disruption – Page 14 – Maverisk / Étoiles du Nord

Glee because of support

All the mavericks of the world rejoice (and Maverisk among them, of course, already); finally there’s new [howzat for a typifying contradictio..?] evidence-of-sorts that the below that had popped into my mind a couple of days ago, is still, more, valid than ever. Being, related but in an angled/vector-transposed way, not about rebels but about other mischievings in general business management culture(s).

[Should I note that the ‘evidence’ already is worth much study and implementation? Yes I should.]
[Edited to add: Be ware of the other side, too; too many mediocre men just drift upwards by lack of weight: here.]
[Yup that’s a re-post from yesteryears, like, 12 March 2015 …]

Two points to make:
* Middle management will be.
* Secretaries should be.

The discussion regarding middle managers being superfluous or not had a slight uptick the past couple of months. With the latter voice having been a bit too quiet. Yes, middle management is under threat. It has always been; only the (history-)ignorant will have missed that. And Yes, all the Disruption things and similar empty barrel half-baked air by a lot of folks who have hands-on experience in the slim to none bin with (real) management altogether let alone this kind, have predicted over and over again that the disruption by Server-with-algorithm-app-that-schedules-day-laborers will make middle management redundant, as the believed task was only that.

Quod non. And as if just an algorithm will capture the full complexity (and incoherence, inconsistency, internally and externally contradictory ..!) of the requirements and work of the middle manager.

OK, we’re not discussing the drone administrative clerk that has Manager on his card (huh?) and sits in an office passing top-down orders and bottom-up reports back and forth. We’re talking the real, 24/7 problem firefighter here. The coordinator of chaos. The translator of lofty (other would say, ‘airhead’) ‘governance’ (quod non) mumbo jumbo into actual work structure and tasks, and translatereporting back. That survives and in doing so, shows great performance. The other ones, will be weeded out anyway, every time there’s an economic cycle downturn. [If the right ones would be kept, and the wrong ones ‘given growth opportunities elsewhere’. Seldomly the case; offing is by the fte numbers, and the wrong ones have being glued to their seats as their core competence, through sucking up or otherwise.]
So, the middle manager stays for a long time to come as (s)he does the kind of non-predictable work that will remain longest. If start-ups don’t have them, see them grow: They will.

Secretaries deserve a come-back. In similar vein as above, the vast majority of ~~managers~~ office clerks (from the shop floor (even if of knowledge workers…) all the way to near the top) these days have to do their own typing, scheduling, and setting up socializing things. Whereas before, economies of scale were many, and there were additional benefits because the good (sic, again) secretaries would e.g., know the best, unrenown restaurants all around and could get you a table even when they would be fully booked, and they would manage (massage away) some internal friction as well, often very discreetly and efficiently. Now, vastly more expensive (by hourly rate, productivity (think switching costs in the managers minds …, and utilisation), cost of ineffectiveness (sic again) and opportunity costs re their actual objectives (if these would be achieved; good/bad manager discussion again)) managers must manage their way around. An impoverished world it is indeed.

To bring back some joy:
[Some colour, but it’s down there… Zuid-As]

What you said, doesn’t matter anymore

Yet another proof class busted: Voice being (allegedly) so pretty perfectly synthesizable, that it loses its value as proof (of identity). Because beyond reasonable doubt isn’t beyond anymore, and anyone venturing to bring voice-based evidence, will not be able to prove (beyond…) that the sound heard, isn’t tampered with i.e. generated. Under the precept of “whoever posits, proofs”, the mere remark that no madam Judge we honestly did not doctor this evidence, is insufficient and there can be no requirement for positive disproof for dismissal from the defense as that side is not the one doing the positing. What about entrapment, et al.?

So, technological progress brings us closer to chaos. “Things don’t move so fast”-believers must be disbarred for their demonstrated gross incapacity — things have moved fast and will do so, ever faster. Or what ..?

Well, or Privacy. Must the above ‘innovator’ be sanctioned severely for violation of privacy of original-content-sound producers ..? Their (end) product(s) is sold/leased to generate false identity or doctored proof, either for or against the subject at hand, <whatever> party would profit thereof. Like an equipment maker whose products are targeted at burglars, or worse e.g., guns. Wouldn’t these be seriously curfewed, handcuffed ..?

