Tag: controls

ICShape

Doing some pondering, digging and backtracking on the issue of IoTA. But, … already got stuck when considering how to (best?) model the architecture at lower levels. Would a classical picture, or a somewhat-less classical picture work best to gain understanding of the risk areas ..? As in:
Industrial control cycle
[Own pic]
Or
open-standards
[Plucked, adapted from the site linked below]
Where the former is from the industrial, process-oriented engineering world, and the latter from the digital networking world.

Yes I’d really like your advice on how to ‘marry’ both to be able to optimally visualise where the risks are; the potential, intentional or not, noise on the signal, or the wrong signals altogether. What might cause that, how to protect against that, etc.
Yes, taking into account the work already done here – which is impressive, but somewhat (?) protocols-oriented, not architecture-/risk-oriented. Yet. Something like
SCADASmartGridEfficacy_Page_2_Image_0002
[plucked off a simple search] is what I’m after.

But the other work, too. All, to overlay with risk lists on all surfaces at all levels… Then, to see how to protect that all against the (generic?) risks, and how one would audit sufficient (?) protection is in place. Not ‘controls’ – those are the losers’ weak retreats, the “didn’t want a cookie anyway” fig leaves. Taking into account this breakthrough though.
But for now, again already, leaving you with:
DSCN2075
[Life in stead of straight angles, Barça]

UnEllsberging your change

Somehow it only recently, and suddenly, struck me that the resistance to change that we see so pervasively in ‘organisations’ is indeed due to people’s very human resistance to change as one might loose some things held dear – for whatever reason.
The latter, obvisouly often stated in terms of losing something Known for replacement with Uncertainty even if prospects and rational risk calculations might indicate huge improvements achievable.

The crucial point being: the risk calculations may be rational but apparently aren’t emotional. The striking thing mentioned above, being that we need to integrate Ellsberg’s Paradox much better into our change approaches and programs… Indeed, rational calculations will not work in a world where humans function like described. The ‘future’, uncertain world must be described in terms of the same absolute certainties as the world we experience in the now/past [as the now of now is the past in an instant], just as perfectly credible also in the completeness of its pro and con arguments. Since not only do we exactly know the devil (our, e.g., work environment) we know because we have experienced it in full, hands-on, but also because we have quite a rosy picture of that devil when our brains forget nasty stuff easier than friendly bits.

Now go study all of the linked wiki – it has tons of good info, both explanatory and as pointers to slurp it all up into practical solutions.

And, for a glimpse of a better future:
DSCN4984
[They’ll come when the (grossly overstated) benefits are high enough and/or the left-behind is dismal enough; NY]

Overabsolute Majority Report

On this sad day (in NL), only a hint of a mer à boire on our future that will be – not so happy. Possibly.
Where the dystopian future scenarios are more right than the on the surface by and large generic tending-to-rosy robot movies predict. With Ex Machina having some interesting thoughts (again) on AI and what it is to be human but in the end also falling back to common standards. And with the similalry common flaw of expecting ‘robots’ to become near-human possibly to the point of indistinguishability [nice word] – that will then operate in a world where ‘individuals’ would be the unit of existence-currency. With no ‘government’ in sight, at least not in today’s sense where even the largest governments (agencies) are still made up of human elements. There is something, but it doesn’t matter too much for the discourse. Where the dystopian worlds we’ll live in (big question marks all around) may have quite a different set of physical media, e.g., all-digital.

Which makes it possible to see today’s (supra-)governments, the largest of them in particular and including the globally biggest private companies, where ‘company’ isn’t between a platoon and battalion of men anymore, as supra-national organisation forms in the abstract.

This already causes problems when one would want to get redress from e.g., the ‘financial industry’ and before, to tackle the military-industrial complexes that were (are?). This will cause problems now that the complexes are informational-industrial-military, with the middle part in the driver’s seat and the two others as wingman, protecting.

