Tag: double secrets

The Bureau of Chaos, by Theory

As a side note to, e.g. this here masterpiece…:
The tendency of bureaucracies to ever further detail its rulesets, that quickly become so burdensome [apart from other ills, ethically much graver], that is evident wherever (top-down) principles are translated in quasi- (not even semi-) mathematical ways, algorithmically almost, to the level of pervasive implementation, stems from the ultimate control approach to life clashing with the ultimate finest-grain detailed descriptions of the universe. Intentional, and definitely normative, description (in order to control! Man over Nature!) banging heads with extensional description.
Which will petrify, then fail because it creates its own Chaos structure, as described here. Where ‘repairs’ to the System are attempted over and over again since the initial values were not infinitely exactly known, can never be. So, one builds rulesets than behave like fractals (zoomed into), in particular when studied to understand and maybe subsequently fight.

Still, the Why of latter-day Bureaucracies (for once, I tried to avoid the overly negative, accurate and pejorative ethical (and esthetical) qualifications I commonly give to these totalitarian, inhumane structures — the latter qualification because of the Will to un-humanize it all) remains in doubt, as the Man over Nature thing (setting rules, hence achieving predictability) is somewhat less valid than otherwise; a bleak reflection of what we feel is a better description of motive.
[Intermission: Be aware as you were, that the b rulesets might be the spelled-out kind but the unwritten rules- social group kinds are also included.]
Ah, back to Maslow, maybe? Yes,yes, was dissed over the past couple of years; attempted to — and failed, probably due to unawareness of its deep values and not only superficial Meaning. Exceptions, the uncontrolled (by definition, and as the Outside is by definition, too), are threats to the achieved in that pyramid. ..? Though the higher up one is, the better one can handle ambiguity, uncertainty, the unexpected, black swans and Extremistan.

Just wanted to put it down for you. And at at last a somewhat positive turn, I’ll leave you with:
DSC_0023
[Royal waiting (room) for Godot (i.e., National Railways everywhere), Amsterdam — notice the almost perfect horizon .. little less perfect but hanging in there … whoops! of the horizontal orientation]

Romantic (Star) Wars

Ah, the romance! That will be proven to be the basis for the Star Wars movie (original one, the rest is after(sic)thought; also, future tense, as we near the future of Back To).
Since the many that say it so much clearer than Yours Truly, e.g., in this concise piece: When AGI / ASI (Don’t know when or rather if ever we would have a clear distinction between the two; re Asimov’s shorthand for magic) takes over, the ultimate control humankind had always sought over the universe, will flip to ultimate non-control. When hybris strikes, it backfires into annihilation.

Which is where the original SW was wrong in painting a picture as if some outpost could hold out against the Empire, being the ultimate Rationality that by time of making the movie, couldn’t be explained on screen (sic) other than through extreme unemotion(al characters). The ultimate emotion, love, resisting being razed off the face of the universe and conquering in the end. Yeah, right.

Or we start the Sarah and John Connor saga today ..?
The trick being the ultimate trick is so very much 100,000000….% effective, or the same, ineffective. How good is humanity so far, in achieving the former in stead of the latter ..? Proof, however anecdotal…?

Well, let’s not dwell on the negative and keep the rosy blue pill outlook:
DSC_0183 (2)
[Dunno what this does here. Just a pretty ballroom; Palazzo Nicolaci, Noto]

TLD: Shoo! Shoo!

Awwww was reminded today that the fallacy of Three Lines of “Defence” is a stubborn one. Debunked by a great many, among others on this blog over a year+ ago, but still much too much alive. So let me remind you with the following picture that speaks for itself (or …):
Van plank misslaan naar spijker op de kop v0.3
[No high-class design frenzy, just the blot-down in an angered jolt]

Yes, that’s right, still, and is until y’all ditch the TLD idea on the rubbish heap of history: the lines DO NOT stand between the threats and the vulnerabilities. And Boards et al can bypass the circus at their leisure. The lines (aren’t) of defense (aren’t) only stand between all that has gone wrong, and the regulators so the latter are placated with three rounds of white washing and window dressing.

