Tag: Internet of Things

Right. Explain.

Well, well, there we were, having almost swallowed all of the new EU General Data Protection Regulation to the … hardly letter, yet, and seeing that there’s still much interpretation as to how the principles will play out let alone the long-term (I mean, you’re capable of discussing 10+ years ahead, aren’t you or take a walk on the wild side), and then there’s this:

Late last week, though, academic researchers laid out some potentially exciting news when it comes to algorithmic transparency: citizens of EU member states might soon have a way to demand explanations of the decisions algorithms about them. … In a new paper, sexily titled “EU regulations on algorithmic decision-making and a ‘right to explanation,’” Bryce Goodman of the Oxford Internet Institute and Seth Flaxman at Oxford’s Department of Statistics explain how a couple of subsections of the new law, which govern computer programs making decisions on their own, could create this new right. … These sections of the GDPR do a couple of things: they ban decisions “based solely on automated processing, including profiling, which produces an adverse legal effect concerning the data subject or significantly affects him or her.” In other words, algorithms and other programs aren’t allowed to make negative decisions about people on their own.

The notice article being here, the original being tucked away here.
Including the serious, as yet very serious, caveats. But also offering glimpses of a better future (contra the title and some parts of the content of this). So, let’s all start the lobbies, there and elsewhere. And:
20141019_150840 (3)
[The classical way to protect one’s independence and privvecy; Muiderslot]

DAUSA

Maybe we should just push for a swift implementation of the megasystem that will be the Digitally Autonomous USA. No more need for things like a ‘POTUS’, or ‘Congress’ or so. When we already have such fine quality of both and renewal on the way into perfection (right?), and things like personal independence and privacy are a sham anyway, the alternative isn’t even that crazy.

But then, there’s a risk (really?): Not all the world conforms yet to, is yet within, the DAUSA remit. Though geographical mapping starts to make less and less sense, there’s hold-outs (hence: everywhere) that resist even when that is futile. The Galactic Empire hasn’t convinced all to drop the Force irrationality and take the blue pill, though even Elon Musk is suspected of being an alien who warns us we’re living in a mind fantasy [this, true, actually — the story not the content so much].
But do you hope for a Sarah Connor ..? Irrationality again, paining yourself with such pipe dreams.

On the other hand … Fearing the Big Boss seems to be a deep brain psychology trick, sublimating the fear of large predators from the times immemorial (in this case: apparently not) when ‘we’ (huh, maybe you, by the looks of your character and ethics) roamed the plains as hunter-gatherers. So if we drop the fear, we can ‘live’ happily ever after; once the perfect bureaucracy has been established. Which might be quite some time from now you’d say, given the dismal idio…cracy of today’s societal Control, or may be soon, when ASI improves that in a blink, to 100,0% satisfaction. Tons of Kafka’s Prozesses be damned.

Wrapping up, hence, with the always good advice to live fearlessly ..! 😉

20160529_135303
[Some Door of Perception! (and entry); De Haar castle]

Overwhelmed by ‘friendly’ engineers

The rage seems to be with chat bots, lately. Haven’t met any, but that may only be me — not being interesting enough to be overwhelmed by their calls.
Which will happen, in particular to those in society that have less than perfect resistance against the various modes of telesales and other forms of social engineering (for phishing and other nefarious purposes) already. Including all sorts of otherwise-possibly-bright-and-genius-intelligent-but (??)-having-washed-up-in-InfoSec-for-lack-of-genuine-societal-intelligence types like us. But these being the ones of all stripes that ‘we’ need to protect, rather than the ones apparently already so heavily loaded that they can spare the dime for development of such hyper-scaling ultra-travelling foot-in-the-door salesmen. Is this the end stage, where none have a clue as to which precious little interaction is still actually human-to-human, and the rest may be discarded ..?

As for the latter … It raises the question of Why, in communications as a human endeavor… Quite a thought.

But for the time being, you’re hosed, anti-phishing-through-social-engineeringwise.

