controls – Page 24 – Maverisk / Étoiles du Nord

Stale^2

Hm, wanted for once (huh?) to not be negative, deriding but …

This here piece calls for comment. Like: Instating a quality seal for products that should be considered well-matured, almost outdated tiny point solutions; isn’t that overly stale² ..?

Because quality seals are issued for … procedural justice of the petrifying kind. And, AV – isn’t that almost the model for grossly-insufficient-in-and-on-themselves point solutions that have no field of development/progress left ..?

Oh well, not much use kicking a dead horse.
Other than the Dakota arguments… thus turning this into a sort of Golden Oldie Pic Of The Day:
[Source: Scott Wagner; no ‘automatic’ endorsement.]

The Future Plays At All Boards

There seems to be quite an interest in ‘the’ future, lately. As in, the last couple of tens of millennia but also the last couple of months. Recency Effect, maybe ..?

The thing is; discussions how the near and far future will/might be, are handicapped by industry and specialisation myopia.

IT-angehauchten discuss ANI, AGI and ASI, with neural networks resurfacing, finally, in discussions over when (soon) we’ll have the Singularity. Yes you’ve read my great many posts about that already or go in shame and still do it (impression tracker is engaged).
A branch of that, discusses very near future labour markets – mostly, almost exclusively, those in the furthest developed economies only.
Biologists and eco-nuts (are they?) are on the Global Warming / Food- and Fresh Water- Starvation / Anti-GMO paths in their discussions.
And there’s of course daily glocal wars going on, military/physical and refugee atrocities everywhere, and economic warfare as well. Of the latter which ‘cyber’ in all its forms (remember, #ditchcyber) is part.
Simple-economically, there still is the enormous divide between haves and have-nots, now being exposed (nevertheless still growing) within countries’ local economies as well due to jobless growth and the Pikettyish 1%’ers.
And, I probably forget some category. [Edited half a day after post release, to add: Yup, this here combi-one.]

But, … all play out on/in the same world, the one you and I inhabit [well maybe not you, alien (as physical being or just meme/information floating around over whatever physical media) listening in from the Andromeda nebula]. So, we’ll have to deal with all problems, operational, tactical and strategical, together both in people and in solutions. And as the world spins faster than ever, requiring ever more clever and ever more-dimensional solutions. Until all choke, mind-wise. Hasta La Vista, baby.

Oh well. I’m not (even) negative …
DSCN2520
[Anywhere, everywhere.]

Schmobol

With the current uptick in interest in the ageing population … of the handful still capable of hardcore manual programming of COBOL, as e.g., here, I wondered:

Is the code base still so enormously biased to COBOL(-based! software)?
Why haven’t COBOL-to-e.g., C, or others converters, not caught on widely so the ‘problem’ doesn’t exist anymore ..?

Especially the latter; especially since we still have tons, too many (?), programmers available to tackle C- and more modern-language scrutiny and optimisation jobs. Jobs; high-pay jobs. And automatic testers to compare absolute 1-to-1 identity of the functionality or tractable lists of boundary conditions (possibly differing).
But with so many more (modern) code/functionality maintenance tools and capabilities available. And with integration/migration to (even) newer integrated platforms available.
And, when things get tough, AI that should be easily trainable to get to the hard, core bugs (higher abstraction sense) before/after the translation(s).

So, what’s the deal? The only deal there is, is (and was, having lost a long time) the lack of forward-looking maintenance to have already started early on modernisation. Yes, of course, there’s Not On My Watch and Après Nous Le Déluge. But real leaders would cut through that; that’s what distinguishes them from mere shopkeeper ‘managers’.

All right. Leaving you with:

[Impossible to guess I guess. Where?]

Waves of IoT

Tinkering with the great many (unknown) unknowns of the IoTsphere, it occurred to me that there are various intermediate phases to deal with before we can consider ourselves comprehensively outdone after the Singularity (dystopian with P(X)=1).

By which I mean the following ‘growth’ model:

Current-day operations: Factory ‘robots’ or process plants being (factory-)centrally controlled from e.g., typical classical (?) control rooms. And ATMs, the robots without arms!
IoT in its four distinct forms. With ‘robots’ moving out of their prothesis confines, as e.g., here. Possibly with some ANI.
Both these levels can be regarded to have operational level problems; ethical, security/privacy, industry-disruptions and comprehensively new business and labour models, etc.etc. but relatively definitely operational, to be solved.
At a tactical level, there’s AGI stuff to be figured out.
Ethics, ‘robots’ like self-driving/autonomous cars [yes, yes, I know those two are very much not the same!] as proxies for humans, with all the rights and duties including how to enforce those, and Privacy on a much larger, impactful scale. Including also, all problems you thought to have solved in the previous rounds, now coming back to haunt you and be very much harder to solve.
The Strategic level, with ASI all around. To repeat, including also, all problems you thought to have solved in the previous rounds, now coming back to haunt you and be very much harder to solve.

This, as just a briefest of summaries of all sorts of dilemmas to be figured out. Sonner rather than later, or bingo (points of nu return) will have been passed sooner than you realise. I’ll try to help out with a post here and there, or course ;-]

For now:
DSCN8357
[At what stage will AI understand the genius of this design ..?]

