controls – Page 23 – Maverisk / Étoiles du Nord

Industry tourism

… not the other way around. Or, both.
Where the most afford-able tourists will ‘move on’ to ever newer places when things get too crowded, or just too common, they will in the end return to past favourites, when the wind of stampedes has blown over. Industries … do the same ..? Considering IoT is really turning manufacturing’s global movements and spread on its head, with the AI in-roads leading to e.g., a switch of human involvement from ‘hands’ to ‘brains’ [what a change! managers should fear …!], I wanted to start some economics analysis here but don’t have the right data at hand.
So, for the series, I’ll explore. Like, cycling from primary all the way to quartary (?) industry (administrationland), and back (and forth) in between, innovating as we go along … no, no this post is going nowhere. Must be Friday’s.

Similarly, I have no clue why this [own] anonymous Philly pic is here. Or is my account hacked and did some joker just put the above down as a claim ..?

De administratie is van geen van allen … [Dutch]

Was triggered by this here article, as read in het Parool but repubd – and deserves republication in many more places. Yes it’s in Dutch unfortunately, as I don’t think the problem is exclusive but it may be tearjerkingly worse and exposed here…

Waar nog bijkomt dat een flink aantal (?-tot-100%) ‘bestuurders’ nog steeds in de illusie leven dat ze iets ‘besturen’ en dan ferme besluiten nemen, met de vuist op tafel slaan zelfs, en dat er vervolgens niks gebeurt. Helemaal niets. Het ‘besluit’ was immers de prestatie *quod non* en de uitvoering, tsja, dat is voor het lagere volk. Daar ga je je niet mee bezighouden. Terwijl het besluit zó ver los staat van de werkelijkheid lees implementeerbaarheid (op wat voor manier dan ook; taalgebrabbel los van normale praktijk, met bij voorbaat zeker gierend budgetgebrek) dat niemand zich waagt het op te pakken. Dus *gebeurt* er niks…
Als je dat maar eventjes stil kan houden (fijne wensmanagementrapportages in bestuursjargon ja We Zijn Nu Eens Echt Goed Bezig Met Actiemaken maar niet heus), dan is het Na Ons De Zondvloed. De naam ‘Asscher’ gaat rond in het Groene-artikel. Wel goed dat er een enquête komt! (of al voorbij is gezucht zonder dat iemand er erg in had). En oh wat goed dat die wordt gehouden door dezelfde in-crowd; dan weet je zeker dat er iets echts uit gaat komen..! </sarcasme>(?)

Maar ja, er schijnen zelfs nog mensen te zijn die werkelijk denken dat we in een democratie leven. Als de facto een pak ‘m beet 0,0001% van de stemgerechtigde bevolking uitmaakt op wie je überhaupt kán stemmen en geen enkele partij de moeite neemt om te zorgen dat je het met meer dan maar 30% van de standpunten eens kan zijn (waar de rest persoonlijke hobbietjes zijn; belastingmiljardenverslindend en vaak nutteloos) met een persoonlijke aansprakelijkheid van nihil, terwijl “dan richt je toch zelf een politieke partij op” niet kán werken, ja dan heb je een echte democratie hoor ..!

Passend:

[Actual government, direct; tranquil reflection on that]

#ditchcyber CSI, this was real

A quote, a post:

This is a story of a very high-tech kidnapping:

FBI court filings unsealed last week showed how Denise Huskins’ kidnappers used anonymous remailers, image sharing sites, Tor, and other people’s Wi-Fi to communicate with the police and the media, scrupulously scrubbing meta data from photos before sending. They tried to use computer spyware and a DropCam to monitor the aftermath of the abduction and had a Parrot radio-controlled drone standing by to pick up the ransom by remote control.

The story also demonstrates just how effective the FBI is tracing cell phone usage these days. They had a blocked call from the kidnappers to the victim’s cell phone. First they used an search warrant to AT&T to get the actual calling number. After learning that it was an AT&T prepaid Trakfone, they called AT&T to find out where the burner was bought, what the serial numbers were, and the location where the calls were made from.

