Information security – Page 17 – Maverisk / Étoiles du Nord

P( Danger(You) > 0.5 ) ⇒ Shutdown( You )

For the Fellow Travelers among you, that still believe that AI (AGI or ASI) will bring us joy and an arcadic peaceful creative work-free life forever after, please do consider this here piece. And see that we’re only at the beginning.
[Oh for AGI/ASI reference, see here.]

Luckily, hopefully, the tide will turn. But there simply is no guarantee it will.

And on this most pleasant note, I’ll leave you with:
DSCN7386
[Málaga – but when the struggle is forbidden and ‘ratio’ quod non might seem to prevail, the Dark may roar and explode out of its confines in utterly destructive ways. As in this previous post…]

Signalling healthy process

Yet some more cross-over ideas from the IoT world into the administrative bureaucratic office world: Streams of transactions as signals.
Of the health of the process, of course. To be defined, obviously, as the fit to the surroundings. The fit may be off, either intentionally (wanting to let the world adapt to the process, enforcing (?) change) or unintentionally left blank i.e., having to cope with exceptions to what was envisaged as transactions’ content or form.

Now apply yesterday’s first picture of process control.
Now, too, consider what one could do with sampling theory (as a subset of ‘Shannon’, if properly elaborated, possibly skirting with ‘classical’ statistics ..?). Taking 2log(n) samples (where n is the number of transactions ..?? Just a wild guess) and being able to reconstruct the ‘signal’ then taking its integral (discrete transactions … just summing it up ..?) for the total. Or Fourier-transforming it all and … get your basic theory straight before dreaming of moving on so don’t start at the other end as ‘accountant’…! And/or treating exceptions (as e.g., found by the sort of analysis that these girls/guys are so good at; that not even being meant as a cynical qualifier) as noise to the signal. Never fully suppressable, but useful to pick up secondary signals, stacked in their variation of frequencies, amplitudes an wavelet transformations. That all tell you something, if you listen. Whether you want perfect, over-HiFi replay [intermission: Ugh I’m getting old, even knowing that HiFi was a thing…], or lively veracity, actual fullness of music. And take in again the ole’ industrial process control with its recipe / derivative function(s), et al., and be able to better control it all from the ‘dashboard’ in the control room. When all of the routine stuff, the routine 80%, of business is done by … ‘robots’. Humanoid or digital-machines, IDC.

And hey, while we’re at it, why not throw in attempts to include in bookkeeping not only discrete numbers (arbitrarily rounded to hunderds, of random currencies) but Real numbers or even Complex numbers as well ..? The latter, e.g., to indicate VAT surcharges, etc.; leading to tuples-as-single-‘numbers’ in bookkeeping. Maybe somewhat harder to track that all is booked correctly, but also maybe powerful in capturing singular transactions and some processing rules/logic, and controls, in one tuple (‘record’).

Where AI may then be applied to do sanity checks. Not on this author; no AGI or ASI would suffice…

OK, for now:

[“What a shoe box” but yes that *is* the Bata shoe museum, Toronto]

Ack or ook ..?

Yes, there we are again, on the subject of ‘Ethical’ hacking.
Because I came across such a ‘Certified Ethical’ Hacker once again. Which made me think (again…) about the allure of that. And then it struck me: It’s just a matter of replacing ack with ook and we’re all set!

Think about it; and ook does for money what others do for fun and ulterior motives… So does an ack. An ook can be certified (licensed) and get government-controlled medical/physical check-ups, by another bodily-educated professional. An ack can be and get the same; through permanent education requirements and peer review.

But what an ook can’t get, is the Ethical label that the ack has – for no apparent reason and it should be the other way around: Where the ook has proven her (majority; unless some ladies in the readership have sufficient experience to validly claim the opposite) role in society since the dawn of time/mankind/human society, the ack dabbles in what somewhat similar but short by aeons, is a crook’s business.

So, CEH better refer to the ooks out there. For now:

[It’s … Name That City time again!]

Oh hey, quoted (at a distance)

Oh hey, I got quoted (almost … I mean at an enormous distance) by some reputable (?) institution.
Where that body did jump to all sorts of conclusions (see my next Monday 27 April post squared with my 3 April post against (?) those), but in the passing mentioned an arms’ race known to modern man already for decades as if it were something new. In this here piece.

What’s the aim, then? To have all sorts revert to Flipping ..?

To leave you with:
DSCN3994
[Still? against intruders, Trier]

Culpable misinformation

The inescapable Bruce was very mild, characterising Comey’s texts as a joke. Like here, on this. Whereas puppets everywhere (in NL as well, here) can show only a handful cases if any at all where mass surveillance (like this by InfoSec Taylor:

explains) has been key. Referring not to any paraphrase (here) of Ben Franklin (“Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.”) ..?

But the point is: Where failure to act may be culpable in the same way that acts may be, deliberate (intentful) misrepresentation by omitting knowledge and/or presenting false conclusions may be as culpable as outright lying. In particular, when in the public sphere (of income) where speaking the truth (the whole, and nothing but…) is part of the deal, however indirectly through defense of a constitution. Wilful neglect of that duty (that may include informing oneself properly!) is a scam, con, deceit, fraud.

So, come clean. And:

[F..tis didn’t get away with it; too simpleton despite pretense]

Here, First

Integrity at any level is the Yggdrasil of any CIA or other quality of the layers on top of it.

I.e., if at the platforms level the integrity of software (à la Turing, engine/programs and data) cannot be fully 100,000…% be guaranteed, no extreme of measures op top of it can restore the missing percentage, only (somewhat) limit further deterioration of the stack on top.

