Hard coating emaille

If you’re well-seasoned, you may have turned a bit sour by all the silver bullet news even when that was targeted at point problems/solutions. And, you may even be old enough to recall Why Johnny Can’t.
Seems there’s a new version of the latter, with a similar conclusion. Too bad for all of us.

Oh well…:
DSCN0414
[Also ‘old’, also of a ‘no photo allowed inside’ site. Guess which]

C’est arrivé près de chez vous; LoRaWAN

Yet another major building block of the Future … in place. [And, not a ref to some City of Light atrocities]
Where’s the Privacy and (OR) Security experts …? For certainly, though almost out of public view, the undercurrents develop fast, into a maelstrom — I’d like it even more in this form — of possibilities; to be abused before being controlled, as has always been the case throughout history.

Oh well, can’t stop Progress, certainly not of the Technology kind… But one can hope we (sic or huh?) the Concerned will be in sufficient numbers to be able to and to be allowed to insert the appropriate controls into the whole shazam.
Like, you know,
DSC_0752
[Or is this an Tocqueville’ian opposite ..?]

NFChipknip

Long live innovation! Of the in some respects backward kind.
Yes we did have the chipknip, a stored-value debit card system that for small amounts (e.g., parking in Amsterdam though that hardly counts as ‘small’). And yes, of course it was abolished because nobody wanted it. For one, because the stored value had to be loaded onto the card, at ever (sic) less available separate ATM-like holes in the wall. For a second, because losing the card meant losing the stored value.

For a third, because given this functionality, people much preferred to stick to cash money that was more easy to get, much more widespread usable (think C2C payments…), quite similar if not same in risk, and anonymous obviously vis-a-vis anonymity promised by, hold it, banks, of all the crooks one could imagine. If you don’t see the latter, consider whom Jesus threw out of the temple as prime example of choice of all that was rotten in society back then already, and banks have ‘developed’ ever since.
This to the chagrin of banks that, as usual, packed their most devious of actions in the thinnest of transparent films of customer-servicing arguments and licked their, expensive is an understatement, wounds.

But now we have the triumphant return of the idea in the form of NFC payments off one’s debit card. Which comes with one improvement (not having to preload) but with all the other risks aggrevated:
The ‘preload’ is, relatively, limitless or to one’s credit (sic) limit. Compared to the user-controllable stored value of yesterday.
Skimming doesn’t even require the card to be physically put into a physical reader anymore. The still physical NFC reader devices are just as susceptible to plants of skimming devices as before. Maybe the customer can check the debitable amount but the displayed can be spoofed easily, obviously [or you are foolishly considering yourself competent when not seeing that risk]. But passers-by can skip just as easily (and ‘approve’ without any your notice).

Yes, even with small amounts payments, every now and then one will be required to enter one’s PIN as verification of holdership. But that hinders, and was a measure previously implementable easily so why not then already? And for larger amounts the PIN is required always, turning the actions into a simple debit card payment as we (in the developed world so maybe excluding North America) have grown accustomed to for decades already, but now need not enter the card into the chip reading slot anymore. Wow, the improvement! And all this while maintaining the latter debit card systems.

So, we have to trade security for convenience. While banks trade simplicity for … complexity. And savings, nowhere near. How to prevent some to consider banks to be full of i… ..?

Anyway…:
DSC_0045
[The back side of subsequent developments may be pretty or not; Dunedin]

Privvezy Protrection

An off the cuff — where’s gentlemens’ style, these days? — remark hit a nerve. When an interesting company had some very interesting speakers and me. On IAM, data leakage and … well, what was it, data protection XOR privacy …?

Because the little collateral remarks was about Privacy being the ethical imperative, but being implementable straight away, would need translation to operational Data Protection.

Yes, where the core of legislation is about the latter, in an attempt to achieve the former… to the degree feasible, achievable, and wanted.
Demonstrating that all legalese, even of the EU kind, is just about white washing whatever you’d want to get away with.

A sore reminder that when one would want (hypothetically, for the sake of the argument that such would be theoretically possible) Privacy, one’s still on one’s own. Against all that is formally formed or not as Institutions, against the windmills that all want you to believe don’t exist or have power over you…

But hey, I’m a happy bunny so I’ll leave you with:
DSCN0770
[When Penzance would be at Bergen On The Beach]

Comparatively innovative (Beetleroot)

There was this quite simple hack; in (very) pseudo-code: If 2-wheels Then { Rollerbank; diss up some fancy figures; }
Which calls to mind the Problem of BIOS hacking / backdoor/malware pre-installing, as explained here.

On the one hand, a solution is available: At a sublimated information level, encode, as here. In the physical, car, scenario this would be readily implementable as: Just test the emissions, not rely on data produced by the system itself. Prepared By Client is used pervasively in accounting (financial auditing part) as well so consider yourselves warned…
On the other hand [there always is another hand it seems, possibly because this is real life], in the VW scenario there will probably also be a call for source code reviews. Or at least, from the software development corners, there will be. But then one ends up in the same situation as spelled out in the Bury post: How to verify the verification and not be double-crossed? A source code review would be one part, but how to compare a clean (pun not intended at time of typing) compile / image to what is actually installed (continued, without change-upon-install-to-dirty-version or change-at-service) throughout in the field?