In the future further out, the global complex may be beyond the Singularity (negative view), about which I posted quite a bit before. How will we approach such overlord(s) when completely abstracted, sublimated ..? Hm, gotta read up on Negri&Hardt a bit more…

But for now:
DSCN6043
[When centres/seats of power were only this big; Madrid]

Unpersonal AI

… a trope worth extending: How we still (apparently want to ..!?) see the future of AI and robotics merged into android (no capital) forms… As in Ex Machina and many others: ‘Intelligent’ (like linked here) human-shaped robots taking over, or not.
Whereas of course ASI will strike us through its supra-individual form it already almost has. Not as the military-industrial complex that was already a common-form supra-individual thing, but as a really medium-/materialisation-independent form. With room to spare for all sorts of ‘dysfunctional’ behaviour and ‘thoughts’, and still hands(?) down being our overlords and usurpers that undo us in a blink.
Or maybe we’re halfway there already. With maybe still some select group at the wheel, behind some veil, pulling off some shady trickery with constitutions (multiple). To off themselves, by a glitch.

Dystopian, eh? Well, for now, there’s:
DSCN6248
[’cause we love the quaint, old … Strasbourg or so]

Ack or ook ..?

Yes, there we are again, on the subject of ‘Ethical’ hacking.
Because I came across such a ‘Certified Ethical’ Hacker once again. Which made me think (again…) about the allure of that. And then it struck me: It’s just a matter of replacing ack with ook and we’re all set!

Think about it; and ook does for money what others do for fun and ulterior motives… So does an ack. An ook can be certified (licensed) and get government-controlled medical/physical check-ups, by another bodily-educated professional. An ack can be and get the same; through permanent education requirements and peer review.

But what an ook can’t get, is the Ethical label that the ack has – for no apparent reason and it should be the other way around: Where the ook has proven her (majority; unless some ladies in the readership have sufficient experience to validly claim the opposite) role in society since the dawn of time/mankind/human society, the ack dabbles in what somewhat similar but short by aeons, is a crook’s business.

So, CEH better refer to the ooks out there. For now:
DSC_0081
[It’s … Name That City time again!]

Grendel’s mother

When the short summary doesn’t do justice to the core of the problem… Where the core is both a misreading of the depth and a misreading of its intentions.
As this here few little paragraphs have. There’s no light way of putting this: Go read the … thing in its entirety and then, do understand it in all of its cultural superiority to today’s news accounts.

Yes, for the simplest of minds it may read like just a story. Hero, this, that, done. But to the slightest of more careful reader, it is overwhelmingly clear: The book contains so much profundity on the core of politics, societies, and clashes of war. Then you see that it’s not about slaying Grendel and some afterthought. It is about slaying the symptom, the fed, and only then can you get to fighting the real cause that (literally) both birthed and feeds the symptoms, the Mother of Evil. Pointing, too, at the continuity through generations of that concept.

Oh and did it mention anything about brothers or (maybe even worse ..?) sisters ..? Opening up all sorts of options for prolongation through the ages of this tension between what one (sic) could regard as Good and another (sic) as Evil? Mother doesn’t see Evil, she sees her pride, her son displaying the most beautiful (s)he can imagine. Yo don’t even know which side you’re on! Etc.

Yes indeed. It is simply not simple. It is The World As We Know It, and Man cannot change much about it…

For the latter, see how Western ‘powers’ led by the one, try to meekly and halfheartedly subdue Grendel in the Middle East; just enough to safeguard their own interests. Where they don’t see the full depth of mother’s lair, nor her issues. For those less ‘sues’, read this and see the eternity of the problem.

For now, this:
DSCN7008
[Ah, bull fighting (at Sevilla no less): Another such eternal struggle between Good and Evil, order and reason against pure force of nature – so often completely mistaken for simple ‘sports’. Cruel, to the Weak (sic) but not to those that value its depiction of life itself; that have experienced and/or seen much worse in human life, in person.]

Culpable misinformation

The inescapable Bruce was very mild, characterising Comey’s texts as a joke. Like here, on this. Whereas puppets everywhere (in NL as well, here) can show only a handful cases if any at all where mass surveillance (like this by InfoSec Taylor:
CBgp99KVIAAt4wn
explains) has been key. Referring not to any paraphrase (here) of Ben Franklin (“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”) ..?

But the point is: Where failure to act may be culpable in the same way that acts may be, deliberate (intentful) misrepresentation by omitting knowledge and/or presenting false conclusions may be as culpable as outright lying. In particular, when in the public sphere (of income) where speaking the truth (the whole, and nothing but…) is part of the deal, however indirectly through defense of a constitution. Wilful neglect of that duty (that may include informing oneself properly!) is a scam, con, deceit, fraud.