Just sayin’. Plus:
DSCN0408
[Retreat, a.k.a. Run to the hills / Run for your life; but meant positively! Monte Olivieto Maggiore near Siena]

Wats’on your bug-hunting program ..?

Tinkering with some unrelated ideas …:
How would one go about setting Watson (Clone, III) to work on bug hunting ..?
Where the Beast would be fed all sorts of past code / code patterns (source~ or executable~, or whatever style you’d prefer) with known bugs / errors / exploits and the way in which they failed, and then have the Big W scan, e.g., Win10 source code and come up with a list (in this case, assuming sufficient storage ;-| ) of bug red flags. Probably, to be classified in a range of Sure Thing, via Commonly, to Maybe. As we’re discussing patterns, certainty can’t be had for all found points of interest per se.

That being the simple part, what about automated immunization ..? If some patterns are near-certainly bugs/errors/exploit-points always, can they be plastered ex ante ..? It might be easy(er), too, to throw in an extra development test in the first place (“Sorry Dave, I can’t compile that”). But this sort of scope creep could easily lead to creepy behavior, e.g., if (??) the (??) system would get hijacked.

Oh well. Would still be glad to have your thoughts. And:
DSC_0062
[“Tin”foil hat for actual protection (well, No.), at Haut K-bourg again]

Plusquote: Critique of the Pure Reasonlessness

This episode, by reference to the excellent Future Crimes (Marc Goodman, as here), one originally by G.K. Chersterton (The Blue Cross):

The criminal is the creative artist; the detective only the critic

To which we would want to add: And the auditor, only the disgruntled desk-bound traffic cop.
Since, the checker (and penaliser) of the trivial petty little rules, should remain in the third line, right ..?

Where by the way, the creativity of the artist is required to make the art work that sells — and hence all make their living off straightforward crime or would perish. The more you bureaucratise into totalitarianism, the more you see life wither, till death. Even if the crime keeps on being perpetrated — by laxity of the second and particularly third lines, in cahoots with the profiteers. … Maybe that’s a bit deep-but-overly-lapidary …
Hence, just:
DSC_0247
[Panopticon Central, Strassbourg]

Miss(ed), almost ..?

One might have easily missed one of the most valuable annual reports … but if you trust it (you can) or would want to dismiss it (you can, for various reasons like the management babble leading to a great many missed threats and ~levels as here, always of course, but still), it is an important item when you’re in InfoSec despite #ditchcyber! so you’d better study it.
Oh, yeah, this being the thing.

OK now. Plus:
DSC_0113
[In “cyber”space (#ditchcyber once more), easily scaled. Haut Koenigsbourg again.]

Ketenregie en legerkorpsvakgrenzen

Tsja en dan denk je terug aan de afgelopen decennia waarin het maar niet lukte om in semi-(quasi-? sub-? nep-?) overheidsland ketenregie op poten te zetten. Nee, nee, nee, er ‘werkt’ misschien hier en daar iets, maar dat komt niet verder dan een operationeel niveau van geen-nucleair-conflict met op tactisch en strategisch niveau een totalitaire koude oorlog.
En ja, in de private sector (op zich al bedroevend, dat er een aparte term bestaat voor wat toch 90+% van de economie zou moeten beslaan maar niet verder komt dan een procent of 30, hóógstens) is er wel iets tot stand gebracht, maar dan met geweld en keiharde afstraffing door failliet bij minder-dan-maximale totale opoffering aan de klant.

Ah, de klant. Van de keten, aan het eind van het productieverhaal.

