controls – Page 11 – Maverisk / Étoiles du Nord

Contra Bruce, for once

For once, Bruce is not at the right end. Maybe not opposite of it, but.
As per this here blog post of his — a repeat of one of his, and others’, thread.

The argument: We make things, like, security, too difficult for users and hence (?) we shouldn’t try to change them into secure behaviour.
The contra: ‘Guns kill people’, or was it that the men (mostly) firing guns, kill people? And the many toddlers shooting their next of kin since, being at the approximate maturity of the Original gun pwner, they have no clue.

The Contra, too, and much more to the point when it comes to ‘information’ ‘security’: We should make cars run at maximum 5Mph … Since ‘users’ are waaaay too stupid to drive carefully.
Just don’t mention that ‘security’ is a quality not an absolute pass-or-fail thing, and that ‘information’ could not be more vague. [Except ‘cyber’, that’s so vacated of any meaning that it’s a black hole.] And don’t mentoin we still seem to let cars be used by any other moron that once, possibly literally decades ago before ‘chips’ were invented, passed some formal test — the American idea of the test coming very, dangerously, close to … was (sic) it the Belgian? system where one could pick up one’s driver’s license at the post office. Able, allowed, to buy cars that drive not just 5 but 250Mph, on busy roads, without protection against using socmed mid-traffic… One thing could be to introduce Finnish-style booking for unsafe behaviour (if caught, not when as per next paragraph [think that through…]), and/or huge fines for the producers of bad equipment (hw/sw) comparable to fines on car makers, or outright laws to build airbags in, etc.

And then, if we’d design ‘secure’ systems, e.g., the Apple way, we’d end up with even worse Shallows sheeple that have so much less clue than before… And all in the hands of … even in ultra-liberal countries one would suggest either Big Corp, or Big Gov’t, both options being Big Brother literally in such an atrocious Dystopia of humanity.

So, you want safe systems? You get the loss of humanity before actual safety.

[Yes I get the Humans Are The Cause Of Much Infosec Failure thing (including Human Flexibility Can (still!) Solve More Than Machines Can, Against System (!) Malfunction), but also I am completely in favour of both the Humans Must Through Tech Be Completely Shielded From Being Able To Do Anything Wrong and Humans Should Retain All Freedom To Act Responsibly solutions.]

Pick your stand. And:

[Use G Translate if you have to, from Dutch. Typifying the driver, probably, if only for picking the brand/car…; London]

You sporting against all

When sports are considered to be character-forming for later (mostly assumed to be business-)life, either by having been trained to be competitive or have learned (really?) to cooperate in teams (really?), let’s see which versions there are:

In which the You Against Natural science (No counter-actors other than nature, only personal performance counts, possibly measured against others but still, bad luck gets you), You Against One opponent (where one’s in a knock-out tournament or variant; running into the later champion in the first round doesn’t do much for your chances for second place), and Team Against Team (if you’re a champ in a bad team, fuggeddaboudit; the other way around too, like Leicester City…), are all too well known, with the ‘character formation’ mostly being: Either you win or are a loser, and Suck It Up The Other Guy(‘)s Much Better.

But in business … Be careful not to think that it’s a team-to-team competition. Yes, you may assemble, or join, a team, but you’re playing against … the Market. Not another team … Unless the very unusual situation of a duopoly, which should be breakable, legally.
Rather, you’re up against ‘everything out there’; can count only on one’s own errors, not count on the luck of anything out there working your way though they sometimes do. And the character building/application is … well, mostly about you not being Hercules.

Well, if you think you are the big Heracles himself, note that your Impostor Syndrome is no illusion. The Wonder CEO that thinks he’s in the bottom right corner, is deluded to not see that it’s not all the underlings (certainly the sycophants) in a Team against him (seldomly her), in an internal struggle much larger than any competitive fight out there. But that all those one’s up against, are the Team in the top left corner, though possibly having ousted him for displaying anti-team play morals…

Talking of big business: What sport would have massive teams of hundreds, thousands, hundred thousands of players on either side ..!? With all specialised in their own little square foot of the playing field ..? At best, one has such armies with the classical mercenaries — and even they were, are, organised much more effectively. The military discipline of the multinational überbureaucracies will fail in the murk out there, certainly when one’s not against one specific opponent, as above.
‘Normal’ teams in sports are, ballpark, smaller than 20 players, all maybe having designated tasks but always all (of the winning teams) have the flexibility to step out of their role and position, with team mates catching the blind spots. As if that ever happens in business-outside-the-startup-scene. The closest to actual normal business, would be athletics teams, all with their specialties, contributing to the total, the satisfaction of having succeeded as a team winning out over the satisfaction of personal performance over team gains.

