Innovation – Page 3 – Maverisk / Étoiles du Nord

Bringing back symmetry/-ia

Some issues, aspects of interest, collided a couple of weeks ago.
Macron’s team with their skillful double-cross deceit in the ‘leakage’ of election-sensitive info (!read the linked and weep over your capabilities re that, or click here for (partial?) solutions or others or devise your own). One down, many to go; Win a battle, not win a war yet.
In unrelated (not) news, what are the tactics used IRL to actively engage in pre-battle tactics? Can we plant our own systems with scar (?) tissue i.e. fake immunised (for us!) / unused information that is weaponised with trail collecting (or only source-revealing) capabilities, like shops and private persons can get “DNA” spray paint thus called because it’s uniquely coded so is identifiable and traceable? Can we harbour ‘hidden sleeper (?) cells’, pathogens i.e. malware, that doesn’t affect us but when ‘leaked’ to an adversary’s environment / stolen, oh boy does it become virulently active and destruct? (Silent) tripwires, boobytraps where are you?
How far behind the curve are the general public (us, I) with intel on developments in these areas? If the French used some of this stuff (using is revealing, qua tactics, unfortunately) certainly others would have considered the methodologies involved. Raises questions indeed, as were around, about whether or not the cyrillic traces were planted into WannaCry1.0 or left there in error. [There’s no such thing as perfect Opsec but this would severely hurt some involved at the source / would’ve cared better, probably.]

Just so we can get a better view on the balance being shaken up so vehemently, between asymmetric simpleton hacks [the majority you know (like, you actually can learn about; the real majority you may not hear about) of big organisations with their huge attack surfaces and attackers only needing one pinhole] and more-or-less regaining-symmetric nation-state attacks against each other (all against all) where the arms’ race of tooling now is so out of balance.

Would like to know, for research purposes only of course, really.

We’ll see. And:
[Yes that’s real gold dust on the façade hiding in plain sight, but you wouldn’t be able to scrape it off. Would you? Toronto]

When ABC– will use AI, success

So it turns out that the company formerly known as Google, may very well enter the job market. Qua brokerage.
In which it may succeed (it already caused to-be competitors’ stocks to nosedive, a little at least), when deploying smart AI solutions.

Let’s hope, then, that Alphabet Jobs [as it might be called in a stab’let at $AAPL ..?] will use the AI to bypass the most ridiculous aspects, that are many, of the current process. E.g., obliterating the tick box atrocity – as certainly, its own search capability will burn the fuses when trying to find anyone on this planet that fits the requirements for just any job description as billed by ‘recruiters’. Dropping the similar requirements also of ‘having ten years of experience with this totally unknown system that only three current sysadmins can handle and had been implemented only two years ago’, or the infamous but near-certain to surface ‘millennial with thirty years of industry experience, will work for barely entry-level / intern salary’. Don’t say these requirements aren’t realistic like being real over and over again. They are! They’re there, everywhere!

And what does it tell you that ‘we’ may need AI to overcome this stupidity ..?
That Disruption with a capital is desperately called for.

We can hope, can’t we?

And:

[Tomb of the Unknown Candidate. No don’t wry-smile, pay some respect…!; Paris]

Note to self: GDPR scrum with or without the r

Just to remind myself, and you for your contributions, that it’s seriously time to write up a post on Agile development methods [OK, okay, I mean Scrum, as the majority side of the house]; how one is supposed to integrate GDPR requirements into that.
Like, we’re approaching the stage where the Waterfall model of security implementation, will be Done for most organisations. Not Well Done, rather Rare or Pittsburg Rare, at your firm [not Firm …]. But then, we’ll have to make the wholesale change to Maintenance, short-term and long-term. And meanwhile, waterfall has been ditched for a long time already in core development work, hence we have a backlog (huh; the real kind) qua security integration (sic; the bolt-on kind doesn’t work anyway) into all these Agile Development methods of which word has it everyone and their m/br-other seems to make use these latter days.

But then, the world has managed to slip security into that. Which is praiseworthy, and needs more Spread The Word.