Another issue from this: How to overrule self-driving (or what was it; fully-autonomous) cars ..? The BIOS-hack and Car examples show some intricacies when (not if) one would have a need to overrule near-future “Sorry Dave, I can’t Do That” situations. Once no physical controls are left to take over manually, … Arrmagerrdon. Yes, that 2001 was a rosy, romantic, not horror scenario. And demonstrating that at a comprehensive abstraction level, Prevention still trumps Detection/Correction. But not by much, and the advantage will slip by careless negligence and deliberate deterioration efforts.

Oh well. We all knew that All Is Lost anyway, And then, this:
DSC_0142
[(digi)10mm wasn’t wide enough to capture the immersion in this… Noto again]

PIA is KIA and KYD (?)

Since the whole Privacy thing has gained new traction with both the European Data Privacy Directive regaining (some…) steam and the European Court finally deciding what all with any bits of brain already knew i.e. that ‘Safe Harbour’ was a sour joke (to put it mildly), I realized, when working on a presentation for a forum centering on/around Identity and Access Management, that any Privacy Impact Analysis work comes down to two things; an objects-side analysis in the form of Know Your Data and a subject-side analysis by means of Know your (authorised OR actual) Identities and their Access, with some Privacy By Design thrown in at the solutions end.
Since I just like sentences of the right length, being entities that contain a discrete but complete set of logically coherent and united concepts.

And for those of you in the know; the above contains all there is to Know. Sort of. Maybe add in a bit of this (in Dutch; from the FD newspaper), for implementation. For a lot of implementation…
And, things may change in the somewhat near future with the advent of drones, IoT, robotics (humanoid or abstract), and ANI/AGI/ASI, in the IAM sphere alone. Just read up your huge backlog on this blog, and elsewhere as I cannot really summarise it all here…

I’ll give you some time space for that now. With:
DSC_0305
[At the Ragusa Ibla end but of course you knew]

Vendors pitchin’ — reality’s b… moving elsewhere

Was reminded today that still, a great many vendors in the (Info)Security arena are pitching their worn-out warez to a laggerd crowd — or is it just me to see that, in particular where IAM is concerned, all eyes are still on some vault idea of data storage and systems, behind some mirage of a perimeter of the ‘data center’ (as it is presented ..!).
Luckily, I met this old friend of mine of Zscaler that see that today’s access and wider security concerns are over Cloud (storage, services) and Users (out there, anywhere). How nice would it be if not too much time would be wasted anymore on the classical, outdated (sic) model(s) and we’d all move to this new world ..?

This, for your viewing pleasure:
20150911_143510
[Watching the ships go by, Amsterdam]

A quantum leap

Remember, that (not) a great many days ago I posted some bits on crypto ..? There’s a new twist to it all, after the venerable Bruce noted that some agency started a new, this time ’round bit more fundamental round, on crypto algorithms. And then, some notes on the approach of quantum computing. Well, the latter is still five to ten years off (current estimates; could be three, could be twenty, as such estimates go).
But impacting. So, the following flew by:
CryptographyChart-1-482x745
Which explains a lot, hence I just wanted to pass it on. Bye for now.

Blown over — smart dust or where is it?

In all the news about IoT, where has the (admittedly far-flung) prediction about ‘smart dust’ gone ..? Where has the smart dust gone? Was it a wormhole glimpse into the future, was it some runaway brainstorm on steroids (or other stimulative substance) session’s result ..?
Where still, it looms in the background. Once information is created, will it remain in the universe, existing without a result (as it may or may not have a cause, the rebel against entropy that it is)? (Here I go in similar vein, not stimulated!)

Now, let’s first have actual working quantum computers. Similarly vague at inception and counter-intuitive — for which reason I believe it will turn out to have logical fallacies in its current models so will in the end not be feasible to realise ..! —, let that come first. In itself, already difficult enough to cope with, as a global society.

Afterwards, smart dust will look like a rough cut piece of cake, probably. But maybe the Problems of it, will stil be Hard (compute-complexity-wise), as here and elsewhere.

And this, for your blue pill:
20150911_143851
[Excellent or mundane archi; but with sublime acoustics — second (to) one in Amsterdam!]

Trivial TLA Things-Tip

If you Thought This Time Things would be easier, as the universality of plug-‘n-play has spread beyond even the wildest early dreams into the realms of the unthought-of non-thinkingness, think again. Drop the again. Think. That was IBM’s motto, and they created Watson. No surprises there.
However… It may come as a surprise to some that now, an actual TLA has some actual tips, to keep you safe(r). As in this. Who would have thought… On second thought, this agency of note might have no need for the access disabled themselves anymore, as they’ve provided themselves of sufficient other access (methods) by now and just want to hinder the (foreign) others out of their easy access ..?

Oh well, never can do well, right? And this:
DSC_0070
[Another one from the cathedral of dry feet — only after, making sticking fingers in dykes worthwhile; at Lynden, Haarlemmermeer]

Maverisk / Étoiles du Nord