Innovation – Page 24 – Maverisk / Étoiles du Nord

IoTsec as expected

Yawn. A decade of humongous growth in Information security is coming. To tackle the likes of this.
Think of where the somewhat organized, somewhat budgeted, somewhat up to it corporate world now is. (With the public organization world lagging, seriously, on all counts.) Then think of what it would take to make the general public ‘safe’.

And then think of how many InfoSec professionals would be needed. Yeay! Indeed, as in:
[Onto Val d’Orcia, as you spotted]

Wired / Tired / Expired, August 2014 edition

[‘oliday snapshot, underadvertised]

So, here’s the August edition of my Wired / Tired / Expired jargon watch overviews, a mixed bag:

Not. I’m taking a holiday break on this. Will be back per September to hit you with ~~my rhythm stick~~ seriously important, and interesting, trends of the month.

OK, one then, in simple format:

Wired	Tired	Expired
Pivoting	Pitching	Business Idea without Plan
As ‘invented’ in 1985 or so. Now suddenly… some business booklet became popular ..!?	You know, like in 2, 1, … minutes. Uselessly brief, indeed.	Sigh. What did you smoke, now legally?

And, maybe, a link to some article that goes into the T and E problematics somewhat further… here.
Hence, any suggestions for that Sept edition ..?

Gotta TruSST’MM

Had been planning for a long (?) time already to write something up on the issue of Trust in OSSTMM3© – in particular, how it doesn’t conform with received (abstract) notions of trust and how that’s a bit confusing until one thinks it through wide and deep enough.

First, a picture:
DSCN4198
[Controlled to I/O, Vale]

Then, some explanation:
As I get it (now!), the OSSTMM model defines Trust as being an entry into or out of a system/component (objects, processes). The thing you may do when you are trusted. Literally, not the protection wall but the hole in that wall. Which isn’t some opinion thing the holder has of the visiting tourist. Interesting, but troublesome in its unsettling powers.

Dang. Running out of time again to delve into this deep enough – in particular where I wanted to link this to a previous post about identity and authentication … (this post in Dutch). OK. will move on for now, and return later. Already, if you have pointers to resolution of the differences (the whole scale (?) of them), don’t hesitate.

Welcome to Hotel SV

Just a short note; tinkering with more ‘cybersecurity’ songs (to support (or not) #ditchcyber), I came across the following snippets…:

“Welcome to the Hotel California”
“Such a lovely place”
Such a lovely face
Plenty of room at the Hotel California
Any time of year
You can find it here”

“Bring your alibis”

“Mirrors on the ceiling”

And she said “We are all just prisoners here, of our own device”

Last thing I remember, I was
Running for the door
I had to find the passage back
To the place I was before
“Relax, ” said the night man,
“We are programmed to receive.
You can check-out any time you like,
But you can never leave!”

How’zat (sorry (no I’m not Canadian) USofA, culturally you’re still 99% British so you should get that reference) for the famous search engine’s approach ..?

And, of course:
[Yeah Breck is CO not CA, about two decades back]

Jargon watch

Out of band from the Wired / Tired / Expired series, an in between jargon watch notification:

Wall huggers

The dorks in public places sitting against a wall near a power plug, not comfortably on a chair at a desk or so, in order to get juice for their cell phones. As in this clip, and others, and in your environment, too. Don’t become a hobo.
Nopenopenopenope I know it isn’t as new even, but some might have missed it. Hence the notification…

After which I leave you with:

[Gabbiano castle, just a B&B of sorts]

Quatorze Juillet / Jan Salie travels Europe

Not only because

[Hm, may not be completely true, personally]

But rather because: Where’s some countries’ role in cultural development ..? Or is all of Europe into the Jan Salie spirit ..? [‘John stick-in-the-mud’ on the worst side]

Of course the Usual Suspects Dr. Nein and Dr Antithesis (as here and here) may revel in the bleakness of all our future(s). But many have taken the blue pill, and rather be cheered by ‘progress’. Which, after übermanufacting Germany incl. its marks (rest of Europe) lost speed a couple of years ago (by the luck of the USofA and its European protectorate mainland Britain in splendid uncontinentality) having left room for the manu side to flourish), no other country has picked it up. Sure, Italy tried but created an Alfasud. Spain tried, but destroyed a masterpiece (??) to create a half-empty glass times two, business function-wise.

