the expired old hands.
  • Especially.. see the notes, when the clip (much) enhances the song(s). Wouldn’t that mean the song in itself isn’t fully complete ..? No, it means in (since) the age of video, songs with clips (‘integrated’) can much surpass mere songs by themselves, for a cubed sensory experience.
  • There’s more than 2000 yes. Because, already after the first 500 or so, determining the relative rankings becomes awkward. Hence, the cut-off would be random …! (why not 2048, that would make more sense in this digital (i.e., binary) age). The result is quite random in the end, too, indeed; some of the last songs ‘should’ be up much higher…
  • If you would still have some (preferably wacky) songs you miss, please do comment them to me. I’ll see whether I’d want to include them still, or not. Hey, it’s my list so I decide, geddid?
  • The actual end result order is far from definitive (sic). It depends heavily on one’s momentary temper and the memories that spring to mind like Proustian madeleines. And on one’s ability to hear quality. Such is life.
  • When dabbling with the Excel file yourself, feel free to play around with the ranking mechanism. What worked for me, was to first split the songs into bins of about 250 size (designate some song to be in the first bin that will end up being ranks 1-250, another song to bin 5, which is around the 1000-1250 mark, etc.), then sizing down bin 1 etc. to 8 smaller bins. Then, numbers 1-50 get a personal treatment one by one to their end rank, the rest gets (got) a random allocation within their bracket. After this, sort and re-apply number 1-whatever. Through this, actual intermediate bin sizes aren’t too important.

Then, as a long, very long list. With a Moar tag otherwise it would be ridiculous… [i.e., for the complete list in the post, follow the link:]

1 Hustle Vann McCoy Yes, the original
2 Easy Livin’ Uriah Heep To power it up
3 Heart Of Gold Neil Young Hits the heart
4 Hide and Seek Howard Jones Same, if you listen well
5 Peter Gunn Emerson Lake & Palmer Just for the intro alone
6 She Elvis Costello Personal nostaliga
7 White Room Cream Nicely powerful, doesn’t wear out too easily
8 74-’75 (+Video) Connells The video sublimates the message
9 Windowlicker (+Video) Aphex Twins Incomplete, as a work of art, without the video
10 Nice ‘n Slow Jesse Green Calm down again
11 One Of These Days Pink Floyd Hidden pearl
12 Smoke On The Water Deep Purple Of course
13 The Man With The Red Face (+Video) Laurent Garnier Incomplete, as a work of art, without the video
14 You’re So Vain Carly Simon I think this song is about me!
15 Dancing Barefoot Patti Smith Hidden treasure
16 Right Here Right Now Fatboy Slim Oft forgotten, defined an era
17 The Great Gig In The Sky Pink Floyd Appealing complexity
18 All I Need Air Mindfulness in musical form
19 Dream On Aerosmith Heartburn
20 You Got To Fight For Your Right to Party Beastie Boys Appealing. Simply that.

Continue reading “Top 2000++ of 2017 – before the herd”

The logic of automated decisions;
ransparency through audits ..?

Not bashing, nor FUDhyping…
Was triggered by various treads, e.g., The Book on the subject (or, het boek in Dutch), and scores of elucidation (yes. be happy finally there is some truly) from the legal perspective, on GDPR article 15.1h and article 22.

The latter two not being conclusive, however. They are about requirements of transparency on the logic underlying automated decisionmaking. But there is no clarity about how deep that should go. Will “Hey your data is processed by some AI system [literally, factually incorrect statement because it’s only Machine Learning at max, today; does that construe a false statement i.e. fraud ..? ed.] and even we the builders ourselves have no clue what goes on in there – that’s the whole point of using it besides being able to fire a great many inherently expensive humans and we don’t care the least about the biases and other grave errors of the system it works fine for us!” be acceptable? Hint: No. Will “Oh it’s so intricate that we, let alone you, have no clue when looking at the audit trails that the system generates” fly? Same hint.

Because here, we see a new area developing for IS auditors: Auditing ‘AI’ [quod non but read ‘ML’ and you’re good; ed.]. As IS auditors are (supposed to be, I happen to know a fair share of peers … etc.) the experts in gauging systems functioning qua .. reliability overall, too. Which goes way beyond mere C-I-A but still, has Always been part and parcel of IS auditors’ education, right ..? I will come back to you soon, with more definitive info on how IS auditors should go about this all.

Oh by the way yes I did already notice that the more the system in scope behaves, and is constructed to behave, intelligently like the average (sic! statistically you have zero reason to put yourself above that! oh wait you read my blog so you are definitely, way off the right end of the scale) human, the more the audit will have to be like we audit humans today. Uniting psychoanalysis and explicit rules on paper (in procedures, algorithms et al.), very dogue much fun.