So, come clean. And:
??????????
[F..tis didn’t get away with it; too simpleton despite pretense]

Model code

In the race to get everyone and your grandmother (but in particular, ‘youth’) to code as that would be the new literacy, this here piece arrived quite in time.
In which Chris Granger explains that modelling the world around us (and taking it in), is the new literacy. [Read the article; it’s a full stretch more intricate than that actually.]

Right. With a number of sideline qualifications. But I don’t have the time right now to elucidate… They’re in the order of “But then, calculus and basic reading skills are required to understand the world and be able to deal with it. So it’s not that the old forms of literacy will go away (on the contrary; dismal education globally (sic) should be repaired, in particular numeracy) but they will be augmented. This will require a massive, huge! upgrade of about all teachers at all levels – which will not happen anytime soon. And programming skills are only the basics one needs to be able to analyse, model, and design the world around us, much like + and – are required to understand one’s income – assuming one has or needs money to live – or even money, or society’s functioning.
Let alone understand culture. Isn’t culture what is being transferred in Education ..?”

And so on. But as said, time limits… See this, too. Hence:
DSCN7557
[Baltimore is old. ?]

Here, First

Integrity at any level is the Yggdrasil of any CIA or other quality of the layers on top of it.

I.e., if at the platforms level the integrity of software (à la Turing, engine/programs and data) cannot be fully 100,000…% be guaranteed, no extreme of measures op top of it can restore the missing percentage, only (somewhat) limit further deterioration of the stack on top.

Okay, this being a bit abstract, a somewhat more simple and extensive explanation will follow.
Till then:
DSCN6859
[No base, no glory; Sevilla]

Stuck in the 80s (wrong end)

Some recruiting experience a friend had recently… (in no particular order, just what I recall from his analysis; yes I did take notes after a short while and seeing friend’s energy drained even in the recall):