The FBI reached out to Tracfone, which was able to tell the agents that the phone was purchased from a Target store in Pleasant Hill on March 2 at 5:39 pm. Target provided the bureau with a surveillance-cam photo of the buyer: a white male with dark hair and medium build. AT&T turned over records showing the phone had been used within 650 feet of a cell site in South Lake Tahoe.

Here’s the criminal complaint. It borders on surreal. Were it an episode of CSI:Cyber, you would never believe it.

Just to remind you; it’s not all APTs only that hit you. Here, it was ‘just’ hardcore kdnapping. And think about victims of false … [fill in your favourite of the four horsemen of computer crime and colour the picture] accusations alone: Defamation by the clueless, works at much longer terms, and maybe more effectively. Nothing progressive, innovative, disruptive about that… And:

[Yes that is the First Flag – government project: (i.e.) unfinished]

A sobering thought

Actually, not one but a great many sobering thoughts, in this great piece: What They Don’t Teach You in “Thinking Like the Enemy” Class. In a high-quality series.

To which one might add … not too much. Maybe the 100%-is-infeasible line, and Schneier’s Return of the Security (is..?) Theatre trope. Oh, and the one that has still taken far too little root; the deperimetrisation-means-you-need-to-focus-on-information-not-the-fortress aspect that has been around for a decade already but still has hardly been implemented properly.

Or, we redesign the world. Somehow, we need to get into the mindsets of the global populace – that so far hasn’t been standardised to any degree; happily! for cultural diversity hence overall societal flexibility, development and progress … – to accept that after human development was pushed by physical wars for all of its existence so far, we have arrived at a new round of warfare innovation. After the man-to-man (sic) manual combat, and the ethically despicable practice of not even seeing the Other in the eye individually that gunpowder brought on – glossing over the trebuchet-and-others long-distance hurtling and archers’ reach –, we are now engaging not only in drone-led warfare (distance being even greater), but also in this: humans not being the soldiers anymore; that part being taken over by the robot. By which I don’t mean humanoid robots – why even bother – nor masses of stand-alone AI. But rather, unembodied A(S)I that operates on any platforms together, creating resilience not by numbers of clones but by moving swiftly over servers by having been virtualised at various levels of conceptuality, as they are compounded-mem complexes battling each other evolutionarily. And still aiming at humans.

…? Well, what’s the purpose, otherwise ..!?

Which is far off from where this post started. And foregoing the intermediary step I wanted to write up; where ideas cleverly capture (numb, dumb?) people and ‘ideologies’ fight each other for global dominance. With all sorts of ‘neat’ (quod non) tricks. But [w|h]ell… and this:
DSCN8626cut
[All humans removed from picture. Naturally]

You, me, and ASI; the difference

Before we forget: Why some don’t see how ASI would surpass AGI and humankind, is that humankind has not learned to work together in all the time humans have existed in groups beyond the first few Dunbar numbers (2, 8, 20, 50). Which means we humans spend the most delicate thought and most thinking energy on the operations and tactics of working together, before the ‘external’ task can be solved if at all. Where ASI would have no trouble having all human culture combined into one processing faculty already, hence think-acting at a level of all humankind in concert, or beyond. We have external response flexibility, ASI has that covered internally with an n-dimensional external surface, n possibly > 4.

Deep-think that one over. And:

[Indeed, one section. Goes for all of your brain’s work, too]

Short post: Offense on the Defense

Apart from love, here too all is fair. Hence, the offense may be pushed into defense every once in a while. Yes, think that one through.
Or, that is misinterpreting it. Offense and defense do a danse macabre while the content fights out at higher abstraction levels. Think that one through ..!

[Edited to add: this link, and this one. Others apply as well.]

