Wired / Tired / Expired, June 2014 edition

DSCN5735
[A mixed bag but me know nothing, I’m from Barcelona Madrid]

So, here’s the June edition of my Wired / Tired / Expired jargon watch overviews, a mixed bag:

WIRED TIRED EXPIRED
#ditchcyber APTs Cyber! Cyber! Cyberthis, cyberthat, cybereverywhere
Most certainly, this is still W.
Maybe shouldn’t have been. But is.
They were meant to be here to stay.
So they do.
There’s even an interesting popular song about this!
Mind-controlled bionics / Sensors (tie) IoT / Wearables Weaponised drones / Drones for deliveries
Once these get sorted out, we’re all doomed. Because we’ll not prep our society in advance of quick enough. Fact, from history.
After this, Fukuyama will be right after all.
All talk, no full-scope delivery. Laggerd panic, these ones.
White asparagus Green asparagus Noma
The ultimate, from the Aragon to Holland reach. Underestimated, neglected, by those who don’t know the product well enough. Not ‘the’ asparagus. Just the typical second choice. Eat your own ants. Exposure of decadence.
Drought in CA CO weed LGBT =
After the tiny snow pack, drought throughout CA and neighbouring states. See the panic. Dude, relax! Done deal, mellow! Equality spreading, overdue, now an unstoppable avalanche. Hence E.
BnpzKOsCMAAQYBm NAkjglc h626FCB52
In its lens- and other forms. Yes there’s innovation in there …! As Coin, still under W, though Overused

OK, any suggestions for next month’s edition ..?

Who has your back; who’s up your back side?

Depends on how you foresee the world’s wheels of fortune turn…:
cntzyd5kxvsfhujxspwj
[Plucked via some byways from this originating site. Worth a visit!]

But beware … Things may change rapidly.

The enemy from below

I know, I’ve been guilty of it too. Thinking, tinkering, and musing about all sorts of abstract risk management schemes, how they’re a giant mess, mostly, and how they could be improved. Here and there, even considering a middle-out improvement direction. But mostly, ignoring the very fact that in the end, information risk management hinges on the vastly complex technological infrastructure. Where the buck stops; threat-, vulnerability- and protection-wise.

A major (yes, I wrote major) part of that low-level (Is it? To whom? It’s very-highly intellectual, too!) technological complexity is in the trust infrastructure in there. Which hinges on two concepts: Crypto and certificates. In fact, they’re one but you already reacted towards that.

For crypto, I’ll not write out too much here about the wrongs in the implementation. There’s others doing that maybe (sic) even better than I can.
For certificates, that hold the crypto keys, the matter is different. Currently, I know of only one club that’s actually on top of things, as they may be for you as well. Yes, even today, you may even think the problem is minor. Since you don’t know…

Really. Get your act together … This is just one example of how deep, deep down in ‘the’ infrastructure, whether yours or ‘out there’, there’s much work to be done, vastly too much complexity to get a real intelligent grip on. How will we manage ..?

And, of course:
002_2 (13)
[Showboating tech, London]

BBQ science. Just like science.

OK, you do actually want to read this and this, side by side. Gas or charcoal. Or both or neither.
And conclude. It’s all about science…

OK, and to conclude:
000013 (5)
[“Hey, isn’t that Drake’s well ..?” Yes indeed. Titusville, OH. Worth a visit!]

Car industry development

It seems that famous T may be in for some competition. Serious competition, when these qualifications come true in the real world.

088_BMW_i8-new

There’s of course various ways this might work:

  • Big Motor – the Germans, Asian, French/Asian, not so much the classical US ones ..! – puts out some half-lame trials to confuse the markets and destroy the startup T. Happened before with DeLorean, remember?
  • The same, now gets into the game for realz, and wipes out Fisker first, and then famous T. “Thanks for creating the market, off we go and leave you in the dust”;
  • The same, try but fail. The ideal scenario, but hopefully the true one. And hopefully, other small-time startups will follow suit otherwise we’ll be back with one big Ford T company again.