And then, there’s the GDPR. May we suggest to include it in ‘security’ as requirements flow into the agile development processes ..?
As said, I’ll expand on this l8r.
If only later, since we need to find a way to keep the DPOs out of this; the vast majority (sic) of them, with all due [which hence may be severely limited] respect, will not understand to a profound level they’ll try to derail your development even without the most basic capability to self-assess they do it, in ways that are excruciatingly hard to pinpoint, lay your finger on.

But as written, that’s for another time. In the meantime, I’d love to see your contributions (if/when serious) overflowing my mailbox… Plus:
[Lawyers lurking next door…; Zuid-As Ams]

Glee because of support

All the mavericks of the world rejoice (and Maverisk among them, of course, already); finally there’s new [howzat for a typifying contradictio..?] evidence-of-sorts that the below that had popped into my mind a couple of days ago, is still, more, valid than ever. Being, related but in an angled/vector-transposed way, not about rebels but about other mischievings in general business management culture(s).

[Should I note that the ‘evidence’ already is worth much study and implementation? Yes I should.]
[Edited to add: Be ware of the other side, too; too many mediocre men just drift upwards by lack of weight: here.]
[Yup that’s a re-post from yesteryears, like, 12 March 2015 …]

Two points to make:
* Middle management will be.
* Secretaries should be.

The discussion regarding middle managers being superfluous or not had a slight uptick the past couple of months. With the latter voice having been a bit too quiet. Yes, middle management is under threat. It has always been; only the (history-)ignorant will have missed that. And Yes, all the Disruption things and similar empty barrel half-baked air by a lot of folks who have hands-on experience in the slim to none bin with (real) management altogether let alone this kind, have predicted over and over again that the disruption by Server-with-algorithm-app-that-schedules-day-laborers will make middle management redundant, as the believed task was only that.

Quod non. And as if just an algorithm will capture the full complexity (and incoherence, inconsistency, internally and externally contradictory ..!) of the requirements and work of the middle manager.

OK, we’re not discussing the drone administrative clerk that has Manager on his card (huh?) and sits in an office passing top-down orders and bottom-up reports back and forth. We’re talking the real, 24/7 problem firefighter here. The coordinator of chaos. The translator of lofty (other would say, ‘airhead’) ‘governance’ (quod non) mumbo jumbo into actual work structure and tasks, and translatereporting back. That survives and in doing so, shows great performance. The other ones, will be weeded out anyway, every time there’s an economic cycle downturn. [If the right ones would be kept, and the wrong ones ‘given growth opportunities elsewhere’. Seldomly the case; offing is by the fte numbers, and the wrong ones have being glued to their seats as their core competence, through sucking up or otherwise.]
So, the middle manager stays for a long time to come as (s)he does the kind of non-predictable work that will remain longest. If start-ups don’t have them, see them grow: They will.

Secretaries deserve a come-back. In similar vein as above, the vast majority of ~~managers~~ office clerks (from the shop floor (even if of knowledge workers…) all the way to near the top) these days have to do their own typing, scheduling, and setting up socializing things. Whereas before, economies of scale were many, and there were additional benefits because the good (sic, again) secretaries would e.g., know the best, unrenown restaurants all around and could get you a table even when they would be fully booked, and they would manage (massage away) some internal friction as well, often very discreetly and efficiently. Now, vastly more expensive (by hourly rate, productivity (think switching costs in the managers minds …, and utilisation), cost of ineffectiveness (sic again) and opportunity costs re their actual objectives (if these would be achieved; good/bad manager discussion again)) managers must manage their way around. An impoverished world it is indeed.

To bring back some joy:
[Some colour, but it’s down there… Zuid-As]

Common(s) as privacy and vice versa ..?

Remember from your econ class that concept of The Commons, and how problematic it was? Is?
There was this intriguing post recently, on how Free Speech might be considered and deliberated in terms of the commons being exhausted by undue over-use (abuse) — for its use alone ( → ). Leading to aversity of the concept not of the abuser or his (sic) apparent locally recognised but globally not, ‘valid’ reason(s) for over-use.