So, what was that about through (‘high school’/university age) (team) sports, would one breed character for the real world ..? If one does sports, obviously it should‘nt be for that reason but for the joy of it. ‘Character building’ as an argument shows one has no clue.

Plusquote: Beaton

Be daring, be different, be impractical, be anything that will assert integrity of purpose and imaginative vision against the play-it-safers, the creatures of the commonplace, the slaves of the ordinary.

Thus wrote sir Cecil Beaton.

And right he was. And is, and will be, more than before. Since times are a’changing ever faster, too. Which means the risk, nay certain penalty of not venturing out into the future by one’s own action, increases by the day, as well. Live, or not — the characterisation of those of the ordinary is apt.

With thoughtful salutations, I thee present:

[One feels invited to have to wait here, only; Royal waiting room entrance, Amsterdam CS]

Data Classinocation

I was studying this ‘old’ idea of mine of drafting some form of impact-based criteria for data sensitivity when, along with a couple of fundamental logical errors in some of the most formally adopted (incl legal) standards and laws, I suddenly realised:

In these times of easily provable easy de-anonymisation of even the most protective homomorphic encryption multiplied with the ease of de-anonymisation throught data correlation of even the most innocent data points, all even the most innocent data points/elements must (not should) be classified at the highest sensitivity levels so why classifiy data ..!?

This may not be a popular point, but that doesn’t make it less true.
In similar vein, in European context where one is only to process data in the first place if (big if) there is no alternative and one can process for the Original intent and purpose only,

To prevent data from unauthorised disclosure internally or externally, without tight need-to-know/need-to-use IAM implementation, one already does too little; with, enough.

That’s right; ‘internal use only’ is waaay too sloppy hence illegal — it breaks the legal requirement for due (sic) protection, and if the use of data is, ‘by negligence’ not changing a thing here, let possible, the European privacy directive (and its currently active precursors) do not allow you to even have the data. This may be a stretch but is still understandable and valid once you take the effort to think it through a bit.
Maybe also not too popular.

Needless to say that both points will not be understood the least by all the ‘privacy officer’ types that have rote learned the laws and regulations, but have no experience/clue how to actually use those in practice and just wave legal ‘arguments’ (quod non) around as if that their (song and) dance is the end purpose of the organisation but cannot answer even the most simple questions re allowablity of some data/processing with anything that logically or linguistically approaches clarity. [Note the ‘or’ is a logical one, not the sometimes interpreted xor that the too-simpletons (incl ‘privacy officers’) interpret but don’t know exists.]

OK. So far, no good. Plus:

[Not a fortress, nor a real maze once you see the structure; Valencia]

Waves of cyberfud

Not just because #ditchcyber is real. But because only now, the first of the absolute leggards (i.e., gov’t officials) begin to make waves about access to private data, through apparent (sic) complete lack of understanding about the fundamentals of free society. The issue of blanket access to any communications, for whatever purpose, has been settled so shut up for eternity or however much longer it takes ‘you’ to get it or die — whichever comes first, my guess is the latter.

Politics being the only field of work where no education is required; all the cyber-blah being the second, then, apparently ..? And:

[He would have annihilated the little people that clamour for ‘backdoors’, etc., et al.; DC]

Tugging on with Thoreau

It’s not enough to be industrious; so are the ants. What are you industrious about?

As a warning to the many that just continue to be ‘compliant’, letting their best, and next in line their mehhh, drain and be crowded out by meek submission. Which is what some Others live off, totally.

Hey, don’t just point out this all sounds rather negative: It’s Monday, right ..?
Switch to the Useful, creative, productive life! Yes, sirmadam, so can you! And you and you! And:

[If only life were always like this Valencia …]

Fraud no-angle

There was a lot of work done, mainly from faux legal/ethical corners, on the so-called ‘fraud triangle’. Without pointing only at previous dismissal, there are some fresh insights on why this’all is faux.