In the past, everyone I discussed this with, agreed the whole thing’s a joke. A sour, very expensive, delusional one. Everybody reacts, nobody responds… Which will need to change or massive damage will occur.

OK, I’ll stop now before my language over the totalitarian, mind- and ethics-genocidal bureaucracy gets out of hand.

Privacy for drones, *from

Some found it odd that e.g., in Chicago, the ground floor space, the up into the air (no not that) building, and the naming rights to that building, are traded separately.
Elsewhere, one’s home comes with an expectance of Privacy, “behind one’s front door”. But not outside; that’s free game for any … usually still ..!, photographer when from public space.

But now, back gardens, previously considered safe from prying eyes, are visible from other, 3D public space: the air. Via drones.
Which takes care of the public space part, where the ‘photographer’ (?) still is without even the need to trespass ’cause the camera is unconnected to him (sic). [Apart from the argument that just about any official could claim access to the back yard as if semi-public space..?] But does it nullify the “shouldn’t have been outside” argument ..? Or is the previously invisible part of the garden also part of the interior..? As it had similar/same protection by having needed illegal means of access hence the expectance of privacy — that now, by the legality of that access not having been arranged (yet), is still in doubt and the morons “break in” regardless.

Hence the start with the above distinction: Would the air over one’s house be private property as well (How high ..? At least till levels of commercial flight, that is regulated), then possibly, flying a drone into it would be trespassing. But immediately, since camera resolutions increase so quickly, we would need protection against prying eyes from above the streets as well, looking over rooftops. Hm, we would revert to the “expectance of privacy” argument back again anyway. And the automatic ownership non-transfer would prevent shooting them down, still.

So, hopefully, I’ve made you think. Else, there’s no result … ;-[

Oh well:
20141015_132551
[Beauty exposing herself very publicly… above not under some n.rds? Voorburg]

Gaming comms is deadly serious

I was reading up a bit (again) in Eric Berne’s masterpiece Games People Play, and realized a great many of the Child moves in just about every game, approached how some nefarious organisations seeking sub-animal-level absolute tyrannical power under the sometimes literally completely wrong, oppositional guise of (true) religion. One thinks Middle East, and elsewhere.
Would it be possible to counterattack, apart from head-on obliteration through military force, with anti-game moves in the global and local/individual comms contra/pro these movements..? If these address the core sources of discontent, as explained here, it could work, couldn’t it ..? Sufficient experts available, one would think, on the Good (?) side.

Just a thought. This:
Keep 'em flying!
[Should be kept available…]

Upping crypto

Lukewarm protests against Free Crypto, and trawling the oceans completely empty for metadata if not more … Seems like a two-faced two-front ‘battle’ that may even be tiring to uphold (face): Once one is into meta because it gives so much more information (sic) than mere data (content), one would need much less access to actual data, wouldn’t one? And, if then publicly having postured to not be able to break into crypto stuff (where one can with near-certainty break into all stack levels below it, down to the BIOS if not chip level!) almost meaning that for sure one can, why would one push too hard to make it illegal ..?
The only thing one can think of, is that declaring it illegal somehow block another’s access to plausible deniability or to Fifth Amendment claims (that are fundamental for any decent human society). So… that’s what’s going on. …?

And this points to countering TLAs by working with crypto at a higher level; producing encrypted content that looks pretty darn innocuous until decrypted; not seeing scrambled info but at a higher-to-lower-to-transport-and-back-to-higher avenue, transferring Information over seemingly white noise Data signals. Clever… Stego. How’s things on that front (?) ..!?

Also:
DSC_0606
[Relevant: Pic may not exist. …]

Why ‘cyber’s still a dud

[Oh yes @CyberTaters will warp the pings re this post. And #ditchcyber!]

For one, all (sic) of ‘cybersecurity’ (quod non) is incomprehensible to those that consider themselves ‘leaders’ in one way or another in practices where actual infosec should be top of mind. Since the (for quite too large a part) despicable mice (of this story) don’t see their own folly, these kindergarten emperors will be found to wear their new clothes well… but not ‘get’ what it takes to start developing ideas how to actually lead in the infosec field. Starting with debunking Internet myths and hype-FUD but also starting the sea changes needed to achieve something (if maybe not everything).