Self-driving hamster

There’s a self-driving angle (huh) in this somewhere but it remains just out of grasp. This being this; hamster-like ..?

Before it disappears: Told you so

Oh, before it returns to oblivion; re the Hacker Team hackback: I’ll just join the endless queue of Told You So’ers with reference to this.
Noting that there is a confusing connection to the illegalise-encryption-cum-mandated-government-backdoors stupidity that keeps coming back like whack-a-mole, to put it very, very friendly.

OK, leaving you with:
DSCN4521
[Antwerp beauty, untiltshifted]

The need for a new security framework

… I feel the need for it. A new security framework.

Because what we have, is based on outdated models. Of security. Of organisations. Of how the world turns.
Bureaucracy doesn’t cut it no more. The very idea of hierarchically stacked framework sets (COSO/CObIT/ISO27k1:2013/…) likewise, is stale.
And the bottom-up frameworks en vogue, e.g., OSSTMM (if you don’t know what that is all (sic) about, go in shame and find out!) and core work like Vicente Aceituno Canal’s, haven’t found traction enough yet, nor are they integrated soundly enough (yet!!) into further bottom-up overarching approaches. Ditching the word ‘framework’ as that is tainted.

But what then? At least, OSSTMM. And physical security. And SMAC. And IoT. And Privacy (European style, full 100.0%, mandatory). And business-organising disruption, exploded labour markets, geopolitics, et al.

OK. Who of you has pointers to such an Utopia ..? [Dystopian angles intended]

Unrelated:
DSCN6146
[Your guess. Not Nancy. But is it Reims ..?]

I am not me. Myself: nope, neither.

Now that infosec has become to lean so much on the People side of things – as in theory all things Tech have been solved, for decades already just not implemented to any degree of seriousness..! and ‘process’ having been exposed as utter nonsense ‘management’ babble – it is strange to see that psychology hasn’t come to the fore much, much more. Even when pundits and others, and the minions like Yours Truly even, have posted over and over again that no tech system however perfect can stand the assault of through, e.g., casual negligence and unattentive error let alone gullibility and other vices.

E.g., in the area of IAM. Where I, the construct, the behind-the-persona ego I recognise as such, is constantly changing. In my case, developing fast, forward, up. In your case… well, let’s be nice to one another so I’ll remain silent.
And all sorts of avatars are developing as substitute for you and me within systems. See, with AI mushrooming lately, avatar ‘development’ may quite easily, soon, surpass ‘you’ in being ..?

Back to the story line: It’s just not userIDs anymore; context-aware and -inclusive, capability- and rights-attached constructs they are, and integrating with the Avatar Movement (Rise of the Machines, yes) to morph into actual beings that might soon pass Turing for comparability to/with humanoid identities. We’ll be on equal footing, then, or soon after, bland dumbed-down versions of personas/egos.

But How Is This Relevant … Ah, the clue of today’s post: Because social engineering, phishing etc. play on the weaknesses of humans to be able to impersonate. So, either stop the weaknesses (as vulnerabilities; eternally impossible) logical-OR stop the impersonation (the assumption of avatars/personas by attackers; taking down their masks). The latter, by at least being aware that the avatar, the persona, isn’t the actual person. How to get that into systems, and at the same time recognising ‘actual’ avatars/personas i.e., the link between those and the right real persons behind the masks even when considering through human weakness the persona has been ‘compromised’ …? That will solve so many infosec troubles…
But heyhey, I don’t have a clue like you do. Or do you ..? Very much would like to hear ..!

[Edited to add before publishing: Hold Press; include this on behavioural stuff]

[“Riga”..? Aptly French?]

Trigger seeding

In defense of sloppy account management …
Sort of. Rather, deliberately sloppy account management.

Reading through this in particular, and that, I wondered: Would there not be a nice part of a solution in seeding your user accounts database(s) with fake accounts, to act as tripwires ..? They could be given no access to anything, or access only to honeypot-like info / environments. And then trigger the alarm when accessed – by intruders, or by own security staff or auditors when doing surveillance of controls functioning.
Somehow also, I have a gut feeling there’s some hidden secondary effects in this. Any of you who has given this some more thought already, and have info on this ..? Much appreciated.

For now, this:

[This makes me look fat. La Défense again.]

Road rage (autonomous car edition)

Two things about self-driving cars:

When a fully ready car leaves the factory, it should be programmed completely, at least with all needed to function independently from thereon. Does it think at that very moment “Ugh here I am, just born and already with a huge traffic jam behind me (in the factory)”..?
Where humanoids will in school and around that, learn quite some data and algorithms by heart just to know them, and acquire experience on how to deploy all that, in the chaos that is the actual world, before being considered an adult capable of independence and accountability in the free world, how will autonomous cars gain such experience once they leave the factory ..? Will they be utterly clumsy during the first few miles / years (sic) ..? Your legal department may need to know.
[Third, because rebel.] News broke that self-driving cars drive like your granny. Get out the bull bars (originally: ‘roo bars! from down unda) and shove them off the road. [Edited because apparently necessary to add: In no way literally or even close, you m.r.n!]

So. Moving on ….:

[Skewed before screwed; Madrid for no reason whatsoever]