OK, ’nuff for now, and this:

[Not even unique, as a NY wedgie; only just (…) the prettiest]

Preventing detection

At last, there’s a resurgence of non-preventative infosec (#ditchcyber) efforts. As, e.g., here (in Duts though the orig would be Engrish ..?) and here (a decent one, almost making the right point; co-typical ..? and on second reading, a bit empty of actual actionable advice). Hinting at leaving the Prevention Imperative and refocusing on Resilience.
Because ‘deperimetrisation’ may have clouded the longer-term, more strategic failure of locking oneself in and shooing away the so grossly underestimated enemies by one’s own utterly ridiculous overestimation of … authority, power, capabilities and competences, considered-self-evident importance (quod non…). The dumb not realising how dumb they actually are…

We’ve said this before, over and over again. And we’ll say it again. Because the Laggards (hey remember yesterday’s post?) still haven’t got it, deeply enough into their veins.

But, we have a start of that at last. Why only now? Because even the most conservative (sic) can no longer hold the fort (sic) of box-shipping at all levels? Anyway:

[Rebound into the heavens!]

Why ‘cyber’s still a dud

[Oh yes @CyberTaters will warp the pings re this post. And #ditchcyber!]

For one, all (sic) of ‘cybersecurity’ (quod non) is incomprehensible to those that consider themselves ‘leaders’ in one way or another in practices where actual infosec should be top of mind. Since the (for quite too large a part) despicable mice (of this story) don’t see their own folly, these kindergarten emperors will be found to wear their new clothes well… but not ‘get’ what it takes to start developing ideas how to actually lead in the infosec field. Starting with debunking Internet myths and hype-FUD but also starting the sea changes needed to achieve something (if maybe not everything).

For another, since all the hype-FUD only leads to Technology focusing, where those that would still not have thus-focused houses on order should be fired; decades of developments would have to have been easily dealt with – though it is rocket science, it’s hence not that hard. Hey, designing and building a probe to Pluto, isn’t there an app for that?
Leaving the other 99.9% (well…) of work in the area of People (and don’t start me on Process..! see my posts over the past couple of weeks). Which, even if it would be understood what needs to be done in that field, would be known to be near impossible to pull off, let alone in the short term.

Hence by simple (?) logic, ‘cyber’whatever is a dud.

Sobering:
DSCN2508
[You know where, or not; every corner needs to be beautiful…]

ICYMI PON heeft gelijk [Dutch]

Voor het geval het een paar weken terug langs u heen is gegaan; dit. Terecht. En ondertussen zitten allerlei (zeer!) kwetsbaren zonder de zorg die ze verdienen (verdiend hebben) omdat (voorgaan)de bodemloze put miljarden (sic) het zwarte gat in zuigt.

Scaling ‘security’

Availability: 99.9% (per year).
‘Security’ (the C, the I) … nothing. Or, the infeasible 100.0% XOR nothing.

We may have a major issue here…

Well, we do have OSSTMM on one hand, and the seriously innovative, very important Secrecy stuff on the other.
But can we answer the question “How secure are we“..? Indeed, OSSTMM gives us a number – for the operational and technical elements. How ’bout integrating the tactical, strategic, and non-tech stuff like hooman behaviour ..? And still make it somewhat understandable to the clueless (Csomethings and other involved in the utterly useless nonsensical area designated by the pejorative joke label ‘governance’; all with the exceptions acknowldged of course); other than the above % per year estimates that are interpreted so badly..!
Oh and things like failure rates from e.g., FMAE, as presented like ‘dam can stand a one-in-a-thousand-year flood’ also don’t work – dam can break today, and tomorrow, and the statistic may very well still be valid!

Maybe it’s key to first find how to whack the notion of “1-in-1000yrs means I don’t have to worry for another 999 years” fallacy. Psychology it is but so security should be..! As many of Bruce Schneier-et-al’s posts prove (?), FUD and other angle fail so miserably.

The time (decades) we’ll need to turn around the psychos, allow us some leeway to develop suitable Scale(s?) of Security. But let’s not wait for the end of those decades before embarking on the exploratory first steps of that. You suggestions, please, today.

[Edited ahead of posting, to add: This here piece on the (declining) half-life of secrets; definitely something to include in the above ‘metrics’. ..?]

For the eye candy:
DSCN4499
[Zurenborg again, slightly edited – who’ll do the colour corrections for me?]