And, could we change the designs so they’ll be more Karma’esk instead of cheesy early-’80s-like ..!?
2010-Fisker-Karma-Wallpaper

(Ahead of time, because we can)

This will be published in the July ISSA Journal. Just put it down here, already, to be able to link to it. ;-]
And, first, a picture:
DSCN3152
[Toronno, ON]

After which (Dutch version linked here):

You have the Bystander Bug

One of the major pluses of open source software is that anyone, even you, could check the source code so, via logic, the chance that a somewhat hidden bug will be found in a heartbeat will rise to about one when enough people look at the source, now they can.
But we were recently surprised by just such a bug, with global implications. Sure, it turned out actually no-one keeps tabs on what open source software is used (in) where by whom.

So all the global software behemoths turned out to rely on pieces of open source software – and that software, maintained by literally a handful of volunteers on a budget of less than a couple of seconds of the major software vendors’ CEOs, actually had not been scrutinized to the level one would require even on a risk base. Certainly not given the widespread use which would make the risk to society grow high. Did we tacitly expect all the software vendors of the world to have inspected the open source code more carefully before it being deployed in the global infrastructure ..? How would one propose to organize that within those big, huge for-profit companies? What where (not if) the global infrastructure wasn’t ‘compiled’ into one but built using so many somewhat-black boxes? Virtualization and ‘cloud’ abstract this picture even further. Increasing the risks…

But more worryingly, this also means that ‘we all’ suffer from the Bystander Effect. Someone’s in the water, unable to get out, and we all stand by without helping out because our psychology suggests we follow the herd. Yes, there are the stories of the Ones that beats this and jumps in to the rescue – but there’s also stories where such heroes don’t turn up. And, apparently, in the open source software world, there’s too few volunteers, on budgets far less than a shoe string, that jump in and do the hard work of detailed code inspections. Which means there’s also a great number, potentially about all, of us that look the other way, have made ourselves unaware, and just want to do our 9-to-5 job anywhere in the industry. In that way, we’re suffering from the bystander effect, aren’t we ..?

And, even worse, so far we seem to have escaped the worst results of this in e.g., voting machines. Here, how close was the call where everyone just accepted the machine program-ming and expected that because of its open source nature (if …), “someone will have looked at it, right …!?”. Though of course, on this subject, some zealots (?) did indeed do some code checking in some cases, and the troubles with secrecy of votes overshadowed the potential (!) tallying biases programmed in, knowingly or not. But still… when ‘machines’ are ever more relied upon, moving from such simple things like voting machines to a combination of human-independent big data analysis/action automata with software-defined-everything and the Internet of Things, where’s the scrutiny?

Will a new drive for increased security turn out to be too little, too narrowly focused and for too short at time, as many if not all after-the-fact corrections have been? If we leave it to ‘others’ again, with their own long-term interests probably more at heart than our even longer-term societal interests, we still suffer from the bystander effect and we may be guilty by inaction.

But then again, how do we get all this stuff organized …? Your suggestions, please.

[Edited to add I: The above is the original text; improved and toned down a bit when published officially in the ISSA Journal]
[Edited to add II: This link to an article on the infra itself]

[Edited to add III: The final version in PDF, here.]

Cryptostego

Just as last week I’ve been discussing stego with colleagues, I missed this Bruce’s post
Be sure to read the comments, though. A couple on stacking steganography over cryptography, which is what I would presume would work.

And, again the question: what would you know of actual use ‘out there’; is it common, rare, what are the characteristics of its users ..? Is it the next big thing after (?) APTs …?

Oh, here it is; the pic you expected:
DSCN2526
[Would ‘Riga’ be a hint that there’s more to the picture …!?]

Column on Open Source code Bystanders

Well, the column is out there now… Will be published in the July 2014 ISSA Journal but here’s a preview, in Dutch

And, of course:
DSCN6225
[S’bourg, or Brussels – always mix them up and end up in the wrong place for a meeting]

Maverisk / Étoiles du Nord