One is, as pointed, the presentation that considers the three corners of the triangle (pleonastically not tautologically) to be ‘present’ at one same time. In stead of seeing that there is a (very) definite order of the three. Once started, the march by moral capture / self-blackmail is one-way only. Whether triggered by willful act or casual impulse (i.e., Kahnemann’s System 2 or System 1 ..!); this is just a fact.
Two, the considerations on the triangle, and how to ‘prevent’ ‘it’, are theoretical only. Because they leave out human nature, where Systems 1 and 2 interplay. Where ‘protection’ against that, is not a theoretical exercise somehow (sic) translated into perfect control — as history learns, all totalitarian dehumanising organisations inevitably (sic) fail, and even trivial implementations will fail due to imperfect control everywhere, by definition through its selection by risk vs. budget balancing.

Yes the Faux triangle sometimes appears to be discussed only by those without due experience in practice. That know not of what ‘ethical’ means when it comes to leading and controlling people. That see only a tiny fraction of perverted Bad people (tellingly forgetting about the difference between Bad and Evil, Nietzschian style) that need to be stopped at all cost… Because Ordnung Muss Sein.

We all know how that worked.
Leaving you with:

[Please take a bath…; at Caldelas]

Another Thoreau, another on more-than-mere-process

I would not have every man nor every part of a man cultivated, any more than I would have every acre of earth cultivated: part will be tillage, but the greater part will be meadow and forest, not only serving an immediate use, but preparing a mould against a distant future, by the annual decay of the vegetation which it supports.

Which again, points at not every waking hour should be spent on work within the straight jacket of Process(es) and procedures, just clicking the only icons you have. But also having, taking, the time to let one’s mind wander, and do things differently, for the very purpose only of refreshment. Refreshment of the mind, for the purpose of that creating the mould, … on which future creativity is crucially, essentially dependant.

Without ‘idle’ land and time (spent on refreshment and enrichment, e.g., through reading serious (sic) i.e., only tangentially business-related (sic) books), your future will be a depleted land, a life spent being a wringed-out lemon for others’ profits.
With idleness, refreshment and joy (that essential true-life ingredient), you can be(come) all you want to be and live a full life.

‘Nuff said, plus:

[Even the ground enriches the eyes… Plus, straight lines at a slight angle are more interesting >:-] ; Ancy-le-Franc, Aube]

Golden Oldie Pic of the Day, part …

You know, any (Tues)day.
cmatpncwiaebx6q
Hey, “I drink only three glasses a day, so practically, I’m a teetotaller.”

Being busy bodies doing busy work

… Anyone noticed that the ‘trend’ (development) where everyone claims to be oh so busy with, basically busywork, started with the demise of the secretarial profession ..?
Where secreataries (either a pool of or a single personal, or in a pool altogether for sharing i.e. load balancing) and like support staff were (sic) there to alleviate all the chores that now, all underlings/specialists, ‘managers’ and even up, are supposed to do now, in stead of the work they were hired for and be productive in the thing that labour specialisation had made them best, most productive, in, like a Ricardo trade deal within the organisation.

Yes, the secretaries were doing much of, superficially!, uninteresting work but were so labour-specialised in that, that they were more productive, effective, than any heap of managers ever could dream to be … Where the specialists as well as the managers once were specialised folk, with suitable spans of control, but now, no more…

That has been chucked out of the window. Despecialisation resulted indeed, and has included the tons of changeover time involved. Making everyone miserable with having to fill out dumb forms (dumbed-down to the max because now even managers needed to understand, not only the understand-experts that the secretaries were) in stead of the interesting work that one came over to the organisation for.

The hyperbolic extension to socmed addiction and FOMO, and a prefix Impostor Syndrome, of course leading to a neat total burn-out. Thta prefix thing, I’ll elucidate later in some seperate post, if you don’t git it.

The solution also being Obvious: Bring Back The Secretaries! And give them proper status and reward (in all ways; monetary, too, since they raise productivity and morale so handsomely — the latter not literally meant, btw).

Let’s all admit that productivity increase by firing lowest-level staff first, doesn’t work as far as we (???) have done that over the past four decades, and revert that trend. Plus:

[Wide, high, mighty, needs no tower; Metz cathedral and yes, that’s part of another building on the right not a pic error … (?)]