Applicable to business – Page 32 – Maverisk / Étoiles du Nord

Comparatively innovative (Beetleroot)

There was this quite simple hack; in (very) pseudo-code: If 2-wheels Then { Rollerbank; diss up some fancy figures; }
Which calls to mind the Problem of BIOS hacking / backdoor/malware pre-installing, as explained here.

On the one hand, a solution is available: At a sublimated information level, encode, as here. In the physical, car, scenario this would be readily implementable as: Just test the emissions, not rely on data produced by the system itself. Prepared By Client is used pervasively in accounting (financial auditing part) as well so consider yourselves warned…
On the other hand [there always is another hand it seems, possibly because this is real life], in the VW scenario there will probably also be a call for source code reviews. Or at least, from the software development corners, there will be. But then one ends up in the same situation as spelled out in the Bury post: How to verify the verification and not be double-crossed? A source code review would be one part, but how to compare a clean (pun not intended at time of typing) compile / image to what is actually installed (continued, without change-upon-install-to-dirty-version or change-at-service) throughout in the field?

Another issue from this: How to overrule self-driving (or what was it; fully-autonomous) cars ..? The BIOS-hack and Car examples show some intricacies when (not if) one would have a need to overrule near-future “Sorry Dave, I can’t Do That” situations. Once no physical controls are left to take over manually, … Arrmagerrdon. Yes, that 2001 was a rosy, romantic, not horror scenario. And demonstrating that at a comprehensive abstraction level, Prevention still trumps Detection/Correction. But not by much, and the advantage will slip by careless negligence and deliberate deterioration efforts.

Oh well. We all knew that All Is Lost anyway, And then, this:

[(digi)10mm wasn’t wide enough to capture the immersion in this… Noto again]

Roboccountant

Talking about robotisation of the accountancy industry…

Automation is letting a computer do the same, or about the same, as was previously done by hand and/or mind.
This ‘doing’ is a walk-through of an algorithm. In its simplest form, and for major parts the core of accountancy / bookkeeping processing, this was even parameter-free so no switches needed to be made, no decisions at switchpoints. But sometimes, the switchboard was external e.g., in accountancy rulebooks that were but for (idiot) savants (a.k.a. ‘only some accountants’) near- or completely impossible to stuff in one’s head as part of the programming.
The Turing machines have it. But this line is only a display of wannabe Wisdom re core automation / programming knowledge.
Computers were freely programmable. And still are, mostly. Robots? Maybe not so much. But then, they’re of the industrial kind welding together your Tesla, or of the ridiculously purposeless humanoid kind. So, why talk about robotisation when it’s more about automation (of the classical label), nowadays called ANI, in the cloud or not..?
But then, there’s a lot of interpretation and shot calling and estimations up for discussion, in accountancyland. But that was what AI was supposed to solve! So far, we have only explored the either Expert System pure logic, or the ill understood neural networks deployment, but we haven’t integrated well enough the in-between (or supra) field of Fuzzy Logic. This could bring about a far more absolute truth of e.g., 60% admissibility of some estimation and at the same time a 60% inadmissibility of the same number. Then what — is determined by …? But that’s just how it is today, in the accounting industry, disguised as tough talk on admissibility but in reality styled more like cowardly firing squad pleading.
I already blogged about continuous instant report generation based on approved XBRL templates, that could draw on All data available in some organization, to deliver reports with the latest data to just whomever has access to the template/generation engine.
With assurance on the templates, and on the soundness of the base data pool generated/filled e.g. by automated verification against external sources, and on the integrity of the XBRL templates and the generation engine — nothing more needed. Initially, difficult enough, but learning effects will diminish the burden.
A second intermezzo: Of course all assurance will be delivered to your smart watch (sideline: as if such a thing would ever exist). Just strap a tablet to your wrist and you’d still be out by quite some margin, on screen size required to quickly glance over all relevant data (in one view! as is almost always required to understand the displayed, to have information from the data).
What if we find that all fuzzy logic including zero-to-somewhat fuzzyfied expert system’s translations of the hand- and rulebooks, would be implementable on rather simple neural networks, in the order of magnitude of a snail’s brain. No, not hinting at you, but the slime trail left by that Partner you know, is tell-tale.
When not if, weaving errors turn up in the rulebook algorithmic… When not if, the translation of True And Fair View into materiality criteria (NOT the other way around..!!! as it would be today but also as is complete and utter stupidity of the sackable offense and life without parole magnitude) will turn out to be faulty.
The idea that blockchain based trust will replace the value (if any(more)) of the wet signature — has that concept become sufficiently laughable ..? — of any particular person for reliance, is moot but may have to include indemnity / insurance coverage in one way or another, or is all accountancy (?) fee placed in escrow until a pool fund for expected claims is (over)filled?
But, will blockchain trust not go the same way as reliance on open source software ..? Will it not fail in light of the Bystander Effect ..? Then, exploited by the worst, first. As usual.