[Edited to add, after drafting this five days ago: Already, Bruce is onto this, too. Thanks. (Not my perspective, but still)]

Oh, or:
[Apparently so secure(d), ‘stormed’ and taken practically overnight (read the story of); Casa Loma, Toronto]

Pitting the Good against the Others

When the recent rumours were, are valid that some patches were retracted — and this was because they accidentallt disables other exploits not yet outed in the stash, this would bring a new (?) tension to the surface or rather, possibly explains some deviant comms of the past:
Where some infosec researchers had been blocked from presenting their 0-day vulns / exploit-PoCs, this may not have been for protection of the general public or so, but to keep useful vulnerabilities available for the TLAs of a (variety of?) country(-ies).
Pitting the Ethical researchers against the bad and the ugly…

No “Oh-oh don’t give the bad guys valuable info and allow even more time to the s/w vendors to plug the holes” but “Dammit there go our secret backdoors!”
Makes much more sense, to see the pres blocking in this light. And makes huge bug bounties by these TLAs towards soon to be a bit less ethical researchers, more possible and probable. Not as yet better known, though. Thoughts?
[Takes off tinfoil movie-plot security scenario hat]

Oh, and:
[All looks happy, but is looked upon from above …; Riga]

DNA not so Determinant; there goes another piece of Evidence

[ Commemoration of the Dead, today in the Netherlands. Never forgotten. Never forget! ]

In the series of surrealisation of proof, in courts and elsewhere, turning anything into faker news than before – a trend that was under way already for a long time, maybe centuries but now speeding up enormously – after the most recent class of proof (yes don’t complain I’m clear, qua ‘class’!) we have even old (?) evidence classes being overthrown. Like, your DNA.
Somehow, we already knew that. Where the analogue of hash collisions happened IRL, with disastrous consequences for peoples’ lives, and that of their families, et al. Really, imagine yourself in the midst of it all: Ragnarök and the collapse of the foundations of society … I’m not joking any bit.

But now, again. What Evidence classes remain? When each and every class can be planted, fabricated (signatures, pictures; untraceably), coerced (‘rat out your partner or all of your family will be killed before your eyes’), etc., indeed nothing remains. Nothing non-repudiatory…

But flipside; Skynet is here. Like before.

And:
[Either way, you lose; Zuid-As Ams]

The Secret of Innovators — “Keep on trying harder!”

Recalling all those ‘motivational’ quotes about seriously too late, ridiculously over-aged to ever still start a unicorn eleven-somethings, you having to fail for the rest of your life or you’re a failure (right? If you don’t fail, you don’t learn or whatev’), or in conclusion, you’re not failing grossly enough if you don’t succeed – or was it the other way around ..?

Suddenly I realised: If at first you don’t succeed, try, try again. Then quit. There’s no point in being a damn fool about it. (W.C. Fields)
And: The above keep-on-trying train / ship of fools, is a perfect application of The Secret to innovation.

Yes, indeed, ‘perfect’ with the pejorative tone you carry throughout the day. And The Secret being that oh so rightfully discredited piece of paper (!) waste that even today some still believe in; would you believe it?
Yes, have a fresh look at the first line above: It’s the same as the book’s content.

On a less black-and-white note: Aren’t ‘Innovators’ typified as those that naïvely believe that one just have to deny very hard that anything might not work, just put in endless effort and hey presto you’ll succeed? If you fail, you didn’t deny hard enough.
[ Or you’re outright criminally breaking the law, then complain that the law needs to be changed to allow you to reap unethically large profits for just-above cold air, like the … U know who … Why am I not allowed to be a gun for hire!? I make good money out of it and the current system doesn’t get my opponents killed fast enough! Totally ineffective! but that’s beside the main line of this post…]

Where actual Innovators that win in the end, are (what you read in Originals plus) the ones seeking the highest-risk roadblocks and undo them when possible or evade them, believing that fortune will come your way when caring against ill fortune.

So no putting your life’s all into something and hope you’ll win life’s lottery of purely accidental unicorn success, but spread your bets, cut losses, etc. Less exiting a gamble maybe but less of your life at stake.

Plus:
[Down (to) the Tube(s); for no apparent reason and no reference to ‘Samsu’ in the background either, Vienna]

Collateral (un)patching; 0+1-day

Is this a new trend? Revealing that there had been a couple of exploitables, backdoors in your s/w when you patch some other ones and then have to roll back because you p.’d off the wrong ones since you accidentally also patched or disabled some hitherto secret ones.
At least, this is what it seems like when reading this; M$ stealthily (apparently not secretly enough) patching some stuff in negative time i.e., before-zero day. When later there’s rumours about this patch(ing, possibly parts of) is retracted.