For another, since all the hype-FUD only leads to Technology focusing, where those that would still not have thus-focused houses on order should be fired; decades of developments would have to have been easily dealt with – though it is rocket science, it’s hence not that hard. Hey, designing and building a probe to Pluto, isn’t there an app for that?
Leaving the other 99.9% (well…) of work in the area of People (and don’t start me on Process..! see my posts over the past couple of weeks). Which, even if it would be understood what needs to be done in that field, would be known to be near impossible to pull off, let alone in the short term.

Hence by simple (?) logic, ‘cyber’whatever is a dud.

Sobering:
DSCN2508
[You know where, or not; every corner needs to be beautiful…]

Before it disappears: Told you so

Oh, before it returns to oblivion; re the Hacker Team hackback: I’ll just join the endless queue of Told You So’ers with reference to this.
Noting that there is a confusing connection to the illegalise-encryption-cum-mandated-government-backdoors stupidity that keeps coming back like whack-a-mole, to put it very, very friendly.

OK, leaving you with:
DSCN4521
[Antwerp beauty, untiltshifted]

The need for a new security framework

… I feel the need for it. A new security framework.

Because what we have, is based on outdated models. Of security. Of organisations. Of how the world turns.
Bureaucracy doesn’t cut it no more. The very idea of hierarchically stacked framework sets (COSO/CObIT/ISO27k1:2013/…) likewise, is stale.
And the bottom-up frameworks en vogue, e.g., OSSTMM (if you don’t know what that is all (sic) about, go in shame and find out!) and core work like Vicente Aceituno Canal’s, haven’t found traction enough yet, nor are they integrated soundly enough (yet!!) into further bottom-up overarching approaches. Ditching the word ‘framework’ as that is tainted.

But what then? At least, OSSTMM. And physical security. And SMAC. And IoT. And Privacy (European style, full 100.0%, mandatory). And business-organising disruption, exploded labour markets, geopolitics, et al.

OK. Who of you has pointers to such an Utopia ..? [Dystopian angles intended]

Unrelated:
DSCN6146
[Your guess. Not Nancy. But is it Reims ..?]

I am not me. Myself: nope, neither.

Now that infosec has become to lean so much on the People side of things – as in theory all things Tech have been solved, for decades already just not implemented to any degree of seriousness..! and ‘process’ having been exposed as utter nonsense ‘management’ babble – it is strange to see that psychology hasn’t come to the fore much, much more. Even when pundits and others, and the minions like Yours Truly even, have posted over and over again that no tech system however perfect can stand the assault of through, e.g., casual negligence and unattentive error let alone gullibility and other vices.

E.g., in the area of IAM. Where I, the construct, the behind-the-persona ego I recognise as such, is constantly changing. In my case, developing fast, forward, up. In your case… well, let’s be nice to one another so I’ll remain silent.
And all sorts of avatars are developing as substitute for you and me within systems. See, with AI mushrooming lately, avatar ‘development’ may quite easily, soon, surpass ‘you’ in being ..?

Back to the story line: It’s just not userIDs anymore; context-aware and -inclusive, capability- and rights-attached constructs they are, and integrating with the Avatar Movement (Rise of the Machines, yes) to morph into actual beings that might soon pass Turing for comparability to/with humanoid identities. We’ll be on equal footing, then, or soon after, bland dumbed-down versions of personas/egos.

But How Is This Relevant … Ah, the clue of today’s post: Because social engineering, phishing etc. play on the weaknesses of humans to be able to impersonate. So, either stop the weaknesses (as vulnerabilities; eternally impossible) logical-OR stop the impersonation (the assumption of avatars/personas by attackers; taking down their masks). The latter, by at least being aware that the avatar, the persona, isn’t the actual person. How to get that into systems, and at the same time recognising ‘actual’ avatars/personas i.e., the link between those and the right real persons behind the masks even when considering through human weakness the persona has been ‘compromised’ …? That will solve so many infosec troubles…
But heyhey, I don’t have a clue like you do. Or do you ..? Very much would like to hear ..!

[Edited to add before publishing: Hold Press; include this on behavioural stuff]

DSCN2608
[“Riga”..? Aptly French?]

Maverisk / Étoiles du Nord