Tag: IoT

Errors of Your / Machine Learning

Any progress on the front of Machine Learning, i.e., the comparison with how/what humans learn from various teaching formats, and how machines are better at rote learning et al, and how does the perfection of machines learning facts, reflect on what is data processing, what is intelligence, and what is wisdom ..? Where the latter is the area in which of course re retreat ever more, but without the foundation of a life long of learning and experience ..?

[Intermission: Anyone out there still holding on to the ‘you only learn from experience, which is making errors and surviving’? What was so many years of school all about; you’re still no further with calculus than 1+1 equals something more than one — the max you can learn from ‘ experience’ … How did you ‘experience’ History, Science ..? Apparently, there’s quite a base of facts to learn, even (or more?? contra The Shallows) in times of Google. Or, you’ll be the doofus that can not (sic) learn to be intelligent nor wise, and will make any and all rookie mistakes in all situations everywhere, over and over again.
Seems like the base of learning, grows steadily — exponentially…]

Notwithstanding the road (path) to wisdom is through experience … which would ever less be available when machines start to take over the simple, the foundations (qua operationality of work-as-labour), and then the next stage, etc. (since none will be experienced enough to succeed pensionados that still have that subsequent level of understanding). Leaving the abstract thinkers ever more loose in the sky. Hey that’s what’s happening with accountancy, if the industry doesn’t move fast. And will happen everywhere.

But back to the main point: Has Watson-class learning (AlphaGo/Deepmind/Brain (sic), … no not Siri you m.r.n) learned us anything about learning, and/or have we changed learning since machines took over parts of rote learning? Have we changed our view on learing, intelligence, wisdom?

To the disappointed, apologies go; nothing here on how machine learning could lead to the unethics of Computer Says No… Too much of a mer à boire qua research — see here.

Plus:
DSCN1270
[Steep, to enlightenment; Girona]

Retrofitting IoT Security

Pitch before I did the idea that for a while be with us will Legacy IoT be, here.
But what about stubbing around it? Developing cheap and easy (necessary since/for backwards compatible, by definition) security solutions that can be plugged onto old IoT stuff.
What ya’reckon, are we too far gone with old IoT and economically-having to keep that alive, or is there sufficiently much more recent stuff to attempt such a thing (and ring-fence the real cr.p)..?

I’m not completely sure how one would approach this thing, technically, but cannot imagine that there aren’t solution models around like, potentially, some form of hardened (lean and mean and armour-coated) enterprise IoT bus thing, possibly with security zones, et al., similar to the obvious and hopefully ubiquitous separation of office automation (why isn’t SAP dead yet? This, some time ago. Oh, might be useful to set up separate mandates to ‘run’ factories yes, which was its original purpose, right; what did E-R-P stand for ..?) from Process Automation, and within the latter, Supervisory Control from operational (close-in) control, engineering-wise, but then with subsets for safe/unsafe hardware.
The isolation stubs could then act as gatekeepers between zones, between potentially-safe and the legacy-most-probably-unsafe.

Though I suspect that the ‘zones’ will have to ‘air’gap at many network layers, including towards the physical end of OSI — meaning that higher up, the connection will have wider gaps, not less why is this so often overlooked ..?

On a separate end note: Where are the wares that should have followed the scares, i.e., we have had a couple of years (yes) now of IoT scares; have the vendors truly stepped in or was it just window dressing e.g., dole out some monitoring tools and good luck with it..?

Progress… and:
DSCN1834
[See? Engineering is beautiful; Brussels]

WindTalker

Right. So we have a side channel attack where your hand movements over your mobile, when typing in your key, will interfere with WiFi signal patterns in a detectable, traceable way thus revealing your key. Like this (PDF).
Would this, on a second trend note, destroy or obviate even more the need for, Active Access Control ..?

Plus:
20161025_150242
[Mock-up for fabrics not mockery of your security; Stedelijk Amsterdam]

The legacy of TDoS

So, we have the first little probes of TDoS attacks (DoS-by-IoT). ‘Refrigereddon’.
As if that wasn’t predictable, very much predictable, and predicted.
[Edited to add: And analysed correctly, as here.]