En oh, er zijn wel modellen. Degenen die nog een kans hebben inzicht te hebben (opgedaan), pakken namelijk hun VS 2-1351 erbij. En lezen vooraf nog even hun IK2-25 ;-] en dan hoofdstuk 8 uit voornoemde. Maar dat terzijde, want de essentie is dat het de lessen terugbrengt inzake de kwetsbaarheid voor aanvallen vanuit het Oosten die zich, van die zijde de intelligentie erkennende die zich zal richten op exploitatie van de zwakke plekken aan onze kant, zal richten op de legerkorpsvakgrenzen.
Omdat daar de coördinatie zwakker zal zijn over de vakgrenzen heen, en de ‘eigen’ suboptimalisatie binnen de vakken tot verminderde aandacht voor de grenzen leidt.

En … dat klinkt bekend ja. En inderdaad, daarin ligt het knelpunt bij regie en toezicht over de hele, van achter, te doen hebbende met een tegenstander (sic) over de hele, tegenover. Die zo is naar interpretatie van de eigen doelen, nog niet in staat is tot tactische nucleaire actie (via de politiek) maar wel de eigen belangen onvoldoende tegemoetgekomen ziet.
En dan? Dan dus de oplossingen uit de door de eeuwen heen ontwikkelde praktijk ter hand genomen. Inzake dwang van hogerhand tot maximale coördinatie tussen de keteneenheden en opoffering van de eigen borstklopperij ten faveure van de totale prestatie, op straffe van degradatie. Zou dat niet boeiend zijn; de holste vaten vanuit de leiding verplicht voor de rest van de carrière in het call center tewerkstellen ..?

Ach, als, áls nou eens de Mexican armies van bureaucraatjes aan de FLOT zouden worden gedumpt… Page en Popla zouden de omzet fors zien stijgen. En het bewust worden van de eigenlijke opdracht zou na catharsis en vervanging door Echte leiders tot zo veel betere overheidsprestaties leiden…

Dromen mag, toch ..? En:
DSCN7902
[Geschikt voor de ‘leidinggevenden’; Stockholm]

One IoTA FYI

To close off [almost, since @KPN fraud themselves away from bankruptcy by series of outright lies to customers and tort] the year with a wild shot, ahead:
There is value in the information analysis in IoT, as described in Gelernter and many since, of the two-way flow of information. One, flowing up are information in the form of answers as aggregations or pattern matched tuples(ets); the other going down, being both commands and inquiries/questions.

This fits the IoT world snugly, and should be taken into account when developing IoTAuditing frameworks:
What we’re after of course in all of auditing — and this we consider self-evident or else go back to study auditing fundamentals, from agency theory! — is the controls that keep the quality of the back/forth i.e. down/up information flows within (client-!)required margins. No more! But be aware of who the client really is, not the one doing the actual paying. So, we may focus on the integrity of the information flows first and foremost, then the continuity (availability), and then confidentiality as an afterthought.
With neat break-downs to isolation, appropriate input/output buffering (anyone still aware of the difference between an interrupt and a trap? If not, take a hike and learn, and weep), integrity controls above all. And some thing on (establishing) the quality of aggregation and of the questions being pushed down — when the wrong questions get asked e.g. by lack of understanding of the subject matter (sic), as is so very commonplace in the vast majority of organisations today, the wrong results will turn up from within the data pool (reporting ‘up’wards).

And of course there’s the divide between
the operational world where actual business is done (either administratively in offices though one could argue (i.e. proof beyond recovery) that this isn’t actually doing anything worthwhile, or producing stuff), and
the busybodies world ‘above’ (quod non) that, which thinks (wrongly) to be able to ‘control’ and ‘steer’ the productive body, sometimes rising itself into the thin air levels of absolute ridicule (by) branding itself ‘governance’.
But do re-read all of last year’s posts and weep. But do also see the implications for variance in the integrity, availability, and confidentiality needs at various (sub)levels.