And then, where’s France; the France of Versailles, Fontainebleau, and the Viaduc de Millau? Just a few like @jattali keep the flag up. The rest… Or has it finally dawned on the simpler part of the community that current-day Franks are secure at their Île-de-, need no more frenzied power outreach to be secured at the core, and the countryside is happy to stay as-is, and information-, control- and hence money centralization / concentration [note that there’s a difference, but not now; for later] are still tied to physical centralization / concentration even when now, the New Economy is changing to (back to times immemorial of) rural, unconcentrated, networked, cooptive cooperation down at the sub- and subsub-centres spread out throughout the realm? Why not reinstate the Breton Parliament, and similar regional institutions, when in times of ever diminishing information transaction costs any superfluous power centralization is redundant ..? Light control is possible, and preferable, if the borders can function as buffers, as they do. The sublimations of concentration, as functional as they were for a long time, lost their heads and so did France – but the latter not sufficiently yet, even more so given latest (decades of) developments. Now, apart from sublimination of the apex, sublimination of the vertical structures is in order, for flexibility, diversity (as driver of innovation), and ‘freedom’.
To leave room for cultural progress. Beyond mere Grands Projets (sic). Into a cultural bloom. Or will France, French, continue on its road [and be followed by England et al., USofA et al.,] when China, (and others ..?) come to dominate?
We’re still in Europe, aren’t we? Revival comes from neglected corners.

I’ll leave you with a pic…:
[Because you caen! (err, Bayeux) Long ago, they took the jump – to around the world]

Book by Quote: Smarter Than You. Think.

Yet another ‘Book By Quote’ then. A full of … wisdom one again, for once.
An attempt to subjectively summarise a book by the quotes I found worthwhile to mark, to remember. Be aware that the quotes as such, aren’t a real unbiased ‘objective’ summary; most often I heartily advise to read the book yourself. This one, for sure – though don’t be uncritical while going through the many bends in not-so-water-tight logic ..!

So, this time: Clive Thompson, Smarter Than You Think, Williams Collins 2013, ISBN 978000742777-2.

“Human strategic guidance combined with the tactical acuity of a computer,” Kasparov concluded, “was overwhelming.” (p.5)

We’re all playing advanced chess these days. We just haven’t learned to appreciate it. (p.6)

Harold Innis – the lesser-known but arguably more interesting intellectual midwife of Marshall McLuhan – called this the bias of a new tool. Living with new technologies means understanding how they bias everyday life. (p.8)

As electricity became cheap and ubiquitous in the West, its role expanded from things you’d expect – like nighttime lighting – to the unexpected and seemingly trivial: battery-driven toy trains, electric blenders, vibrators. (p.8)

… scanned the brains of new mothers and fathers as they listened to recordings of their babies’ cries. They found brain circuit activity similar to that in people suffering from obsessive-compulsive disorder. (pp.14-15)

Marcel Proust regarded the recollection of your life as a defining task of humanity; meditating on what you’ve done is an act of recovering, … Vladimir Nabokov saw it a bit differently … “I confess I do not believe in time.” (As Faulkner put it, “The past is never dead. It’s not even past.”) (p.23)

We face an intriguing inversion point in human memory. We’re moving from a period in which most of the details of our lives were forgotten to one in which many, perhaps most of them, will be captured. (p.28)

OK, first a pic, than a moar tag; and the rest – a long rest.

[Yup, Fiorentina.]
Continue reading “Book by Quote: Smarter Than You. Think.”

Segregatie in werk

Meer State-of-the-Art Watson-like Big Data Analysis is niet te krijgen (a.k.a mijn hersens), leveren een opvallend patroon, ‘dus’ is het waar:
Vacatures voor ‘control’-gerelateerde functies (van modellenHAHAbouwers via ‘controlHAHAHAHAHAHAHAHAHAlers’ tot auditors) lijken steeds meer in de Provincie te vinden en steeds minder in de grote steden (a.k.a. Amsterdam). In de laatste duiken überhaupt weinig vacatures op, omdat de werkelijk nieuwe economie niet op zo’n formeel mechanism leunt; via-via- en informele cooptieve coöperatie drijven de innovatie en werkgelegenheid.
Áls dit in cijfers wordt gevangen, zullen die de verschuiving onderschatten omdat de nieuwe ontwikkelingen in hun diversiteit juist zo veel minder in hokjes te stoppen vallen. De anti-these van al wat vastloopt, van al waarin opkomende economieën (en voorheen science-fictionachtige binnenlandse sector’lets) juist níét in roeren en daardóór kracht hebben…

OK, OK, een plaatje tot slot:

[Klassiek onklassiek]

Chip in with Fermi

Anyone out there wanting to add something to Fermi’s paradox ..?
That is, add to this, to complete it further ..?