Well, just some touch points. The main one being: The rules are algorithmic, almost by definition. Until now, there was no good automated engine to draw on, but the inroads Watson is making in the medical field (oh how comparable!), show how close we (well…) are to being outflanked by … Hey lets have a contest about the name this first Roboccountant will have …!
As long as we don’t fall for the trappings to believe in any kind of child’s hand is easily filled expectation of a humanoid robot but rather one that has no physical existence other than its bits spread out over the global infra.

Oh hey before letting you in the dust, to clear up, herewith:

[Not evil but Ibla]

Should I go or should I go – Maps out of bounds

Oh-kaye, was on my way yesterday to this seminar on IoT — which is irrelevant info (is it?) but whatever — when I turned to Maps for final approach instructions, appropriate as I was, relatively speaking, props traffic i.e., by bus for once and on foot. The address: Clearly, Schiphol Group at Evert van der Beekstraat 202. Which Big G did find — far off from the ‘heart’ of EvdBstreet I had looked up earlier. As I guessed to have to walk only some 200m, I reverted to walking ‘back’ to the central terminal (in the rain, mostly), guessing the location would be in or next to the crew building. Arriving there… no sign of any ‘202’ or even of ‘Group’. Helped in a very friendly way, I was sent up the office block next to the old control tower, and from the 8th floor big window view was pointed… to the other end of the airport office area… where I had been, 200m off but now a full (English, or US of you’d desperately want) mile away.

Which brings me to the point (if any): At what point does one decide a whole seminar isn’t worth the effort anymore; time and travel spent being sunk cost and some more of both is required but also one’s already beyond suitably late …? As it happened, I had a couple (like, three) of these moments, time aplenty to have them, thanks to Google Maps… But still, you know that feeling, and how did you decide ..?

[Yes in the end I put in yet some more bus fare and did go; it turned out to have been very much worth it, due to ISSA NL organization]

Is the Valley over the hill ..?

This, about real estate. How some current wave of innovation is in its tail stages, like this. Is that bad, or is it a sign of health to enter the unhealthy stage ..? Riddles…
Or rather, it’s about how the dam break of the app effect gravitated to the black hole of Mountain View Et Al. But the wave of innovations that it spurred, or had spurred before and in parallel to it, too, now pulsars its way to other places as well, into the ‘outer space’ that the world is. As the collective built stuff that is unbound geographically, so the development (capabilities) spread as well. The ‘placelessness’ of the innovation is pulling ahead for real, finally. New (?) economies (China, India, Latin world) may have bigger natural language and native (sic) market areas, and the vast unrealized talent pools [I don’t mean the tiny fraction of happy few that transfer to CA but the other 99,5% as well]. Where the latter, in CA, natively there, may have lost steam, handicapped by the head start (law) in e.g., education and through the rising overhead of non-productives, the consumerists burden. And awaiting Schumpeter’s triumphant return.
So, the real estate might not matter too much, soon. All will be free to travel, anywhere, much more often, and still be innovation-productive. Ah, the ideal!