Predicted it was. What now? Because if we don’t change course, we’ll achieve ever worse infra. Yes, security can be baked into new products — that will be somewhat even more expensive so will not swarm the market — but for backward compatibility in all the chains out there already, cannot be relied upon plus there’s tons of legacy equipment out there already (see: Healthcare, and: Utilities). Even when introducing new, fully securable stuff, we’re heading into a future where the Legacy issue will grow for a long time and much worse than it already is, before (need to be) huge pressure will bring the problem down.

So… What to do ..? Well, at least get the fundamentals right, which so far we haven’t. Like this, and this and this and here plus here (after the intermission) and there

Would anyone have an idea how to get this right, starting today, and all-in all-out..?

Plus:
20150323_213334
[IRL art will Always trump online stuff… (?); at home]

Comedy crashers

No capers, frankly no comedy either, when some of the most respected in the field are concerned about pervasive probing of whole countries in one go. As here.

Probably, the same is pulled off on smaller countries as well; the infra doesn’t distinguish, but the protection budgets probably are much smaller, so a proof of concept might be interesting. Though this may trigger better protection in the larger country/countries, if done ‘right’ the attack(s) may be class break kind of things not so easily protected against in the first place.
And for now, the smaller countries probed, will have even smaller budgets and capabilities to even detect the probing all together / in the first place. Interesting …

But maybe budgets are better spent on all the other actual risks out there, like: ..?
dsc_0789
[Suddenly (of course !!) turned up at the Joinville château; Haut-Marne]

Dronecatcher, now with dronespotter

Ah. Found; yes, probably @DARPA already had theirs, this one’s more (?) private-sector though: A partial solution to the Attack of the Drones thing.

Back some time ago I posted this gem, on a solution against drones, e.g., around objects of ‘vital infrastructure’ — that weren’t, like, so, about a hundred years ago and people may have been happier then.
Once drones were distinguished from birds [the in-the-air kind not the ones you spot on the beach, topless], any kind of mini-Goalkeeper preferably with buck shot (since short-range effectiveness is required only, without any long-range bystander damage risk) might suffice. I’d say Mini- indeed; more like a double-barrel pointed up above e.g., 50° or more to prevent nasty fall-out on hoomans but with some swing capability to cross-fire.

The problem being, was, to have an installation small enough to be easily placeable in sufficient number to get good air dome/cylinder coverage but to not be too obtrusive. Yes, probably @DARPA already had theirs but didn’t want to beat the drum too much, to not lure ‘DoS’ swarm attempts or false-negative probing. But at least, for the rest of the World, there now is Elvira, instantly in fixed, flex as well as military versions.
Apparently, their aim is to prevent bird/drone collisions in mid-air (triggers association with this great clip work, and also this one) but I see use for the inverse, too, picking off the flyers/drones before they don’t, up against ‘vital infra’.

But aren’t we then reverting to an arms’ race where the silly, petty, may be stopped but not the countermeasure-escalation pro’s …? Like these:
drone
[But hey, seems to be on a carrier exactly like I have in my back pond for fun and impressing the babes so can’t you have one, too ..?]

Dronecatcher ..?

Was tinkering with ideas to get rid of drones around / over high-risk sites, e.g., critical infra (sites).

You know, like the radiant type of energy production.
Where drones pose a somewhat new but pesky risk. The newness, of course being not much of it when all sorts of attack with either plain vanilla or modified-to-autopilot RC controlled planes (possibly built in one’s garage) were around already and would hardly need any (suspicious) infra to take off and do their nefarious thing.
Though the proliferation of the new heli-style drones somehow raised the frequency/chance side of the risk equation. And, maybe, the ease of modding for sufficient tech capabilities of the kind you’d not want a.k.a. payload weights.

So, apart from the sudden realization that in times past, recent included, little did we know of the defenses surrounding critical infra against the classical winged type drones, we have the question: What now ..?

There seem to be two solutions required:
1. How to detect a drone, possibly rogue
1.5. How to handle false positives/negatives
2. How to down it.
Because I don’t color inside the lines only.

The first, might be feasible with some mini-/micro-installations of e.g., phased array radar in scan and track modes.
The second… My favorite would be a healthy dose of rounds, e.g., like a couple of full-on Goalkeepers around your install. Or have the lamo version of only (cross-?)beaming the GPS around your target out of the sky, or lasering it beyond melting point. These latter two might be the more difficult ones, qua aim/range specifity needed. But the former will probably not fly too well with overzealous environs freaks [note: not against the reasonable ones]. Oh well, we’ll just throw up some net structure when the threat is imminent — quick reloads available ..??