Okay, this being a bit abstract, a somewhat more simple and extensive explanation will follow.
Till then:

[No base, no glory; Sevilla]

Seamless complacency, rise of the crackers

Yes, seamless integration as, e.g., pursued by the likes of Appl, may polish some edges of the roughness of the world. OMG! I have to turn this plug over to make it fit! The horror! Why didn’t someone fix this!?
Such, to be shipped to the battlefields of the Middle East and Africa, traumatised at the bus ride already.

And, the consumerism, the ultimate ideal of marketeers and Silicon Valley alike, will bring both down crashing. Because the ideal of consumerism everywhere, will also, does already also, pervade education, leaving (achieving its goal at) numb drone consumers – that have no means of income as they’re too mediocre at far too low a level to have any differentiating value (of potential (work)); a vicious circle – that will not be able to see value in services offered but moreover are incapable of building the Next Thing of even maintaining the old.

That will be left to
a. The ever shrinking (!) money(sic)-mostupper class. Not true class!
b. Crackers.
a. This of course, till the exponentially spiraling competition of the money hierarchy will result in < 1 slot, in the end.
b. This of course, since there will be renegades, outcasts, that go their own way. And will be legion. As they drop out, are brute- nuclear-force pushed out of the consumerist lowest classes. Suddenly, have to be resourceful – and (t)hence go after the resources… Only outcasts will see the porous base of the systems stack and hack their way into it. Cultural abandonment leading to … this, you know.

Ah, lessons …? Don’t Be Evil, and Be Prepared. To abandon. ..?
Whatever, there’s still:

[~~Metropolis~~… La Défense, many years back]

Total priv’stalking

Errrm, would anyone have pointers to literature (of the serious kind, not the NSFW kind you only understand) regarding comparison of real physical-world stalking versus on-line total data collection ..?
No, not as some rant against TLAs but rather against commercial enterprise than not only collects, but actively circles around you, wherever you go. Giving you the creeps.

Because the psychological first response is so similar, can it be that the secondary behavioural response / adaptation is similar, in self-censorship and distortion of actual free movement around … the web and free choice of information ..?

And also, whether current anti-stalking laws of the physical world, would actually work, or need strengthening anyway, and/or would/could work or need translation/extension, to cover liberty of movement and privacy-as-being-the-right-to-be-left-alone i.e., privacy as the right to not be tracked, privacy as the right to anonymity everywhere but the very very select very place- and time(!!)-restricted cases one’s personal info is actually required. Privacy as in: companies might have the right to have their own information but not the right to collect information of or on me (on Being or Behavioural) as that is in the end always information produced by me, through being or behaving. The (European) principle still is that copyright can be granted, transferred, shared out in common parlance by payment for use (or getting paid for transferring the right to collect such payments) i.e., economically, but not legally; the actual ownership of the copyright remains with the author!

See why I excluded the TLAs ..? They may collect all they would want but not use unless on suspicion after normal-legal specific a priori proof; that’s their job. No officially (…) they may not step outside their confined remit box, but they do have a box to work within.
Now, back to the question: Please reply with other than the purely legal mumbo-jumbo that not even peers could truly understand but just babble along with.

In return, in advance:

[Foggy (eyes), since in the olden days, probably never to be seen again; Bélem]

Better IoT privacy

Oh, I’ve been outdone again, in some ways. Which isn’t a big deal; ’twill happen to you, often, too. This time, it’s about the IAM in IoT that I signalled here and here, here, and here as a generic problem. Correct: Challenge.
Which all was readable. Hopefully. For all dealing with the stuff on a monthly basis (ahum, ‘weekly’ or ‘daily’ wouldn’t make sense; you’d be ahead of me probably…) that is. For a more general explanation, one can now turn to this here piece; much better at generalpublicspeak than I’d produce when diving onto it again.
Oh well. This:
DSCN6007
[Somehow, typically Madridean ;-| / Southern European / Latin style]

All against all, part 6; loose ends

OK, herewith the final-for-now Part VI of the All Against All matrix-wise attack/defense analysis labeling. This time, about tactical content of … mostly, the defense matrix of edition IV.

Where I wanted to do a full-scope in-depth analysis of all the cells of Matrix IV. Not the sequel but the actual original defense posture strategy matrix. Because that was put together in a ~~straightforward~~ sloppy way anyway.
But then… I wanted to detail each and every cell according to this here scheme:
Anti-F 1
After further analysis along the lines of this here approach:
COSO_2013_ISO_31000-english
but mixing that quite hard, according to this previous post of mine (certainly the links contained therein, too) and a great many others contra bureaucratic approaches… but also mixing in the guidance of (not stupid compliance with!) the new one that at last, has quite some ‘user’ involvement in it. But still is based on both the top-down and the step-by-step fallacies a bit too much.

But it’s late and I don’t feel like the tons of effort involved. Yet. Maybe in a future enormous series of posts …
And should include references to OSSTMM here, too. Because al of the above, in the super-mix, will have to be checked and sensitized (is that the word for checking that it all makes sense?). Short of the word ‘audit’ where the respective profession (a trade, it is… at most, a role) has let us down so much. If only by the kindergarten zeal about ‘governance’ and ‘value’ – phrases so hollow (or circularly defined) that they’re not worth the ink (light) they’re written with, when used in the auditors’ contexts.
So, OSSTMM may help. By inspection where the rubber meets the road. And fixing whatever needed to be. Duct taping the last few bits, where the beautifully AutoCADded [anyone remember what that was (for)!?] frameworks failed in the machine milling. Or 3D printing, or whatev’, due to design failures due to requirements failures due to failures in common reason at the upper levels…

Now, with all the all against all posts (1 to 6 indeed), would you be able to advise Sony, and the others, how to be better protected ..? You should. Or re-read the whole shazam until you do…

After all of which you deserve:
DSCN1367
[Cologne, of the massive kind]