[Yes you figured that out correctly… Marzamemi again]

Starreveld in the Information Age (industry)

@deKokPieter or others (or just one of his interns; grad work?) may have to help me out with yet another crazy (not (?)) idea of mine:
There was (is?) this great theoretic of accountancy called Starreveld, with his value cycle typology for, literally, every kind of industry and on close reading, even sub-industry. Given that we live in times of information processing factories, how would they fit the model or how would we have to read / translate / interpret the model to ‘work’ in today’s day and age?

Since the information processing industry, being almost all of the world’s service industries including (almost) all public sector organisations, works in an extremely devolved form of hyper-mass-single-piece production including storage, and how do we translate e.g. stock type and count to ‘information’ and ‘data point’?
If we take this approach, i.e., from both sides, being from the current industry operation side to Starreveld and the other way around, do we have a complete mapping and what do we learn for control and audit ..?

Just putting it out there. This, too:

[That little theatre of note, I mean Noto]

Program. Check. Not.

Going to present at a conference. You know, to raise one’s reputation that is the single currency in independent-consultancyland, and to gain feedback on one’s private research and professional (industry) development zeal.

So, I was to present at (ISC)², or rather, not, as notified in an email of May 7^th, less than 2 months after proposal submission.
And indeed the program/agenda presented online then (and the weeks before already), didn’t show my name. Bummer. Was granted a slot at a back-up filing (ISACA Copenhagen) but had to decline, due to private circumstances.
Over the course of the last couple of months, did receive some (Google)anonymous cell calls from the UK. Dismiss, obviously, as this is the Fast Route to phone bill exploitation by connect-throughs; everyone knows this, right? The some that I could (Google)trace, and the some that left voice messages, I reacted and sometimes responded to. Lesson: Be traceable via your cell number or else.
And then, yesterday this guru peer sent me a message whether I would be in town already — the town being far away, vaguely recalling the above conference of first preference…

So, … checking the conference agenda (PDF here) … my name is there …!
Texted back whether peer might present the rejection email to conference organizers which he did, causing some more cell calls with some voice mail (08:49h) about ‘terrible mistake’ and whether I could still present, at 12:10h — considering having to dress up, make a full professional presentation, pack up, get to the bus, get to the train or to the airport, get a suitable ticket, get on (train takes only 8,5hrs; plane: gate time delay, flight time, offboard delay = ?), transfer to the conference venue, for half an hour talk time … Oh. Or go the next day, in the slot that the replacement speaker got instead but then, I’d still lose out all credibility before having even started.

This just in: per tweet, MIS Training EMEA thanks me for my session… Adding to the audience that will be aware that I didn’t deliver.

Now, still awaiting a proposal from their side, how to compensate for the:

Reputational damage of being shown as if not delivering, to a crowd of foremost peers and potential clients;
Loss of outright marketing opportunity [note: not ‘sales’], to the same;
Feedback not received, which could greatly have enhanced both my service offering and the acceptance and acceptability of the same;
Loss of (permanent) education I would have got from being at the conference and hearing all the cutting edge developments in the field (that the organizers promise);
Expense and leisure of private travel (incl. spouse) that would have shouldered the conference and would have been half deductible on business for income tax.

I’ll stop now and wait. Some time, before switching to legal recourse.

[Justice will be served.]

Proof gone crazy

Was reminded recently, again, over the Proofing Gone Crazy aspect of the ‘show me’ approach in the totalitarian, SOx-ignited tidal wave of filing requirements.
As if the better the files, would not prove the better the manager is at hiding ever more wrongdoing ..!
As if it wasn’t, and still is!, the job of the auditor, the overseer and what have we (under whichever laughable guise of ‘regulator’ or even anything with ‘governance’ pitched in; ludicrous misunderstanding of what that would actually entail), to go out and find the proof oneself, not bothering the ones doing real, serious work beyond the bare necessity.
As if anything improved in ‘quality’ except auditors’ fees and the efficiency thereof — as if that were the purpose of it all.
As if the little time left after all the overhead is done, to do that real, serious work, doesn’t deteriorate gravely in ‘quality’ by the utter demotivation and distraction of all overhead requirements.

