What you said, doesn’t matter anymore

Yet another proof class busted: Voice being (allegedly) so pretty perfectly synthesizable, that it loses its value as proof (of identity). Because beyond reasonable doubt isn’t beyond anymore, and anyone venturing to bring voice-based evidence, will not be able to prove (beyond…) that the sound heard, isn’t tampered with i.e. generated. Under the precept of “whoever posits, proofs”, the mere remark that no madam Judge we honestly did not doctor this evidence, is insufficient and there can be no requirement for positive disproof for dismissal from the defense as that side is not the one doing the positing. What about entrapment, et al.?

So, technological progress brings us closer to chaos. “Things don’t move so fast”-believers must be disbarred for their demonstrated gross incapacity — things have moved fast and will do so, ever faster. Or what ..?

Well, or Privacy. Must the above ‘innovator’ be sanctioned severely for violation of privacy of original-content-sound producers ..? Their (end) product(s) is sold/leased to generate false identity or doctored proof, either for or against the subject at hand, <whatever> party would profit thereof. Like an equipment maker whose products are targeted at burglars, or worse e.g., guns. Wouldn’t these be seriously curfewed, handcuffed ..?

[Edited to add, after drafting this five days ago: Already, Bruce is onto this, too. Thanks. (Not my perspective, but still)]

Oh, or:
[Apparently so secure(d), ‘stormed’ and taken practically overnight (read the story of); Casa Loma, Toronto]

Pitting the Good against the Others

When the recent rumours were, are valid that some patches were retracted — and this was because they accidentallt disables other exploits not yet outed in the stash, this would bring a new (?) tension to the surface or rather, possibly explains some deviant comms of the past:
Where some infosec researchers had been blocked from presenting their 0-day vulns / exploit-PoCs, this may not have been for protection of the general public or so, but to keep useful vulnerabilities available for the TLAs of a (variety of?) country(-ies).
Pitting the Ethical researchers against the bad and the ugly…

No “Oh-oh don’t give the bad guys valuable info and allow even more time to the s/w vendors to plug the holes” but “Dammit there go our secret backdoors!
Makes much more sense, to see the pres blocking in this light. And makes huge bug bounties by these TLAs towards soon to be a bit less ethical researchers, more possible and probable. Not as yet better known, though. Thoughts?
[Takes off tinfoil movie-plot security scenario hat]

Oh, and:
[All looks happy, but is looked upon from above …; Riga]

DNA not so Determinant; there goes another piece of Evidence

[ Commemoration of the Dead, today in the Netherlands. Never forgotten. Never forget! ]

In the series of surrealisation of proof, in courts and elsewhere, turning anything into faker news than before – a trend that was under way already for a long time, maybe centuries but now speeding up enormously – after the most recent class of proof (yes don’t complain I’m clear, qua ‘class’!) we have even old (?) evidence classes being overthrown. Like, your DNA.
Somehow, we already knew that. Where the analogue of hash collisions happened IRL, with disastrous consequences for peoples’ lives, and that of their families, et al. Really, imagine yourself in the midst of it all: Ragnarök and the collapse of the foundations of society … I’m not joking any bit.

But now, again. What Evidence classes remain? When each and every class can be planted, fabricated (signatures, pictures; untraceably), coerced (‘rat out your partner or all of your family will be killed before your eyes’), etc., indeed nothing remains. Nothing non-repudiatory…

But flipside; Skynet is here. Like before.

And:
[Either way, you lose; Zuid-As Ams]

The Secret of Innovators — “Keep on trying harder!”

Recalling all those ‘motivational’ quotes about seriously too late, ridiculously over-aged to ever still start a unicorn eleven-somethings, you having to fail for the rest of your life or you’re a failure (right? If you don’t fail, you don’t learn or whatev’), or in conclusion, you’re not failing grossly enough if you don’t succeed – or was it the other way around ..?

Suddenly I realised: If at first you don’t succeed, try, try again. Then quit. There’s no point in being a damn fool about it. (W.C. Fields)
And: The above keep-on-trying train / ship of fools, is a perfect application of The Secret to innovation.

Yes, indeed, ‘perfect’ with the pejorative tone you carry throughout the day. And The Secret being that oh so rightfully discredited piece of paper (!) waste that even today some still believe in; would you believe it?
Yes, have a fresh look at the first line above: It’s the same as the book’s content.

On a less black-and-white note: Aren’t ‘Innovators’ typified as those that naïvely believe that one just have to deny very hard that anything might not work, just put in endless effort and hey presto you’ll succeed? If you fail, you didn’t deny hard enough.
[ Or you’re outright criminally breaking the law, then complain that the law needs to be changed to allow you to reap unethically large profits for just-above cold air, like the … U know who … Why am I not allowed to be a gun for hire!? I make good money out of it and the current system doesn’t get my opponents killed fast enough! Totally ineffective! but that’s beside the main line of this post…]

Where actual Innovators that win in the end, are (what you read in Originals plus) the ones seeking the highest-risk roadblocks and undo them when possible or evade them, believing that fortune will come your way when caring against ill fortune.

So no putting your life’s all into something and hope you’ll win life’s lottery of purely accidental unicorn success, but spread your bets, cut losses, etc. Less exiting a gamble maybe but less of your life at stake.