Oh, and again:

[Advanced, there, though Utrecht]

4th of July, a message from the US of A

On controls and their systemic ineffectiveness per se. As written about a lot in the past year on this site, PCAOB now finally seems to find out how things have been ever since SOx… in [simple block quote copy from this post by James R. (Jim) Peterson]:

The PCAOB Asks the Auditors an Unanswerable Question: Do Company Controls “Work”?

“Measure twice – cut once.”
— Quality control maxim of carpenters and woodworkers

If there can be a fifty-million-euro laughingstock, it must be Guillaume Pepy, the poor head of the SNCF, the French railway system, who was obliged on May 21, 2014, to fess up to the problem with its € 15 billion order for 1860 new trains—the discovery after their fabrication that the upgraded models were a few critical centimeters too wide to pass through many of the country’s train platforms.

Owing evidently to unchecked reliance on the width specifications for recent installations, rather than actual measurement of the thirteen hundred older and narrower platforms, the error is under contrite remediation through the nation-wide task of grinding down the old platform edges.

That would be the good news – the bad being that since the nasty and thankless fix is doubtless falling to the great cohort of under-utilized public workers who so burden the sickly French economy, correction of the SNCF’s buffoonish error will do nothing by way of new job creation to reduce the nation’s grinding rate of unemployment.

The whole fiasco raises the compelling question for performance quality evaluation and control – “How can you hope to improve, if you’re unable to tell whether you’re good or not?”

This very question is being reprised in Washington, where the American audit regulator, the Public Company Accounting Oversight Board, is grilling the auditors of large public companies over their obligations to assess the internal financial reporting controls of their audit clients.

As quoted on May 20 in a speech to Compliance Week 2014, PCAOB member Jay Hanson – while conceding that the audit firms have made progress in identifying and testing client controls — pressed a remaining issue: how well the auditors “assess whether the control operated at a level of precision that would detect a material misstatement…. Effectively, the question is ‘does the control work?’ That’s a tough question to answer.”

So framed, the question is more than “tough.” It is fundamentally unanswerable – presenting an existential problem and, unless revised, having potential for on-going regulatory mischief if enforced in those terms by the agency staff.

That’s because whether a control actually “works” or not can only be referable to the past, and cannot speak to future conditions that may well be different. That is, no matter how effectively fit for purpose any control may have appeared, over any length of time, any assertion about its future function is at best contingent: perhaps owing as much to luck as to design — simply not being designed for evolved future conditions — or perhaps not yet having incurred the systemic stresses that would defeat it.

Examples are both legion and unsettling:

The safety measures on the Titanic were thought to represent both the best of marine engineering and full compliance with all applicable regulations, right up to the iceberg encounter.

A recovering alcoholic or a dieter may be observably controlled, under disciplined compliance with the meeting schedule of AA or WeightWatchers – but the observation is always subject to a possible shock or temptation that would hurl him off the wagon, however long his ride.

The blithe users of the Value-At-Risk models, for the portfolios of collateralized sub-prime mortgage derivatives that fueled the financial spiral of 2007-2008, scorned the notion of dysfunctional controls – nowhere better displayed than by the feckless Chuck Prince of Citibank, who said in July 2007 that, “As long as the music is playing, you’ve got to get up and dance… We’re still dancing.”

Most recently, nothing in the intensity of the risk management oversight and reams of box-ticking at Bank of America proved satisfactory to prevent the capital requirement mis-calculation in April 2014 that inflicted a regulatory shortfall of $ 4 billion.

Hanson is in a position to continue his record of seeking improved thinking at the PCAOB — quite rightly calling out his own agency, for example, on the ambiguous and unhelpful nature of its definition of “audit failure.”

One challenge for Hanson and his PCAOB colleagues on the measurement of control effectiveness, then, would be the mis-leading temptation to rely on “input” measures to reach a conclusion on effectiveness:

To the contrary, claimed success in crime-fighting is not validated by the number of additional police officers deployed to the streets.

Nor is air travel safety appropriately measured by the number of passengers screened or pen-knives confiscated.

Neither will any number of auditor observations of past company performance support a conclusive determination that a given control system will be robust under future conditions.

So while Hanson credits the audit firms – “They’ve all made good progress in identifying the problem” — he goes too far with the chastisement that “closing the loop on it is something many firms are struggling with.”

Well they would struggle – because they’re not dealing with a “loop.” Instead it’s an endless road to an unknown future. Realistic re-calibration is in order of the extent to which the auditors can point the way.

And … there you go, for today’s sake:

[Watching (us against) you …]