As if ANY of the original objectives were achieved. Only those that bulldozer over them, and/or are outrageously bombing the whole circus into the ground by pushing the pennywise and poundfoolish over the hill by exacting rule-based perfection while themselves taking the principle-based approach to break all that could be dreamt up for moral and ethical rules that apply still, everywhere, achieve anything. That’s a nice split main cause sentence …

So we’ll have to fight.

If only because originally, I wanted to start off with a title ‘Proof Sets Free’ after some motto on a gate that is commonly taken to point at humanitarian atrocities of a historical monumental scale — that are a direct and difficult to avoid consequence of the bureaucratic way of thinking. Those that toil under this motto, are set free only by ‘death’, physical or mentally, that is caused by their toils in the first place.
Which fits nicely with the utterly immoral requirement to turn oneself in at every misdemeanor that will for certain be taken as grave crime, including producing all proof of fact, and paying not only all legal fees but also for the bullet with which one is shot. Yes the world over that is considered a crime by the courts… Only here, the courts do not comply with the trias of politica and have all the power…

Now, just for laughs, try to prove me wrong in the above. Clowns are fun.

In return, you get this:

[Somewhat better here; The Hague (?)]

Vendors pitchin’ — reality’s b… moving elsewhere

Was reminded today that still, a great many vendors in the (Info)Security arena are pitching their worn-out warez to a laggerd crowd — or is it just me to see that, in particular where IAM is concerned, all eyes are still on some vault idea of data storage and systems, behind some mirage of a perimeter of the ‘data center’ (as it is presented ..!).
Luckily, I met this old friend of mine of Zscaler that see that today’s access and wider security concerns are over Cloud (storage, services) and Users (out there, anywhere). How nice would it be if not too much time would be wasted anymore on the classical, outdated (sic) model(s) and we’d all move to this new world ..?

This, for your viewing pleasure:

[Watching the ships go by, Amsterdam]

TLD: Shoo! Shoo!

Awwww was reminded today that the fallacy of Three Lines of “Defence” is a stubborn one. Debunked by a great many, among others on this blog over a year+ ago, but still much too much alive. So let me remind you with the following picture that speaks for itself (or …):

[No high-class design frenzy, just the blot-down in an angered jolt]

Yes, that’s right, still, and is until y’all ditch the TLD idea on the rubbish heap of history: the lines DO NOT stand between the threats and the vulnerabilities. And Boards et al can bypass the circus at their leisure. The lines (aren’t) of defense (aren’t) only stand between all that has gone wrong, and the regulators so the latter are placated with three rounds of white washing and window dressing.

In the past, everyone I discussed this with, agreed the whole thing’s a joke. A sour, very expensive, delusional one. Everybody reacts, nobody responds… Which will need to change or massive damage will occur.

OK, I’ll stop now before my language over the totalitarian, mind- and ethics-genocidal bureaucracy gets out of hand.

Trivial TLA Things-Tip

If you Thought This Time Things would be easier, as the universality of plug-‘n-play has spread beyond even the wildest early dreams into the realms of the unthought-of non-thinkingness, think again. Drop the again. Think. That was IBM’s motto, and they created Watson. No surprises there.
However… It may come as a surprise to some that now, an actual TLA has some actual tips, to keep you safe(r). As in this. Who would have thought… On second thought, this agency of note might have no need for the access disabled themselves anymore, as they’ve provided themselves of sufficient other access (methods) by now and just want to hinder the (foreign) others out of their easy access ..?

Oh well, never can do well, right? And this:

[Another one from the cathedral of dry feet — only after, making sticking fingers in dykes worthwhile; at Lynden, Haarlemmermeer]