Plus:
[Down (to) the Tube(s); for no apparent reason and no reference to ‘Samsu’ in the background either, Vienna]

What should also be in the GDPR

At least, as an idea: Foreign countries that interfere with privacy in the EU, should be included in the penalisation stuff. Same levels, like; 4% of GDP for e.g., registering political opinions of citizens of the EU even when they’re also citizens of that foreign, alien, enemy country, without explicit opt-in consent. [This happened, happens..!] For every transgression. Then enforce via trade sanctions and import taxes [after checking the trade balance will effect the ‘payment’ of the fines; won’t be stupid].

Oh, and:
[Or the supreme leader goes to jail for a long, long time and is struck by lightning; unrelated, Ottawa]

Some cloud insurance market

On the authority of a couple of very knowledgeable peers, there seems to be a discrepancy between the coverage (sanctions) that cloud providers (in particular the Big 4 of that) contractually will provide for, e.g., outages (recall the AWS East-1 one), versus what businesses (most, qua scale and lawyer fee availability) require given their revenue / reputation dependence and risk management.
In normal language, this translates to: If thing go pear-shaped, you only get something like 12 months’ subscription refunded even when your business tanks due to zero revenue when your services are unavailable. Zero chance to be able to negotiate this away in your contract. Hobson’s choices everywhere.

Isn’t this a great Insurance opportunity, then ..? Odds very low, deep pockets for redress xor easily re-insured, no real single-vendor dependency when taken global, etc. It’s just that there’s a power gap leading to deviation away from the middle when it comes to bearing damages, that can be fixed in this way; ‘out of band’.

Or am I missing something …?

Plus:
[Or just pray, that’s also a (real?) red carpet option; Sicily]

Are sw bugs taxing your resilience ..?

There would be a solution when we’d find a way to tax software makers for their product faults.

Because caveat emptor can work only if unlike in softwareland, one can duly (!) examine the product before purchase otherwise-and-anyway culpability for hidden flaws remains with the seller/licensor.

Which is impossible with shrink-wrapped stuff — and the ‘license’ claim is ridiculous, moreover the EULA is inconsistent hence null and void: Either the product is used under license hence the product quaility liability remains with the producer/licensor or the licensee is liable for damages the use of the product might cause but then invariably ownership is with the purchaser.

The software maker can’t have their cake and eat it; that would run against basic legal principles. And claiming that one’s always allowed to not use the product and choose another one or not, the Hobson’s Choice that brings about so many legal ramifications that even $AAPL’s pockets would never suffice, would invariably lead to oligopoly/cartel charges …!

Or, as this may easily be solved when taken as a societal problem just like environmental stuff like CO2 pollution (we all need electricity): Why not tax the software makers for their ‘pollution’ of the IS environment with bugs ..? (And prohibit the use of greenhouse gases like SQL injection weaknesses?)
Like, after post-write but before release, this (Dutch) news that casual carelessness is a headache for government(s)… A bit like driving rules with no enforcement, maybe ..?

I’m not one for fighting the real windmills… hence:
dsc_0099
[The outards of the inn(ard)s of courts; Bridget’s London obviously]

Save a few

Just a reminder; Dutch lower gov’t agencies struggling with storage formats … (Here, in Dutch, but Alphabet Translate (heh that still doesn’t ring well!) may help)

There may be hope for (!) privacy. And:
DSCN1053
[Nice, functional (as / where it is), and certainly will look Old before you know it; La Défense]

Zwarte Lijst ..?

Euhm, als een ‘contract’ zo is opgesteld dat deze bedoeld is om te misleiden of in ieder geval om onleesbaar te zijn voor een van de contractpartijen (en geen onderhandeling of wat dan ook mogelijk is; slechts een Hobson’s Choice), zijn dan niet betreffende clausules of het gehele contract bij voorbaat illegaal ..?

Zoals in (dank @ictrecht):

Bewijs van legitieme identiteit

Bij wijze van vraag aan @iusmetis / @ictrecht …:
In het dagelijks Nederlands taalgebruik kennen we nog (…) het verschil tussen legitimatie en indentiteit, als in -bewijs respectievelijk -sbewijs. De laatste ook nog equivalent gezien met ‘ID’.
Waarbij de vragen komen:

  • Bestaat er ook juridisch (nog) verschil tussen beide ..? Waar komt dat verschil if any vandaan, hoe wordt het (nog) toegepast?
  • Hoe is de ‘mapping’ naar (identificatie,) authenticatie en autorisatie zoals die termen in de ICT van vandaag worden gebruikt..?

Met name dat laatste lijkt me bestuderenswaardig omdat a. de juridische termen lang hebben gehad om uitgekauwd te raken, en ‘dus’ nog relevante verschillen naar voren kunnen brengen met de relatief pas oh zo kort geleden ontwikkelde ideeën over toegang tot systemen/gegevens.
En het verwarren van de functie van ‘elektronische’ ID met ware identiteit en de dubbelrol van b.v. een ‘user-ID’ is ook nog wel wat beschouwing waard.

Maar goed, eerst maar eens e.e.a. definitietechnisch helder naast elkaar zien te krijgen.

En uiteraard het plaatje van de dag:
DSCN9834[Hey kèk nâh ze hadden hier in Lucca al heel vroeg Starbucks…?]

Maverisk / Étoiles du Nord