For this, there appear (again) to be two possible reasons:
a. You flunked the patch and it kills some Important peoples’ system(s);
b. You ‘flunked’ the patch and you did right, but the patch effectively killed some still-not-revealed (in the stash) backdoors that the Important peoples (TLAs) still had some use for and were double-secretly requested to put back in place.

I’m in a Movie Plot mood (come to think of it, for no reason; ed.) and go for the second option. Because reasons (contradictory; ed.). Your 2¢ please.

Oh, and:
[So crowded and you’re still much less than a stone’s throw from a Da Vinci Code (was it?) big secret — I may have the pic elsewhere on my blog…; Barça]

Common(s) as privacy and vice versa ..?

Remember from your econ class that concept of The Commons, and how problematic it was? Is?
There was this intriguing post recently, on how Free Speech might be considered and deliberated in terms of the commons being exhausted by undue over-use (abuse) — for its use alone ( → ). Leading to aversity of the concept not of the abuser or his (sic) apparent locally recognised but globally not, ‘valid’ reason(s) for over-use.

Which, as is my wont of the moment, driven by personal business interests, I took to be applicable to Privacy as well. Maybe not in the same way, but … This will need quite some discussion between me on the one hand, and peers and others on the other who would actually know what they’re talking about. Throwing in a bit of anglo-american data-isn’t-yours versus European (‘continental’ — will brexit – which starts to sound like a lame Benny Hill kind of joke ever more – change that ..??) data-is-datasubject’s-always divides, and some more factors here and there. Complicating matters, but hey life’s not perfect.

Waddayathink? In for a discussion ..? Let’s start!

And:
[Not so very common-s; Toronto]

Authentic means work, you see?

Recalling the recent spat about passwords again (and elsewhere), and some intriguing, recent but also not so recent news (you get it when you study it), it seems only fair to the uninitiated to clarify some bits:
Authentication goes by something you know, something you have or something you are. Password(s), tokens or biometrics, in short. All three have their drawbacks.

But that’s not the point. The point is that authentication is about making the authentication unspoofable by anyone but the designated ~~driver~~ owner.
That is why you shouldn’t dole out your passwords (see the above first link) e.g., by writing them on a post-it™ whereas writing a full long passphrase on just one slip of paper that you keep to yourself more zealously than your money, will work.
That is why tokens shouldn’t be stolen. Which you might not discover until it’s too late; and tokens have a tendency to be physical stuff that can be replayed, copied, etc. just like a too-short password. Maybe not as simply, but nevertheless.
Same with biometrics. When made simple enough for the generic user (fingerprints, ever so smudgy!) also easily copyable, off a lot of surfaces. Other biometrics, maybe more secure i.e. harder to copy but not impossible. And opening possibilities for hijacks et al., focus on breaking into the systems in the login/authentication chain, et al.
Which brings attention to yet more vulnerabilities of Have and Are: Both need quite a lot of additional equipment, comms, subsystems, to operate and work from the physical to the logical (back) to the IS/IT levels. Weakest-link chains they are ..!

So, the strength of authentication covaries with the non-leakability of the key, since both correlate to the source determinant in-one-hand-ity close to the actual person whose identification-as-provided (by that person, or by anyone else posturing) needs to be authenticated. By which I mean that ensuring one item of authentication, closely glued to the person and with the simplest, least-link connection chain to the goal system(s), is best. The latter, clearly, is the written-down-verylongpassword method.

Just think about it. And:
[They’re called locks. Discuss (10pts); Ottawa]

Ben still has all the Ayes

There is no end to the need to repeat the, somewhat but simply never sufficiently, quote by the Ben you know best:
Those who surrender freedom for security will not have, nor do they deserve, either one.

How valid today. How utterly moronic in comparison all that would allow crypto-backdoors (for other reasons, too), and covert catch-all dragnet surveillance. Etc. Etc…

Oh and for the few that are still interested in the United States Constitution, they shall refer to article 1, section 7, clause 2 , that has not ayes and nays but yeas and Nays. Just wanted that off my plate.

Leaving you with:
[You’ll be naked and that will not be pretty; Barça]

All fine, for whom?

Just to be clear: Where do all the fines that will rain like hail from heck once GDPR comes into force, go to ..? Yes the supervisory authority may levy the fines, but it isn’t clear to whom the payment should go. Certainly leading to huge differences in compliance chasing: When the auth may keep them for themselves, they’re a. richer than the king since b. sure to penalise each and every futile infringement to the max; when the money goes to government’s coffers, that chasing not so much because who’d care?
You don’t believe me, right? Just wait and see. And weep.

Plus:
[Where the coffers are kept ..? Segovia]