Which, as is my wont of the moment, driven by personal business interests, I took to be applicable to Privacy as well. Maybe not in the same way, but … This will need quite some discussion between me on the one hand, and peers and others on the other who would actually know what they’re talking about. Throwing in a bit of anglo-american data-isn’t-yours versus European (‘continental’ — will brexit – which starts to sound like a lame Benny Hill kind of joke ever more – change that ..??) data-is-datasubject’s-always divides, and some more factors here and there. Complicating matters, but hey life’s not perfect.

Waddayathink? In for a discussion ..? Let’s start!

And:
[Not so very common-s; Toronto]

Authentic means work, you see?

Recalling the recent spat about passwords again (and elsewhere), and some intriguing, recent but also not so recent news (you get it when you study it), it seems only fair to the uninitiated to clarify some bits:
Authentication goes by something you know, something you have or something you are. Password(s), tokens or biometrics, in short. All three have their drawbacks.

But that’s not the point. The point is that authentication is about making the authentication unspoofable by anyone but the designated ~~driver~~ owner.
That is why you shouldn’t dole out your passwords (see the above first link) e.g., by writing them on a post-it™ whereas writing a full long passphrase on just one slip of paper that you keep to yourself more zealously than your money, will work.
That is why tokens shouldn’t be stolen. Which you might not discover until it’s too late; and tokens have a tendency to be physical stuff that can be replayed, copied, etc. just like a too-short password. Maybe not as simply, but nevertheless.
Same with biometrics. When made simple enough for the generic user (fingerprints, ever so smudgy!) also easily copyable, off a lot of surfaces. Other biometrics, maybe more secure i.e. harder to copy but not impossible. And opening possibilities for hijacks et al., focus on breaking into the systems in the login/authentication chain, et al.
Which brings attention to yet more vulnerabilities of Have and Are: Both need quite a lot of additional equipment, comms, subsystems, to operate and work from the physical to the logical (back) to the IS/IT levels. Weakest-link chains they are ..!

So, the strength of authentication covaries with the non-leakability of the key, since both correlate to the source determinant in-one-hand-ity close to the actual person whose identification-as-provided (by that person, or by anyone else posturing) needs to be authenticated. By which I mean that ensuring one item of authentication, closely glued to the person and with the simplest, least-link connection chain to the goal system(s), is best. The latter, clearly, is the written-down-verylongpassword method.

Just think about it. And:
[They’re called locks. Discuss (10pts); Ottawa]

Learn you will… Recover, you might.

When your countries largest retailer (primarily F&B but non-F only recently growing as well), has finally heard about something-something-smart-fridge. And wants to do it Right and starts off with a pilot. Of, drumroll, a smart fridge magnet with a mic and barco scanner for adding stuff to your on-line grocery list (on-site self-service pick / pick-up, or delivery to follow separately). Didn’t kno that existed already.
Nice idea, to include not (only) a barco deliberate-scanner (no creepy auto-scans) but also a mic when you don’t have the product at hand (and fresh veggies wouldn’t make it; for a long time already not stickered but weighted at the (vast majority) non-selfscanned check-out).

But what security ..? For fun, e.g., putting reams of alcohol stuff on the to-pickup lists of unsuspecting meek middle-classmen that won’t understand but come home with some explanation to do (bonus for taking the stuff off the list once procured so ‘no’ trace on the shopping list). For less fun, snooping off people’s shopping habits and get rich (by ultra-focused ads or selling off the data, or by extortion-light once you get the Embarrassing Items in view). For even less fun but lulz (grow a pair) when changing the list to violate some family member’s med-dietary choices into harmful variants. And don’t forget the option to (literally) listen in on very much that is said in the vincinity of the fridge. Could be anything, but probably privacy-sensitive.
But what security? The press release point to other countries’ supermarkets already offering the Hiku sensors. Nothing is unhackable. Exploit searches must be under way. People never learn. Reputational (corp) and personal-integrity (clients) damages may or may not be recoverable, at huge expense.