Plus:
[Though a flat, and has iron, legally misidentified as flatiron …; NY – Pic tilted to fit in the pic frame of course]

Losing your trade’s virginity

I‘m referring more to dull trades, like auditing, than what your first thoughts were about…
It seems hard for some people to get their heads around the still persisting problem with AI introduction into regular trades, that when deploying AI to take over the rote grunt work at the lower rungs (which is, by definition (?), all that’s just behind your heels) and leaving the more intricate, ‘difficult’ and ‘intelligent’ work like decision making and risk weighing to seasoned, experienced professionals (to which you belong of course), that there will be no more seasoned, experienced professionals since the seasoning and experience is in years and decades of the rote grunt work that no longer exists for humans.
The ‘difficult’ decisions will all the more speedily be taken over by exponentially self-improving-on-the-intelligence-parts AI, as humans fail ever more quickly at those tasks. The excuse that the lower rungs failed in providing proper intel, will not work; higher-up humans would need to get a grip on the lower stuff, and to be able to determine the effectiveness of what goes around there… again you’ll need the extensive experience, maybe even more…

[Don’t get me started on how current ‘leadership’ (those that fell upwards by lack of weight, not the real leaders) already fails comprehensively at the intelligence part…]

Quite a vicious circle. And:
[Museum of what lies ahead for humanity, in total surveillance states, and AI futures; Riga]

Self-driving my a..uto mode

What was it; that car company we’ll call ‘T’ as we don’t want their lawyers’ badgering, claimed the EULA on the self-driving of their cars required the auto-mode to only to be allowed when on reasonably straight roads in reasonably light traffic with full oversight always.

Apart from that being no driving fun whatsoever, and no help whatsoever in ‘normal’ (other) conditions, I have a question: Why use the system at all, then, when already I have cruise control and Mk.1 eyeballs for such circumstances and do nothing but steer lightly ..!? What improvement from ‘steer lightly’ to ‘not steer at all but always be ready and alert to’..? You’ll never be allowed to text while driving or binge-watch ‘flix while in traffic jams anyway. Is that worth all the trouble, hassle, and hype ..?

No it isn’t. It’s more like ‘cybercrime insurance’ (#ditchcyber) – when you apply all rules, you don’t need cover (and have none for the risks accepted or new in the first place) / don’t get any help from auto-mode; if you don’t, you lose all cover period

So, better get better auto-mode, without the circumstances-requirements and without the EULA extortions. Or, drop the whole idea and get on a bus.

Which may also beget auto-mode… ;-|

Oh, and:
[“Look mummy no hands!” would really take out all the fun…; Baltimore thank you sir for not jumping on the green light to enable me to take this pic]

Compare the innovation fruits apples and oranges, please

How is it that long-standing discussion-stoppers persist ..? Take, for the sake of argument and for reason of being the raison d’être of this post, the common “One shouldn’t compare apples and oranges”. Or ‘with’, or ‘to’.
What fun is there in comparing apples to apples ..? Since various species are still very much alike, the attention will go to the, certainly relatively, minor differences, losing the bigger picture. Even when including crabapples, mostly it isn’t worth the trouble. Except for a few experts.
Entrat oranges.
They are so different (Well, overall; there’s also many commonalities like being in your fruit salad with other fruits like tomatoes oh wait) that at once, both the main lines and subtleties of differences can be discussed. Because one compares to discuss, right? If not, just don’t compare anything and sit there like a plant.

Actually, this whole post is about the realisation that in business or other organisational life, we should do both when it comes to innovation. There, tradition has it that one competition in the apples-only markets. Slight differences are sought out, and marketed, as significant whereas usually, they’re not.
Until some orange disruptor appears. Then suddenly, the picture changes – for proper anaylsis, one should compare the apples and oranges, to see how they fit market demand including substitutes et al. And do follow that link to see at which touch points the surprise element rests. Or so.

Just sayin’. And:

[A morning’s comparison of premier cru and grand cru grapes, from Ludes towards Reims, is definitely worth the fine nuance ..!]

Extra, extra! A Fine!

It was bound to happen: Fines! For privacy violations! Oh how do the Frightful Five shudder at the thought of these economic penalties that will down their businesses. Not so much. Is there anyone that thinks the fines will do better under the GDPR regime ..?

Kindergarten dreams. If all people are nice to each other there will be no more war and world peace. If GDPR kicks in …

Plus:

[An air of nice, just the air; not Nice but 4711 Cologne]

Stochastic culture (change)

This ‘personal research’ hobby of mine had taken me into the ‘From Security Awareness all the way to Behavioural Change’ alley(s).
Where it got stuck. Among others, through the realisation that ‘culture’ as such doesn’t exist, certainy not within larger organisations. Local cultures, yes. Overall cultures … maybe as the most degenerate common denominator; the more numbers you throw in a basket, asymptotically but very fast the common denominator will come crashing down to 1.

In infosecland, it’s worse. To actually adress and change the oft unconscious parts of personal culture (behaviour), one has to move away from organisation-wide awareness training ouch if you call it that, all are lost – into the realms of individual coaching, for each and every employee.

But then the stochastic cooling of particle physics rears its head, as a phrase that is. Can we somehow differentiate the to-be-learned from one-size-fits-all into separate sets of behaviours to be rote trained (in practical use; experienced) so the sets become unconscious behaviour(s), and then overlay these transparent sets [Remember, the ‘sheets’ you could stack on an overhead projector? You don’t – even know from a museum what an overhead projector is… Oh. ed.] over the organisation populace, according / in relation to the expectance to need such behaviour ..?

I’m rambling, as usual. Anyway:

[Not all grapes are evenly grown, still great wine is made without stochasctics…; Valle dell’Acate]

Maverisk / Étoiles du Nord