And:
DSCN2229
[The 2016 way is up; Cala at Barça]

Mobile vision

Twas bryllyg, and ye slythy toves / Did gyre and gymble in ye wabe
The brilly side has deteriorated, unfortunately, due to the great many that don’t avail themselves of the proper tools for the proper usage. [A CEO with you, is still a CEO]

No, really: when the ultrahyperventilating crowd decided to warp-speed run after the ‘any platform’ and subsequently ‘mobile first’ crazes (duly so identified), they forgot that when something’s meant to be visually interpreted, all the visual clues need to be clearly enough visible in the first place. Which goes better on a large screen than on a little one, unescapably. In the same way that the humongously dumbed-down ‘models’ that bankers and like w…kers use, are over by a stretch in their simplification of reality (and, stupidly, then taken as normative, prescriptive rather than descriptive in intent), visual interfacing for the mob-ile users are oversimplified to the uselessness side. Why??

Because [ I say so ] and [ hypes go that way ]. Lazy evaluation.
Which leads to: Not one size is too small to fit any, but all sizes are made fit for the content purpose. Maybe not even display when the deep message can’t be captured in too small a message display ..?

A bit deep, or dense, maybe. Hence:
000005 (2)
[Circus, b/c you need bread; Oak Park old analog pic]

Prediction16

Yawn. Or not. The following will get real serious in 2016. Like,

Well, for the list with everything and their dog:

  • Some Exits: Green Egg, ‘Cyber’everything, disruption/uberization, privacy, and, certainly and very much hopefully, “Like us on Facebook” … and very, very certainly hipsters let alone their ‘beards’ (quod non).
  • Entrat to replace the latter, hopefully, some actual non- or anti-bureaucratic frameworks of mind.
  • Also out, to be replaced by … [as yet unknown]: Vlogging or what have we, in socmed space, with 100k-1M+/++ followers as being he thing to aim for. As it becomes clearer and clearer in 2016 that only the 10M+/++ leaders (??) can make a dime from it, or barely a living. Who are the big winners, in all of this? User data / experience farmers?
  • Risk Management 3.0 will grow to be the Next Thing in managementspeak. If you’d need any proof, go read back the ton of posts on your perennial Truth site.
  • Also, we might get a last blip from SMAC(T) as a trend summary.
  • All of the points made by The (some) Man. Obviously. And some of this as well though this may all show to be overblown.
  • Still a wave of interest in Rise of the Robots. Combined with AI through and through, like in this. With support at an angle, from this.
  • A further blend of cloudsourcing and deperimetrisation putting your infra and all of your data naked and out there in the cold.
  • Oh almost forgot: A lot more on APTs, 3D printing (when will we finally get 4D printing …!?), MehhDrone stuff, blockchain, IoT, et al.
  • But we may hope, the latter two get much more innovative applications; one the one hand with simpler explications, on the other, truly innovating e.g., into the DAO realm.
  • Ah, DAOs; let’s first see more of this in 2016.
  • Offering a simple list copy from HBR:
    • Algorithmic personality detection: Yes
    • Bots: Yes
    • Glitches: Mwah; we indeed will see scores of them, ever bigger and more impactful (also b/c complexity explosions of the mixed e and physical worlds), but they’re somewhat of the mehhh category for the purpose of Here.
    • Backdoors: See APTs et al; much more of them yes but again, mehhh
    • Blockchain: As mentioned
    • Drone lanes: Hmmm, interesting…
    • Quantum Computing: Probably hung in there from previous (many) years’ lists; mine, too. May, might, but for the same token may not
    • Augmented knowledge: Definitely. Hopefully, in a good way. But maybe even hopefully, steered towards safe use, after a hopefully indicative but small-enough dystopian-style mishap ..?
  • CloudIAMming. IAM, renewed, for federated use in ‘the’ cloud. Yes, this will have a whole new lease of life, as a management field, and a consultancy field as well.
  • This just in: Forgot to mention VR as a thing in 2016. Definitely.
  • I may want to do an update halfway through the year…
  • Oh, and of course our motto for 2016: A CEO with you, is still a CEO.
    #gosubstitute[ _X, _Y | fool, a tool ]

After which there’s only:
DSCN7943
[Purposefully unsharp. Berlin, some years ago.]

Maverisk / Étoiles du Nord