I’m not in, on this one. No need. Plus:
[Where you can learn; Zuid-As Ams]

Pwds, again. And again and again. They’re 2FA-capable ..!

Why are we still so spastic re password ‘strength’ rules ..?

They have been debunked as being counterproductive outright, right? Since they are too cumbersome to deal with, and are just a gargleblaster element in some petty arms’ race with such enourmous collateral damage and ineffectiveness.

And come on, pipl! The solution has been there all along, though having been forbidden just as long …:
Write down your passphrases! The loss of control by having some paper out there, e.g., on your (Huh? Shared workspace, BYOD anyone?) monitor (Why!? Why not have the piece of paper in your wallet; most users will care for their money and those that don’t, miss some cells due to the same you wouldn’t want them at your workplace anyway) is minute, certainly compared to the immense increase in entropy gains i.e., straight-out security gains.
And … when you keep your written-down pwd to yourself (e.g., against this sort of thing), it becomes the same thing any physical token is and you created your own Two Factor Authentication without any investment other than the mere org-wide system policy setting change of requiring pwds of at least, say, 25 characters. (And promulgating this but that shouldn’t be too hard; opportunity to show to make life easier for end users, for once, and great opportunity for collateral instructions on (behavioural) infosec in general…)

What bugs me is that alreay a great string of generations have been led astray while all along the signs were on the wall – not the passwords on them, but the eventual inevitable collapse of the system, by users that demonstrated this security measure was too impractical to stick to par excellence as evidenced in the still-strong and practiced practice of writing down pwds. If people do some specific thing despite decades of instruction … might we consider the instruction to not fit the humans’ daily operations ..? so the ones seeking to Control [what pityful failures, those ones …; ed.] will have to rescind?

So, written-down passphrases it is. Plus:
[Easy sailing to new lands, beats being stuck on Ellis; NY]

Your unbody double

So, there now is a thing being Artificially Intelligent 3-D Avatars. As per here. How nice.
And then you realise time travel may be possible once you don’t have the physical duplication problem anymore. Though we still would have the other problems; bummer.

But still, one of the problems has been solved. The others, actually … may need re-study. Because, there may now be differences in travelling forward (possibility approaching, when ‘time’ in your physical life needs to stay synchronised in some form or another with others, and your AI3DAvatar can speed up ..?) but then, returning to Now might (creation of possibility here) be equivalent or the same [which aren’t] to travelling back in time. Duh. Too bad it’s still so hard to reason (positive-)logically and consistently about this.

And, it will make the ‘need’ to have dirty, planet-soiling flesh-and-blood humans around, much less. There’s no such thing required anymore as people being trapped in The Matrix and then wanting blue or red pills, but rather it’s the attachment of AI3DAvatars to the Singularity Machine; their subsumption into it (removing duplicate or false/inconsistent memories – that will be there IF the AI3DAvatar’s anything like you) leading to their disappearance — all they ever (in the future) were, had already been included (thought out on its own) by the SingMach.

For now, we’re still here; individually. And:
[“Tape”copies of the views from up there, will be loaded to your AI3dAvatar in a millisec; no need for that either; CNN Tower, Toronto]

Plusquote: Happening

“For a moment, nothing happened. Then, after a second or so, nothing continued to happen”.
Douglas Adams, The Hitchhiker’s Guide to the Galaxy

When scientists of the most esoteric kind finally come to wrap their heads around Einstein’s “Time is that not everything happens at once” in a provable way (errm, would like to have it in a falsifyable way but how would that happen? [no pun intended when typing but now it’s there…]), i.e., to the insight that the most fundamental something that happens in the universe, underpinning and giving rise to space, time, and matter [overOxfordian?], is Information,
this Information thing may wrap up the second quote, and the official quote of the day may be what was before Information — apologies that there is no clue in there how nothing happening suddenly gave rise to Information of why it wanted to / had to do so.
Both of the latter cases to be reflected on Sloterdijk’s understanding of the Ultimate Insurance Provider sphere-wrapping The Universe And Everything.

Plus:
[This guy understood; London]