And there’s still the issue of not shooting two birds with(out) one drone. I.e., how to ensure you’re not offing all sparrows in a cloud, and miss the single drone’let that disturbed the birdies in the first place. Well, Why should I come up with the lame side-solutions ..?

Also:
20141002_123020[1]
[The unexpected, but disastrous scenario…]

ChainWASP

… With all the blockchain app(lication)s, in all senses, sizes and seriousnesses if that is a word, growing (expo of course) everywhere,
wouldn’t it be time to think about some form of OWASP-style programming quality upgrading initiative,

now that the ‘chain world is still young, hasn’t yet encountered its full-blown sobering-up trust crash through sloppy implementation. But, with Ethereum‘ and others’ efforts to spread the API / Word (no, no, not the linear-text app…) as fast and far and wide as possible, chances of such a sloppy implem leading to distrust in the whole concept, may rise significantly.

Which might, possibly, hypothetically, be mitigated by an early adoption of … central … Oh No! control mechanism of e.g., code reviews by trusted (huh?) third parties (swarms!) where the code might still remain proprietary and copyrighted.
Or at least, the very least, have some enforceable set of coding quality standards. Is that too much asked …??

I know; that’s a Yes. So I’ll leave you with the thought of a better near-future, and:
20150109_145839
[Horizontal until compile-time errors made adjustments necessary (pic); beautiful concept — other than Clean Code, actually executed to marvelous effect]

Right. Explain.

Well, well, there we were, having almost swallowed all of the new EU General Data Protection Regulation to the … hardly letter, yet, and seeing that there’s still much interpretation as to how the principles will play out let alone the long-term (I mean, you’re capable of discussing 10+ years ahead, aren’t you or take a walk on the wild side), and then there’s this:

Late last week, though, academic researchers laid out some potentially exciting news when it comes to algorithmic transparency: citizens of EU member states might soon have a way to demand explanations of the decisions algorithms about them. … In a new paper, sexily titled “EU regulations on algorithmic decision-making and a ‘right to explanation,’” Bryce Goodman of the Oxford Internet Institute and Seth Flaxman at Oxford’s Department of Statistics explain how a couple of subsections of the new law, which govern computer programs making decisions on their own, could create this new right. … These sections of the GDPR do a couple of things: they ban decisions “based solely on automated processing, including profiling, which produces an adverse legal effect concerning the data subject or significantly affects him or her.” In other words, algorithms and other programs aren’t allowed to make negative decisions about people on their own.

The notice article being here, the original being tucked away here.
Including the serious, as yet very serious, caveats. But also offering glimpses of a better future (contra the title and some parts of the content of this). So, let’s all start the lobbies, there and elsewhere. And:
20141019_150840 (3)
[The classical way to protect one’s independence and privvecy; Muiderslot]

Overwhelmed by ‘friendly’ engineers

The rage seems to be with chat bots, lately. Haven’t met any, but that may only be me — not being interesting enough to be overwhelmed by their calls.
Which will happen, in particular to those in society that have less than perfect resistance against the various modes of telesales and other forms of social engineering (for phishing and other nefarious purposes) already. Including all sorts of otherwise-possibly-bright-and-genius-intelligent-but (??)-having-washed-up-in-InfoSec-for-lack-of-genuine-societal-intelligence types like us. But these being the ones of all stripes that ‘we’ need to protect, rather than the ones apparently already so heavily loaded that they can spare the dime for development of such hyper-scaling ultra-travelling foot-in-the-door salesmen. Is this the end stage, where none have a clue as to which precious little interaction is still actually human-to-human, and the rest may be discarded ..?

As for the latter … It raises the question of Why, in communications as a human endeavor… Quite a thought.

But for the time being, you’re hosed, anti-phishing-through-social-engineeringwise.

Just sayin’. Plus:
DSCN0408
[Retreat, a.k.a. Run to the hills / Run for your life; but meant positively! Monte Olivieto Maggiore near Siena]

Maverisk / Étoiles du Nord