  • When walking into the shared space / reception, an all-M team were starting on pizzas.
  • Setting: One candidate (my type, i.e., aiming to think fresh), one manager-possibly-to-be (M; styled like a civil servant), one HR (F; typical? she got the coffee).
  • Mptb repeatedly brought up a vacancy not applied for. Mptb may have wanted to fill that slot more urgently, but was not the one that triggered friend to send the open (sic) application for a first meeting just to learn more about the co.
  • Mptb couldn’t but return over and over again to the capacity for sales. Friend had already mentioned explicitely in the motivational letter that sales (of the cold call type) was the main weak point, well-known. Why keep hammering on that? Not on marketing (friend has great, very frequently demonstrated capabilities for that), hardly anything on content, not much on knowledge or fields of interest. But then, what can one expect from an Mptb that had the first half of ‘career’ in selling bananas (literally; I checked for friend)? Also, Mptb did not show any interest when friend mentioned his very, very extensive, professional thoughts-filled blog; possibly b/c Mptb didn’t know the concept of ‘blog’..?
  • Apparently, only the one-pager resume had been gleaned over. Of which friend had remarked in the motivational letter that it might read as being skewed to the (IS) audit side but that work content had hardly been that at all for the part decade+ and had been almost completely with advisory and consultancy services. Mptb could not see that, or may not understand enough of business outside the own (narrow? I’ll leave that to friend and you) scope of one’s own daily drudge. Mptb kept hammering that out. Friend has a two-pager resume in English (may be too difficult for the all too Duts Mptb?) that has job content descriptions but that didn’t even come to pass. LinkedIn? Nothing. Friend has a very extensive and diverse profile there and had checked; Mptb hadn’t had a single cursory look. SocMed seemed not to exist.
  • Mptb indicated anyway to operate at ‘tactical’ level with clients. Highly doubtful. At least, taken from some details of the conversation, friend operates a level and a half higher, and examples given and some details of the discussion indicate, Mptb hardly rises above operational control level and didn’t demonstrate to understand much about dealings at various management let alone governance levels. Which may have explained some of the misunderstandings. But Mptb would have had to be the one to have noticed, if Mptb – or would be a very mediocre, 70s-to-80s type of manager?
  • Same indication from the salary range indication. Quite something lower than current. Pay the bananas, get the monkeys.
  • But then, Mptb did keep on spelling out that selling services project-wise to clients, bore down to just proposing a handful of CVs with all track records spelled out. Actual project definition, ToR, deliverables, whatev’ (?). Ah. If friend were to spell out all projects, that would lead to a. a 25-30 page resume, as friend had a resume like that already 16 yrs ago that counted 15 pages (I still have that on back-up somewhere) through executed project summaries (sic), b. clients being dismayed their details would be presented to just about anyone else – if you see the project details of others, yours will be displayed to competitors as well in our business that deals with/in confidentiality.
  • But then, the main point is that friend doesn’t want to be bodyshopped, stuffed in client job slots just for the pay by the hour. How 80s can you get ..? Didn’t Mptb notice the world has changed, and such retro business is to be ridiculed …?
  • This, with a focus on billable hours and not sitting on the bench. Yeah, friend and I understand that. To be an operational hygiene factor. Not the focus of daily work life.
  • On the other hand, Mptb also kept on hammering on with questions how friend would deal with project hiccups, as if they’d be simple bugs or so. To be fixed with a simple fist bang..? As if that goes in today’s business, at the level one wants to be concerned. Friend’s answers to resolve them in, at the same time, businesslike and diplomatic ways, apparently was too difficult to grasp.
  • And oh yes, a handful of half-cocked STAR attempts were thrown in. The sample I heard, are far from and would have missed the point (the method’s information gathering actually intended) quite comprehensively.
  • Overall, Mptb seemed like a bad listener to me, not interested in what friend brought to bare let alone what work friend wants to do, what directions he wants to go, etc. Oh yes, there was the question about own ideas for personal development, but the answers again didn’t seem to land; friend got reaction, not response.
    And though non-verbal comms was clearly mentioned, Mptb didn’t recognise that as a signal that his own posture only conveyed confusion and resignation. Verbal comms didn’t result in replies by Mptb that might indicate understanding and exchange of ideas, just what friend told be to understand “Hm, didn’t get the fully templated answer I wanted to hear b/c that’s the only kind I understand”. But Mptb found fault with friend over the latter’s non-verbal.
  • Overall II, I’m unsure whether, or rather am sure that, friend nor I would want to work with/for such a Mptb. Probably, ‘management’ would consist of bullying over unbilled hours only; no sight of understanding today’s knowledge workers need to be freed of chores such as sales, and need coaching and all other facilitating stuff (and risk management, etc.) offloaded to … the manager as that’s his job, to be free to deploy one’s excellence without being bothered by not-understandelings. We agreed we wish Mptb luck with client relationship management as he’d need tons of it, and would advise him to stay away from actual project execution or staff management. If we’d get into a relevant position we certainly wouldn’t invite him.
  • The (quite unattentively) somewhat brushed aside HR lady slipped in some questions about friend’s private life and goals in the end. I know friend as someone who wants to very much have a seamless blend of (hardcore to softcore) business, semi-professional hobbies, and other stuff. Mptb didn’t seem to care.
  • Conclusion: A waste of my friend‘s time.
  • Friend was contacted afterwards; they sought a full-on build-a-team-through-all-sales person indeed. That was not in the function profile friend showed me… And, as said, friend wrote in his motivation that if anything, that is was/his weak point. The waste of time could have been prevented.

Had to discuss this over a couple of days, to get it out of friend’s system…

Only to realise that I haven’t had a good job conversation myself recently, either. Though most of the (not so many) times, only a couple of above’s issues were at play, I was disappointed all too often. I also didn’t really like the other sort of ‘interview’ where one is asked snarky gnarly brain teasers. Of even had to do an assessment with a day’s full of questions with quite certainly the wrong answers. Or just in the interview. Why do recruiters still think they’re the conversation boss or something? Haven’t they learned how to beg for the right talent ..!? I might not completely be in that category [worded like that not to appear presumptuous at considering myself perfect, or would that add to the adoption of the hypothesis? ;-] but still to have a grown-up conversation about it all, would be welcome. So, … your comments.

But hey, then, to not get depressed:
DSCN6875
[Pleasant life; not only the Expo at sunny Sevilla]

Maverisk / Étoiles du Nord